Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Apple Java Updates for Mac OS X

Published: 2012-04-12
Last Updated: 2012-04-12 23:57:25 UTC
by Guy Bruneau (Version: 2)
0 comment(s)

This Java security update removes the most common variants of the Flashback malware. "Java for OS X Lion 2012-003 delivers Java SE 6 version 1.6.0_31 and supersedes all previous versions of Java for OS X Lion." [1] "Java for Mac OS X 10.6 Update 8 delivers Java SE 6 version 1.6.0_31 and supersedes all previous versions of Java for Mac OS X v10.6." [2]

Apple recommends that all Mac users install this update where Java is installed.

OS X Lion v10.7.3, OS X Lion Server v10.7.3
Impact: The Java browser plugin and Java Web Start are deactivated if they remain unused for 35 days

For OS X Lion systems
Download file: JavaForOSX.dmg

Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, OS X Lion Server v10.7.3
Impact: A Flashback malware removal tool will be run

For Mac OS X v10.6 systems
Download file: JavaForMacOSX10.6.dmg

Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is available via the Software Update pane in System Preferences or via the Apple web site here.

[1] http://support.apple.com/kb/HT5242
[2] http://support.apple.com/kb/HT5243
[3] http://www.apple.com/support/downloads/

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

0 comment(s)

wicd Privilege Escalation 0day Exploit

Published: 2012-04-12
Last Updated: 2012-04-12 11:24:57 UTC
by Guy Bruneau (Version: 2)
2 comment(s)

A vulnerability was found in the current Backtrack 5 R2 version of the "Wicd" ( Wireless Interface Connection Daemon) software, where several design flaws have been found culminating in privilege escalation exploit. [1]

To address this vulnerability, Wicd 1.7.2 was released to patch this vulnerability (CVE-2012-2095) as well as several other fixes have been included in this update. The list of fixes is available here and the latest tarball can be downloaded here.

Update 1: The privilege Escalation 0day exploit only affects the Wicd software and is not a Backtrack 5 R2 vulnerability.

[1] http://www.infosecinstitute.com/courses/ethical_hacking_training.html
[2] https://launchpad.net/wicd/+announcement/9888
[3] https://bugs.launchpad.net/wicd/+bug/979221
[4] https://launchpad.net/wicd/1.7/1.7.2/+download/wicd-1.7.2.tar.gz

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: Backtrack 5 R2 wicd
2 comment(s)
ISC StormCast for Thursday, April 12th 2012 http://isc.sans.edu/podcastdetail.html?id=2461

HP ProCurve 5400 zl Switch, Flash Cards Infected with Malware

Published: 2012-04-12
Last Updated: 2012-04-12 01:00:15 UTC
by Guy Bruneau (Version: 1)
1 comment(s)

HP ProCurve 5400 zl Switch, Flash Cards Infected with Malware

HP has released a security bulletin (CVE-2012-0133) indicating that a "[...] vulnerability has been identified with certain HP ProCurve 5400 zl switches containing compact flash cards which may be infected with a virus. Reuse of an infected compact flash card in a personal computer could result in a compromise of that system's integrity." [1]

A list of of HP 5400 zl series switch purchased after April 30, 2011 with their serial numbers as well as a resolution is posted here.

[1] http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03249176

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

1 comment(s)
Diary Archives