Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-05-14 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Samba release fixes three important vulnerabilities

Published: 2007-05-14
Last Updated: 2007-05-15 06:58:35 UTC
by Maarten Van Horenbeeck (Version: 1)
0 comment(s)

The Samba project has just released version 3.0.25 of their SMB/CIFS server software. As this is widely used to serve printer and filesystem access from Unix servers to networks with Windows clients, we suggest reviewing whether you may need to upgrade.

CVE-2007-2446 is a remote code execution vulnerability through multiple heap overflows. It applies to versions 3.0.0 through 3.0.25rc3.

CVE-2007-2444 can allow a user to temporary escalate his privileges to root. It applies to versions 3.0.23d through 3.0.25pre2.

CVE-2007-2447 allows for remote code execution through unescaped input parameters to /bin/sh. A workaround consists of removing all external script invocations from the SMB configuration file. It applies to versions 3.0.0 through 3.0.25rc3.

Keywords:
0 comment(s)

Information security awareness videos

Published: 2007-05-14
Last Updated: 2007-05-14 13:09:51 UTC
by Maarten Van Horenbeeck (Version: 1)
0 comment(s)

What would happen if you gave a number of talented and motivated students an information security awareness message, and got them to spread the word.

This is exactly what the Research Channel did, together with EDUCAUSE and the National Cyber Security Alliance. They gave away cash prizes to university students that created videos on basic but important information security awareness messages. Who would be in a better position to bring the message of INFOSEC across to their fellow students?

The winners were announced last week, and can be viewed here. Enjoy!

Keywords:
0 comment(s)

Interesting German pump-and-dump spam

Published: 2007-05-14
Last Updated: 2007-05-14 07:39:59 UTC
by Maarten Van Horenbeeck (Version: 1)
0 comment(s)

If you have a European e-mail address, you may have received some interesting pump and dump spam over the last few days, related to a stock on the Frankfurt stock Exchange. So far these messages have been mildly succesful: while the stock value hasn't changed dramatically, there has been very high trade volume, indicating potential high profit from even the slightest change. It seems that after a recent SEC operation, foreign stock exchanges are now preferred.

These new pump-and-dump spam messages do not carry random text as content, but consist of copies of complete text found online. So far, content of these messages has been reported in English, German, Dutch and Esperanto. They are parts of newsgroup messages, books that are published online and even software manuals.

The actual message has always been in German and did not only appear at the top of the message, but also at the bottom. In combination with the valid and unique text (appears to be crafted for each mail separately), this makes it quite difficult to detect the messages through spam filtering.

As listed in a previous diary entry, Bafin is the German authority responsible for investigating price manipulation.

Keywords:
0 comment(s)
Diary Archives