Libpng and putty vulnerabilities announced today
Libpng Vulnerability:
Proof of concept code for a buffer overflow of libpng was released today. A patched version is available (libpng version 1.2.6rc1)
US CERT announcement: http://www.uscert.gov/cas/techalerts/TA04-217A.html
In other vulnerability news: putty v.54 and below
Details available at the author?s website: http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
CORE's analysis:
http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10
The latest version, 0.55 is available at: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
UPDATE:
WinSCP, which uses code from PuTTY, has also been updated in response to the above vulnerability.
http://winscp.sourceforge.net/eng/
Mydoom.p snort signatures are available at bleedingsnort.
http://www.bleedingsnort.com/cgi-bin/viewcvs.cgi/Stable/WORM_MyDoom.P?rev=1.1&content-type=text/vnd.viewcvs-markup
Remember that oinkmaster can update your snort rules daily from bleedingsnort.com! I use this on the honeynet at home and the test snort server at work.
On individual response to phishing emails:
Phishing incidents are on the rise. The handlers are receiving more and more reports of suspicious emails. My recommended response procedure is as follows:
i) report the email to the impersonated company?s abuse address (typically this is abuse@victimdomain.) Include a copy of the email and the full delivery headers. Their teams will use this information to determine the source of the email, and the location of the collection server.
ii) report the incident to antiphishing.org. They are scientifically tracking these incidents and organizing responses.
SSH Brute force reporting update:
Reports of SSH scans with simple username/password combinations continue to come in. We are currently looking for the tool/malicious code that is performing these scans.
Kevin Liston,
Handler on Duty,
kliston AT greenman-consulting DOT com
Proof of concept code for a buffer overflow of libpng was released today. A patched version is available (libpng version 1.2.6rc1)
US CERT announcement: http://www.uscert.gov/cas/techalerts/TA04-217A.html
In other vulnerability news: putty v.54 and below
Details available at the author?s website: http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
CORE's analysis:
http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10
The latest version, 0.55 is available at: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
UPDATE:
WinSCP, which uses code from PuTTY, has also been updated in response to the above vulnerability.
http://winscp.sourceforge.net/eng/
Mydoom.p snort signatures are available at bleedingsnort.
http://www.bleedingsnort.com/cgi-bin/viewcvs.cgi/Stable/WORM_MyDoom.P?rev=1.1&content-type=text/vnd.viewcvs-markup
Remember that oinkmaster can update your snort rules daily from bleedingsnort.com! I use this on the honeynet at home and the test snort server at work.
On individual response to phishing emails:
Phishing incidents are on the rise. The handlers are receiving more and more reports of suspicious emails. My recommended response procedure is as follows:
i) report the email to the impersonated company?s abuse address (typically this is abuse@victimdomain.) Include a copy of the email and the full delivery headers. Their teams will use this information to determine the source of the email, and the location of the collection server.
ii) report the incident to antiphishing.org. They are scientifically tracking these incidents and organizing responses.
SSH Brute force reporting update:
Reports of SSH scans with simple username/password combinations continue to come in. We are currently looking for the tool/malicious code that is performing these scans.
Kevin Liston,
Handler on Duty,
kliston AT greenman-consulting DOT com
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments