PnP Worm out; More on the current Veritas vuln; Microsoft Update and Win 2K3 w/o SP1; new gaim version

Published: 2005-08-13. Last Updated: 2005-08-14 16:58:03 UTC
by Jim Clausing (Version: 1)

PnP Worm Out

-------

Quick update: Several reports that the PNP (MS05-039) worm was released finally. We are just analyzing the code.

-------
We remain at infocon of yellow, but fortunately, we haven't yet seen any worms exploiting the vulnerabilities covered by last Tuesday's Microsoft bulletins. If things stay quiet through Sunday, we'll likely move back to green on Monday, but we reiterate our warning from yesterday, there are enough exploits for these vulnerabilities known to be in the wild that we believe it is only a matter of hours or at most days until they are integrated into a worm.

More thoughts on the current Veritas Backup Exec vulnerability

One of our readers (thanx, Frank) pointed out that although the bulletins concerning the Veritas Backup Exec vulnerabilities only mentioned the possibility of READING data from a vulnerable server, the nature of the NDMP protocol makes it likely that it could be exploited to WRITE data to a server as well. Several people have been working on proof of concept code today, so it probably won't be long before working exploits are in the wild for this one, too. We are hearing reports of exploit attempts in the wild. Again, see yesterday's diary for our recommendations, for blocking port 10000. Also, thanx to Juha-Matti, for pointing out that this vulnerability also exists not just in Backup Exec, but also in NetBackup for NetWare, as well. See the for further details.