Login   |   Secure Purdue > News

New vulnerabilities, new rootkit

Remote Code Execution Vulnerability in Sendmail < 8.13.6

Advisories should start popping up today about a vulnerability in Sendmail that could allow a remote, unauthenticated attacker the ability to execute arbitrary code on a vulnerable system. Details can be found at the sendmail website: http://www.sendmail.org/8.13.6.html

Veritas Vulnerabilities twofer

The ISC has information about two vulnerabilities released by Veritas for BackupExec yesterday. One could lead to a DoS attack against the BackupExec service (which would cause backups to not occur), and the other requires certain settings to be exploited. ISC is reporting that the patch for the first vulnerability has been temporarily pulled.

New Worm with Interesting Kernel Mode Rootkit

The F-Secure Blog has an entry regarding a new Internet worm called "Gurong.a" which contains a rootkit for Windows systems. What makes its rootkit different from others is its method of gaining ring 0 privileges.

More details on this worm can be found here: http://www.f-secure.com/v-descs/gurong_a.shtml

Posted by Matthew Wirges on March 22, 2006, in Handlers Log.