Spam

There is a very serious format string bug in CFingerD version 1.4.3 and prior that makes it possible to acquire full control over the remote machine if it runs the CFingerD program, the configurable and secure finger daemon. The following exploit code will try and brute force the correct EIP address (meaning it will try to overflow different stack sizes/return addresses etc, until it successful in cause the program to execute arbitrary code).

Details

Vulnerable systems:

CFingerD version 1.4.3 and prior

Yesterday's arrival of Mozilla 0.9 is an important milestone for the browser's development team, another step towards the long-awaited release of 1.0. Mozilla.org hopes to accomplish this feat by the end of this year, but admittedly there always will be delays. Milestone 0.9.1 is currently slated to debut in early June and will provide the first test base for browsers that embed Mozilla's engine, including Netscape 6.5. Read on for more information.

The Mozilla team has released version 0.9 of their browser. Changes in this version
include:

Automatic Proxy Configuration
Personal Security Manager 2.0
MailNews front end has been overhauled with performance increases
Browser and Mail now utilize a new cache
Late loading of Java for improved startup performance & small footprint
New Help Viewer
Long-click menus implemented on Mac version.
Image rendering performance increase

Version 0.52 of nPulse, a web-based network monitoring tool
that uses NMAP as its core network engine is now available. This version bundles together all of the changes in the developmental
releases of nPulse since version 0.50. There are 7 major new features, 6
bug fixes, and 5 miscellaneous changes. Grab your copies here.

An exploit code that will give you a remote command shell, reverse telnet style on a vulnerable host has been released; this exploit code takes advantage of a vulnerability in IIS that allows remote attacker to overflow one of IIS's internal buffers causing it to execute arbitrary code. For more information see our previous article: Unchecked Buffer in ISAPI Extension Enables Remote Compromise of IIS 5.0 Server.

Details

Vulnerable systems:

* Internet Information Server version 5.0

Saw this over at /.

The /usr/sbin/print/netprint program is used by the printing system. A security vulnerability in the application allows attackers to cause the program to crash by overflowing one of its internal buffers (using the -n option). When the program crashes, it can be forced to execute arbitrary code allowing gaining of higher privileges.

Long known for its
Macintosh
products, the
Connectix
Corporation is now
offering a PC
version of their
key product, Virtual PC. Virtual PC
works similar to the well-known
VMWare, creating a "virtual machine"
that runs an additional operating
system inside the one currently
running. This Technology Preview is
aimed at weeding out last-minute
bugs and issues that may arise

Not much to joke about or "jazz up" but the long awaited 4.0.5 release of PHP is
finally here, check it out..

Take a look at this comparison of Server-side
scripting languages. The article explains how PHP scripts, Perl
CGIs, and Java servlets work. It can help you decide whether to
use PHP scripts, Perl CGIs, or Java servlets for your next Web development project. It
also covers the issues that separate the three languages and provides all the source to