Newsfeed
(click to hide)
Last 10
- Bugtraq: Aruba Advisory ID: AID-020810 TLS Protocol Session Renegotiation Security Vulnerability
- Bugtraq: ACM CCS 2010: Call for Workshop Proposals
- Bugtraq: Hacktics Advisory Feb09: XSS in Oracle E-Business Suite
- Bugtraq: Re: [Full-disclosure] Samba Remote Zero-Day Exploit
- Global gov's shrugging lets cybercrims frolic
- Outguessing the Terrorists
- Safer Internet Day fights online foolhardiness
- PC Maintenance: What Tasks When?
- iHound aims to help you find your missing iPhone
- ShmooCon: Web app storage open to attack
SANS Newsbites
SANS @Risk
Today´s Diary
If you have more information or corrections regarding our diary, please share.
Oracle has an unscheduled security alert and patch for CVE-2010-0073. The issue affects WebLogic Server and is remotely exploitable. Details and patch are here http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html
Published: 2010-02-09,
Last Updated: 2010-02-09 00:23:31 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)
Last Updated: 2010-02-09 00:23:31 UTC
by Adrien de Beaupre (Version: 1)
When is a 0day not a 0day? When the exploit ends up being just a poor default configuration issue. It can lead to files being read, that the user has permission to read. Like /etc/passwd for example. The solution? Set "wide links = no" in the [global] section of your smb.conf and restart smbd to eliminate this problem, from the Samba Symlink Attack posting here. Thanks Elazar!
Cheers,
Adrien de Beaupré
EWA-Canada.com
If you have more information or corrections regarding our diary, click here to contact us.
Diary Archive
| Date | Author | Title |
|---|---|---|
| 2010-02-09 | Adrien de Beaupre | When is a 0day not a 0day? Samba symlink bad default config |
| 2010-02-08 | Adrien de Beaupre | When is a 0day not a 0day? Fake OpenSSh exploit, again. |
| 2010-02-06 | Guy Bruneau | Oracle WebLogic Server Security Alert |
| 2010-02-06 | Guy Bruneau | LANDesk Management Gateway Vulnerability |
| 2010-02-05 | Jim Clausing | WordPress iframe injection? |
| 2010-02-05 | Jim Clausing | Memory Analysis - time to move beyond XP |
| 2010-02-04 | Johannes Ullrich | Microsoft Patch Tuesday Pre-Release |
| 2010-02-04 | Mark Hofman | Dealing with User 2.0 |
| 2010-02-03 | Rob VandenBrink | APPLE-SA-2010-02-02-1 iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod touch |
| 2010-02-03 | Rob VandenBrink | Support for Legacy Browsers |
Search Diaries:
Daily Podcast
Listen to our daily summary of security news. 5 minutes a day keeps the virus away!
Featured Event
Latest Reading Room Papers
| The Evolving Role of Security Structures |
| Capturing and Analyzing Packets with Perl |
| Winquisitor: Windows Information Gathering Tool |
| Humans... The Overlooked Asset |
| Smart IDS - Hybrid LaBrea Tarpit |
Poll
Trends
more details
World Map
