Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

ISC StormCast for Wednesday, April 23rd 2014 http://isc.sans.edu/podcastdetail.html?id=3947

Port 32764 Router Backdoor is Back (or was it ever gone?)

Published: 2014-04-22
Last Updated: 2014-04-22 23:34:32 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Unlike announced a few month ago, the infamous "Port 32764" backdoor was not fully patched in new routers [1]. As a reminder, the original backdoored allowed unrestricted/unauthenticated root access to a router by connecting to port 32764. The backdoor was traced back to components manufactures by Sercomm. Sercomm delivers parts for a number of name brand routers sold under the brands of Cisco, Linksys, Netgear, Diamond and possibly others.

An analysis of an updates router by Synacktive revealed that the code implementing the backdoor is still present, and can be activated to listen again by sending a specific Ethernet packet. The packet would not be routed, so an attacker has to have access to the local network the router is connected to, which significantly lowers the probability of exploitation, but doesn't eliminate it.

The packet activating the backdoor is identified by an Ethernet type of 0x8888.

[1] http://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords:
0 comment(s)

Apple Patches for OS X, iOS and Apple TV.

Published: 2014-04-22
Last Updated: 2014-04-22 23:27:33 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Apple today released patches for OS X, iOS and Apple TV. The OS X patches apply for versions of OS X back to Lion (10.7.5). Vulnerabilities fixed by these patches can lead to remote code execution by visiting malicious web sites.

For more details, see Apples security update page [1]. Links to the actual update details should become available shortly.

[1] http://support.apple.com/kb/HT1222

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: Apple Patches
0 comment(s)
ISC StormCast for Tuesday, April 22nd 2014 http://isc.sans.edu/podcastdetail.html?id=3945

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Port 32764 Router Backdoor is Back (or was it ever gone?)
published 9 hours ago by Dr. J (0 comments)

Apple Patches for OS X, iOS and Apple TV.
published 9 hours ago by Dr. J (0 comments)

Allow us to leave!
published 1 day ago by Daniel (8 comments)

Finding the bleeders
published 1 day ago by Daniel (0 comments)

OpenSSL Rampage
published 1 day ago by Daniel (2 comments)

Heartbleed hunting
published 2 days ago by Pedro (1 comment)

Testing your website for the heartbleed vulnerability with nmap
published 4 days ago by Manuel Humberto Santander Pelaacuteez (7 comments)

Looking for malicious traffic in electrical SCADA networks - part 2 - solving problems with DNP3 Secure Authentication Version 5
published 5 days ago by Manuel Humberto Santander Pelaacuteez (1 comment)

Heartbleed CRL Activity Spike Found
published 6 days ago by Alex Stanford (9 comments)

WinXP and/or Win2003 hanged systems because of SC Forefront Endpoint Protection faulty update
published 6 days ago by Manuel Humberto Santander Pelaacuteez (1 comment)

Oracle Critical Patch Update for April 2014
published 6 days ago by Dr. J (0 comments)

View All Diaries →

Latest Discussions

Script kiddie scan
created 1 week ago by Anonymous (0 replies)

Russia and DoS
created 1 month ago by Peter P (0 replies)

Suspiciously quiet on DNS scan activity
created 1 month ago by Thomas (1 reply)

Outbound 6000/TCP traffic to multiple Chinese IPs?
created 2 months ago by SniffingShadow (4 replies)

principle for designing a pen test testing workbencg
created 2 months ago by Anonymous (0 replies)

View All Forums →

Latest News

View All News →