Internet Security Systems is warning its customers about a critical security hole in a commonly used technology from the Mozilla Foundation called the Netscape Network Security Services library that could make Web servers vulnerable to remote attack.
Linux vendors have issued patches to address vulnerability in the Qt, a software toolkit that simplifies writing and maintaining GUI applications for the X Window system.
The flaw was unveiled by security researcher Chris Evans, who uncovered a heap overflow in the BMP image decoder in Qt versions prior to 3.3.3. Flaws were also discovered in prior Qt versions in the XPM, GIF and JPEG decoders.
By using the vulnerabilities, an attacker could use a BMP file to crash an application linked to Qt or execute arbitrary code when a file is opened by an unsuspecting user
As noted in the article "Penetration Testing of Web Applications" the use of web applications to conduct business is increasing. Companies often have custom sites built by in-house developers, and it is almost impossible to find all the vulnerabilities in a web site using automated tools. Simply looking for default installations of different software may turn up nothing, but it may still be vulnerable to many different programming errors in this custom-built site.
As the reach of RSS feeds continues to expand, they are cropping up in very useful places. One of the greatest conveniences they can provide is monitoring forums for new threads and posts. That can save a man a lot of of mouse clicks, particularly when he frequents many different forums. But with this added convenience comes a responsibility to secure the feeds you provide. If not, you may find anonymous visitors reading segments of posts that you don't want anyone to see.
A vulnerability was reported in Cisco IOS in the processing of OSPF packets. A remote user can cause the target device to reload.
The vendor reported that a remote user can send a specially crafted OSPF packet to the target device. If the OSPF area number, netmask, hello, and dead timers configured on the targeted interface are known to the remote user, the exploit may be successful.
After receiving the malformed OSPF packet, the device will reload but may take several minutes to regain full functionality.