Welcome to the Network Security website at the IAS

This website is intended to bring you the latest news, how to's, tools and resources in Information Security.  Security Awareness of our Faculty, Members and Staff is key in creating a safer computing environment.

The three major Principles of Information Security, Availability, Integrity and Confidentiality, will be covered throughout the security awareness program at the Institute.  For a description of these principles, please see our About section.

In keeping with the spirit of the Institute, I encourage questions and open discussions about security.  And if you discover anything out of the ordinary, please feel free to bring it to my attention so that we can work together to create a more productive, safer environment.

Thanks,
Brian Epstein <security@ias.edu>
twitter: @epepepep


Multiple Intel Desktop Board Models Bitmap Processing Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/36886

Vulnerable Intel Motherboards

Intel DQ45EK 0
Intel DQ45CB 0
Intel DQ35MP 0
Intel DQ35JO 0

"Multiple Intel Desktop Board models are prone to a buffer-overflow
vulnerability because they fail to properly bounds-check user-supplied data.

Successfully exploiting this issue will allow local attackers to run
arbitrary code with elevated privileges or trigger a denial-of-service
condition."

Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability

http://www.securityfocus.com/bid/36827

"The Linux kernel is prone to a local information-disclosure vulnerability.

Local attackers can exploit this issue to obtain sensitive information
that may lead to further attacks."

This affects kernels earlier than 2.6.31.2.

Check with your vendor for an update and apply as soon as possible.

Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability

http://www.securityfocus.com/bid/36827

"The Linux kernel is prone to a local information-disclosure vulnerability.

Local attackers can exploit this issue to obtain sensitive information
that may lead to further attacks."

This affects kernels earlier than 2.6.31.2.

Check with your vendor for an update and apply as soon as possible.

Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability

http://www.securityfocus.com/bid/36901

"Linux kernel is prone to a local privilege-escalation vulnerability
that is caused by a NULL-pointer dereference.

Local attackers can exploit this issue to execute arbitrary code with
kernel-level privileges. Successful exploits will result in the complete
compromise of affected computers. Failed exploit attempts will result in
a denial-of-service condition. "

This affects RHEL, SuSE, etc. Kernels before 2.6.31.5.

Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability

http://www.securityfocus.com/bid/36901

"Linux kernel is prone to a local privilege-escalation vulnerability
that is caused by a NULL-pointer dereference.

Local attackers can exploit this issue to execute arbitrary code with
kernel-level privileges. Successful exploits will result in the complete
compromise of affected computers. Failed exploit attempts will result in
a denial-of-service condition. "

This affects RHEL, SuSE, etc. Kernels before 2.6.31.5.

BlackBerry Desktop Manager ActiveX Control Remote Code Execution Vulnerability

http://www.securityfocus.com/bid/36903/info

Versions of Research In Motion Blackberry Desktop Manager earlier than
5.0.1 are vulnerable to an ActiveX vulnerability that could lead to
remote arbitrary code execution.

Users should update their Desktop Manager application to the latest version.

BlackBerry Desktop Manager ActiveX Control Remote Code Execution Vulnerability

http://www.securityfocus.com/bid/36903/info

Versions of Research In Motion Blackberry Desktop Manager earlier than
5.0.1 are vulnerable to an ActiveX vulnerability that could lead to
remote arbitrary code execution.

Users should update their Desktop Manager application to the latest version.

Sun Java SE November 2009 Multiple Security Vulnerabilities

http://www.securityfocus.com/bid/36881

"Sun has released updates to address multiple security vulnerabilities
in Java SE.

Successful exploits may allow attackers to bypass certain security
restrictions, run untrusted applets with elevated privileges, execute
arbitrary code, and cause denial-of-service conditions. Other attacks
are also possible.

These issues are addressed in the following releases:

Multiple Intel Desktop Board Models Bitmap Processing Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/36886

Vulnerable Intel Motherboards

Intel DQ45EK 0
Intel DQ45CB 0
Intel DQ35MP 0
Intel DQ35JO 0

"Multiple Intel Desktop Board models are prone to a buffer-overflow
vulnerability because they fail to properly bounds-check user-supplied data.

Successfully exploiting this issue will allow local attackers to run
arbitrary code with elevated privileges or trigger a denial-of-service
condition."

Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability

http://www.securityfocus.com/bid/36827

"The Linux kernel is prone to a local information-disclosure vulnerability.

Local attackers can exploit this issue to obtain sensitive information
that may lead to further attacks."

This affects kernels earlier than 2.6.31.2.

Check with your vendor for an update and apply as soon as possible.

Pages