Monthly Archives: June 2010

SSH (Secure SHell) is a common tool for setting up a “VPN tunnel” using port forwarding, or secure remote access to the command line; thus it is not uncommon for servers providing SSH connections to be directly accessible from the Internet.

Hackers are constantly testing defenses looking for configurations that missed something important and therefore allow access. SSH daemon configurations that improperly turned off keyboard-interactive logons but forgot to enable the “ChallengeResponseAuthentication no” are being attacked.

From SANS:

IMPORTANT INFORMATION: Distributed SSH Brute Force Attacks.

Nine new vulnerabilities in Oracle Java announced today.  Nicely summarized details are at the SecurityFocus website.

 Oracle Java SE and Java for Business ‘XNewPtr()’ Remote Code Execution Vulnerability
2010-06-18
http://www.securityfocus.com/bid/39083

Oracle Java SE and Java for Business CVE-2010-0848 Remote Java 2D Vulnerability
2010-06-18
http://www.securityfocus.com/bid/39078

Oracle Java SE and Java for Business Sound Component MIDI Stream Remote Code Execution Vulnerability
2010-06-18
http://www.securityfocus.com/bid/39084

Oracle Java SE and Java for Business CVE-2010-0849 Remote Java 2D Vulnerability
2010-06-18
http://www.securityfocus.com/bid/39073

Oracle Java SE and Java for Business ‘MixerSequencer’ Remote Code Execution Vulnerability
2010-06-18
http://www.securityfocus.com/bid/39077

 

 Oracle Java SE and Java for Business CVE-2010-0847 Remote Java 2D Vulnerability
2010-06-18
http://www.securityfocus.com/bid/39071

Oracle Java SE and Java for Business ImageIO ‘JPEGImageReader’ Remote Code Execution Vulnerability
2010-06-18
http://www.securityfocus.com/bid/39067

Oracle Java SE and Java for Business JRE Trusted Method Chaining Remote Code Execution Vulnerability
2010-06-18
http://www.securityfocus.com/bid/39065

Oracle Java Runtime Environment ‘JPEGImageEncoderImpl’ Remote Heap Buffer Overflow Vulnerability
2010-06-18
http://www.securityfocus.com/bid/39062

Apple Mac OS X CUPS Web Interface Unspecified Information Disclosure Vulnerability
2010-06-18
http://www.securityfocus.com/bid/40897

Cisco Security Agent is being retired.

  • End of Life:  June 11, 2010
  • End of Sale:  December 10, 2010

SEE: EoS EoL for the Cisco Security Agent  [Cisco Security Agent] – Cisco Systems.