Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - New Sasser Worm FTP exploit and Java DOS InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Sasser Worm FTP exploit and Java DOS

Published: 2004-05-10
Last Updated: 2004-05-11 14:53:42 UTC
by Dan Goldberg (Version: 1)
0 comment(s)
We received a submission of an exploit for Sasser's FTP server. It
appears to be a buffer overflow targeting port 5554 by default. If successful it will spawn a shell. The published exploit code lists the shell listening on port 5300. We are seeing code in the wild using port 53 for the shell.

Sun announced a DOS vulnerability in the JRE today on May 6 which may allow a remote unprivileged user to cause the Java Virtual Machine to become unresponsive

The announcement: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57555

SDK and JRE releases are available at: http://java.sun.com/j2se/

SDK and JRE 1.4.2_03 or earlier 1.4.2 releases are affected.

Dan Goldberg Dan at MADJiC dot net
Keywords:
0 comment(s)
Diary Archives