Welcome to the Network Security website at the IAS

This website is intended to bring you the latest news, how to's, tools and resources in Information Security.  Security Awareness of our Faculty, Members and Staff is key in creating a safer computing environment.

The three major Principles of Information Security, Availability, Integrity and Confidentiality, will be covered throughout the security awareness program at the Institute.  For a description of these principles, please see our About section.

In keeping with the spirit of the Institute, I encourage questions and open discussions about security.  And if you discover anything out of the ordinary, please feel free to bring it to my attention so that we can work together to create a more productive, safer environment.

Thanks,
Brian Epstein <security@ias.edu>
twitter: @epepepep


CUPS printing service vulnerability allows for DoS or potential remote access

http://secunia.com/advisories/28994/ - A vulnerability in the cups daemon may allow for a remote DoS or system compromise. This affects version 1.3.5 and possibly prior versions. CUPS v1.3.6 has been released and fixes this vulnerability. It is suggested to upgrade to v1.3.6.

Multiple Vulnerabilities in Horde v3.1.5

http://secunia.com/advisories/28382/ - http://secunia.com/advisories/28020/ - Multiple vulnerabilities in Horde v3.1.5 (and before) allow for security restriction bypass (by an authenticated user) and allow for iframe injection in HTML email which could be used to delete the users mail (from any external person). It is highly recommended to upgrade to v3.1.6.

Multiple Vulnerabilities in Horde v3.1.5

http://secunia.com/advisories/28382/ - http://secunia.com/advisories/28020/ - Multiple vulnerabilities in Horde v3.1.5 (and before) allow for security restriction bypass (by an authenticated user) and allow for iframe injection in HTML email which could be used to delete the users mail (from any external person). It is highly recommended to upgrade to v3.1.6.

Multiple vulnerabilities in Netscape 9.x can lead to compromise

http://secunia.com/advisories/29049/ - Netscape has verified multiple vulnerabilities in the Netscape 9.x web browser. These vulnerabilities range from Security Bypass, XSS, Spoofing, PII exposure, DoS, remote system access. Upgrading to version 9.0.0.6 fixes these issues and is recommended.

CUPS printing service vulnerability allows for DoS or potential remote access

http://secunia.com/advisories/28994/ - A vulnerability in the cups daemon may allow for a remote DoS or system compromise. This affects version 1.3.5 and possibly prior versions. CUPS v1.3.6 has been released and fixes this vulnerability. It is suggested to upgrade to v1.3.6.

Multiple Vulnerabilities in Horde v3.1.5

http://secunia.com/advisories/28382/ - http://secunia.com/advisories/28020/ - Multiple vulnerabilities in Horde v3.1.5 (and before) allow for security restriction bypass (by an authenticated user) and allow for iframe injection in HTML email which could be used to delete the users mail (from any external person). It is highly recommended to upgrade to v3.1.6.

Security update available for Adobe Reader and Acrobat 8 fixes vulnerability

http://www.adobe.com/support/security/advisories/apsa08-01.html - An error in the printSepsWithParams() function within the Adobe Reader and Acrobat 8.1.1 program could lead to arbitrary code execution. In order to be compromised, a user must open a malicious PDF file. It is recommended to upgrade to Adobe Reader/Acrobat 8.1.2.

Security update available for Adobe Reader and Acrobat 8 fixes vulnerability

http://www.adobe.com/support/security/advisories/apsa08-01.html - An error in the printSepsWithParams() function within the Adobe Reader and Acrobat 8.1.1 program could lead to arbitrary code execution. In order to be compromised, a user must open a malicious PDF file. It is recommended to upgrade to Adobe Reader/Acrobat 8.1.2.

Clam AntiVirus Memory Corruption and Integer Overflow Vulnerabilities

http://www.frsirt.com/english/advisories/2008/0503 - Multiple vulnerabilities have been identified in Clam AntiVirus (ClamAV), which could be exploited by remote attackers or malware to cause a denial of service or take complete control of an affected system. It is suggested to upgrade to clamav-0.92.1 available from http://sourceforge.net/project/showfiles.php?group_id=86638&package_id=9...

Clam AntiVirus Memory Corruption and Integer Overflow Vulnerabilities

http://www.frsirt.com/english/advisories/2008/0503 - Multiple vulnerabilities have been identified in Clam AntiVirus (ClamAV), which could be exploited by remote attackers or malware to cause a denial of service or take complete control of an affected system. It is suggested to upgrade to clamav-0.92.1 available from http://sourceforge.net/project/showfiles.php?group_id=86638&package_id=9...

Pages