New Vulnerabilities

root — Wed, 17 Mar 2010 15:23:06 +0000

Vulnerability in HP Broadcom Integrated NIC Management Firmware
A potential vulnerability has been identified and reported with some HP PCs with Broadcom Integrated NIC Firmware. The vulnerability could be remotely exploited to execute arbitrary code. This vulnerability is reported in 1.x versions prior to 1.40.0.0, and 8.x versions prior to 8.08. This vulnerability references CVE-2010-0104 and CERT VU#512705. Please see the vendor’s advisory for details on affected hardware and a list of impacted machine models. Users are recommended to upgrade to the latest firmware available from the vendor, currently 1.40.0.0 for the 1.x series or 8.08 for the 8.x firmware. HP advisory HPSBGN02511 SSRT100022.

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02048471

http://secunia.com/advisories/39003/

Spamassassin Milter Plugin Remote Root Exploit
An exploit has been published to the mailing list “Full Disclosure” for a 0-day attack against the Spamassassin Milter Plugin. Spamassassin is a popular OpenSource spam filtering system. Successful exploitation results in remote root access to vulnerable systems. A preliminary patch for the flaw has been published to the project site. Mitigation recommendations include not running the milter (mail filter) plugin as root and not using the -x option. Users should implement the mitigations and patch vulnerable systems as soon as possible. Upgrades should be preformed as soon as official updates are made available.

http://isc.sans.org/diary.html?storyid=8434

http://www.securityfocus.com/bid/38578/info

http://seclists.org/fulldisclosure/2010/Mar/140

http://savannah.nongnu.org/bugs/index.php?29136

Information Armor » SpamAssassin

New Vulnerabilities