Version v2.1 of the Metasploit Framework has been
released. Metasploit looks like a script
kiddie's dream tool; it is a convenient packaging of some two dozen tools
for exploiting known vulnerabilities. A would-be attacker need only choose
the weapon of choice from a menu, and turn it loose.
In fact, it's better than that. Combined with the exploit engine is the
"payload generator"; there is also an online version
available. Simply pick the sort of behaviour you would like, set the relevant
parameters (e.g. which port to listen to), and the corresponding code pops
out the other end. Fit the payload onto your chosen exploit, and your
weapon is armed and ready.
Metasploit does not bring any new capabilities to the cracker's toolbox,
but it does make life easy for those who are unable to craft their own
exploits. It can also serve as a useful instructional and testing tool for
those of us who are charged with keeping systems secure. Metasploit can
quickly tell you if a target system is vulnerable to a given exploit, and
it shows what a breakin looks like from the outside. The attackers have
it; defenders might as well get a copy and see how it works. See the Metasploit Project page for more
information.
Comments (1 posted)
New vulnerabilities
Apache mod_proxy: denial of service
| Package(s): | apache |
CVE #(s): | CAN-2004-0492
|
| Created: | June 11, 2004 |
Updated: | October 14, 2004 |
| Description: |
A buffer overflow vulnerability in the apache mod_proxy module
can be exploited to create a denial of service. |
| Alerts: |
|
Comments (none posted)
chora: remote command execution
| Package(s): | chora |
CVE #(s): | |
| Created: | June 15, 2004 |
Updated: | June 15, 2004 |
| Description: |
Chora, a CVS/SVN repository viewer written by the HORDE project, has a vulnerability which can allow a remote attacker to inject shell code. Uploading and running of malicious binaries is also possible. Upgrading to version 1.2.2 fixes the problem. |
| Alerts: |
|
Comments (none posted)
Horde-IMP: improper input validation
| Package(s): | Horde-IMP |
CVE #(s): | |
| Created: | June 16, 2004 |
Updated: | August 10, 2004 |
| Description: |
An input validation error exists in Horde-IMP through version 3.2.4; a specially crafted message could be used to run scripts in the context of the target's browser. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CAN-2004-0554
|
| Created: | June 15, 2004 |
Updated: | July 5, 2004 |
| Description: |
2.4 and 2.6 kernels running on the i386 and x86_64 kernels have a vulnerability which can allow a local attacker to lock up the system. See this LWN article for a description of the problem.
Many of the updates for this problem also fix various potential driver vulnerabilities found while instrumenting the code for automated auditing. |
| Alerts: |
|
Comments (none posted)
Subversion: Remote heap overflow
| Package(s): | subversion |
CVE #(s): | CAN-2004-0413
|
| Created: | June 11, 2004 |
Updated: | March 7, 2005 |
| Description: |
Subversion has a remote Denial of Service vulnerability
that may allow a server that runs svnserve to execute
arbitrary code. See this advisory for more information. |
| Alerts: |
|
Comments (none posted)
webmin: denial of service
| Package(s): | webmin |
CVE #(s): | CAN-2004-0582
CAN-2004-0583
|
| Created: | June 16, 2004 |
Updated: | July 28, 2004 |
| Description: |
Versions of webmin prior to 1.150 suffer from denial of service and information disclosure vulnerabilities. See advisories for the disclosure and lockout problems for more information. |
| Alerts: |
|
Comments (none posted)
Resources
Bruce Schneier's CRYPTO-GRAM newsletter for June is out; it looks at the
breaking of Iranian codes, biometric IDs, whether Microsoft should provide
security updates for pirated copies of its software, the Witty worm, and
more. "
Witty represents a new chapter in malware. If it had used common
Windows vulnerabilities to spread, it would have been the most damaging
worm we have seen yet. Worm writers learn from each other, and we have
to assume that other worm writers have seen the disassembled code and
will reuse it in future worms. Even worse, Witty's author is still
unknown and at large -- and we have to assume that he's going to do
this kind of thing again.
"
Full Story (comments: 2)
Here is
the
U.S. Federal Trade Commission's press release on its decision not to
create a national "do not spam" list at this time. "
A registry of
individual email addresses also suffers from severe security/privacy risks
that would likely result in registered addresses receiving more spam
because spammers would use such a registry as a directory of valid email
addresses. It ultimately would become the National Do Spam
List. Furthermore, a registry of domains would have no impact on spam and a
third-party forwarding service model could have a devastating impact on the
e-mail system.
" There will be an "email authentication summit" in
the (northern hemisphere) Fall to address what the FTC sees as the real
problem.
Comments (10 posted)
Page editor: Jonathan Corbet
Next page:
Kernel development>>
