Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-05-04 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New PHP releases

Published: 2007-05-04
Last Updated: 2007-05-04 20:17:42 UTC
by Jim Clausing (Version: 1)
0 comment(s)
Fellow handler, Swa, points out that new versions of PHP 4 (4.4.7) and PHP 5 (5.2.2) have been released which address many of the issues identified during the month of PHP bugs.  You'll probably want to consider updating as soon as practical.

References:
http://www.php.net/releases/4_4_7.php
http://www.php.net/releases/5_2_2.php
Keywords:
0 comment(s)

Pidgin 2.0 (previously gaim) released, victim of its own success?

Published: 2007-05-04
Last Updated: 2007-05-04 19:41:05 UTC
by Jim Clausing (Version: 2)
0 comment(s)
Yesterday was the official release of pidgin 2.0 (used to be called gaim, an IM client that can speak AIM, ICQ, IRC, Yahoo! Messenger, MSN, jabber, etc.).  Today, its website (http://pidgin.im) seems to be unreachable (I was trying to figure out how to send a comment on a feature I like from gaim 2.0.0b6 that is missing in the pidgin release).  Is this a result of its success or a hosting issue or DoS?  I have no idea, I haven't heard back from anyone yet.

Update:  (2007-05-04 19:40UTC) The consensus seems to be that they are a victim of their own success in the form of being slashdotted, so I'll go with that until/unless I hear something different from them officially.
Keywords:
0 comment(s)

Cisco PIX/ASA DHCP relay agent vulnerability

Published: 2007-05-04
Last Updated: 2007-05-04 18:36:05 UTC
by Jim Clausing (Version: 1)
0 comment(s)
For those who didn't notice it.  On Wed, Cisco posted a bulletin about a potential memory exhaustion (denial of service) vulnerability with PIX and ASA (but not FWSM) devices running software version 7.2 configured as DHCP relays.  Updating to 7.2(2.15)  fixes the issue.

References:
http://www.kb.cert.org/vuls/id/530057
http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2461
Keywords:
0 comment(s)

Packet tools

Published: 2007-05-04
Last Updated: 2007-05-04 17:11:14 UTC
by Jim Clausing (Version: 1)
0 comment(s)
There are times in my work, both here for the Internet Storm Center and at the day job, when I need to either capture, generate, or replay IP (generally IPv4, but more and more IPv6) packets.  Over the years, I've found a number of tools to assist in the process.  I just discovered a new (to me) one (scapy, it has apparently been around for a year or two, but I just started playing with it in the last week), so I figured I'd ask our readers for suggestions.  What are your favorites?  Post your suggestions to the contact page and I'll summarize next week.  No need to mention the ones listed below.

* nmap
* ethereal/wireshark
* tcpdump
* hping2
* p0f
* snort
* tcpreplay
* tcptraceroute
* ngrep
Keywords:
0 comment(s)
Diary Archives