eXchange POP3

Published: 2006-02-03. Last Updated: 2006-02-03 21:36:55 UTC
by Swa Frantzen (Version: 1)
0 comment(s)
Some of our readers need to be calmed down I guess: It's not Microsoft's exchange. eXchange pop3 is from a 3rd party vendor. Find it at: http://www.exchangepop3.com/.

The good news is that it took the vendor about 2 weeks to issue a fixed version for download.

From the description the vendor makes a product that's to be installed on or close to a real exchange machine. So we're not out of the woods yet. The product offers connections between an exchange server and an external POP3 or IMAP mailbox. Yet it's SMTP service has a buffer overflow in it's handling of the "RCPT TO:" command. The exploit has been made public.

--
Swa Frantzen


Keywords:
0 comment(s)

Mozilla Firefox vulnerabilities and upgrade

Published: 2006-02-03. Last Updated: 2006-02-03 20:42:57 UTC
by Swa Frantzen (Version: 2)
0 comment(s)
According to secunia's security advisory, several vulnerabilities were found in Firefox. Fortunately, Mozilla released Firefox 1.5.0.1 to fix them.

See the release notes and the list of security fixes.

If you still use FireFox 1.0.7, please note it is vulnerable to some of the problems as well. I'm expecting a 1.0.8 to be released but since it's taking it's time it might be easier to take the step to the 1.5 series.
--
Swa Frantzen

Keywords:
0 comment(s)

Windows local privilege escalation - Windows access control

Published: 2006-02-03. Last Updated: 2006-02-03 19:25:20 UTC
by Swa Frantzen (Version: 1)
0 comment(s)
On January 31st 2006, a paper was published by Sudhakar Govindavajhala and Andrew W. Appel at the
Princeton University titled Windows Access Control Demystified. It took the hacker tool developers just a few days to publicly release their first exploit referencing it. The exploit allows local escalation of privileges. On an OS typically used by users who are all administrators that might not be considered the biggest thing ever. Still, it should be fixed by all vendors involved.

Now for the average administrator it might seem nearly ridiculous that allowing just one right too many can escalate that user begin able to run an arbitrary executable with all local rights he could wish for. Worse the problem is so obscure that many applications including some made by Microsoft and bundled with Windows XP did have that one too many right in it (uPnP and SSDP). Not only did they goof on it, so did Adobe, AOL, Macromedia and probably a few more.

I cannot help but notice the whole system of access control used in windows is rather complex and that might very well be the core of the problem. KISS is after all a principle that has proven through the years to work best in many cases.

Anyway that document and its implications are mandatory reading if you want to take away local admin rights of any user with any success. The consequence is as well that installing any software for any user needs to be done with extreme caution and security verification. Even is that one user needing the extra software is not your most restricted user, it still needs the full verification.
It is also mandatory for any developer making any application to understand this fully.

And as I said, I don't think it's easy to fully comprehend.

--
Swa Frantzen
Keywords:
0 comment(s)

It is already Feb 3rd!

Published: 2006-02-03. Last Updated: 2006-02-03 13:00:46 UTC
by Pedro Bueno (Version: 2)
0 comment(s)
Ok, in some parts of the world it is already Feb 3rd and some damage is already probably done.
If you know any story related to this event, please share with us .

Samir Datt wrote to tell us about "unconfirmed reports" of damage in Bangalore, Ludhiana and Delhi. (email arrived 1am EST, 6am GMT).

Keywords:
0 comment(s)

Looking for samples of W32.Kiman.A

Published: 2006-02-03. Last Updated: 2006-02-03 12:47:43 UTC
by Swa Frantzen (Version: 1)
0 comment(s)
Our malware analysists are looking for samples of the kiman worm.

If you have any please consider uploading it using our contact form.

--
Swa Frantzen

Keywords:
0 comment(s)

Comments


Diary Archives