Microsoft Windows 2000 servers are vulnerable to a WebDAV security exploit. There’s information and a patch available at Microsoft’s web site.
Microsoft Windows 2000 servers are vulnerable to a WebDAV security exploit. There’s information and a patch available at Microsoft’s web site.
Samba got a big hole, which lead to 2.2.28
and
sendmail recently patched a big hole with root
access potential
…CVS, CUPS and VIM, which both too had recent security vulnerabilities. OSAlert isn’t SecurityFocus and I don’t think it should be reporting about security vulnerabilities and exploits.
I think this one got attention because an attacker used this to get into some US Military websites. What’s more though, it was found by the attacker and not all these “security companies”. Generally though I think we can all agree that MS holes get a lot more press.
Yippie, this sounds like there will be another worm pretty soon. There should be quite a few web servers running Win2k with an open port 80…
Generally though I think we can all agree that MS holes get a lot more press.
It is only fair that holes in the software with larger market share get the largest press. Holes in MS software affect more people, and as such SHOULD recieve the attention they get.
“It is only fair that holes in the software with larger market share get the largest press.”
Then get your typewriters out and start pumping out those stories about Apache exploits. IIS does not rule the web server nest you know.
Then get your typewriters out and start pumping out those stories about Apache exploits. IIS does not rule the web server nest you know.
I am well aware. I am also aware that apache exploits do recieve attention. If you doubt me then google for it, or here, let me help you:
http://www.computerworld.com/securitytopics/security/virus/story/0,…
http://www.internetnews.com/dev-news/article.php/1379361
http://online.securityfocus.com/news/493
The thing to remember is that this thing allows you to own the entire box.
Most of all *it has already been exploited*… If you don’t patch your box now, you might find yourself on the end of a worm very quickly. The vast majority of Linux vulnerabilities are actually released and patched long before anyone malicious knows about them.
Remember that there has only been one Linux worm in the past few years that has been able to affect boxes in the wild, and even then that didn’t get beyond a very limited number of machines (heh, I don’t even remember the name). Meanwhile, Microsoft exploits have cost companies billions every year and let’s not forget the impressive qualities of cutting off Korea’s net access with Slammer in the space of 10 minutes of the worm being released. Also remember that MS servers constitute a minority of the net-exposed machines, with Linux and BSD boxes running Apache, FTPs, routers and a host of other services.
Please get a grip. The facts really do speak for themselves.
Next week we will have another hole being discovered and MS’s share price will still rise…what a wonderful world we live in.
Meanwhile, Microsoft exploits have cost companies billions every year and let’s not forget the impressive qualities of cutting off Korea’s net access with Slammer in the space of 10 minutes of the worm being released.
On the other hand, how many of these exploits (including Slammer) had a patch available for weeks, months, or even years before it reached epidemic proportions ? And how nay of these exploits that we see week after week are NOT variants of some older exploit that would not do shit if the system was already patched for the original exploit?
as per that darned patch , it was nulled by a patch released three months later… leaving the vulnerability, open, yet again.
Next week we will have another hole being discovered and MS’s share price will still rise…what a wonderful world we live in.
And the world is not perfect for Mr CrackedButter. The world weeps for you.
A local root exploit for the Linux kernel, a remote root exploit for Samba, yet still I hear people blathering on about how infinitely secure Linux is, blah blah blah. I suppose the world cries for me too.
If you really want to know more about security and why
a local root exploit is far more serious than this
M$ security problem go to:
http://linux.web.cern.ch/linux/documentation/linux_exploit_faq.shtm…
READ before you comment..
Linux is FAR more stable and secure than all Windowses out there..
I do know the difference between a local and remote root exploit. Did you miss the point (obviously)? Linux and Windows (and most every other OS) have security problems from time to time. That was my point. Your retort “The window exploit was more serious.” I suggest you re-read in my comment and ask yourself, where did I suggest the Linux problems were more severe? Read before you comment.
As far as Linux being more stable, that is ridiculous to claim that. The only evidence you can offer is anecdotal (if you have more – please share it). Stability is unfortunately usually widely variable because of all the varying factors that influence this- hardware, drivers, setup issues, applications, etc. Just as you can’t say “Linux is the best operating system in the world” (well I’m sure you would try) because nothing can satisfy every person. Perhaps my job revolves around supporting a Windows application. How is Linux the best operating system in the world for me now? This invalid assertion is similiar to “Linux is far more secure than all Windowses[sic] out there.” I mean really? How about the Windows CE on my Jornada? The one that isn’t connected to the internet. I bet its more secure than a computer running an old unpatched Redhat Linux connected to the internet as root. A crappy comparison? Yup, but only as crappy as your assertion that all Linux based operating systems are more secure than all Windows based ones. Ridiculous. Generalizations get you no where.
Typo on my part, “The window exploit was more serious” should have been linux, whatever. I do disagree that a local root exploit is less serious than the remote buffer overflow for Windows (did you mean to say that the Windows problem was more serious?)
“Linux is FAR more stable and secure than all Windowses out there..”
Who cares? Linux security vs. Windows security is a battle for last place.
Thanks for the Patch MS, but you can’t plug a sinking ship
… does anyone know what does this QFE *actually* fix? it contains an update for ntdll.dll, which, if you have even a minimal knowledge of the Windows NT architecture, is *extremely* suspicious (ntdll.dll contains the lowest level code in user mode NT, it’s preloaded in all the processes and many system DLLs depend on it – plus it implements almost all the stateless calls of the CRT, to avoid unnecessary dependencies of low-level components from MSVCRT), and it can’t simply be dispatched as a “WebDAV fix”
If I don’t get an answer shortly, I’ll likely disassemble the old and the new dll and diff the listings, but I’d be happy not to be forced to. If you know the answer, please reply – everyone deserves to know