It’s been a busy morning for vulnerabilities so far. We are tracking new vulnerabilities in the following applications:
Squid Proxy – a DoS problem has been identified in the ICAP implementation that could allow attackers to spike the CPU of the server, a patch is available and should be applied on your next maintenance process
Samba – A buffer overflow in Samba version 3.0.27a allows remote execution of code if the “domain logons” option is enabled, patches are available on the Samba site for the problem.
WordPress – A SQL injection has been found in the charset implementation. Dumping the database is possible and when combined with other exploits already available can allow remote compromise of the WordPress Admin password. There is a workaround, but it is very specific to each WordPress deployment, so check the WordPress site carefully for info on this issue.
We are also tracking a few new tools of interest, that might increase some of the scan and probe traffic over the next few weeks while attackers play with their new toys. They are:
HttpRecon – a tool for advanced web server fingerprinting, likely to increase web server probes as the tool is examined and included into other tools
BurpSuite – a new revision of this tool for testing websites for things like SQL injection and XSS is now available, likely to cause scans for web application problems
EchoVNC – a firewall, proxy and network access control avoidance enabled version of the VNC server has been released, this is likely to be a useful tool for attackers and bot-masters as they compromise networks
Lastly, Microsoft is releasing a large load of patches today. Amongst them are 3 remotely exploitable “critical” patches. Look for exploits and such to follow very quickly if they are not already available. Wide scale exploit distribution and inclusion into bot-net clients is likely to follow in the next few days. As always, patches should be tested and applied as soon as possible.