Remortgages

US-Cert Alert: Exploit for Vulnerability in VERITAS NetBackup Volume Manager Daemon

January 16, 2006 -- US-CERT is aware of a public exploit for a vulnerability in VERITAS NetBackup Volume Manager Daemon (vmd). The VERITAS NetBackup vmd listens on network port 13701/tcp. An attacker could send a specially crafted packet to the Volume Manager on a vulnerable system to cause a buffer overflow or a denial-of-service condition. Successful exploitation may allow may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system with root or SYSTEM privileges.
More information about this vulnerability can be found in the following US-CERT Vulnerability Note:

Best Mortgage Re * VU#574662 - VERITAS NetBackup library buffer overflow vulnerability

Secure is issuing a Level 2 alert on the serious WMF vulnerability. However, so far no viruses or worms using it has been found. Exploit or Exploit.Win32. WMF.

Mortgage Re US-CERT strongly encourages users and administrators to review the following mitigation to address this vulnerability as soon as possible:

"Given the details of the RealVNC vulnerability that were disclosed this morning (May 15) on Full Disclosure, exploits are now being released. This note is to alert our readers that the exploit is trivial and very effective..."

Bad Credit Mortgage Re Uk * Review the Symantec Advisory SYM05-024 and apply the recommended updates to address this vulnerability
* Restrict access to the ports used by the NetBackup services

Malicious Website Exploiting Sun Java Plug-in Vulnerability

January 12, 2006 | updated January 13, 2006 -- US-CERT is aware of an active malicious website that exploits a vulnerability in the Sun Java JRE. The initial report led US-CERT to believe the website was exploiting VU#974188. After further analysis, it was determined that the actual vulnerability being exploited was VU#760344. This vulnerability allows a Java Applet to bypass java security settings. Once these checks are bypassed, a remote attacker may be able to exploit this vulnerability to execute arbitrary code on the host machine.

CERT is aware of a working public exploit for a vulnerability in the Microsoft JVIEW Profiler (javaprxy.dll) component, an interface to the Microsoft Java Virtual Machine. This vulnerability can be exploited when a user attempts to view an HTML document (e.g., a web page or an HTML email message) that attempts to instantiate the JVIEW Profiler COM object in a certain way.

French Mortgage Re More information about these vulnerabilities can be found in the following US-CERT Vulnerability Notes:

The company experienced tremendous growth causing the performance of the company email servers to get bogged down as email boxes grew, so ACN chose Veritas Enterprise Vault software from Symantec. Along with Veritas NetBackup from Symantec, it provides lifecycle management not only for email, based information. Among other benefits, Enterprise Vault has extended the life of ACN email server, avoiding an outlay of $20, 000 for an additional server and Exchange software licenses.

Mortgage Re Uk Mortgages * VU#760344 - Sun Java Plug-in fails to restrict access to private Java packages
* VU#974188 - Sun Java Runtime Environment "reflection" API privilege elevation vulnerabilities

Mortgage Re Uk Mortgage US-CERT strongly encourages users and administrators to review the following mitigation to address this vulnerability as soon as possible:

Financing Mortgage Re * Upgrade to the latest JRE
* Do not access Java Applets from untrusted sources
* Disable Java support in web browsers

Mortgage Re Uk Source: US-Cert

[ Comment, Edit or Article Submission ]