GAIM buffer overflow, Aitel paper and more XP SP2
Gaim Unspecified MSN Protocol Buffer Overflow Vulnerabilities
Multiple Linux distributions released an update for GAIM, an instant messenger suite, to fix a buffer overflow in the MSN IM Protocol handler. While we havent seen this vulnerability being exploited in the wild, this appears to be an interesting trend for a research project.
The concept of 'honey sticks' or similar has been tossed around on mailing lists for a while. Take a vulnerable client (MS IE, or GAIM, or a vulnerable IRC client) and connect to multiple sites to see if they compromise the machine through client access. I heard of a University research project where they were taking snapshots of Windows 2000 boxes with vulnerable Internet Explorer browsers and connecting to thousands of sites polled from search engines and phishing scams. It should be quite interesting to see the fruits of these research projects.
XP Service Pack 2 continues to provide fodder for all sides (pro and con).
One one side, we feel as a whole it provides better security (personal firewall turned on by default, end of support for most named raw sockets, etc) and on the other we have heard many downsides to the ill effects
Johannes put up a page summarizing the initial experience with XP SP2. This can be found here:
Dave Aitel, from Immunitysec just published a research paper titled: "Microsoft Windows, a lower Total Cost of Ownership" located at:
Note that it is 0wnership with a Zero in the above title. The paper is sure to stir up the waters a tad.
Scanning trends continue with 445 leading the pack. There have been a number of attacks against MS-SQL resurfacing, one example from earlier this evening posted below. These are old exploits, old vulnerabilities, and machines that have been 0wn3ed for quite sometime. DBA's, patch thy systems!
[**] [1:2050:5] MS-SQL version overflow attempt [**]
[Classification: Misc activity] [Priority: 3]
08/12-21:39:30.585849 220.127.116.11:1185 -> xx.xx.xx.104:1434
UDP TTL:112 TOS:0x0 ID:18373 IpLen:20 DgmLen:404
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10674]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649]
[Xref => http://www.securityfocus.com/bid/5310]
Dont forget to check out Dshield and learn how you too can begin to submit sanitized logs and get your own report page. To find out more, visit:
Make use of the ISC data. You can run searches, view trends and gather reports from the following URL's:
< -- mike [at] intelguardians.com -- >
Handler on Duty signing off
Aug 14th 2004
1 decade ago