|
Updates
 A
compilation of the latest information about viruses and worms, security issues
and patches to rectify the same.
Snort’s IDS vulnerability
Snort, an open source intrusion-detection system (IDS), faces a new vulnerability
which enables hackers to insert hostile code into exposed systems. According
to the company behind the Snort package, Sourcefire, hackers could make use
of systems running the software by remotely gaining control of it and executing
malicious code and in turn gain access to confidential data. Using a cross-site
scripting proxy, an attacker can maintain continued bi-directional communication
with the compromised system.
The primary flaw was discovered in Snort’s DCE/RPC (distributed
computing environment/ remote procedure calls) processor, which is vulnerable
to stack-based buffer overflow attacks. An update has already been released
to curb this problem. This flaw of buffer overflow has been ranked as ‘highly
critical’, which is the second most severe rating according to Danish Security
firm, Secunia. Snort versions 2.6.1, 2.6.1.1, 2.6.1.2 and the Snort 2.7.0 beta
are all vulnerable to the bug.
The worst part about this vulnerability is that it not only
disables the protection but also creates a means to attack networks using the
same tools which are designed to safeguard them.
The Snort IDS and Sourcefire Intrusion Sensor IDS/IPS (intrusion detection system/intrusion
prevention system) are also vulnerable to a stack-based buffer overflow resulting
in remote code execution. Sourcefire said that the users of version 2.6.1.1
and 2.6.1.2 should immediately upgrade to 2.6.1.3.
|
WORM_ZHELATIN.CH
TROJ_SMALL.GHI
TROJ_AGENT.IQN
TROJ_VB.BLV
TROJ_MDROPPER.MY
JS_FEEBS.KY
TROJ_MDROPPER.FC
WORM_SPOTFACE.A
WORM_NUWAR.AAI
TROJ_DLOADER.IZO
(Source: Trend Micro)
|
Javascript to make Google Desktop Vulnerable
Google Desktop users were warned to update the program to make sure that they
are protected from a vulnerability which could allow an attacker to use Javascript
for searching and stealing critical data on the victim’s machine.
The attack uses a cross-site scripting (XSS) flaw in the Google Desktop application
along with any other XSS flaw in the google.com domain which installs malicious
JavaScript on the user’s computer. Using the technique, an attacker could
create a JavaScript program that Google Desktop repeatedly runs and allows the
attacker to search the user’s computer to dig up interesting data. An attacker
can run a Javascript program that garner the signature assigned to the user’s
PC. With that signature, the attacker can create valid URLs and switch the context
from Google.com and take control over Google Desktop.
Soon after this, Google released an updated version of the software fixing the
local cross-site scripting flaw. Even after the release, many users have not
got the patch. Considering the popularity of the software, there could be many
more users using a vulnerable product.
Google Desktop has the capability to automatically update itself with a more
recent version but in some cases auto update is disabled or the software fails
to update and users have to do it manually. The latest version also contains
additional defences against cross-site scripting attacks
To avoid this vulnerability, Google Desktop users are advised to make sure that
they have the latest version, 5.0.701.30540.
|
