Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-09-16 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Multiple vulnerabilities fixed in Firefox, Thunderbird and Seamonkey

Published: 2006-09-16
Last Updated: 2006-09-18 19:54:33 UTC
by Patrick Nolan (Version: 1)
0 comment(s)
Mozilla has issued updated versions of  Firefox, Thunderbird and Seamonkey with fixes for multiple vulnerabilities. Descriptions of the vulnerabilities that were addressed with this update can be read at;
Firefox 1.5.0.7 Release notes
Thunderbird 1.5.0.7 Release notes
SeaMonkey 1.0.5 Release notes

Downloads for these updated Mozilla products are at Firefox Thunderbird and SeaMonkey

Keywords:
0 comment(s)

Citrix Access Gateway Advanced Access Control remote and local vulnerability reported

Published: 2006-09-16
Last Updated: 2006-09-17 12:21:40 UTC
by Patrick Nolan (Version: 1)
0 comment(s)
FrSIRT is reporting a serious remotely and locally exploitable vulnerability, Citrix Access Gateway Advanced Access Control LDAP Authentication Bypass, "which could be exploited by attackers to gain unauthorized access to a vulnerable application without supplying valid credentials.". At this time FrSIRT's links to Citrix are dead and I can't find any related information at Citrix.
UPDATE We were notified by Jerry that the FrSIRT links were working as of Saturday evening, September 16. Thanks Jerry.

Keywords:
0 comment(s)

Update/Fix for MS06-049

Published: 2006-09-16
Last Updated: 2006-09-16 15:50:46 UTC
by Tony Carothers (Version: 1)
0 comment(s)
Microsoft has re-released a bulletin, or rather published an update to an existing bulletin, which originally only had a risk of privilege elevation.  The latest revision of Knowledge Base article 920958 outlines problems that *may* occur with the installation of MS06-049.  According to MS "After you install security update 920958 (MS06-049) on a computer that is using NTFS file system compression, compressed files that are larger than 4 kilobytes may be corrupted when you create or update the files."  We here at ISC now have confirmation of the problem with a reader submitting that yes, indeed, it does exist.  MS has also published a fix for this in KB 925308 in case "you are severely affected".  IMHO you're either affected or you're not and would want to take steps accordingly.
Keywords:
0 comment(s)

Haxdoor Incident Details at Honeyblog.Org

Published: 2006-09-16
Last Updated: 2006-09-16 12:54:40 UTC
by Patrick Nolan (Version: 1)
0 comment(s)
The folks at Honeyblog.Org have an great write up on a malware incident involving Haxdoor, see On the Economics of Botnets - Part 2. "In total, more than 39,000 different IP addresses fell victim of this particular Haxdoor infection.".
Keywords:
0 comment(s)
Diary Archives