Spyware, Viruses, & Security forum

General discussion


by Donna Buenaventura / March 5, 2005 12:51 PM PST

Windows Server 2003 and XP SP2 LAND attack vulnerability

Dejan Levaja reported that Windows Server 2003 and XP SP2 (with Windows Firewall turned off) are vulnerable to LAND attack.

LAND attack: Sending TCP packet with SYN flag set, source and destination IP address and source and destination port as of destination machine, results in 15-30 seconds DoS condition.

More info in SecurityFocus Bugtraq

Discussion is locked
You are posting a reply to: VULNERABILITIES - March 5, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - March 5, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Vulnerability with GIMP gifload.exe
by Donna Buenaventura / March 5, 2005 12:57 PM PST

GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability

The GIMP is the GNU Image Manipulation Program. It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages. Thge GIMP uses a plugin (gifload) to parse the GIF file format. The gifload has a DOS vulnerability when it processes some special GIF files.

Vulnerability details:

GIMP use gifload.exe to load a GIF file. The gifload.exe did't check the value of width and height fields in image descriptor when read from GIF file(not the screen width and height field), it used its to generate a size to call g_malloc() and it did't check the return pointer value from g_malloc() yet before used the pointer. So if gifload.exe got 0 from the width or height field of image descriptor which read from the
GIF file, it crashed.

Change a normal gif file's image width value or image height value to 0 and open it using GIMP.exe to see the gifload.exe die! I tested it on GIMP version 2.2.3 & 2.0.5 for windows. But the laster version 2.2.4 for all
platform should be vulnerable.

Reported to vendor in Mar 2, 2005.

The above was posted and reported by Hongzhen Zhou at SecurityFocus Bugtraq

Collapse -
Bypass of 22 Antivirus software with GDI+ bug exploit
by Donna Buenaventura / March 5, 2005 1:09 PM PST

Mutations - Part 2

Andrey Bayora reported that only 1 out of 23 tested antivirus software can detect malicious JPEG image (after 6 month from the public disclosure date).

The test result and his paper is located in http://www.hiddenbit.org/jpeg.htm

He mentioned that the antivirus software that can detect the said malicious JPEG image is from Symantec. He noted that ClamAV can detect the said malicious JPEG image 4 months ago but failed to detect this time.

More info in SecurityFocus Bugtraq

Collapse -
Vulnerability Scanner
by sumukh / March 5, 2005 6:53 PM PST
Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?