lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 4 Oct 2016 22:10:02 +0000
From: Rob Thomas <rthomas@...goma.com>
To: Greg Sloop <gregs@...op.net>, Tim Schughart
 <t.schughart@...sec-networks.com>, "fulldisclosure@...lists.org"
 <fulldisclosure@...lists.org>, "bugtraq@...urityfocus.com"
 <bugtraq@...urityfocus.com>, "webappsec@...urityfocus.com"
 <webappsec@...urityfocus.com>
Cc: "Khanh Quoc. Pham" <k.pham@...sec-networks.com>
Subject: Re: [FD] Critical Vulnerability in Ubiquiti UniFi

The impression I get from Tim Pham's emails is that the 'Unify Manager' is doing some behind-the-scenes tunnelling, and bringing the Mongo interface from the server to the client (Eg, Mac or Windows device) and you are then able to connect to localhost (on the client) which tunnels through to the server.

However, after much searching, I am unable to locate this application. Googling insinuates that it is this (unreleased) software - https://www.ubnt.com/enterprise/software/

--Rob Thomas
Information Security, Sangoma Corporation


-----Original Message-----
From: Fulldisclosure [mailto:fulldisclosure-bounces@...lists.org] On Behalf Of Gregory Sloop
Sent: Wednesday, 5 October 2016 1:54 AM
To: Tim Schughart <t.schughart@...sec-networks.com>; fulldisclosure@...lists.org; bugtraq@...urityfocus.com; webappsec@...urityfocus.com
Cc: Khanh Quoc. Pham <k.pham@...sec-networks.com>
Subject: Re: [FD] Critical Vulnerability in Ubiquiti UniFi

I attempted private contact with Tim Pham and via email 12+ hours ago, but received no response since then.

I've spent some time trying to reproduce the reported vulnerability and have had no success. It certainly doesn't help that the steps to reproduce it are so poorly described or documented.
Without better documentation of the exploit, it seems impossible to determine if the report is just mis-informed, blatantly false, or if perhaps there's some step/process I don't understand or am missing.

In every attempt I've made the binding of MongoBD to 127.0.0.1 is effective and non-local connection attempts are refused, as one would expect.
A swift response from Prosec Networks [prosec-networks.com] would be most helpful.

_______________________________________________
Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ