Subject | Who will be next? :-) |
---|---|
Author | Claudio Valderrama C. |
Post date | 2006-02-15T03:20:17Z |
As security companies move away from the OS to the utilities and third party
servers in their research, expect that some bulletin mentions us in the
future. Examples I got today:
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. PostgreSQL Set Session Authorization Denial of Service Vulnerability
BugTraq ID: 16650
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16650
Summary:
PostgreSQL is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the application, effectively
denying service to legitimate users.
Successful exploitation of this issue requires that the application is
compiled with 'Asserts' enabled; this is not the default setting.
2. PostgreSQL Remote SET ROLE Privilege Escalation Vulnerability
BugTraq ID: 16649
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16649
Summary:
PostgreSQL is susceptible to a remote privilege escalation vulnerability.
This issue is due to a flaw in the error path of the 'SET ROLE' function.
This issue allows remote attackers with database access to gain
administrative access to affected database servers. As administrative access
to the database allows filesystem access, other attacks against the
underlying operating system may also be possible.
<snip>
BTW, those like me using Windows but not MSIE should pay attention here:
4. Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability
10. Microsoft Windows Media Player Bitmap Handling Buffer Overflow
Vulnerability
14. Microsoft February Advance Notification Multiple Vulnerabilities
The updated URL for this is now published:
http://www.microsoft.com/technet/security/bulletin/ms06-feb.mspx
Full information here:
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #277
http://www.securityfocus.com/archive/88/424635
2. SNMP service
http://www.securityfocus.com/archive/88/424634
C.
---
Claudio Valderrama C.
SW developer, consultant.
http://www.cvalde.net - http://www.firebirdsql.org
servers in their research, expect that some bulletin mentions us in the
future. Examples I got today:
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. PostgreSQL Set Session Authorization Denial of Service Vulnerability
BugTraq ID: 16650
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16650
Summary:
PostgreSQL is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the application, effectively
denying service to legitimate users.
Successful exploitation of this issue requires that the application is
compiled with 'Asserts' enabled; this is not the default setting.
2. PostgreSQL Remote SET ROLE Privilege Escalation Vulnerability
BugTraq ID: 16649
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16649
Summary:
PostgreSQL is susceptible to a remote privilege escalation vulnerability.
This issue is due to a flaw in the error path of the 'SET ROLE' function.
This issue allows remote attackers with database access to gain
administrative access to affected database servers. As administrative access
to the database allows filesystem access, other attacks against the
underlying operating system may also be possible.
<snip>
BTW, those like me using Windows but not MSIE should pay attention here:
4. Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability
10. Microsoft Windows Media Player Bitmap Handling Buffer Overflow
Vulnerability
14. Microsoft February Advance Notification Multiple Vulnerabilities
The updated URL for this is now published:
http://www.microsoft.com/technet/security/bulletin/ms06-feb.mspx
Full information here:
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #277
http://www.securityfocus.com/archive/88/424635
2. SNMP service
http://www.securityfocus.com/archive/88/424634
C.
---
Claudio Valderrama C.
SW developer, consultant.
http://www.cvalde.net - http://www.firebirdsql.org