A remotely exploitable security vulnerability has been discovered in Kerberos version 5's FTP daemon. The vulnerability is exploitable both via anonymous FTP and via local account access. The vulnerability results from a buffer overflow in code that calls ftpglob(), a function responsible for expanding glob characters in pathnames. Recent versions of FTPd (krb5-1.2 or later) should not contain buffer overflows in the ftpglob() function itself.
Strong words from the official voice of Redmond today, urging admins to patch a recently-discovered buffer overflow vulnerability in servers running IIS 5.0 on Windows 2000 Server, Windows 2000 Advanced Server and Windows 2000 Datacenter Server, make it clear how serious a security problem Microsoft has on its hands.
"Microsoft strongly urges all IIS 5.0 server administrators to install the patch immediately," a company security bulletin says.
Microsoft's security patch for Outlook, which is designed to protect users from the effects of another Love Bug-style virus, has come under fire from no less a body than the US Air Force.
In a paper to be presented at a security workshop in June, an assistant professor of computer science at the US Air Force Academy will deliver a devastating critique of Microsoft's approach to security in general and Outlook in particular.
Bend, Oregon, May 1, 2001. Cylant Technology
announces its "0wn this box" challenge. As a
demonstration of its behavioral analysis approach
to the field of security, Cylant invites hackers
and crackers alike to attempt a root compromise
of victim.cylant.com. The first person to
successfully "0wn" victim will have the server
shipped to them.
A computer hacking group best known for creating tools for hijacking computer systems is
turning its hand to civil disobedience and plans to release an application that could scupper government and corporate censorship around the world.