This blog has moved to http://blog.sharpesecurity.com. Please update your links and RSS feeds accordingly.
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Monday, October 18, 2010
Wednesday, October 13, 2010
SAP BusinessObjects Security Patch Released
SAP has released a security patch for certain versions of SAP BusinessObjects for the Axis2 component. According to the US-CERT write-up:
For further details please refer to the links below. An exploit is currently available for this.
References:
http://www.kb.cert.org/vuls/id/989719
http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf?bcsi_scan_896CC636179ADAAE=0&bcsi_scan_filename=Hacking%20SAP%20BusinessObjects.pdf
https://websmp230.sap-ag.de/sap/support/notes/1432881 (requires login)
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
... anyone with access to the Axis2 port can gain full access to the machine via arbitrary remote code execution. This requires the attacker to upload a malicious web service and to restart the instance of Tomcat. This issue may apply to other products and vendors that embed the Axis2 component. The username is "admin" and the password is "axis2", this is also the default for standalone Axis2 installations.
For further details please refer to the links below. An exploit is currently available for this.
References:
http://www.kb.cert.org/vuls/id/989719
http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf?bcsi_scan_896CC636179ADAAE=0&bcsi_scan_filename=Hacking%20SAP%20BusinessObjects.pdf
https://websmp230.sap-ag.de/sap/support/notes/1432881 (requires login)
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
BlackBerry Attachment Service PDF Distiller Remote Buffer Overflow Vulnerability
RIM has published a bulletin announcing a possible remotely exploitable issue with their Blackberry Attachment Service PDF Distiller. There is no known publicly available exploit code at this time (as of 13 Oct 2010).
References:
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24547#
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
References:
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24547#
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Oracle October 2010 Patches Released
Oracle has released its October 2010 set of patch. There are 85 total security fixes. 29 of those are for Java.
Several of these fixes address remotely exploitable vulnerabilities. For details please refer to the links below.
References:
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html (for Java-related patches)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Several of these fixes address remotely exploitable vulnerabilities. For details please refer to the links below.
References:
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html (for Java-related patches)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Wednesday, October 6, 2010
New Adobe Reader 9.4 and 8.2.5 Versions Released
Adobe has released versions 9.4 and 8.2.5 of their Acrobat and Reader products. These versions contain fixes for several vulnerabilities - one of which is being actively exploited in the wild.
References:
http://www.adobe.com/support/security/bulletins/apsb10-21.html
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
References:
http://www.adobe.com/support/security/bulletins/apsb10-21.html
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Hex-Rays Version 1.4 x86 and ARM Decompilers Released
Hex-Rays has released version 1.4 of their x86 and ARM decompilers. The major update is that the decompilers can now be used on the Linux and Apple Mac OS X platforms now. See the link below for a list of all of the fixes and updates.
References:
http://www.hex-rays.com/news1.shtml#101001
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
References:
http://www.hex-rays.com/news1.shtml#101001
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
IDA Pro 6.0 Released
Hex-Rays has released IDA Pro 6.0. The major change is that the GUI for MS Windows, Linux, and Mac OS X are all the same now (Qt framework-based). A complete list of fixes and updates is at the link below.
References:
http://www.hex-rays.com/idapro/60/index.html
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
References:
http://www.hex-rays.com/idapro/60/index.html
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Subscribe to:
Posts (Atom)