Threat Level: green Handler on Duty: Russ McRee

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Potential Vulnerability in Flash CS3 Professional, Flash Professional 8 and Flash Basic 8?

Published: 2008-03-20
Last Updated: 2008-03-20 22:31:35 UTC
by Joel Esler (Version: 1)
0 comment(s)

Roseman sent this in for us --  Thanks.

Adobe today published a note about a potential vulnerability in Flash CS3 Professional, Flash Professional 8, and Flash Basic 8.   Adobe says they will fix this in their next update to Flash Professional. 

They were very careful to mention, however, that this does NOT affect Flash PLAYER.  So, in order to head off the barrage of emails we may receive about "does this affect the program I installed so I could watch YouTube??!".  No, this vulnerability is not for you.  Basically, for prevention, don't open any FLA programs that you are not expecting to receive.  Same advice we'd give about any file or document.

 

Joel Esler

http://www.joelesler.net

 

0 comment(s)

APPLE-SA-2008-03-19 AirPort Extreme Base Station Firmware 7.3.1

Published: 2008-03-20
Last Updated: 2008-03-20 02:16:47 UTC
by Joel Esler (Version: 1)
0 comment(s)

Fresh on the heels of yesterday's huge Apple Security Update 2008-0002, today Apple released 2008-03-19 firmware update for the current (and pre-gigabit) Airport Extreme Base Stations.

AirPort Extreme Base Station with 802.11n*
CVE-ID:  CVE-2008-1012
Available for:  AirPort Extreme Base Station with 802.11n*
Impact:  A maliciously crafted AFP request may lead to a denial of
service
Description:  An input validation issue exists in the AirPort Extreme
Base Station's handling of AFP requests, which may cause file sharing
to become unresponsive. This update addresses the issue by performing
additional validation of AFP requests. This issue does not affect
Time Capsule or AirPort Express. The fix for this issue is available
in the following separate updates:
- - AirPort Extreme with 802.11n (Fast Ethernet) 7.3.1
- - AirPort Extreme with 802.11n (Gigabit Ethernet) 7.3.1
Credit to Alex deVries for reporting this issue.

 

More info here.  (Although, I think I posted the whole thing above...)

To update to the newest firmware, open Airport Utility that is in your Utilities Folder in Applications.  (If you are using a Mac, if you are using it for Windows, well, I don't know where it's at. ;)  It should automatically check for the newest update and prompt you.  It's a two click download and update. 

 

Joel Esler

http://www.joelesler.net

Keywords: Apple security update
0 comment(s)

New coordinator for US Government Network Security

Published: 2008-03-20
Last Updated: 2008-03-20 01:21:28 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)
Brian Krebs of the Washington post broke an interesting story about plans to appoint Rod A Beckstrom as a coordinator to protect federal government networks. For details, see http://www.washingtonpost.com/wp-dyn/content/article/2008/03/19/AR2008031903125.html . Given all the stories about targeted attack and deeply penetrated networks, he will surely have his work cut out.
Keywords:
1 comment(s)
Diary Archives