Welcome to the Network Security website at the IAS

This website is intended to bring you the latest news, how to's, tools and resources in Information Security.  Security Awareness of our Faculty, Members and Staff is key in creating a safer computing environment.

The three major Principles of Information Security, Availability, Integrity and Confidentiality, will be covered throughout the security awareness program at the Institute.  For a description of these principles, please see our About section.

In keeping with the spirit of the Institute, I encourage questions and open discussions about security.  And if you discover anything out of the ordinary, please feel free to bring it to my attention so that we can work together to create a more productive, safer environment.

Thanks,
Brian Epstein <security@ias.edu>
twitter: @epepepep


Poppler Embedded Fonts Processing Vulnerability

http://secunia.com/advisories/29836/ - Poppler is a PDF rendering engine used by xpdf, evince and other tools. There is a system compromise vulnerability that can be exploited by processing malicious PDF files. RedHat has released poppler-0.5.4-4.4 to fix this vulnerability. It is suggested to test and update to this version during the next outage window.

Poppler Embedded Fonts Processing Vulnerability

http://secunia.com/advisories/29836/ - Poppler is a PDF rendering engine used by xpdf, evince and other tools. There is a system compromise vulnerability that can be exploited by processing malicious PDF files. RedHat has released poppler-0.5.4-4.4 to fix this vulnerability. It is suggested to test and update to this version during the next outage window.

Nagios Plugins Long Location Header Buffer Overflow Vulnerability

http://secunia.com/advisories/27124/ - A vulnerability in the plugins for Nagios could lead to system compromise. Successful exploitation requires that a connection is made to a malicious web server. This affects versions prior to 1.4.10. Fedora just released updates for nagios-plugins for Fedora 7 and Fedora 8.

Nagios Plugins Long Location Header Buffer Overflow Vulnerability

http://secunia.com/advisories/27124/ - A vulnerability in the plugins for Nagios could lead to system compromise. Successful exploitation requires that a connection is made to a malicious web server. This affects versions prior to 1.4.10. Fedora just released updates for nagios-plugins for Fedora 7 and Fedora 8.

ClamAV Multiple Vulnerabilities

http://secunia.com/advisories/29000/ - Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to bypass certain security restrictions, to cause a DoS (Denial of Service), or to compromise a vulnerable system. This affects versions prior to 0.93 and have been fixed in v0.93. It is suggested to test and update to this version as soon as possible for systems scanning email, and during the next outage window for other systems not performing real time scanning.

ClamAV Multiple Vulnerabilities

http://secunia.com/advisories/29000/ - Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to bypass certain security restrictions, to cause a DoS (Denial of Service), or to compromise a vulnerable system. This affects versions prior to 0.93 and have been fixed in v0.93. It is suggested to test and update to this version as soon as possible for systems scanning email, and during the next outage window for other systems not performing real time scanning.

WordPress PHP Code Execution and Cross-Site Scripting in v2.5 and prior

http://secunia.com/advisories/29965/ - Two vulnerabilities have been discovered, one which can lead to authentication bypass (if account registration is enabled) and another which can lead to arbitrary HTML and code execution on the clients web browser. This could appear to be a defacement, but is executed locally on the users computer, not on the server itself. Test and update to v2.5.1 when possible.

Pages