New vulnerabilities, new rootkit
Remote Code Execution Vulnerability in Sendmail < 8.13.6
Advisories should start popping up today about a vulnerability in Sendmail that could allow a remote, unauthenticated attacker the ability to execute arbitrary code on a vulnerable system. Details can be found at the sendmail website: http://www.sendmail.org/8.13.6.html
Veritas Vulnerabilities twofer
The ISC has information about two vulnerabilities released by Veritas for BackupExec yesterday. One could lead to a DoS attack against the BackupExec service (which would cause backups to not occur), and the other requires certain settings to be exploited. ISC is reporting that the patch for the first vulnerability has been temporarily pulled.
New Worm with Interesting Kernel Mode Rootkit
The F-Secure Blog has an entry regarding a new Internet worm called "Gurong.a" which contains a rootkit for Windows systems. What makes its rootkit different from others is its method of gaining ring 0 privileges.
More details on this worm can be found here: http://www.f-secure.com/v-descs/gurong_a.shtmlPosted by Matthew Wirges on March 22, 2006, in Handlers Log.