Multiple vulnerabilities fixed in Firefox, Thunderbird and Seamonkey

Published: 2006-09-16
Last Updated: 2006-09-18 19:54:33 UTC
by Patrick Nolan (Version: 1)
0 comment(s)
Mozilla has issued updated versions of  Firefox, Thunderbird and Seamonkey with fixes for multiple vulnerabilities. Descriptions of the vulnerabilities that were addressed with this update can be read at;
Firefox 1.5.0.7 Release notes
Thunderbird 1.5.0.7 Release notes
SeaMonkey 1.0.5 Release notes

Downloads for these updated Mozilla products are at Firefox Thunderbird and SeaMonkey

Keywords:
0 comment(s)

Citrix Access Gateway Advanced Access Control remote and local vulnerability reported

Published: 2006-09-16
Last Updated: 2006-09-17 12:21:40 UTC
by Patrick Nolan (Version: 1)
0 comment(s)
FrSIRT is reporting a serious remotely and locally exploitable vulnerability, Citrix Access Gateway Advanced Access Control LDAP Authentication Bypass, "which could be exploited by attackers to gain unauthorized access to a vulnerable application without supplying valid credentials.". At this time FrSIRT's links to Citrix are dead and I can't find any related information at Citrix.
UPDATE We were notified by Jerry that the FrSIRT links were working as of Saturday evening, September 16. Thanks Jerry.

Keywords:
0 comment(s)

Update/Fix for MS06-049

Published: 2006-09-16
Last Updated: 2006-09-16 15:50:46 UTC
by Tony Carothers (Version: 1)
0 comment(s)
Microsoft has re-released a bulletin, or rather published an update to an existing bulletin, which originally only had a risk of privilege elevation.  The latest revision of Knowledge Base article 920958 outlines problems that *may* occur with the installation of MS06-049.  According to MS "After you install security update 920958 (MS06-049) on a computer that is using NTFS file system compression, compressed files that are larger than 4 kilobytes may be corrupted when you create or update the files."  We here at ISC now have confirmation of the problem with a reader submitting that yes, indeed, it does exist.  MS has also published a fix for this in KB 925308 in case "you are severely affected".  IMHO you're either affected or you're not and would want to take steps accordingly.
Keywords:
0 comment(s)

Haxdoor Incident Details at Honeyblog.Org

Published: 2006-09-16
Last Updated: 2006-09-16 12:54:40 UTC
by Patrick Nolan (Version: 1)
0 comment(s)
The folks at Honeyblog.Org have an great write up on a malware incident involving Haxdoor, see On the Economics of Botnets - Part 2. "In total, more than 39,000 different IP addresses fell victim of this particular Haxdoor infection.".
Keywords:
0 comment(s)

Comments

cwqwqwq
eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>
WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]
dwqqqwqwq mashood
[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)
[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]
What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/

Diary Archives