ep's blog

New BETA release of Secunia PSI

http://secunia.com/blog/52/
 
"Now available from Secunia is the BETA release of the latest PSI.
Amongst the usual programs PSI scans through for needed patches, the
new version will now also tout a feature called 'Secure Browsing'.
The new feature informs users of what programs and plugins are
integrated directly with their browsers and any security issues
affecting the browsers and their plugins."

httpd security update fixes remote DOS and local server side includes vulnerability

http://rhn.redhat.com/errata/RHSA-2009-1075.html

Updated httpd packages that fix two security issues are now available for
Red Hat Enterprise Linux 5. The DoS bug only affects RHEL5.3.

Apache should be updated to the latest package on all RHEL machines
serving web pages.

Thanks,
Brian

Multiple Vulnerabilities in the Solaris 8 and 9 sadmind(1M) Daemon May Lead to Remote Arbitrary Code Execution

http://sunsolve.sun.com/search/document.do?assetkey=1-66-259468-1

Solaris 8 and 9 sadmind contains heap and integer overflow
vulnerabilities. This could lead to local or remote unprivileged
execution of arbitrary code with root privilege.

This does not affect Solaris 10 or OpenSolaris which does not come with
sadmind.

Affected versions:

SPARC Platform:
- Solaris 8 without patch 116455-02
- Solaris 9 without patch 116453-03

Multiple Symantec Products Intel Common Base Agent Remote Command Execution Vulnerability

http://www.securityfocus.com/bid/34671/info

An exploit concerning various versions of SAV is in the wild. It allows
for remote exploitation of machines with SYSTEM privileges.

Symantec has released updates and patches to fix the issue.

Please read their release notes for further information.

Two Adobe Reader 0-day vulnerabilities

http://isc.sans.org/diary.html?storyid=6286&rss

It appears that two new vulnerabilities in Adobe Reader 9.1, 8.1.4 and
7.1.1 are being used today. These are more buffer overflows in the
Javascript interpreter that could lead to remote code execution by
reading malicious PDF files.

The exploit currently being seen targets Linux computers running Adobe's
software, but other platforms are susceptible to the same vulnerability.

Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution 969136

http://www.microsoft.com/technet/security/advisory/969136.mspx

Microsoft Security Advisory (969136)

"An attacker who successfully exploited this vulnerability could gain
the same user rights as the local user. Users whose accounts are
configured to have fewer user rights on the system could be less
affected than users who operate with administrative user rights."

Pages