This week's security events includes news of a security update to the popular Thunderbird e-mail client, news of a buffer overflow in BEA WebLogic, exploits for DNS vulnerability released, and a tool that allows you to resolve the actual physical location of rogue Wi-Fi users.
Security update for Thunderbird
A new version of Thunderbird has been released by the Mozilla Foundation. This new version fixes six moderate as well as two "minor" vulnerabilities in this popular e-mail client. Upgrading can be done via automated update option or by downloading the application direct from the Web site.
Buffer overflow in BEA WebLogic
A potential buffer overflow vulnerability has been discovered in BEA WebLogic that can result in system crashes and may also be exploited to facilitate the injection and execution of arbitrary code.
The flaw is caused by Apache Connector which appears not to check certain POST requests sufficiently. According to comments the published exploit is "broken" and doesn't function properly. Nevertheless, security providers FrSIRT and Secunia have rated the vulnerability as critical and highly critical respectively. According to Secunia, versions 5 to 10 are affected.
No patch are available at this point in time. The only way to protect against this risk at the moment is to restrict network access to the affected system. You can access the proof-of-concept exploit at milw0rm.
Exploits for DNS vulnerability released
A chain of events have resulted in the inadvertent disclosure of the details pertaining to the weakness in the Domain Name System (DNS) first discovered by security researcher Dan Kaminsky. As expected, exploit code to leverage on this vulnerability has been quickly crafted and released. To be fair, Kaminsky, who has known of the vulnerability for months, initially planned to publicly release further details only at the upcoming Black Hat conference in next month. This was to allow both hardware and software vendors to rectify the problem.
Whatever the case, the first attacks to on the Kaminsky DNS vulnerability have since been reported.
I have confirmed at least three publicly available exploits for this vulnerability and there are reliable behind-the-scenes mumbling that others are on the way.
One of the exploits that runs on Metasploit — a freely distributed attack/pen-testing tool, takes about one to two minutes to poison a DNS cache. However, Metasploit creator HD Moore is confident of bringing the time needed to launch a successful attack down to a matter of seconds.
MoocherHunter lets you track down rogue Wi-Fi users
I came across this tool called MoocherHunter that essentially allows the user to triangulate the physical location of rogue Wi-Fi users. It works by identifying the location of an 802.11-based wireless moocher or hacker by the traffic they send across the network. In terms of hardware, the only requirement would be a laptop as well as a directional antenna with some walking around to eventually isolate and track down the actual geographical location of the transmitting source.
In residential and commercial multi-tenant building field trials held in Singapore in March 2008, MoocherHunter™ allowed a single trained operator to geo-locate a wireless moocher with a geographical positional accuracy of as little as 2 meters within an average of 30 minutes.
There don't seem to be additional data pertaining to the exact conditions of the trial, but the residential "multi-tenant building" that I live in has over 200 units in a single block. In my case, the positional accuracy of 2 meters will definitely allow me to pin-point the exact neighbor. I would also like to add that Singapore law does protect against unauthorized access of wireless networks. In fact, legal precedence has already been set in this regard.While the basic MoocherHunter is free, a MoocherHunter-Law Enforcement Edition is available, which adds in other nifty feature such as a remote-control Web interface, 802.11a support, and even AP-hunting. You can contact them for more information. MoocherHunter is available as part of the Organization Systems Wireless Auditor (OSWA) which you can download here.