Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Libpng and putty vulnerabilities announced today - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Libpng and putty vulnerabilities announced today
Libpng Vulnerability:
Proof of concept code for a buffer overflow of libpng was released today. A patched version is available (libpng version 1.2.6rc1)

US CERT announcement:

In other vulnerability news: putty v.54 and below

Details available at the author?s website:

CORE's analysis:

The latest version, 0.55 is available at:


WinSCP, which uses code from PuTTY, has also been updated in response to the above vulnerability.

Mydoom.p snort signatures are available at bleedingsnort.

Remember that oinkmaster can update your snort rules daily from! I use this on the honeynet at home and the test snort server at work.

On individual response to phishing emails:
Phishing incidents are on the rise. The handlers are receiving more and more reports of suspicious emails. My recommended response procedure is as follows:

i) report the email to the impersonated company?s abuse address (typically this is abuse@victimdomain.) Include a copy of the email and the full delivery headers. Their teams will use this information to determine the source of the email, and the location of the collection server.

ii) report the incident to They are scientifically tracking these incidents and organizing responses.
SSH Brute force reporting update:
Reports of SSH scans with simple username/password combinations continue to come in. We are currently looking for the tool/malicious code that is performing these scans.
Kevin Liston,
Handler on Duty,
kliston AT greenman-consulting DOT com
Kevin Liston

292 Posts
ISC Handler
Aug 5th 2004

Sign Up for Free or Log In to start participating in the conversation!