Security

Security news roundup: October 30

Here's a collection of recent security vulnerabilities and alerts, which covers serious vulnerabilities found in Symantec Mail Security, the availability of TikiWiki 1.9.8.3 which resolves a number of earlier vulnerabilities, and a patch for buffer overflows in Nagios plug-ins.

Here's a collection of recent security vulnerabilities and alerts, which covers serious vulnerabilities found in Symantec Mail Security; the availability of TikiWiki 1.9.8.3, which resolves a number of earlier vulnerabilities; and a patch for buffer overflows in Nagios plug-ins.

  • Serious flaws found in Symantec Mail Security

Recently discovered vulnerabilities in Symantec Mail Security for SMTP, Exchange, and Domino could result in DoS attacks as well as a compromise. There are no known exploits at the time of disclosure though it has been rated as "highly critical" by Secunia.

Secunia advisory SA27429 describes the vulnerabilities for Exchange, Secunia advisory SA27388 describes the vulnerabilities for Domino, and Secunia advisory SA27367 describes the vulnerabilities for SMTP.

  • New TikiWiki 1.9.8.3 resolves number of vulnerabilities

The above version of TikiWiki has been released which fixes earlier reported vulnerabilities as well as new flaws discovered by Stefan Esser. Administrators are advised to upgrade as soon as possible.

Additional links (heise Security):

  • Buffer overflows in Nagios plug-ins patched

A patch (download link) has been released to remedy a flaw in which an attacker can cause a server to crash and even perform remote code injection by sending SNMP-GET replies with more than 17,000 characters.

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

Editor's Picks