Ops and Intel update
Realplayer Vulnerability DON'T USE:
Published: 2008-01-04,
Last Updated: 2008-01-05 20:13:55 UTC
by Scott Fendley (Version: 5)
Good morning everyone,
Earlier this week, Evgeny Legerov reported a vulnerability involving Real Player which could allow an attacker to execute code on victim computers. At this moment in time, there is no patch or other work around for this vulnerability though I would expect that limiting end-user privileges would limit the potential risk.
Until an update is available, I recommend that you limit viewing multimedia content using Real Player. It would be worthwhile to plan to add this future update into the mix with any operating system updates which are scheduled to be released soon.
For more information on this vulnerability, please see:
http://secunia.com/advisories/28276/
http://www.frsirt.com/english/advisories/2008/0016
Update 15:10 UTC: While you're at it, consider blocking access to uc8010-dot-com. If you do a Google Search for this domain, you'll understand why: Lots of injecting of a mailicious 0.js from this domain is currently going on, plenty of web sites seem to contain this booby trap. One of the IFRAMES fetched from this site, the file "r.htm" contains a RealPlayer exploit. Still the one from last month (www.kb.cert.org/vuls/id/871673) but if they happen to re-tool to the new vulnerability, things might get ugly.
XXXXXXXXXXXXXXXXXXXXXX
Pragma FortressSSH SSH server DoS
- 1 day agoMultiple user-reachable assert()'s. Applications: FortressSSH 5.0 (04.01.2008)
VanDyke VShell DoS
- 1 day agoDoS on keys exchange. Applications: VShell 3.0 (04.01.2008)
Seattle Lab telnet Server DoS
- 1 day agoNULL pointer dereference on telnet options parsing. Applications: Seattle Lab Telnet Server 4.1 (04.01.2008)
Pragma TelnetServer DoS
- 1 day agoNULL pointer dereference on TELOPT PRAGMA LOGON telnet option. Applications: Pragma TelnetServer 7.0 (04.01.2008)
Foxit Remote Access Server telnet server DoS
- 1 day agoCrash on oversized option. Applications: Remote Access Server 2.1 (04.01.2008)
FortiGuard URL filtering protection bypass
- 1 day agoIt's possible to bypass filtering by removing Host:header from HTTP request of by fragmenting request. Applications: Fortigate 1000 (04.01.2008)
PHP multiple security vulnerabilities
- 1 day agoDoS conditions, internal state modification, code execution, integer overflows, information leaks. (04.01.2008)
YaSSL library / MySQL multiple security vulnerabilities
- 1 day agoBuffer overflows in ProcessOldClientHello and operator>>, memory exhaustion in HASHwithTransform::Update. Applications: MySQL 6.0, yaSSL 1.7 (04.01.2008)
tcpreen buffer overflows
- 1 day agoFD_SET buffer overflow on large number of incvoming connections. (04.01.2008)
Wireshark multiple security vulnerabilities
- 1 day agoInfinite loop in RPC dissector, memory exhaustion in CIP dissector. Applications: Wireshark 0.99 (04.01.2008)
U.S. stocks to weigh recession vs. rate-cut hopes next week
- 28 minutes agoAs credit crunch reverberates, investors fret over dividends
- 28 minutes agoWeb security provider warns of 'secret crush' Facebook threat
- 28 minutes agoMusharraf says Bhutto's death her own fault: '60 Minutes'
- 28 minutes agoAcademics not impressed with new Fed transparency plan
- 28 minutes ago
Washington Post Foreign Service
Saturday, January 5, 2008; Page A11
MILAN, Italy -- In an age of spy satellites, security cameras and an Internet that stores every keystroke, terrorism suspects are using simple, low-tech tricks to cloak their communications, making life difficult for authorities who had hoped technology would give them the upper hand.
Across Europe, al-Qaeda operatives and sympathizers are avoiding places that they assume are bugged or monitored, such as mosques and Islamic bookshops, counterterrorism experts said. In several cases, suspects have gone back to nature -- leaving the cities on camping trips or wilderness expeditions so they can discuss plots without fear of being overheard.
In Britain, a man who called himself "Osama bin London" is among five people being tried on charges of operating terrorist training camps in remote areas, sometimes under the guise of paintball fights in the woods. The camps' participants included four men who later tried to set off backpack bombs on the London transit system on July 21, 2005.
g
.