If it’s about security, you heard it here first
CVE-2009-1417 (gnutls)
gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) [...]
[SECURITY] [DSA 1758-1] New nss-ldapd packages fix information disclosure
<!– Envelope-to: email@address Delivery-date: Tue, 31 Mar 2009 16:30:11 +0100 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1Loful-0002kK-BI for email@address; Tue, 31 Mar 2009 16:30:11 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id 85B18237372; Tue, 31 Mar 2009 [...]
[SECURITY] [DSA 1758-1] New nss-ldapd packages fix information disclosure
Posted by Moritz Muehlenhoff on Mar 30
———————————————————————— Debian Security Advisory DSA-1758-1 security_at_debian.org www.debian.org/security/ [...]
Vuln: PADL nss_ldap ‘/etc/nss_ldapd.conf’ Local Information Disclosure Vulnerability
PADL nss_ldap ‘/etc/nss_ldapd.conf’ Local Information Disclosure Vulnerability
URL: http://www.securityfocus.com/bid/34211
CVE-2009-1094 (jdk, jre)
Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1094
CVE-2009-1093 (jdk, jre)
LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of [...]
RE: LDAP Injection
Posted by Erez Metula on Mar 18
Hey Jon, Give a try to the "Ldap Injector" tool (Alonso/Parada), capable of performing blind ldap injection attacks.
Cheers, Erez. ________________________________
Erez Metula, CISSP Application Security Department Manager, 2BSecure Mobile: 972-54-2108830 Office:…
URL: http://seclists.org/pen-test/2009/Mar/0094.html
Infoblox Secures $21 Million Investment
Infoblox, a developer of appliances for core network identity services, today announced that it has closed $21 million in additional funding, reinforcing the company’s position as the market leader for network identity appliances that address network protocols like DNS, DHCP, RADIUS, and LDAP.
URL: http://feedproxy.google.com/~r/InfobloxNewsFeed/~3/5afAjCuP4SA/release.cfm
Cricket Liu Joins Infoblox
Infoblox, a leading developer of appliances for core network services, today announced the appointment of Cricket Liu. Best known for its award-winning DNS One appliance, Infoblox develops products that simplify deployment and administration of core network services like DNS, DHCP, RADIUS, and LDAP. Cricket will provide strategic guidance on the development of [...]
Infoblox Partners with Terilogy to Expand Sales in Japan
Infoblox, a leading network appliances developer, announced today a partnership agreement with Japanese network infrastructure integrator, Terilogy, to provide direct sales and sales support for Infobloxˇ¦s line of appliances in Japan. Best known for its flagship appliance, DNS One, Infoblox offers task-specific appliances for the following network [...]
Threat Expert