Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Libpng and putty vulnerabilities announced today

Published: 2004-08-04
Last Updated: 2004-08-05 22:23:29 UTC
by Kevin Liston (Version: 1)
0 comment(s)
Libpng Vulnerability:
Proof of concept code for a buffer overflow of libpng was released today. A patched version is available (libpng version 1.2.6rc1)

US CERT announcement: http://www.uscert.gov/cas/techalerts/TA04-217A.html

In other vulnerability news: putty v.54 and below

Details available at the authorís website: http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

CORE's analysis:
http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10

The latest version, 0.55 is available at: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

UPDATE:

WinSCP, which uses code from PuTTY, has also been updated in response to the above vulnerability.

http://winscp.sourceforge.net/eng/

Mydoom.p snort signatures are available at bleedingsnort.

http://www.bleedingsnort.com/cgi-bin/viewcvs.cgi/Stable/WORM_MyDoom.P?rev=1.1&content-type=text/vnd.viewcvs-markup

Remember that oinkmaster can update your snort rules daily from bleedingsnort.com! I use this on the honeynet at home and the test snort server at work.

On individual response to phishing emails:
Phishing incidents are on the rise. The handlers are receiving more and more reports of suspicious emails. My recommended response procedure is as follows:

i) report the email to the impersonated companyís abuse address (typically this is abuse@victimdomain.) Include a copy of the email and the full delivery headers. Their teams will use this information to determine the source of the email, and the location of the collection server.

ii) report the incident to antiphishing.org. They are scientifically tracking these incidents and organizing responses.
SSH Brute force reporting update:
Reports of SSH scans with simple username/password combinations continue to come in. We are currently looking for the tool/malicious code that is performing these scans.
Kevin Liston,
Handler on Duty,
kliston AT greenman-consulting DOT com
Keywords:
0 comment(s)
Diary Archives