Dark Reading
Risky Business
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Working With Dark Reading
Dark Reading welcomes input from anyone who is interested in the security industry. Whether you're a security professional, business manager, casual hacker, or technology vendor, we hope you'll make us your first stop on the Web-wide search for security knowledge -- and let us know if there's anything you think we're missing.
Although we don't accept contributed articles or letters to the editor, every article and blog on Dark Reading offers an opportunity to post comments - you can share opinions, technology information, favorite hacks, pudding recipes, and so forth. Just look for the "post a comment" option at the end of each article, or post a message to the Dark Reading message boards. Unlike some other trade publications, Dark Reading publishes links to a wide range of useful articles and information from other sites -- even those of our competitors. Check out the links in our Best of Web section. You can also submit links to us by emailing us at editors@darkreading.com.
If you're a PR professional, we're happy to have any information that relates to security products or technology developments. Most press releases are synopsized and placed in our "Newsfeed" section, which is updated frequently every day. If you post press releases to PR Newswire under the "security" category, your releases will be automatically placed in this section. Dark Reading does not publish an editorial calendar -- our news coverage is driven entirely by the ebb and flow of news each day, and we seldom write any pre-scheduled stories.
Dark Reading's original reporting, which is presented in our News Analysis section, is focused entirely on broad industry issues and breaking news about security vulnerabilities and breaches. We seldom write stories about product announcements, most of which are already covered in the Newsfeed section. While we don't generally do stories or interviews about individual products, we love to hear about broader industry trends, security vulnerabilities, emerging technologies and business issues. All story pitches should be made via email to editors@darkreading.com.
Corporate Headquarters:
Dark Reading, a TechWeb publication
600 Community Drive
Manhasset, NY 11030
516-562-5000 (phone)
One In Four Children Have Tried Hacking, Study Says
Report: Phishing Hits All-Time High
Forrester: Managed Security Services Poised To Take Off
MORE KEYHOLE
Published:2010-03-05
Severity:High
Description:Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size.
Published:2010-03-05
Severity:High
Description:Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.
Published:2010-03-05
Severity:Medium
Description:The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
Published:2010-03-05
Severity:Medium
Description:The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.
Published:2010-03-05
Severity:High
Description:Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985.
|
