Over 1 million tech questions and answers.

OpenSSH Vulnerabilities: June 27

Q: OpenSSH Vulnerabilities: June 27

Hiya

There are two related vulnerabilities in the challenge response handling code in OpenSSH versions 2.3.1p1 through 3.3. They may allow a remote intruder to execute arbitrary code as the user running sshd (often root). The first vulnerability affects OpenSSH versions 2.9.9 through 3.3 that have the challenge response option enabled and that use SKEY or BSD_AUTH authentication. The second vulnerability affects PAM modules using interactive keyboard authentication in OpenSSH versions 2.3.1p1 through 3.3, regardless of the challenge response option setting. Additionally, a number of other possible security problems have been corrected in OpenSSH version 3.4.

Systems Affected

OpenSSH versions 2.3.1p1 through 3.3

http://www.cert.org/advisories/CA-2002-18.html

Regards

eddie

RELEVANCY SCORE 200
Preferred Solution: OpenSSH Vulnerabilities: June 27

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: OpenSSH Vulnerabilities: June 27

July 02, 2002: Added Juniper Networks vendor statement.
July 02, 2002: Added Unisphere vendor statement.
July 02, 2002: Added Sun Microsystems vendor statement.
July 02, 2002: Added FreeBSD vendor statement.
July 02, 2002: Added Apple Computer Inc statement.

http://www.cert.org/advisories/CA-2002-18.html

Regards

eddie

Read other 3 answers
RELEVANCY SCORE 70.8

Hiya

ISS late so you may have these:

IIS reveals .asp source code with Unicode extensions

Microsoft Internet Information Server (IIS) version 4.0 could allow a remote attacker to obtain the source code of .asp files, caused by a vulnerability in the handling of .asp files. If IIS is installed on a FAT partition and a remote attacker sends a request for a .asp file that is Unicode encoded, the attacker can cause IIS to return the source code of the .asp file

http://xforce.iss.net/static/6742.php

FrontPage Server Extensions Visual Studio RAD Support sub-component buffer oveflow

Microsoft FrontPage Server Extensions (FPSE) for Windows NT and Windows 2000 is vulnerable to a buffer overflow in the Visual Studio RAD (Remote Application Deployment) Support sub-component. FrontPage Server Extensions are components used in Microsoft’s Internet Information Server (IIS) versions 4.0 and 5.0. If the Visual Studio RAD Support sub-component is installed, a remote attacker can send a specially-crafted packet to the server to overflow a buffer. An attacker could use this vulnerability to execute arbitrary code on the system, and possibly gain complete control over the affected Web server.

http://xforce.iss.net/static/6730.php

IIS idq.dll ISAPI extension buffer overflow

Microsoft Internet Information Server (IIS) versions 4.0, 5.0, and 6.0 beta are vulnerable to a buffer overflow in the handling of ISAPI (Internet Services Application Programming Interface) extensions. An unchecked ... Read more

Read other answers
RELEVANCY SCORE 48.4

Hi,

I am trying to setup OpenSSH on XP and near the end I am getting kind of lost. I will post the tutorial and what I need help with below.
Tutorial: http://pigtail.net/LRP/printsrv/cygwin-sshd.html
8) important Pop a cygwin gwindow, harmonize Windows user information with cygwin, otherwise they cannot login
mkpasswd -cl > /etc/passwd
mkgroup --local > /etc/group

If your XP logs on to a domain, you most likely have to manually edit /etc/group. See this page.

If your XP logs on to a domain, you may want to edit /etc/passwd to replace /home/username by //unc_server/path_to_home
(thanks to Geoff Thomas)

mkpasswd creates a password file from Windows' user list, click here for more details.
mkgroup creates a group file from Windows' user list, click here for more details.
Thanks to John Skiggn of Cingular Wireless in Redmond, Washington for his tweak on domain user /etc/group
http://pigtail.net/LRP/printsrv/passwd-group.html
 

A:XP OpenSSH

What was the last step on the tutorial that you did? Also, is the PC you're using in a domain?
 

Read other 1 answers
RELEVANCY SCORE 48

ok Ive been studying this ssh service. Im running Fedora Core 3 and it is active on my machine...........or at least a "pgrep ssh and pgrep sshd" command show it running and the ssh daemon is listed as active in my list of active services.

My question is........if it is running on my linux box does the other windows boxes within my network have to be running it to connect to me?

If so or if not....how do I configure this thing? The information that I have found about it so far reads like stereo instructions in another language. I really need some help here!
 

A:openssh question?

If you post this in the Linux forum, you stand a better chance for an answer.
 

Read other 2 answers
RELEVANCY SCORE 47.2

Running Win XP MCE SP2
Cable connection
motorola surboard modem
linksys router

A few weeks ago I installed openssh on my computer using http://sshwindows.sourceforge.net/download/. I set up the group and passwd files, followed the instructions etc. Forwarded port 22 from my router to my computer and configured my firewall (zonealarm) to let traffic through. Everything worked fine until I screwed something up and had to format my hard drive. I've been trying to setup openssh the same way I did when it worked and I just can't get it to work. I've tried turning off the firewall and also connecting the modem directly to the computer, it just won't work. I have the user accounts setup with passwords. When i use putty to connect to my computer from that computer things work out but outside computers can't connect to it. I open putty, tell it to connect to my ip at port 22 using ssh and it brings up the connection window and asks me for a username, which I type in, and then it immiately asks for a password without showing the welcome/warning message it's supposed to show. When I type in the password, it tries to connect for a few seconds and then simply tells me "Access Denied".

Any suggestions? Any diagnostic tools or anything of that sort I can use to figure out what the problem is?
 

Read other answers
RELEVANCY SCORE 46.8

Hiya

The CERT/CC has received confirmation that some copies of the source code for the OpenSSH package were modified by an intruder and contain a Trojan horse.

We strongly encourage sites which employ, redistribute, or mirror the OpenSSH package to immediately verify the integrity of their distribution.

An intruder operating from (or able to impersonate) the remote address specified in the malicious code can gain unauthorized remote access to any host which compiled a version of OpenSSH from this Trojan horse version of the source code. The level of access would be that of the user who compiled the source code.

http://www.cert.org/advisories/CA-2002-24.html

Regards

eddie
 

Read other answers
RELEVANCY SCORE 46.8

I did a search, but didn't quite see anything posted that might relate to my problem.

At one point early last year I installed OpenSSH on an xp business box I have at home. I set it up so that it was an automatic server that would start when the box turned on. I used Putty on my laptop, and through port forwarding on my WRT54G v8 router, I had it all working perfectly and could connect using Putty on my laptop to have a tunnel to my home comp. Last week the hard drive died and I just bought a new one to put in it, and went through the process of re-installing XP. I then reinstalled OpenSSH, put in all the same settings as it had before (detailed notes from when I did it the first time) and fired up Putty and it wouldn't connect. I thought maybe it was the box, so I tinkered and tweeked to no avail. The only firewall I have running is the XP, and I added OpenSSH and it's ports to the firewall exceptions. The ports are forwarded correctly on my router, and everything in Putty looks ok. After still more timed out connections I opened the routers incoming log and noticed that there were no requests to the port I have OpenSSH set to. I thought that this was odd, as I also have PCAnyWhere installed, and it works perfectly, and I can see in the log the incoming requests for that. So now I am stumped. I have tried Putty on 3 different computers, using three different connections, and still nothing. Any ideas?
 

A:Solved: Windows OpenSSH Problems

Read other 7 answers
RELEVANCY SCORE 46.4

Hi all 
I have one question regarding the distribution of updates for open SSH server feature. 
How the Microsoft is distributing the update for this feature ? In the microsoft windows there is still older version when I'm compare the current distributed open SSH server version.
Thank you for any info. 

Read other answers
RELEVANCY SCORE 46.4

I have a problems with Win 7 Pro x86 where the Openssh SSD service is playing up


Symptoms

Task Manager:
Services Tab:

GGSMGR is running
MySQL is stopped (Right click | start - give access denied), need to start this

Services.msc
Openssh ssd status is blank, and right click is grey out

I need to get these running any ideas please?

I have restarted the PC and cold booted already, no changes same situation as above

Read other answers
RELEVANCY SCORE 46.4

Hi folks,

today I setup Cygwin and OpenSSH on my rented server. I following the usual direction and everything seemed to be fine.

I tested locally using ssh localhost und voila - connection, login, everything fine.

Then I tried to login from my laptop and got no connection. I checked the firewall - and it was off. Both the server provider's firewall and the local windows firewall were off (I turned them on afterwards, however).

Ok, I thought, let's connect locally, so I tried ssh <hostname> and ssh <server-ip> (On the server itself!). Could not connect.

I tried a lot of combinations, changed the port, used ListenAddress to explicitly bind to the local ip, looked at hosts.allow and hosts.deny etc. Actually one can see slight differences with netstat -a, but the effect remains the same: Using localhost and 127.0.0.1 I can connect, but not using the IP.

Server OS is Windows Web Server 2008.

Any ideas?

Thanks for hints or any idea how I can debug this. SSH debug mode shows no output, so it really seems no connection gets established.

Regards,

JavaBird
 

A:Cygwin OpenSSH doesn't listen on actual IP, only on 127.0.0.1

Does the software have an option to change what ports it is listening on? Is their a check mark that you could of over looked that would cause it it only be listening on the loop back address?
 

Read other 3 answers
RELEVANCY SCORE 45.6

OpenSSH chink bares encrypted data packets.

One in 262,144 chance = good odds

Important Note: If your system uses OpenSSH, make sure you are running the latest version (5.2) of it!

-- Tom
 

Read other answers
RELEVANCY SCORE 44.8

A security vulnerability found in a widely-used open-source software has been described as "the most serious bug."
A major vulnerability has been found and fixed in OpenSSH, an open-source remote connectivity tool using the Secure Shell protocol. The flaw was the result of an "experimental" feature that allows users to resume connections
According to a mailing list disclosing the flaw, a malicious server can trick an affected client to leak client memory, including a client's private user keys.
The affected code is enabled by default in OpenSSH client versions 5.4 to 7.1. The matching server code was never shipped, the mailing list said.
The flaw doesn't have a catchy name like some other previous flaws, but disabling client-side roaming support fixes the issue.
The flaw, which is said to be years old, was found by Qualys' security advisory team.
 
Wolfgang Kandek, chief technology officer at Qualys, confirmed in an email that the company disclosed the bugs to the OpenSSH team on January 11, and commended the team for working "incredibly fast" to get a patch out three days later.

"Developers and admins are advised to regenerate and rotate keys to systems they touch, whether for hobby [or] weekend projects, or more sensitive servers -- including Github," he added.
Bottom line? Patch now, and patch fast.

 
 

Article

A:'Serious' security flaw in OpenSSH puts private keys at risk:ZDnet

HeartBleed 2.0?
 
*Frantically checks all administered servers*

Read other 5 answers
RELEVANCY SCORE 38

7-Zip is an open-source Windows utility that allows a user to manipulate archives for extremely high compression... multiple vendors including FireEye, Malwarebytes, and Comodo have integrated 7-Zip's libraries and components into their anti-virus products, 
Two recently announced 7-Zip flaws can affect anti-virus products and security devices... Users should update their vulnerable versions to the latest 7-Zip version,16.00, ASAP.
https://www.grahamcluley.com/2016/05/anti-virus-products-security-devices-affected-7-zip-flaws/

A:7-Zip vulnerabilities

Thank you, kind Sir!

Read other 1 answers
RELEVANCY SCORE 37.6

I'm kinda new to the forum (not many posts), but I work all day to keep up on vulnerabilities, zero days, etc.  Wonder if we could have a thread called Security Vunerabilities?  I feel that I'd have alot to contribute and I'm sure many others do too.
 
Thoughts?

A:Section for Vulnerabilities?

Hello there,You can post those here in General Security.Alex

Read other 4 answers
RELEVANCY SCORE 37.6

Hi and thank you for looking into this for me. I've been trying for several days to restore this computer (which belongs to my mother-in-law). Two teenagers have had access to this machine and whether or not there surfing is responsible, they was a tremendous amount of trojans, cookies and stuff to clean up.

I've been running several apps over the last few days - AVG, Trendmicro, FSecure, etc, and each time some thing shows up. Usually cookies, but a couple of trojans too.

Trendmicro found two vulnerabilities MS07-025 and MS07-042 that it could do nothing about.

The computer does not recognize admin accounts and rejects attempts to change several settings including changing or removing user accounts, parental controls, turn user acount control on or off. When those items are selected nothing happens. There is a pause with the circle pointer and then nothing.

I am a fairly advanced user but don't know where to go from here. I would appreciate any advice you may have.

I appreciate your mission as well.

Thank you!

Stephen Savage


DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 19:16:29.02 on Thu 09/24/2009
Internet Explorer: 7.0.6001.18000
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============
============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX8738
uInter... Read more

A:Trojans and vulnerabilities

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner o... Read more

Read other 24 answers
RELEVANCY SCORE 37.6

Details here at Secunia; http://secunia.com/advisories/23282/

Firefox's built in updater said I was up to date a few minutes ago but version 2.0.0.1 is available at File Hippo and, presumably, at sites like MajorGeeks; http://www.filehippo.com/
 

A:Firefox Vulnerabilities?

Read other 8 answers
RELEVANCY SCORE 37.6

Hiya

CoolPlayer is vulnerable to a buffer overflow, caused by improper bounds checking by main_skin_open() function. By creating a specially-crafted skin file containing an overly long bitmap filename and persuading a victim to open the file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

Platforms Affected:

Microsoft Corporation: Windows 95
Microsoft Corporation: Windows 98
Microsoft Corporation: Windows 98 Second Edition
Microsoft Corporation: Windows Me
Microsoft Corporation: Windows XP
Microsoft Corporation: Windows 2000 Any version
Microsoft Corporation: Windows 2003 Any version
Microsoft Corporation: Windows NT 4.0
Open Source Technology Group: CoolPlayer 215 and prior

http://xforce.iss.net/xforce/xfdb/30863

---------------------------------------

CoolPlayer is vulnerable to a buffer overflow, caused by improper bounds checking by main_skin_check_ini_value() function. By creating a specially-crafted skin file containing overly long button names and persuading a victim to open the file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

Platforms Affected:

Microsoft Corporation: Windows 95
Microsoft Corporation: Windows 98
Microsoft Corporation: Windows 98 Second Edition
Microsoft Corporation: Windows Me
Microsoft Corporation: Windows XP
Microsoft Corporation: Windows 2000 Any version
Microsoft Corporation: Windo... Read more

Read other answers
RELEVANCY SCORE 37.6

This is laptop no. 2 that I did the series of checks and then did the Hijack this because of problems I have been having. I have problems with the system locking up, cannot even shut it down with controlaltdelete and have to hit THE button. I have also had a problem when it would not respond to that on/off button! I accidentally found that if I logged off my user, then I could shut it down. But not when it locks up period. This has been an issue for a long time, but I am also concerned about any vulnerabilities that someone can see that I need to correct. I am no computer geek, so I do not know what all the registry entries are for. It seems to take a long time to start up. I seem to have a lot of files on my computer as memory is being used, but I am not sure why. None of the scans turned up anything, however I could not run "House call" antivirus because I kept getting runtime script errors.

Please will someone look through the list and see what I need to change or remove if anything that can be causing these problems.

Thanks!

A:Hijack This Log, Please Look For Vulnerabilities

In order to investigate what's going on, on your computer i would like to see a hijackthis log.

Read other 10 answers
RELEVANCY SCORE 37.6

My newspaper has a report about a widespread problem affecting Intel processors which, apparently, is not being exploited, (yet). The sans.org Internet Storm Center has a much more detailed and, I suspect, accurate write up making it clear that it affects ALL processors; https://isc.sans.edu

My computer has an Intel processor so I followed the links in the report to Intel's own details and downloaded and ran their SA- 00086 Detection Tool which confirmed that my system is not at risk, probably because it's too old and/or low spec!

I'm not posting this to cause a panic, the sans.org material is aimed at sysadmins rather than home users, but this information may help to offset more lurid accounts provided by 'normal' news outlets.
 

A:Processor Vulnerabilities

Microsoft issues emergency Windows update for processor security bugs
Jan 3, 2018, 4:41pm EST

Microsoft is issuing a rare out-of-band security update to supported versions of Windows today. The software update is part of a number of fixes that will protect against a newly-discovered processor bug in Intel, AMD, and ARM chipsets. Sources familiar with Microsoft?s plans tell The Verge that the company will issue a Windows update that will be automatically applied to Windows 10 machines at 5PM ET / 2PM PT today.

The update will also be available for older and supported versions of Windows today, but systems running operating systems like Windows 7 or Windows 8 won?t automatically be updated through Windows Update until next Tuesday. Windows 10 will be automatically updated today.

FIRMWARE UPDATES ALSO REQUIRED
While Microsoft is quickly addressing the issues, the fixes will also rely on firmware updates from Intel, AMD, or other vendors that are rolling out. Some anti-virus vendors will also need to update their software to work correctly with the new patches, as the changes are related to Kernel-level access.

[...continues...]Click to expand...
 

Read other 1 answers
RELEVANCY SCORE 37.6

I am attempting to secure my website running WordPress on it. I am interested in keeping the website as secure as possible. To do this, I plan on updating WordPress as soon as new patches come out. I also plan on regularly updating modules because I know that they too can have vulnerabilities.
 
My question is do I have to worry about vulnerabilities within WordPress themes. Are there ways to exploit a website by holes in the coding of a specific type of template/theme?
 
Thank you.

A:Can Templates have Vulnerabilities?

WordPress Themes can contain code (.php files), thus in theory they can contain bugs that are vulnerabilities.
 
FYI: I host my blog (http://blog.didierstevens.com) on wordpress.com. It is free and I don't have to update it, Wordpress does that for me.
I do pay a yearly fee of around $30 to make my blog accessible via blog.didierstevens.com (otherwise it would be only accessible via didierstevens.wordpress.com).

Read other 1 answers
RELEVANCY SCORE 37.6

Does Microsoft Oct 10 Security patch providing remediation to all the 10 vulnerabilities ?







Vulnerability ID




CVE-2017-13077




CVE-2017-13078




CVE-2017-13079




CVE-2017-13080




CVE-2017-13081




CVE-2017-13082




CVE-2017-13084




CVE-2017-13086




CVE-2017-13087




CVE-2017-13088

Read other answers
RELEVANCY SCORE 37.6

Hiya

This patch is a cumulative patch that includes the functionality of all security patches released for IIS 4.0 since Windows NT 4.0 Service Pack 6a, and all security patches released to date for IIS 5.0 and 5.1. A complete listing of the patches superseded by this patch is provided below, in the section titled "Additional information about this patch". Before applying the patch, system administrators should take note of the caveats discussed in the same section.

In addition to including previously released security patches, this patch also includes fixes for the following newly discovered security vulnerabilities affecting IIS 4.0, 5.0 and/or 5.1:

A buffer overrun vulnerability involving the operation of the chunked encoding transfer mechanism via Active Server Pages in IIS 4.0 and 5.0. An attacker who exploited this vulnerability could overrun heap memory on the system, with the result of either causing the IIS service to fail or allowing code to be run on the server.

A Microsoft-discovered vulnerability that is related to the preceding one, but which lies elsewhere within the ASP data transfer mechanism. It could be exploited in a similar manner as the preceding vulnerability, and would have the same scope. However, it affects IIS 4.0, 5.0, and 5.1.

A buffer overrun involving how IIS 4.0, 5.0 and 5.1 process HTTP header information in certain cases. IIS performs a safety check prior to parsing the fields in HTTP headers, to ensure that expected delimi... Read more

Read other answers
RELEVANCY SCORE 37.6

Hiya
RealPlayer embd3260.dll buffer overflow

RealNetworks' RealPlayer is a streaming audio and video player for Microsoft Windows platforms and most Linux and Unix-based operating systems. RealPlayer 8, RealOne Player (English) and RealOne Player version 2, RealPlayer 10 (English, German, and Japanese), and RealPlayer Enterprise running on Microsoft Windows platforms are vulnerable to a heap-based buffer overflow in the embd3260.dll file. By creating a specially-crafted movie file, a remote attacker could overflow a buffer and execute arbitrary code on the system, once the victim opens the file and error message is generated. An attacker could exploit this vulnerability by creating a malicious Web page or by sending a victim a malicious HTML email.
Platforms Affected:

Microsoft Corporation: Windows Any version
RealNetworks, Inc.: RealOne Player 2.0
RealNetworks, Inc.: RealOne Player English version
RealNetworks, Inc.: RealPlayer 10
RealNetworks, Inc.: RealPlayer 8.0
RealNetworks, Inc.: RealPlayer Enterprise Any version
http://xforce.iss.net/xforce/xfdb/16389

--------------------------------------------------------------------------

RealPlayer dot file buffer overflow

RealNetworks' RealPlayer is a streaming audio and video player for Microsoft Windows platforms and most Linux and Unix-based operating systems. RealPlayer 8, RealOne Player (English) and RealOne Player version 2, RealPlayer 10 (English, German, and Japanese), and RealPlayer Enterprise r... Read more

Read other answers
RELEVANCY SCORE 37.6

Hi, I recently needed java on my computer to go with a plugin for VLC and was wondering if I completely remove java from my internet browser only, is my computer still vulnerable to outside java exploits? I am not a fan of java or adobe flash on my computer but I can live with java if there are no security risks involved.

A:Java Vulnerabilities

You can choose to disable Java on your browsers.Alternatively you can use an anti-exploit application - the three most popular ones are Malwarebytes Anti-Exploit, HitmanPro.Alert (paid version only) and EMET (Enhanced Mitigration Experience Toolkit). These will reduce the risk of Java being exploited by malware.

Read other 12 answers
RELEVANCY SCORE 37.6

Hiya

Ethereal colour filter file denial of service

Ethereal is a freely available network protocol analyzer for Microsoft Windows and multiple Unix-based operating systems. Ethereal versions 0.8.13 through 0.10.2 are vulnerable to a denial of service attack. By sending a specially-crafted colour filter file, a remote attacker could cause a segmentation fault.

Platforms Affected:

Gerald Combs / Ethereal Group: Ethereal 0.8.13 to 0.10.2
kernel.org: Linux Any version
Microsoft Corporation: Windows Any version
Various: Unix Any version
Remedy:

Upgrade to the latest version of Ethereal (0.10.3 or later), when it becomes available from the Ethereal Web site.

http://xforce.iss.net/xforce/xfdb/15572

Ethereal RADIUS packet denial of service

Ethereal is a freely available network protocol analyzer for Microsoft Windows and multiple Unix-based operating systems. Ethereal versions 0.8.13 through 0.10.2 are vulnerable to a denial of service attack. By sending a specially-crafted RADIUS packet to Ethereal, a remote attacker could cause Ethereal to crash.

Platforms Affected:

Gerald Combs / Ethereal Group: Ethereal 0.8.13 to 0.10.2
kernel.org: Linux Any version
Microsoft Corporation: Windows Any version
Various: Unix Any version
Remedy:

Upgrade to the latest version of Ethereal (0.10.3 or later), when it becomes available from the Ethereal Web site. See References.

Consequences:

Denial of Service

http://xforce.iss.net/xforce/xfdb/15571

Regards

eddie
 

A:Ethereal Vulnerabilities

Read other 8 answers
RELEVANCY SCORE 37.6

Hiya

I'm going to be updating this one, as I have a few vulnerabilities from Bugtraq, but still at work

Multiple Crafted IPv6 Packets Cause Reload

Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial
of Service (DoS) attack from crafted IPv6 packets when the device has been
configured to process IPv6 traffic. This vulnerability requires multiple
crafted packets to be sent to the device which may result in a reload upon
successful exploitation.

Affected Products
=================

Vulnerable Products

Only the Cisco devices running IOS and configured for IPv6 are affected. A
router will display all IPv6 enabled interfaces with the show ipv6 interface
command.

An empty output or an error message will be displayed if IPv6 is disabled or
unsupported on the system. In this case the system is not vulnerable.

Sample output of show ipv6 interface command is shown below for a system
configured for IPv6.

Router#show ipv6 interface
Serial1/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00: D200
Global unicast address(es):
2001:1:33::3, subnet is 2001:1:33::/64 [TENTATIVE]
Joined group address(es):
FF02::1
FF02::1:FF00:3
FF02::1:FF00: D200
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
Router#
A router that has IPv6 enabled on a physical or logical interface is vulnerable... Read more

A:Cisco Vulnerabilities

Read other 16 answers
RELEVANCY SCORE 37.6

This may have been posted before, in that case here it is again.
1. [SA22542] Internet Explorer 7 Popup Address Bar Spoofing Weakness
2. [SA22477] Internet Explorer 7 "mhtml:" Redirection Information
Disclosure
3. [SA22628] Internet Explorer 7 Window Injection Vulnerability
http://secunia.com/advisories/22628/
 

Read other answers
RELEVANCY SCORE 37.6

If you want to check vulnerabilities of your browser you can run these tests.
http://www.jasons-toolbox.com/BrowserSecurity/
 

Read other answers
RELEVANCY SCORE 37.6

Hello Community

The following vulnerabilities mentioned below, were flagged by Qualys as a Zero day (published 04222019), no CVE available and I'm trying to find an article from Microsoft with disclosure or any additional information for the appropriate management. 

I hope someone here can provide me some guidance.


Microsoft Edge and Internet Explorer same-origin policy bypass vulnerability (Zero Day)
(QID 100369 - Severity 4)
Microsoft Internet Explorer XML External Entity(XXE) Vulnerability (Zero Day)(QID 100368 - Severity 4)

Read other answers
RELEVANCY SCORE 37.2

Stickying this for a week, as usual. All High Risk

WS_FTP Server ALLO handler buffer overflow

WS_FTP Server, developed by Ipswitch, is an FTP server for Microsoft Windows platforms. WS_FTP Server version 4.0.2 is vulnerable to a buffer overflow, caused by a vulnerability in the ALLO handler. A local or remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with SYSTEM level privileges.

Platforms Affected:

Ipswitch, Inc.: WS_FTP Server 4.02
Microsoft Corporation: Windows 2000 Any version
Microsoft Corporation: Windows 2003 Server
Microsoft Corporation: Windows NT 4.0
Microsoft Corporation: Windows XP Any version
Remedy:

No remedy available as of March 2004.

Consequences:

Gain Access

http://xforce.iss.net/xforce/xfdb/15561

WS_FTP Server REST denial of service

WS_FTP Server, developed by Ipswitch, is an FTP server for Microsoft Windows platforms. WS_FTP Server version 4.0.2 is vulnerable to a denial of service attack. A local or remote attacker, with write privileges on a directory, could create a specially-crafted file containing a large REST argument and then issue a file upload command to consume all available disk space.

Platforms Affected:

Ipswitch, Inc.: WS_FTP Server 4.02
Microsoft Corporation: Windows 2000 Any version
Microsoft Corporation: Windows 2003 Server
Microsoft Corporation: Windows NT 4.0
Microsoft Corporation: Windows XP Any version
Remedy:

No remedy available as of March 2004.

Con... Read more

Read other answers
RELEVANCY SCORE 37.2

US-Cert advises all users of Apple Quicktime to install a new version (7.1) which addresses mutliple vulnerabilites; these vulnerabilites might permit a remote attacker to execute arbitrary code or cause a denial-of-service condition if a user could be convinced "to access a specially crafted image or media file using a vulnerable version of QuickTime."http://www.us-cert.gov/cas/techalerts/TA06-132B.htmlThe stand-alone Quicktime Player 7.1 for Windows or Mac OSX can be downloaded here:http://www.apple.com/quicktime/download/standalone.htmlRegards,John

A:Apple Quicktime Vulnerabilities

Is it just me, or has Quicktime been having a lot of security issues lately? When I updated my Quicktime a month of so ago, it was because of another security flaw.Anyway, thanks for the info, and the link for the standalone player. (death to iTunes!!!! )

Read other 1 answers
RELEVANCY SCORE 37.2

Realplayer has identified three security vulnerabilites in its software, according to an article in PC World. The site below details these, the versions that are at risk, and instructions for patching:http://service.real.com/help/faq/security/040928_player/EN/Cheers,John

Read other answers
RELEVANCY SCORE 37.2

About the Adobe and Excel Vulnerabilities.

Both of them are not yet patched.

Above link contains information about the MS Excel problem in a security advisory.

Adobe is planning to release an update on March 11th. That's March 11th, like two weeks from now.

Adobe's mitigation steps involve disabling JavaScript. Above link contains information on how to do this.

-- Tom
 

A:About the Adobe and Excel Vulnerabilities

Without wishing to add to anyone's paranoia regarding Adobe products, I read yesterday that the exploit can be made to work even if JavaScript is disabled; http://secunia.com/blog/44/

This clearly is only one view and, as with so many of these things, the Secunia findings, if correct, may be largely theoretical. It is still not clear whether any of the other pdf readers are affected, although, at present, it seems they are not.

I hardly ever use documents in the pdf format and switched to Foxit when it first came out, just to save download time (I'm on dialup!).
 

Read other 2 answers
RELEVANCY SCORE 37.2

Might want to check this out,,
http://www.heise-online.co.uk/secur...n-several-virus-scanners-Update--/news/112301
 

Read other answers
RELEVANCY SCORE 37.2

...NISCC Vulnerability Advisory 693564/NISCC/FOLDERSHARE - Security Implications of the FolderShare Program details huge vulnerabilities (https tunnel, EFS bypassing, and more) in FolderShare, an "add-in tool for Microsoft Desktop Search" which enables "remote access to files stored on Windows and Mac OS X based computers."....isc.sans.org

Read other answers
RELEVANCY SCORE 37.2

Hi girls & guys,,here is something to be concened about.
http://www.heise-online.co.uk/secur...n-several-virus-scanners-Update--/news/112301
Vulnerabilities in some anti virus programs.
 

A:vulnerabilities in several virus scanners

Read other 8 answers
RELEVANCY SCORE 37.2

Intel Patched 77 Vulnerabilities in November 2019 Platform Update

https://www.bleepingcomputer.com/ne...erabilities-in-november-2019-platform-update/



Intel addressed 77 vulnerabilities during the November 2019 Patch Tuesday, with more than two dozen of them being high severity and critical security flaws impacting Windows and Linux.

The issues were detailed in the 18 security advisories published by Intel on its Product Security Center, with the company having delivered them to users through the Intel Platform Update (IPU) process.

Intel provides a list of all affected products and recommendations for vulnerable products at the end of each advisory, as well as contact details for those who want to report other security issues or vulnerabilities found in Intel branded products or technology. Click to expand...

These mostly address Windows based computers, but also Linux.



Out of all the flaws detailed in the INTEL-SA-00242 advisory, only the insufficient access control one tracked as CVE-2019-0155, and allowing authenticated users to potentially enable escalation of privilege via local access, impacts Linux devices. Click to expand...


CVE-2019-0155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0155



Description
Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(... Read more

Read other answers
RELEVANCY SCORE 37.2

Courtesy of Rmboxx, here is a link that those interested in the various aspects of Internet server exploits and defenses will find educational. It details what their experts consider the 20 most critical vulnerabilities and how they should be defended against. Covers Unix as well as Microsoft systems.

http://66.129.1.101/top20.htm
 

A:Internet Security Vulnerabilities

Read other 7 answers
RELEVANCY SCORE 37.2

ALL IE Versions Vulnerable to New Attack[quote]Microsoft has updated the security bulletin the released last night for a new and serious Internet Explorer vulnerability. Initially it appeared that the vulnerability was only in Internet Explorer 7, but after further analysis it seems as if all currently-supported versions of IE are affected, including the betas of IE8....Microsoft also added a number of new workarounds to the advisory...[/quote] The article continues at http://blogs.pcmag.com/securitywatch/2008/...lnerable_to.phpAlso see another article: How to Safeguard Against the IE Vulnerability[quote]nternet Explorer has sprung a leak, and Microsoft advises that you batten down the hatches. A recent security advisory explains that a vulnerability in all modern versions of IE could allow an attacker to execute malicious code. As pointed out in PCMag's Security Watch blog, there are a number of workarounds to plug this potential leak. They're pretty complicated, though, so I'll walk you through the process..." Article continues at http://www.pcmag.com/article2/0,2817,2336831,00.asp

Read other answers
RELEVANCY SCORE 37.2

Every vulnerability or privacy issue reported for consumer connected home and wearable technology products since November 2015 could have been easily avoided, according to the Online Trust Alliance (OTA).
?In this rush to bring connected devices to market, security and privacy is often being overlooked,? said Craig Spiezle, OTA Executive Director and President. ?If businesses do not make a systemic change we risk seeing the weaponization of these devices and an erosion of consumer confidence impacting the IoT industry on a whole due to their security and privacy shortcomings.?

The most significant failures
To come up with its findings, OTA researchers analyzed publicly reported device vulnerabilities from November 2015 through July 2016. The researchers found the most glaring failures were attributed to:

1. Insecure credential management including making administrative controls open and discoverable.

2. Not adequately and accurately disclosing consumer data collection and sharing policies and practices.

3. The omission or lack of rigorous security testing throughout the development process including but not limited to penetration testing and threat modeling.

4. The lack of a discoverable process or capability to responsibly report observed vulnerabilities.

5. Insecure or no network pairing control options (device to device or device to networks).

6. Not testing for common code injection exploits.

7. The lack of transport security and encrypted storage includ... Read more

A:Are all IoT vulnerabilities easily avoidable?

9) No guarantee that these failures will be solved!

Manufacturers invest on how to present the product, praising mainly the technical features.
It is true, however, that security IoT is a problem that needs to be addressed at the institutional level.
 

Read other 0 answers
RELEVANCY SCORE 37.2

( IF NEED BE - COULD SOMEONE MOVE THIS TO THE APPROPRIATE SPOT ) Could anyone tell me How I would enable Network Protocol Lockdown for Windows XP, and Protected Mode on Windows Vista and later
Please see the vendor's advisory for more information. This is one of the vulnerabilities that PSI has thrown up for me to deal with so if any one has encounlered this in the past the answer would be much appreciated.

Thanks

Lockeyp.
 

Read other answers
RELEVANCY SCORE 37.2

I came across this but can't find any mention of it on my usual forum haunts.

Very detailed and well-written article !
It includes the writer's (alleged) text conversation with tech support , and their attitude and the language
they use is astonishing .

I don't know what to make of it , I truly don't .

Comments anyone ?
 

Read other answers
RELEVANCY SCORE 37.2

Hiya

path disclosure

602Pro LAN SUITE is a multi-functional Internet connection sharing, firewall, server, and administration application for Microsoft Windows networks. 602Pro LAN SUITE could allow a remote attacker to obtain sensitive information. A remote attacker could obtain the directory path of the Web server from the mail login form.

Platforms Affected:

Microsoft Corporation Windows Any version
Software602, Inc. 602Pro LAN SUITE Any version
Remedy:

No remedy available as of March 2004.
http://xforce.iss.net/xforce/xfdb/15350

directory-listing

602Pro LAN SUITE is a multi-functional Internet connection sharing, firewall, server, and administration application for Microsoft Windows networks. 602Pro LAN SUITE could allow a remote attacker to obtain sensitive information. If a remote attacker sends a URL request to the index.html file, the Web server would return a list of the directories. An attacker could then use this information to launch further attacks against the affected host.

Platforms Affected:

Microsoft Corporation Windows Any version
Software602, Inc. 602Pro LAN SUITE Any version
Remedy:

No remedy available as of March 2004.

Consequences:

Obtain Information

http://xforce.iss.net/xforce/xfdb/15349
Regards

eddie
 

Read other answers
RELEVANCY SCORE 37.2

When I try to update Windows (which is what Trend Micro Internet Security tells me to do), it takes me to a Google page that says "error 404 not found". I can't update manually from the Microsoft site either. I can't even update my media player or anything else on my computer. When I try to update other things, I can't ever get it to work. Either "unable to update" or "page not available". I have no idea what to do. Following is my DDS. I tried to do what I'm supposed to, but if I made mistakes, I'm sorry. Tell me what I need to do and I will.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Mike Garcia at 22:32:31.37 on Thu 02/12/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1246 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files... Read more

A:Critical Vulnerabilities in Windows

Please download SDFix by Andy Manchesta and save it to your desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please reboot into Safe Mode In Safe Mode, right click the SDFix.zip folder and choose Extract All, A new folder will be extracted to your %systemdrive%, typically C:\SDFix Open the extracted folder and double click RunThis.bat to start the script. Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. Press any Key and it will restart the PC. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.NEXTPlease make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked ... Read more

Read other 3 answers
RELEVANCY SCORE 37.2

"Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system."Vulnerability: Extremely CriticalNOTE: Exploit code is publicly available.The vulnerabilities have been confirmed in version 1.0.3. Other versions may also be affected.Solution: Disable JavaScript.Full details at Secunia dot com

A:Mozilla Firefox - Two Vulnerabilities

From Mozillazine:The Secunia advisory suggests disabling JavaScript as a workaround; however, simply disabling software installation (Web Features panel of the Options/Preferences window in Firefox 1.0.3 . . . eliminates the problem. We understand that a change made to Mozilla Update has made the vulnerability effectively unexploitable if you only have update.mozilla.org and addons.mozilla.org in your software installation whitelist (accessible from the Web Features or Content panel in the Options/Preferences window), which is the default setting.http://www.mozillazine.org/talkback.html?article=6582Regards,John

Read other 3 answers
RELEVANCY SCORE 37.2

1) An error in the handling of redirections can be exploited to access documents served from another web site via the "object.documentElement.outerHTML" property. 2) An error in the handling of file shares can be exploited to trick a user into executing a malicious HTA application via directory traversal attacks in the filename. Successful exploitation requires some user interaction.The vulnerabilities have been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.Solution: 1) Disable Active Scripting support. 2) Filter Windows file sharing traffic.ISC Testing Note: Regarding the second vulnerability, what's interesting is that we were able to reproduce this even when using Mozilla FireFox.These are rated as a "moderate risk" and proof-of-concept exploits have been developed.New IE unpatched OuterHTML and HTA vulnerabilitieshttp://secunia.com/advisories/20825/http://www.incidents.org/diary.php?storyid=1448http://www.frsirt.com/english/advisories/2006/2553

Read other answers