Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

RealPlayer (et al) vulnerabilities & Joomla/Mambo Worm

Published: 2006-03-23
Last Updated: 2006-03-23 13:14:13 UTC
by John Bambenek (Version: 1)
0 comment(s)
There are three vulnerabilities in RealPlayer and associated products that allow from remote code execution and patches have been released to remediate the problems.  The vulnerabilities are with boundary errors caused by certain SWF, MBC or specially crafted webpages that can lead to buffer overflows.  The latest version of RealPlayer is not affected and users should upgrade immediately.  The advisory can be read here with iDefense's original report being here. The matrix of vulnerable products can be seen here.  While exploiting these bugs would still require some social engineering to get people to look at a malicious file, it is still recommended users run the latest version because we all know how popular watching clips on the web is (I like the VW "unpimp my ride" commericals, personally).

A reader wrote in reporting a worm spreading through the latest Mambo/Joomla exploits and establishing an IRC connection.  When I looked it appeared the botnet was already down but it is trivial to modify the shellbot code and regenerate the botnet.  Joomla 1.0.8 was released Feb 26th and had 37 (wow) security fixes, so if you aren't running 1.0.8, you have been warned.  It doesn't appear that any new vulnerabilities have been discovered since the release.

--
John Bambenek
bambenek -at- gmail -dot- com
Keywords:
0 comment(s)
Diary Archives