Welcome to the Network Security website at the IAS

This website is intended to bring you the latest news, how to's, tools and resources in Information Security.  Security Awareness of our Faculty, Members and Staff is key in creating a safer computing environment.

The three major Principles of Information Security, Availability, Integrity and Confidentiality, will be covered throughout the security awareness program at the Institute.  For a description of these principles, please see our About section.

In keeping with the spirit of the Institute, I encourage questions and open discussions about security.  And if you discover anything out of the ordinary, please feel free to bring it to my attention so that we can work together to create a more productive, safer environment.

Thanks,
Brian Epstein <security@ias.edu>
twitter: @epepepep


Gnome Screensaver authentication bypass vulnerability (Ubuntu, maybe others)

http://www.securityfocus.com/bid/37240/info

This reminds me of the days of Windows 95/3.1 where you could bypass the
screensaver just by hitting the right sequence of keys.

This vulnerability specifically targets Ubuntu, but may be applicable to
other installations of v2.28 as well.

Testing the exploit under Fedora 11 and 12 does not duplicate the issue.

It is recommended for Ubuntu users to update their machines to the
latest version of gnome-screensaver to avoid this issue.

Gnome Screensaver authentication bypass vulnerability (Ubuntu, maybe others)

http://www.securityfocus.com/bid/37240/info

This reminds me of the days of Windows 95/3.1 where you could bypass the
screensaver just by hitting the right sequence of keys.

This vulnerability specifically targets Ubuntu, but may be applicable to
other installations of v2.28 as well.

Testing the exploit under Fedora 11 and 12 does not duplicate the issue.

It is recommended for Ubuntu users to update their machines to the
latest version of gnome-screensaver to avoid this issue.

RHSA-2009:1659-1: Moderate: kvm security and bug fix update, guest could cause DoS of host machine

http://rhn.redhat.com/errata/RHSA-2009-1659.html

A moderate security vulnerability could allow a malicious user on a
guest VM to cause a DoS attack on the underlying host.

This patch also updates a few other non-security related bugs in the
software as explained at the above link.

It is recommended to update to a version of KVM that includes these
security fixes.

RHSA-2009:1659-1: Moderate: kvm security and bug fix update, guest could cause DoS of host machine

http://rhn.redhat.com/errata/RHSA-2009-1659.html

A moderate security vulnerability could allow a malicious user on a
guest VM to cause a DoS attack on the underlying host.

This patch also updates a few other non-security related bugs in the
software as explained at the above link.

It is recommended to update to a version of KVM that includes these
security fixes.

Pages