IE IFRAME Exploit, Sun Java Web Proxy Buffer Overflow, SSH Scanning Continues, Yesterday's Diary

Published: 2004-11-02. Last Updated: 2004-11-03 00:02:54 UTC
by John Bambenek (Version: 1)
0 comment(s)
IE IFRAME Exploit Code Released

A vulnerability in IE can be exploited by having a user go to a web page that has malicious code on it. This uses the handling of certain IFRAME attributes. This exploit DOES NOT work on XP Service Pack 2. For more information see:

http://lists.netsys.com/pipermail/full-disclosure/2004-November/028286.html

http://secunia.com/advisories/12959/

http://www.k-otik.net/bugtraq/20041102.InternetExplorer.php
Sun Java Web Proxy Server Buffer Overflow DoS

Sun Java System Web Proxy Server 3.6 SP4 and prior are vulnerable to a boundary condition that can cause buffer overflows that can lead to DoS or potential system access. Upgrade to SP 5 or later. For more information see:

http://secunia.com/advisories/13036/
Continued SSH Scanning

Reports keep trickling in on SSH brute force scanning, and I see it at my own site. It now uses much more than the 3 or so usernames it started scanning with and I have to think there is some success if these attacks keep persisting. It just shows the importance of a strong password has not gone away with encrypted protocols. If you can, use keys for authentication via ssh, not passwords.

Yesterday's diary

It was not a real story, it was humor for a slow day. It appears the script kiddies are more interested in hacking voting machines than the Internet today. :)

--

John Bambenek / bambenek (at) gmail.com
Keywords:
0 comment(s)

Comments


Diary Archives