Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-09-09 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Firefox Vulnerability

Published: 2005-09-09
Last Updated: 2005-09-09 21:55:40 UTC
by Pedro Bueno (Version: 6)
0 comment(s)

Something nice to start a friday morning...
An unpachted vulnerability was disclosed today in Firefox browser. According the advisory, "...the vulnerability is caused due to an error in the handling of an URL that contains the 0xAD character in its domain name. This can be exploited to cause a heap-based buffer overflow.

Successful exploitation crashes Firefox and may potentially allow code execution but requires that the user is tricked into visiting a malicious web site or open a specially crafted HTML file."

Lets hope for a quick patch!
You can check the original advisory at Security Protocols and Secunia

Update:

According to FrSIRT a possible solution is:
 Disable IDN support by entering "about:config" in the  location bar, and then setting "network.enableIDN" to "false"."

Thanks Pat for pointing this out.

Update 2:
Thanks to Juha-Matti (again) :), new info from the mozilla website:

"Now Mozilla Foundation has published a security advisory entitled "What Mozilla users should know about the IDN buffer overflow security issue", which includes detailed instructions and the following information:

"The first method is to install a small download and the second method is to manually change the browser configuration."

They say that this small download (.xpi package, maybe similar than http://www.mozilla.org/security/shell.html last year) is coming soon."

-------------------------------------------------------------------
Handler on Duty: Pedro Bueno < pbueno $$ isc . sans . org >

Keywords:
0 comment(s)

MS Black Tuesday?

Published: 2005-09-09
Last Updated: 2005-09-09 21:46:24 UTC
by Pedro Bueno (Version: 3)
0 comment(s)
Microsoft withdrew the earlier announced patch for next week. So next Tuesday will not be patch
day. The bulletin was supposed to be critical, but will not be released due to problems late into the
QA cycle.

We will still have our webcast next Wednesday.


Keywords:
0 comment(s)

AT&T Network Outage

Published: 2005-09-09
Last Updated: 2005-09-09 20:49:18 UTC
by Johannes Ullrich (Version: 5)
0 comment(s)
Update: The AT&T network is back to normal now.  It looks like the problem was an ISP (Telefonica) injecting some bogus BGP routes, that caused customers of some other ISPs to be unable to reach AT&T (and some AT&T customers to be unable to get return traffic from these ISPs).  There does not appear to have been any actual problem on the AT&T network.

"On Sept 9th, AT&T customers experienced an inability to reach certain Internet sites. Initial investigation indicated packet loss to the AT&T DNS resolvers. Further investigation by the AT&T Common Backbone Engineers determined the issue to be an erroneous advertisement of the AT&T 12.0.0.0/8 block by another Internet Service Provider (ISP). Once the advertisement was withdrawn, correct routing information was propagated through our peers' networks." - AT&T Email to Customers

According to notes from users, and Keynote, AT&T is currently experiencing outages across its network. We do not have any details right now. This outage may affect the latency or reachability for a large number of sites.

AT&T's own network status page shows no problems.




Keywords:
0 comment(s)
Diary Archives