Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-04-30 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Bind Version 9.4.1 is out

Published: 2007-04-30
Last Updated: 2007-05-01 12:54:08 UTC
by Joel Esler (Version: 3)
0 comment(s)
Bind 9.4.1 is out, fixing a vulnerability in 9.4.0.

If you are running BIND 9.4.0, you should upgrade as soon as possible to BIND 9.4.1

BIND 9.4.1 can be downloaded from:
ftp://ftp.isc.org/isc/bind9/9.4.1/bind-9.4.1.tar.gz

A binary installer for Windows is still being worked on.  It will be made available as soon as it's ready.

Happy updating!

Joel Esler
http://handlers.sans.org/jesler

Update:  Thanks to the individuals that wrote in telling me of my fat fingered version numbers.  Awesome!

UPDATE: A compiled Windows (2000/2003/xp) versions are now avalable from isc.org
Keywords:
0 comment(s)

Verizon having network issues in the midwest

Published: 2007-04-30
Last Updated: 2007-05-01 03:29:24 UTC
by Joel Esler (Version: 2)
0 comment(s)
We've received a report from a reader letting us know that Verizon has had a fiber cut that is affecting most of the Northern Indiana area.  Reportedly isolated somewhere between Fort Wayne, Indiana and Chicago, IL. 

The current estimate is 4-5 hours. 

Please do not be alarmed if your connectivity to sites is affected, this is why.  The Internet is not melting.  (Well, today at least)

Joel Esler
http://handlers.sans.org/jesler

Updated:  While no official statement from Verizon has been made, we have had reports that the sites that this outage was affecting are back up.  We're guessing that Verizon has the problem fixed.
Keywords:
0 comment(s)

Buffer Overflows In Adobe Products

Published: 2007-04-30
Last Updated: 2007-04-30 23:29:02 UTC
by Joel Esler (Version: 2)
0 comment(s)
Seems as if there are a couple Buffer Overflows in multiple Adobe products.  According to the vulnerability postings the following products are affected:

The PNG exploit affects:
 -Photoshop CS2                                                         
-Photoshop CS3
-Photoshop Elements 5.0
-Corel Paint Shop Pro 11.20

And the Bitmap exploit affects:

 -Photoshop CS2                                                         
-Photoshop CS3
The solutions for these exploits, basically, is not to open untrusted .png, or .bmp, .dib, and .rle files, respectively.   The possibility for remote shells and command execution do exist.   So be cautious.  I am sure there will be more to come.

Joel Esler
http://handlers.sans.org/jesler


Keywords:
0 comment(s)

Trillian Update

Published: 2007-04-30
Last Updated: 2007-04-30 23:16:06 UTC
by Joel Esler (Version: 2)
0 comment(s)
I know of a few friends (and a sister) that use Trillian.  This article is for you. 
--Also, a big hello to the guys (and girls) at Verisign that know me, you know who you are--

The guys over at iDefense have discovered a vulnerability in Trillian, and is described as:

"Remote exploitation of multiple vulnerabilities in the Internet Relay Chat (IRC) module of Cerulean Studios' Trillian could allow for the interception of private conversations or execution of code as the currently logged on user.

When handling long CTCP PING messages containing UTF-8 characters, it is possible to cause the Trillian IRC client to return a malformed response to the server. This malformed response is truncated and is missing the terminating newline character. This could allow the next line sent to the server to be improperly sent to an attacker.

When a user highlights a URL in an IRC message window Trillian copies the data to an internal buffer. If the URL contains a long string of UTF-8 characters, it is possible to overflow a heap based buffer corrupting memory in a way that could allow for code execution.

A heap overflow can be triggered remotely when the Trillian IRC module receives a message that contains a font face HTML tag with the face attribute set to a long UTF-8 string." -- iDefense's website.

If you are running <=3.1 of Trillian, time to upgrade to 3.1.5.0.

Joel Esler
http://handlers.sans.org/jesler
Keywords:
0 comment(s)
Diary Archives