New MS SQL Server vulnerability
A slightly belated entry to make sure everyone is aware that last week we saw a new vulnerability announced for MS SQL Server 2000, 2005 & 2005 Express Edition by Bernhard Mueller from SEC Consult. Here is the original announcement: http://www.sec-consult.com/files/20081209_mssql-sp_replwritetovarbin_memwrite.txt
The above link does include a simple test script (not a full PoC) for the vulnerability.
There is a mitigation available - you can remove the vulnerable stored procedure - Correction below for SQL Server 2005. Microsoft hasn't provided a patch yet and hasn't provided a timeframe for delivery either.
Update: We've had a report that this works against 64bit as well as 32bit versions of SQL Server 2005 (no reports on SQL Server 2000 yet)
Also, thanks for the comments from Brian and Hacktheplanet pointing out that in SQL Server 2005 you can't remove a Stored Procedure, all you can do is deny execute permission to the public role: http://msdn.microsoft.com/en-us/library/ms164755(SQL.90).aspx
W32.Delezium/Impair.A virus being seen
We've gotten reports that the W32.Delezium (from Symantec)/Impair.A (from Sophos) virus is floating around and being a general pain in the neck. The detection from Symantec (as "W32.Delezium/inf") only catches infected files, not the virus itself.
The Symantec report is more detailed than the Sophos report, there are some contradictions between the two on how the virus is spreading. The virus is a standard file infector but will also insert a registry entry to enable it to run every startup.
From the Symantec report-
"Next, the virus searches all local, removable and network drives for files with the following extensions, which it subsequently deletes:
- .3dx
- .3gp
- .app
- .as
- .asp
- .aspx
- .avi
- .cad
- .css
- .doc
- .fla
- .frm
- .gif
- .jar
- .java
- .jpg
- .jsp
- .mdb
- .mp3
- .mpg
- .ppt
- .psd
- .rar
- .sis
- .vb
- .wmv
- .xls
- .zip
The virus then searches all removable drives for .exe files, which it then infects."
Apple Releases OSX 10.5.6/Security update 2008-008
Apple's released an update for OSX, you can now download 10.5.6 through the Software Update app.
It patches a large number of vulns, here are just the CVEs:
- CVE-2008-4236 - Apple Type Services malicious PDF font DoS
- CVE-2008-4217 - BOM CPIO archive code execution
- CVE-2008-3623 - CoreGraphics heap overflow via malicious image
- CVE-2008-3170 - CoreServices/Safari user credential disclosure
- CVE-2008-4234 - CoreTypes failure of Download Validation (no warning when you launch downloaded content)
- CVE-2008-4818 - Flash Player plug-in issues (as per previous entries earlier in the summer)
- CVE-2008-4819 - Flash Player plug-in issues
- CVE-2008-4820 - Flash Player plug-in issues
- CVE-2008-4821 - Flash Player plug-in issues
- CVE-2008-4822 - Flash Player plug-in issues
- CVE-2008-4823 - Flash Player plug-in issues
- CVE-2008-4824 - Flash Player plug-in issues
- CVE-2008-4218 - Kernel integer overflow allowing local priv escalation
- CVE-2008-4219 - Kernel - system crash when you use dynamic libraries on an NFS share
- CVE-2008-4220 - Libsystem integer overflow in the inet_net_pton API (gives code execution)
- CVE-2008-4221 - Libsystem "memory corruption" via the strptime API (gives code execution)
- CVE-2008-1391 - Libsystem - a whole pile of integer overflows in the strfmon API (gives code execution)
- CVE-2008-4237 - Managed Client doesn't apply managed screen saver settings correctly
- CVE-2008-4222 - network_cmds - DoS via custom TCP packet when Internet Sharing is enabled
- CVE-2008-4223 - Podcast Producer auth bypass allows a remote attacker access to the admin functions
- CVE-2008-4224 - UDF - a specially built ISO file can cause a system crash.
You can get the update via Software Update or from: http://www.apple.com/support/
The hashes are as follows:
For Mac OS X v10.5.5
The download file is named: "MacOSXUpd10.5.6.dmg"
Its SHA-1 digest is: 684f67524a92b4314a4bdd52498fb3
For Mac OS X v10.5 - v10.5.4
The download file is named: "MacOSXUpdCombo10.5.6.dmg"
Its SHA-1 digest is: 09de4ac2c5591ab75d51ef37dc70f9
For Mac OS X Server v10.5.5
The download file is named: "MacOSXServerUpd10.5.6.dmg"
Its SHA-1 digest is: bd14ab94b9bcc896da1613ac761171
For Mac OS X Server v10.5 - v10.5.4
The download file is named: "MacOSXServerUpdCombo10.5.6.
Its SHA-1 digest is: e20d8d458be3ec51b0083ff823ce27
For Mac OS X v10.4.11 (Intel)
The download file is named: "SecUpd2008-008Intel.dmg"
Its SHA-1 digest is: 651e592fad1bd158a76459a81d2ebe
For Mac OS X v10.4.11 (PowerPC)
The download file is named: "SecUpd2008-008PPC.dmg"
Its SHA-1 digest is: 9bb2aa7fcc924715b6442e808fc778
For Mac OS X Server v10.4.11 (Universal)
The download file is named: "SecUpdSrvr2008-008Univ.dmg"
Its SHA-1 digest is: 21702064037150cdeb9d708304ee91
For Mac OS X Server v10.4.11 (PowerPC)
The download file is named: "SecUpdSrvr2008-008PPC.dmg"
Its SHA-1 digest is: d0e4720051ea27b8edf0ab2a124d6e
We'll be updating as we have any additional information about the update
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago