I'n Blog 之萬象真藏

發佈時間：2008.05.23 04:44     來源：7747.Net    作者：air
近來的SQL注入攻擊顯示，採用SQL注入的多級攻擊可以提供對操作系統的交互式GUI(圖形用戶界面)訪問。
一位歐洲的研究人員發現，SQL注入並不僅僅是為了攻擊數據庫和網頁，這場影響範圍巨大的攻擊風暴也可以作為進入操作系統的墊腳石。
Portcullis計算機安全的高級滲透測試人員Alberto Revelli星期二在倫敦的EUSecWest大會上演示了一種多級攻擊，它採用可以從根本上給攻擊者對底層操作系統進行交互GUI方式的訪問。
Revelli 也被人們稱為「icesurfer」，他指出，當今的數據庫管理系統都有一些工具和功能組件，可以直接與操作系統及網絡聯接。他說，「這意味著如果我可以通過一次SQL注入攻擊一個Web應用程序，我就不只侷限於存儲在數據庫中的數據，而且我還可以設法獲得對DBMS(數據庫管理系統)所在的主機的交互式訪問。」

Published: 2008-05-21,
Last Updated: 2008-05-21 20:14:36 UTC
by George Bakos (Version: 1)
Cisco has released three advisories this week, two that cover DOS vulnerabilities in IOS SSH and the Secure Control Engine (SCE) and one privilege escalation in Cisco Voice Portal (CVP).
While the "Exploitation and Public Announcements" portion of all three advisories states that the vulns were discovered in-house, it's a pretty safe bet that a fair number of security "researchers" are feverishly reverse engineering the updates to develop exploits for private use and/or public release.

發佈時間：2008.05.20 07:55     來源：賽迪網    作者：劉彥青
【賽迪網訊】5月20日消息，據一名安全研究人員稱，蘋果Safari瀏覽器的下載機制中可能存在一個缺陷。
據國外媒體報導稱，安全研究人員加尼在其博客中寫道，無須獲得用戶允許，Sarfari 3.1就可以下載內容。加尼說，這一問題非常明顯：無須用戶同意，惡意軟件就會被下載到用戶桌面上。
最近有媒體報導稱，通過與iTunes和QuickTime等應用軟件捆綁，蘋果將Safari瀏覽器的市場份額提高了2倍。
Securosis.com的裡奇本週一表示，儘管自動下載功能在缺省狀態下不會遭遇這一問題，但這仍然意味著很大的安全風險。他說，在Windows系統中，下載的內容在缺省狀態下會下載到用戶的桌面上，黑客很容易就能誘騙用戶執行惡意軟件；在Mac OS X Leopard系統中，下載的內容會下載到「下載文件夾中，即使如此，如果黑客使用一個有吸引力的文件名，用戶仍然可能會受騙上當。

發佈時間：2008.05.21 07:51     來源：賽迪網    作者：友亞
【賽迪網訊】5月21日消息，據國外媒體報導，安全廠商PC Tools本週一又公佈了一批新證據，以此來證明微軟的新一代操作系統Windows Vista還沒有Windows 2000安全。
本月上旬，安全廠商PC Tools曾表示，WindowsVista比Windows2000還容易遭受惡意軟件攻擊。據PC Tools數據顯示，在1000台VistaPC中，有639台存在安全隱患。相比之下，Windows2000系統下的安全隱患數量為586台， Windows2003系統下為478台。
對於該數據，微軟發言人提出了質疑，並給出了微軟自己的數據，稱在2007年6月至 12月間，Vista被惡意軟件感染的比例僅為2.8%，低於XP SP2的7.2%。相比之下，Windows 2000 SP4的感染率為5%，Windows 2000 SP3為12.2%。
本週一，PC Tools再次拋出新證據，稱在去年11月至今的5個月內，在19.0692萬台Vista PC中，有12.1380萬台至少感染了一種惡意軟件,佔64%。最多時一台機器被感染了19個惡意代碼，其中74%為廣告插件，17%為特洛伊木馬。

Published: 2008-05-20,
Last Updated: 2008-05-20 16:55:25 UTC
by Raul Siles (Version: 3)
One of the main attack vectors we have seen during the last years are "silent" Web defacements, typically in the form of redirections to malicious JavaScript code that are inserted inside the contents of Web pages using iframes, images, or other HTML tags. As lots of Web servers get their contents (or part of them) directly from a database, SQL injection vulnerabilities are widely exploited to insert the malicious references. You can find some of the previous related ISC diary entries here (by using Google).
Unfortunately, there is no silver bullet method to identify if a Web site (Web server or database) has been infected with new HTML tags, due to the fact that complex Web environments typically contain hundreds of scripts, redirections and references. One way of checking if a Web site is vulnerable and has been compromised is by searching for the specific malicious domains hosting the JavaScript and pointed out by the inserted references. We always try to emphasize these malicious domains in the diary entries so that you can search for or even block them.

Published: 2008-05-20,
Last Updated: 2008-05-20 16:38:26 UTC
by Raul Siles (Version: 2)
Sun has released Java 6 Update 6 including 13 bug fixes. At first glance going through the Release Notes, only one of them seems to be security related, but as always, it is recommended to update to the latest version (after appropriate testing).
You can check your current Java version here. Thanks Roseman for the heads up!

                      
Advisory ID: cisco-sa-20080514-cucmdos
Revision 1.0
+---------------------------------------------------------------------
Summary

                   
Advisory ID: cisco-sa-20080514-cucmdos
Revision 1.0
+---------------------------------------------------------------------
Summary

Advisory ID: cisco-sa-20080514-cup
Revision 1.0
+---------------------------------------------------------------------
Summary
=======

Cisco Security Advisory: Cisco Content Switching Module Memory Leak
Vulnerability
Advisory ID: cisco-sa-20080514-csm
http://www.cisco.com/warp/public/707/cisco-sa-20080514-csm.shtml
Revision 1.0