Security Advisories
Remote Overflow in iPlanet Web Server
June 9, 2002
A buffer overflow has been discovered in the search component of Sun’s iPlanet Web Server, which is not activated by default. The unchecked buffer handles the NS-rel-doc-name parameter; remote system compromise is possible. See the advisory for more information. The hole was reported to Sun back in April, but they didn’t patch it till now. […]
Flaws Found In MS SQL Server Password Hashes
June 9, 2002
Dave Litchfield at Next Generation Security Software has released an interesting whitepaper, Microsoft SQL Server Passwords: Cracking the password hashes. It analyzes the pwdencrypt() function, which produces a hash of users’ passwords for storage in the system database. The problem is that the salt used to generate the hash is insecurely time dependent, and based […]
Microsoft SQL Worm Hits Thousands of Servers
May 22, 2002
A SQL exploit worm named SQLSnake or DoubleTap has been spotted infecting nearly 7,000 servers since early this week. A hybrid of executeable code, JavaScript, and batch files, it takes advantage of an old vulnerability in Microsoft SQL Server 7.0 and only works if there is no password on the administrator account. The worm adds […]
