ep's blog

Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution 969136


Microsoft Security Advisory (969136)

"An attacker who successfully exploited this vulnerability could gain
the same user rights as the local user. Users whose accounts are
configured to have fewer user rights on the system could be less
affected than users who operate with administrative user rights."

Adobe Reader 7, 8 and 9 code execution through buffer overflow


A buffer overflow in Adobe Reader allows for code execution when a user
opens a malicious PDF file.

Adobe will be releasing updates to v9 on March 11, 2009. Version 8 and
7 patches will follow soon after.

The exploit is currently active and uses Javascript embedded in the PDF
file to inject its payload into the heap.

Security Team creates a Rogue CA by targeting MD5 weaknesses


A group that presented at the the Chaos Communication Congress in Berlin
showed the ability to convert a non-CA certificate into a CA
certificate, breaking the trust of the PKI.

This was done by using a large array of fast computers (200 Playstation
3's) in order to create a CSR that would force a weakly signed
Certificate. This certificate normally would not be allowed to sign
other CSRs.

Multiple vulnerabilities found in Drupal Core


This bug affects the update mechanism in Drupal. Via cross site
scripting, a malicious user may be able to cause the superuser to
execute old updates that may damage the database.

Upgrading to 5.13 or 6.7 will mitigate the bug. Alternatively, a patch
is available that will fix this bug, although it will not update other
non-security fixes in the code.

Multiple vulnerabilities in Adobe Acrobat Reader [Fwd: [sns.ias.edu #1633]


Multiple vulnerabilities in Adobe Acrobat/Reader in versions <8.1.3
could lead to arbitrary code execution when a user opens a malicious PDF

There are known exploits for these vulnerabilities. Users should use
caution when opening PDF files and upgrade to version 8.1.3 or 9 of
Adobe Acrobat/Reader.

Fedora 9 kernel and VMware-server-2.0.0-116503.i386

Fedora updated the kernel to over the weekend.  I ran into many of the issues that I had before with getting VMware-server-1.0.7 working with the new kernel.

I was able to compile it using the same vmware-any-any-117-itpsycho patches, but it crashed the system whenever I tried to start a VM.

Toward the end of September, VMware released their VMware 2.0 product.  I had tried a pre-release version, but it was not working well at that time.  I decided to give the production version a try before reverting back to an older kernel.

Demise of Intercage/Atrivo and its impact on users

A lively discussion in the NANOG mailing list just recently ended with the disconnection of Intercage/Atrivo hosting company.  This hosting company has been known to host customers with varying ethical standards.

One of the fallouts of this disconnection is that many malware websites are no longer reachable.  This means if your computer has been compromised in the past, it may not be able to find its controller anymore.  Sometimes, this means your computer won't work at all anymore.