ep's blog

Sun Java System Directory Server 'core_get_proxyauth_dn' Denial of Service Vulnerability

http://www.securityfocus.com/bid/37699

"Sun Java System Directory Server is prone to a denial-of-service
vulnerability.

An attacker can exploit this issue to crash the effected application,
denying service to legitimate users.

Directory Server 7.0 is vulnerable; other versions may also be affected."

No patches have been released at this time.

Open season on tax-payers

http://www.viruslist.com/en/weblog?weblogid=208188001

As tax season approaches, users should use caution when choosing their
online tax preparer. Some security analysts are predicting a surge of
malicious tax phishing sites targeted at stealing PII (Personally
Identifiable Information) which could lead to identity theft.

It is recommended to verify the URL in the location bar, and choose a
trusted Tax Preparation site.

Thanks,
ep

Sunbelt Software Security Labs releases Data Doctor Decryption Software

http://sunbeltblog.blogspot.com/2010/01/data-doctor-2010-encrypted-files...

Ransomeware, "Data Doctor 2010", has been cracked by Sunbelt Software Security Labs.  They have released a tool that can decrypt your files, which are held hostage by the program.  If you have been denied access to your files by Data Doctor 2010, follow the link above.

Thanks,
ep

Security updates available for Adobe Illustrator CS4 and CS3

http://www.adobe.com/support/security/bulletins/apsb10-01.html

"Critical vulnerabilities have been identified in Adobe Illustrator CS4
(14.0.0) and Adobe Illustrator CS3 (13.0.3 and earlier versions), on the
Windows and Macintosh operating systems. The vulnerabilities could lead
to arbitrary code execution. Adobe has provided a solution for the
reported vulnerabilities. It is recommended that users update their
installations".

Thanks,
ep

Multiple Vendors libc/gdtoa printf(3) Array Overrun

http://securityreason.com/achievement_securityalert/63

A new version of libc/gdtoa includes an overrun vulnerability. This
core component affects many OSs and programs, including:

OpenBSD
NetBSD
FreeBSD
MacOS X

Google Chrome
Mozilla Firefox
Mozilla SeaMonkey
Opera
KDE
K-Meleon

OS and software updates should be released soon to fix this issue. It
could lead to arbitrary code execution for any of these software titles.

RHEL dbus security update

http://rhn.redhat.com/errata/RHSA-2010-0018.html

"It was discovered that the Red Hat Security Advisory RHSA-2009:0008 did
not correctly fix the denial of service flaw in the system for sending
messages between applications. A local user could use this flaw to send a
message with a malformed signature to the bus, causing the bus (and,
consequently, any process using libdbus to receive messages) to abort.
(CVE-2009-1189)

NetworkManager Security Bypass and Information Disclosure Vulnerabilities

http://www.securityfocus.com/bid/37580/info

"NetworkManager is prone to a security-bypass vulnerability and an
information-disclosure vulnerability.

Attackers can exploit theses issues to obtain sensitive information or
entice a user to connect to a network without certificate verification.

NetworkManager 0.7.2 is vulnerable; other versions may also be affected."

Pages