Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: All I want for christmas are my exploits.... SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
All I want for christmas are my exploits....
Not really, but it seems like that is what we are all getting.  It has definately been the trend over this past year.  There have been so many exploits, zero days, month of bugs, week of bugs etc. that its hard to keep track of all of them.  The Internet is literally crawling with them (yes, pun intended).  January is supposed to be the month of the Apple bugs.  Its going to be an interesting new year that's for sure.  So, here are some of the newer exploits that we are all getting for Christmas, whether we want them or not!

Oracle:   There are two new exploits out for Oracle.  One lets you read and write operating system files and the other is a directory traversal bug that lets you execute arbitrary commands.  With both of these, the attacker runs with the privileges of the RDBMS user.

Intel 2200BG:  (Intel 2200 driver version This vulnerability uses a malformed beacon frame that can corrupt internal kernel structures and allow for arbitrary code execution.

These are in addition to the other vulnerabilties that we have already covered.  So before you take off for the holidays, if you aren't using something or no one will need a particular service while your gone, it might be a good idea to block it or turn it off.


165 Posts
ISC Handler
Dec 22nd 2006

Sign Up for Free or Log In to start participating in the conversation!