Threat Level: green Handler on Duty: Didier Stevens

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Sendmail vuln

Published: 2006-03-23
Last Updated: 2006-03-24 19:22:24 UTC
by Adrien de Beaupre (Version: 2)
0 comment(s)
Update:  The best writeup that we've found for this is http://xforce.iss.net/xforce/alerts/id/216.  Also, Sun has has released a bulletin here, but they claim that Solaris 8 is unaffected (currently that platform is running sendmail 8.11.7).  From reading the other advisories, I believe that this information may be incorrect and the Solaris 8 may be affected since the vulnerability applies to all versions prior to 8.13.6.  --Jim Clausing

Update 2: 2006-03-24 19:21 UTC - Sun has updated the advisory and will be providing patches for Solaris 8 as well.  Thank you, Sun.  --JAC


Sendmail has released an advisory related to a vulnerability in all versions of sendmail 8 previous to 8.13.6 of this popular MTA.  The advisory includes the commercial versions of products using sendmail.

http://www.sendmail.com/company/advisory/
and it has CVE entry CVE-2006-0058

Impact: the attacker could run arbitrary commands.

Mitigation: upgrade to 8.13.6, apply the patch, or setting the RunAsUser option in the configuration file.
This one looks bad.

Sendmail.org

Secunia

Update: as more information becomes available this is starting to look worse.
Patch or upgrade NOW!

Cheers,
Adrien

Keywords:
0 comment(s)

New IE Vulnerability

Published: 2006-03-22
Last Updated: 2006-03-22 19:30:08 UTC
by Lorna Hutcheson (Version: 1)
0 comment(s)
There is a new exploit for Internet Explorer that was released by Secunia today.  The exploit allows for arbitrary code execution.  From the Secunia advisory

"The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap."

In simpler terms, its a heap overflow just waiting to happen.  I doubt will have to wait long for exploit code to be published.  There are no security workarounds at this time. We will keep you posted if we find out any additional information.


Keywords:
0 comment(s)

Veritas pulls (some) patches for Backup Exec

Published: 2006-03-25
Last Updated: 2006-03-25 04:43:57 UTC
by Bojan Zdrnja (Version: 2)
0 comment(s)
Symantec yesterday released two new security advisories about vulnerabilities in Veritas Backup Exec.

The first vulnerability, described in SYM06-004 allows a malicious user crashing of the Backup Exec Remote Agent by sending a specially malformed packet.
This leads to a DoS attack on the service, but considering that this is typically used for backups of critical data, the severity could be pretty high (it's easy to imagine a scenario when you need business critical data that was supposed to be backed up yesterday, but it wasn't due to the Backup Exec crashing).
In normal circumstances we would say to update as soon as possible, but it looks like there are some issues with some of the patches (we got a submission from one of our readers, thanks Charles). Symantec also pulled patches for Backup Exec 10d (10.1) and 10.0 for Windows Servers - the original advisory available at http://seer.support.veritas.com/docs/282255.htm says that the hotfix has temporarily been removed and will be re-released later.

The other advisory (SYM06-005) is related to a low risk vulnerability in the Job Engine service. This vulnerability can be exploited only in certain circumstances ("full details" logging has to be enabled, and a user has to host a specially formatted file on their system). Details about this vulnerability can be found at http://seer.support.veritas.com/docs/282254.htm.

UPDATE 2006-03-25

Seems like Symantec re-released the patches. You can download them from the URLs above.





Keywords:
0 comment(s)
Diary Archives