LANDesk Management Gateway Vulnerability

Published: 2010-02-06. Last Updated: 2010-02-06 20:30:23 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

LANDesk has released a security fix for a vulnerability reported for the LANDesk Management Gateway which under certain conditions, will allows an attacker to perform command injection. This could lead to arbitrary commands to be executed under the root context. A fix has been made available and the original advisory posted here.

Affected versions:

LANDesk management Gateway Appliance 4.0-1.48 & 4.2-1.8
-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

Keywords: LANDesk Command Injection XSS
0 comment(s)
tweaked ISC layout. Please submit screen shot and browser details if things don't look right.

Oracle WebLogic Server Security Alert

Published: 2010-02-06. Last Updated: 2010-02-06 01:17:54 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

Oracle issued a Security Alert that address a vulnerability in the Node Manager component of Oracle WebLogic Server (CVE-2010-0073).

According to Oracle, "This vulnerability may be remotely exploitable without authentication. A knowledgeable and malicious remote user can exploit this vulnerability which can result in impacting the availability, integrity and confidentiality of the targeted system." Oracle strongly recommends testing and apply this fix as soon as possible. Additional information is available here.

The list of affected product:

Oracle WebLogic Server 11gR1 releases (10.3.1 and 10.3.2)
Oracle WebLogic Server 10gR3 release (10.3.0)
Oracle WebLogic Server 10.0 through MP2
Oracle WebLogic Server 9.0, 9.1, 9.2 through MP3
Oracle WebLogic Server 8.1 through SP6
Oracle WebLogic Server 7.0 through SP7

-----------

 Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

Keywords: Oracle WebLogic
0 comment(s)
New version of Andreas Schuster's Evtx Parser released http://computer.forensikblog.de/en/2010/02/evtx_parser_1_0_2.html

Comments

Login here to join the discussion.


Diary Archives