Sploits Du Jour: Veritas NetBackup & Ethereal. Watch Oracle and Snort!

Published: 2005-10-20
Last Updated: 2005-10-20 21:04:21 UTC
by Ed Skoudis (Version: 1)
0 comment(s)
Lots of new exploits today in the wild, so patch away, patch away, patch away all. 

In particular, patch Veritas NetBackup (more info here).  Working exploits have been released.

Also, patch Ethereal (more info here).  Again, working exploits are available.

Also, as we said the other day, don't forget to check out the crucial Oracle patches.

And, for goodness sakes, patch Snort or shut off the Back Orifice preprocessor!  A fully working exploit is likely very near.

Also, a kind reader emphasized the importance of hardening systems today, in light of this Snort vulnerability, mentioning the great Grsecurity package for Linux, as well as the importance of chroot environments.  Also, this reader requesting anonymity points out that the Stack-Smash-Protector (SSP) extensions for gcc from IBM makes it harder to exploit buffer overflows, and can be compiled into various executables.  It's essentially an update of the venerable StackGuard tool, but more carefully integrated with the compiler itself.  As we say in Jersey... "Noice".
0 comment(s)


Diary Archives