If you’re running an OS X version below 10.5.3 it is time to upgrade or install security update 2008-003. This update fixes multiple issues that could result in system access, security bypass and privilege escalation, DoS, Cross Site scripting and a number of information exposure issues. The original advisory is available at: http://support.apple.com/kb/HT1897
In case you missed it last week, Snort seems to be suffering from a problem with odd TTL values, which could allow an attack to get by Snort without detection. 2.8.1 has been released and includes the fix for the issue. Users of Snort should upgrade as soon as possible or apply the following workaround [...]
Since the release of HornetPoints with the newest version of HoneyPoint Security Server, I have been getting a lot of mail asking about “defensive fuzzing”. I thought I would take a moment and talk a little bit about it and explain a bit about its uses. Defensive fuzzing is a patent-pending approach to network, system [...]
Cisco announced a vulnerability IOS version 12.4 that could cause a denial of service. The vulnerability is in the implementation of SSH. Remote exploitation is possible and will result in a DoS or a reload of the device. Devices that do not have SSH enabled are not vulnerable. Cisco has released updates to resolve this [...]
At least two injection attack vectors have been discovered in IBM’s Lotus Domino Web Servers versions 6.x, 7.x and 8.x. These can lead to a stack based buffer overflow which may allow remote code execution and Cross Site Scripting attacks that can allow the execution of arbitrary HTML and script code. We recommend that you [...]
A vulnerability has been reported in Avaya Call Management System that can be exploited to create Denial of Service. For more information see the original advisory at: http://support.avaya.com/elmodocs2/security/ASA-2008-206.htm
CA BrightStor has been found to contain several vulnerabilities. The issues identified are buffer overflows and directory traversal vulnerabilities. Both vulnerabilities exist in ARCServer Backup versions 11.0, 11.1, and 11.5. The buffer overflows exist in the xdr functions in the ARCServer server. The directory traversal could potentially also be used to execute code by writing [...]
Columbus, Ohio; May 19, 2008 – MicroSolved, Inc. is pleased to announce the general availability of HoneyPoint™ Security Server version 2.50. This latest release of their best-of-breed corporate honeypot product expands its capabilities to include new types of bleeding-edge protection in the form of HornetPoints and HoneyPoint Trojans. HornetPoints introduce a pioneering and patent-pending approach [...]
Internet Explorer has been found to be vulnerable to a cross-zone scripting when a user prints an HTML page and the browser is using its “Print Table of Links” options. The vulnerability exists because printing takes place in the local zone not the Internet zone. Any links within the page are not validated allowing for [...]
The media is all abuzz about a possible Cisco router rootkit that may be part of a presentation at a near future security conference. While various issues with Cisco gear have emerged over the years and there has been at least one really public overreaction on the part of Cisco to vulnerability disclosure talks, there [...]