Libpng and putty vulnerabilities announced today
Libpng Vulnerability:
Proof of concept code for a buffer overflow of libpng was released today. A patched version is available (libpng version 1.2.6rc1)
US CERT announcement: http://www.uscert.gov/cas/techalerts/TA04-217A.html
In other vulnerability news: putty v.54 and below
Details available at the author?s website: http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
CORE's analysis:
http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10
The latest version, 0.55 is available at: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
UPDATE:
WinSCP, which uses code from PuTTY, has also been updated in response to the above vulnerability.
http://winscp.sourceforge.net/eng/
Mydoom.p snort signatures are available at bleedingsnort.
http://www.bleedingsnort.com/cgi-bin/viewcvs.cgi/Stable/WORM_MyDoom.P?rev=1.1&content-type=text/vnd.viewcvs-markup
Remember that oinkmaster can update your snort rules daily from bleedingsnort.com! I use this on the honeynet at home and the test snort server at work.
On individual response to phishing emails:
Phishing incidents are on the rise. The handlers are receiving more and more reports of suspicious emails. My recommended response procedure is as follows:
i) report the email to the impersonated company?s abuse address (typically this is abuse@victimdomain.) Include a copy of the email and the full delivery headers. Their teams will use this information to determine the source of the email, and the location of the collection server.
ii) report the incident to antiphishing.org. They are scientifically tracking these incidents and organizing responses.
SSH Brute force reporting update:
Reports of SSH scans with simple username/password combinations continue to come in. We are currently looking for the tool/malicious code that is performing these scans.
Kevin Liston,
Handler on Duty,
kliston AT greenman-consulting DOT com
Proof of concept code for a buffer overflow of libpng was released today. A patched version is available (libpng version 1.2.6rc1)
US CERT announcement: http://www.uscert.gov/cas/techalerts/TA04-217A.html
In other vulnerability news: putty v.54 and below
Details available at the author?s website: http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
CORE's analysis:
http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10
The latest version, 0.55 is available at: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
UPDATE:
WinSCP, which uses code from PuTTY, has also been updated in response to the above vulnerability.
http://winscp.sourceforge.net/eng/
Mydoom.p snort signatures are available at bleedingsnort.
http://www.bleedingsnort.com/cgi-bin/viewcvs.cgi/Stable/WORM_MyDoom.P?rev=1.1&content-type=text/vnd.viewcvs-markup
Remember that oinkmaster can update your snort rules daily from bleedingsnort.com! I use this on the honeynet at home and the test snort server at work.
On individual response to phishing emails:
Phishing incidents are on the rise. The handlers are receiving more and more reports of suspicious emails. My recommended response procedure is as follows:
i) report the email to the impersonated company?s abuse address (typically this is abuse@victimdomain.) Include a copy of the email and the full delivery headers. Their teams will use this information to determine the source of the email, and the location of the collection server.
ii) report the incident to antiphishing.org. They are scientifically tracking these incidents and organizing responses.
SSH Brute force reporting update:
Reports of SSH scans with simple username/password combinations continue to come in. We are currently looking for the tool/malicious code that is performing these scans.
Kevin Liston,
Handler on Duty,
kliston AT greenman-consulting DOT com
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago