Samba vulnerability, Veritas BackupExec vulnerability, PowerPoint attachments, and some light reading.
Samba vulnerability, Veritas BackupExec vulnerability, PowerPoint attachments, and some light reading.
Samba 2.x, 3.0.0 - 3.0.9 vulnerability
A vulnerability in Samba has been discovered that could allow a remote attacker
to obtain superuser access to a vulnerable Samba server. This vulnerability is
post-authentication, meaning that the attacker needs some valid login credentials
before exploitation.
Patches and a corrected release 3.0.10 are available at
http://www.samba.org/
Veritas BackupExec Agent vulnerability
A remote vulnerability in Veritas BackupExec Agent has been discovered. This vulnerability is especially serious as it does not require any authentication before the service can be exploited, and by their very nature, backup servers
tend to both be reachable by, and have access to, a large number of systems
within an organization. If you run BackupExec, patches are available for both
Version 8.6.x
http://seer.support.veritas.com/docs/273422.htm
and Version 9.1.x
http://seer.support.veritas.com/docs/273420.htm
Even if you do not run BackupExec, now would be a good time to think about the
security implications of your backup network and backup servers.
PowerPoint Attachments Considered Harmful
http://www.securityfocus.com/archive/1/384726/2004-12-13/2004-12-19/0
A recent message over on the Bugtraq mailing list brings up an interesting
idea about the malicious use of PowerPoint presentation documents and their ability to slip past most corporate email gateways. While the attack described
is hardly new, it reminds us that none of the modern helpful file formats were
designed with security in mind, and that you must always be on guard. Even if
you know the person who sent you that file in your email; if you're not already
expecting to receive it, do yourself (and others) a favor and don't open it.
To paraphrase Smokey The Bear; "Only you can prevent virus outbreaks."
In closing...
Some people have way too much free time. Several of the handlers tip their hats
to you.
< http://invisiblethings.org/papers/passive-covert-channels-linux.pdf >
Samba 2.x, 3.0.0 - 3.0.9 vulnerability
A vulnerability in Samba has been discovered that could allow a remote attacker
to obtain superuser access to a vulnerable Samba server. This vulnerability is
post-authentication, meaning that the attacker needs some valid login credentials
before exploitation.
Patches and a corrected release 3.0.10 are available at
http://www.samba.org/
Veritas BackupExec Agent vulnerability
A remote vulnerability in Veritas BackupExec Agent has been discovered. This vulnerability is especially serious as it does not require any authentication before the service can be exploited, and by their very nature, backup servers
tend to both be reachable by, and have access to, a large number of systems
within an organization. If you run BackupExec, patches are available for both
Version 8.6.x
http://seer.support.veritas.com/docs/273422.htm
and Version 9.1.x
http://seer.support.veritas.com/docs/273420.htm
Even if you do not run BackupExec, now would be a good time to think about the
security implications of your backup network and backup servers.
PowerPoint Attachments Considered Harmful
http://www.securityfocus.com/archive/1/384726/2004-12-13/2004-12-19/0
A recent message over on the Bugtraq mailing list brings up an interesting
idea about the malicious use of PowerPoint presentation documents and their ability to slip past most corporate email gateways. While the attack described
is hardly new, it reminds us that none of the modern helpful file formats were
designed with security in mind, and that you must always be on guard. Even if
you know the person who sent you that file in your email; if you're not already
expecting to receive it, do yourself (and others) a favor and don't open it.
To paraphrase Smokey The Bear; "Only you can prevent virus outbreaks."
In closing...
Some people have way too much free time. Several of the handlers tip their hats
to you.
< http://invisiblethings.org/papers/passive-covert-channels-linux.pdf >
Keywords:
0 comment(s)
×
Diary Archives
Comments