KDE kjs encodeuri/decodeuri heap overflow vulnerability
There is a vulnerability in KDE kjs JavaScript interpreter engine which can be exploited to cause a DoS or arbitrary code to be executed on a vulnerable system.
The JavaScript interpreter engine used by Konqueror and other parts of KDE contain a heap overflow which can be triggered when decoding specially crafted UTF-8 encoded URI sequences. Vulnerable system can be compromised by malicious javascript code (e.g. on a malicious website) using affected JavaScript interpreter engine.
Details can be found at:
http://secunia.com/advisories/18500/
http://www.kde.org/info/security/advisory-20060119-1.txt
The JavaScript interpreter engine used by Konqueror and other parts of KDE contain a heap overflow which can be triggered when decoding specially crafted UTF-8 encoded URI sequences. Vulnerable system can be compromised by malicious javascript code (e.g. on a malicious website) using affected JavaScript interpreter engine.
Details can be found at:
http://secunia.com/advisories/18500/
http://www.kde.org/info/security/advisory-20060119-1.txt
Keywords:
0 comment(s)
Shellbot
We received a submission from our reader James reporting on a compromised system. It is likely exploited through the vulnerable mambo installed.
The system being compromised will attempt to download tool and a perl script from:
http://www.fullcrew.net/cmd/tool25.dat
http://shikoe.net/multi.txt
http://shikoe.net/ok.txt
The multi.txt and ok.txt are the same perl script that will perform various tasks such as TCP/UDP/HTTP flood, port scan and will also use Google to search for vulnerable targets. This is very similar to what is seen on:
http://www.webhostingtalk.com/archive/thread/478039-1.html
It will also attempt to connect to an IRC server (shell.durresi.be) over port 34345. The interesting part of the domain durresi.be is:
* The domain is just registered on 20 Jan 06.
* Some of the registration information is suspicious and fake. It is a .be domain but registered using a .it email address, a UK snail mail address and a fake US telephone number.
How interesting. If you are running mambo application, make sure it is running the latest version.
Thanks to Patrick Nolan, Marc Sachs and Swa Frantzen for the information.
The system being compromised will attempt to download tool and a perl script from:
http://www.fullcrew.net/cmd/tool25.dat
http://shikoe.net/multi.txt
http://shikoe.net/ok.txt
The multi.txt and ok.txt are the same perl script that will perform various tasks such as TCP/UDP/HTTP flood, port scan and will also use Google to search for vulnerable targets. This is very similar to what is seen on:
http://www.webhostingtalk.com/archive/thread/478039-1.html
It will also attempt to connect to an IRC server (shell.durresi.be) over port 34345. The interesting part of the domain durresi.be is:
* The domain is just registered on 20 Jan 06.
* Some of the registration information is suspicious and fake. It is a .be domain but registered using a .it email address, a UK snail mail address and a fake US telephone number.
How interesting. If you are running mambo application, make sure it is running the latest version.
Thanks to Patrick Nolan, Marc Sachs and Swa Frantzen for the information.
Keywords:
0 comment(s)
×
Diary Archives
Comments