Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Sploits Du Jour: Veritas NetBackup & Ethereal. Watch Oracle and Snort! SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Sploits Du Jour: Veritas NetBackup & Ethereal. Watch Oracle and Snort!
Lots of new exploits today in the wild, so patch away, patch away, patch away all. 

In particular, patch Veritas NetBackup (more info here).  Working exploits have been released.

Also, patch Ethereal (more info here).  Again, working exploits are available.

Also, as we said the other day, don't forget to check out the crucial Oracle patches.

And, for goodness sakes, patch Snort or shut off the Back Orifice preprocessor!  A fully working exploit is likely very near.

Also, a kind reader emphasized the importance of hardening systems today, in light of this Snort vulnerability, mentioning the great Grsecurity package for Linux, as well as the importance of chroot environments.  Also, this reader requesting anonymity points out that the Stack-Smash-Protector (SSP) extensions for gcc from IBM makes it harder to exploit buffer overflows, and can be compiled into various executables.  It's essentially an update of the venerable StackGuard tool, but more carefully integrated with the compiler itself.  As we say in Jersey... "Noice".
Ed

57 Posts

Sign Up for Free or Log In to start participating in the conversation!