Updated: Security bulletins from Sun, more Dameware

Published: 2004-01-23
Last Updated: 2004-01-24 00:28:48 UTC
by Jim Clausing (Version: 1)
0 comment(s)
2 Sun security bulletins


Yesterday, Sun released several security bulletins, we'd like to mention 2 of them here today. The first involves the possibility of a local user being able to gain additional privileges through the loading of arbitrary kernel modules. Sun has released kernel patches for Sun OS 5.7, 5.8, and 5.9 (aka Solaris 7, Solaris 8, and Solaris 9) to address the situation. The second bulletin we'd like to mention addresses a buffer overflow leading to possible remote denial of service or unauthorized root acces against 5.9 (Solaris 9) systems running in.iked (IKE stands for Internet Key Exchange). This vulnerability is apparently in ASN.1 parsing code that Sun uses from SSH, Inc. ASN.1 vulnerabilities were the subject of Cert Advisory CA-2003-26.


You can see the bulletins here:

http://sunsolve.sun.com/private-cgi/retrieve.pl?doc=salert%2F57479&zone_32=category%3Asecurity


http://sunsolve.sun.com/private-cgi/retrieve.pl?doc=salert%2F57472&zone_32=category%3Asecurity



Continuing Dameware traffic

We continue to see a great deal of traffic on port 6129 including new reports of systems being exploited running versions of Dameware that were not supposed to be vulnerable to the previously reported problems. We'll continue to monitor the situation.



Other ports on the rise

We are seeing increases in apparent DNS attacks, and in port 901 and port 2234 traffic. If you have any packet captures of any of this traffic, we would be very interested in taking a look at it, send it to us at
http://isc.sans.org/contact.html



FDIC phishing scam

Finally, a report late today of another phishing scam, this one telling people that the Department of Homeland Security has instructed the FDIC to deny federal deposit insurance due to suspected violations of the USA PATRIOT Act. FDIC (the agency that insures bank accounts in the US), has posted a response. http://www.fdic.gov/news/news/SpecialAlert/2004/sa0504.html



--Jim Clausing
Keywords:
0 comment(s)

Comments


Diary Archives