Security Basics mailing list archives
Re: How do we test against and protect against
From: Todd Haverkos <infosec () haverkos com>
Date: Thu, 29 Sep 2011 07:12:44 -0500
Sean Jackson <sean.jackson () digicert com> writes:
I'm thinking specifically of the PDF Mac vulnerability. My boss and I would like to test his mac to see if it's succeptable in its current, hardened state. How can I get this code/file?
See if the open source Metasploit framework has an exploit for the CVE that corresponds to that vulnerability. CVE-2010-1836 is the most recent outright PDF vulnerability for mac I've been able to find. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0611 however refers to an Adobe Reader vulnerability that affects OSX, but the issue is with SWF file parsing. On the one that most recently made news, though, http://www.f-secure.com/v-descs/trojan-dropper_osx_revir_a.shtml it's not clear to me if there's an associated pdf vulnerability, or if code execution is achieved some other way, and that the dropper program opens a pdf as a distraction. Its relation to CVE-2011-0611 I don't know either. Perhaps someone else on the list is aware of more details. -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- How do we test against and protect against Sean Jackson (Sep 27)
- Re: How do we test against and protect against Todd Haverkos (Sep 29)