Updated: Security bulletins from Sun, more Dameware
2 Sun security bulletins
Yesterday, Sun released several security bulletins, we'd like to mention 2 of them here today. The first involves the possibility of a local user being able to gain additional privileges through the loading of arbitrary kernel modules. Sun has released kernel patches for Sun OS 5.7, 5.8, and 5.9 (aka Solaris 7, Solaris 8, and Solaris 9) to address the situation. The second bulletin we'd like to mention addresses a buffer overflow leading to possible remote denial of service or unauthorized root acces against 5.9 (Solaris 9) systems running in.iked (IKE stands for Internet Key Exchange). This vulnerability is apparently in ASN.1 parsing code that Sun uses from SSH, Inc. ASN.1 vulnerabilities were the subject of Cert Advisory CA-2003-26.
You can see the bulletins here:
http://sunsolve.sun.com/private-cgi/retrieve.pl?doc=salert%2F57479&zone_32=category%3Asecurity
http://sunsolve.sun.com/private-cgi/retrieve.pl?doc=salert%2F57472&zone_32=category%3Asecurity
Continuing Dameware traffic
We continue to see a great deal of traffic on port 6129 including new reports of systems being exploited running versions of Dameware that were not supposed to be vulnerable to the previously reported problems. We'll continue to monitor the situation.
Other ports on the rise
We are seeing increases in apparent DNS attacks, and in port 901 and port 2234 traffic. If you have any packet captures of any of this traffic, we would be very interested in taking a look at it, send it to us at
http://isc.sans.org/contact.html
FDIC phishing scam
Finally, a report late today of another phishing scam, this one telling people that the Department of Homeland Security has instructed the FDIC to deny federal deposit insurance due to suspected violations of the USA PATRIOT Act. FDIC (the agency that insures bank accounts in the US), has posted a response. http://www.fdic.gov/news/news/SpecialAlert/2004/sa0504.html
--Jim Clausing
Yesterday, Sun released several security bulletins, we'd like to mention 2 of them here today. The first involves the possibility of a local user being able to gain additional privileges through the loading of arbitrary kernel modules. Sun has released kernel patches for Sun OS 5.7, 5.8, and 5.9 (aka Solaris 7, Solaris 8, and Solaris 9) to address the situation. The second bulletin we'd like to mention addresses a buffer overflow leading to possible remote denial of service or unauthorized root acces against 5.9 (Solaris 9) systems running in.iked (IKE stands for Internet Key Exchange). This vulnerability is apparently in ASN.1 parsing code that Sun uses from SSH, Inc. ASN.1 vulnerabilities were the subject of Cert Advisory CA-2003-26.
You can see the bulletins here:
http://sunsolve.sun.com/private-cgi/retrieve.pl?doc=salert%2F57479&zone_32=category%3Asecurity
http://sunsolve.sun.com/private-cgi/retrieve.pl?doc=salert%2F57472&zone_32=category%3Asecurity
Continuing Dameware traffic
We continue to see a great deal of traffic on port 6129 including new reports of systems being exploited running versions of Dameware that were not supposed to be vulnerable to the previously reported problems. We'll continue to monitor the situation.
Other ports on the rise
We are seeing increases in apparent DNS attacks, and in port 901 and port 2234 traffic. If you have any packet captures of any of this traffic, we would be very interested in taking a look at it, send it to us at
http://isc.sans.org/contact.html
FDIC phishing scam
Finally, a report late today of another phishing scam, this one telling people that the Department of Homeland Security has instructed the FDIC to deny federal deposit insurance due to suspected violations of the USA PATRIOT Act. FDIC (the agency that insures bank accounts in the US), has posted a response. http://www.fdic.gov/news/news/SpecialAlert/2004/sa0504.html
--Jim Clausing
Keywords:
0 comment(s)
My next class:
LINUX Incident Response and Threat Hunting | Online | US Eastern | Jan 29th - Feb 3rd 2025 |
×
Diary Archives
Comments