|
Possible Qmail vulnerability
In a earlier post at FD list, a security advisory by George Guniski explains about a possible Qmail vulnerability. According the advisory, there are two main problems: "a) It is possible to crash qmail-smtpd 1.03 from remote with a long SMTP session. The crash is not global, it affects only the current SMTP session. b) If gdb is to be believed, it is possible to overwrite memory in qmail-smtpd 1.03 from remote with a long SMTP session." An exploit was also posted. Although there is no real evidence of the effectiveness of this exploit, users are advised to keep the qmail version up-to-date. Qmail website doesnt show any new version, and a discussion about this bug in the Qmail mailing list doenst show any conclusion yet. References: http://www.guninski.com/qmailcrash.html http://www.qmail.org KDE Vulnerability KDE released an Security Advisory about a potential vulnerability in its kdepim application. Kdepim versions distributed in KDE 3.1.0 through 3.1.4 are vulnerable to a buffer overflow attack. According the Security Advisory, the CVE has assigned the name CAN-2003-0988 to this issue. The impact of this vulnerability is that local attackers can execute commands with the victim's privileges. If information reading is allowed to remote users (not the default), remote attackers can also take advantage of this vulnerability. Users are advised to upgrade to KDE 3.1.5. A patch is also available for KDE 3.1.4 users. Reference: http://www.kde.org/info/security/advisory-20040114-1.txt PHPDig Vulnerability PHPDig is a search/spider engine written in PHP. Kernelpanik.org released a security advisory about a remote execution vulnerability in PHPDig 1.6.x . The workarounds, according the advisory are the usage of .htaccess in ./include, PHP globals off (which is default in PHP > 4.2) and an unofficial patch for config.php available in http://www.kernelpanik.org . Users are advised to take extreme care with all patches that are not offically released by the Vendor. Reference: http://www.kernelpanik.org Personal Firewall Day An advisory published in various security mailing lists, about January 15 to be the Personal Firewall Day. A website was also created for the purpose of educating users to make use of personal firewalls. Reference: http://www.personalfirewallday.org/ New SoBig wave? Some users are describing some new SoBig wave. A quick look at Postini and TrendMicro's tracking sites show that SoBig maybe coming back. Yesterday Postini had it as #8 and Trend had it as #10. Today Postini has it as #6 and Trend has it as #2 worldwide and #1 for North America. References: http://www.trendmicro.com/map/ http://www.postini.com/stats/ Yesterday (15/01) they both reported around 1,000 today Trend has it at over 10000 and Postini is over 7000. If you are observing these, please contact us. Thanks to Deb Hale for the reference numbers. ------------------------------------- Handler on duty: Pedro Bueno |
Pedro 155 Posts ISC Handler Jan 16th 2004 |
| Thread locked Subscribe |
Jan 16th 2004 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
