Security Incident at Automattic

Automattic, the company behind the WordPress.com platform experienced a low-level break-in to several of its servers.

Although at this moment, there haven’t any information about the extend of this incident, as the Automattic’s people are still doing investigation.

If your blog is located in the wordpress.com domain, you may want to follow the suggestions offered by the WordPress about the security fundamentals located in the link mentioned above.

MOPB Has Begun

Starting from March 1, 2007, the Month of PHP Bugs has begun. Here is an excerpt about this project :

This initiative is an effort to improve the security of PHP. However we will not concentrate on problems in the PHP language that might result in insecure PHP applications, but on security vulnerabilities in the PHP core. During March 2007 old and new security vulnerabilities in the Zend Engine, the PHP core and the PHP extensions will be disclosed on a day by day basis. We will also point out necessary changes in the current vulnerability managment process used by the PHP Security Response Team.

As of today, they have released five bugs :

In PHP 4 userland code is able to overflow the internal 16bit zval reference counter by creating many references to a variable. This leads to an exploitable double dtor condition.

A deep recursion of PHP userland code will exhaust all available stack which leads to a sometimes remotely triggerable crash.

The destruction of deeply nested PHP arrays will exhaust all available stack which leads to remotely triggerable crashes.

During unserialisation of user supplied data that contains a lot of references to a variable the internal 16bit zval reference counter can overflow. This leads to an exploitable double dtor condition.

Deserialisation of malformed PHP arrays from within unserialize() might result in a tight endless loop exhausting CPU ressources on 64bit systems.

Kind readers, please fasten your seatbelt during this month, especially if you are using PHP.

Vulnerability in Snort DCE/RPC Preprocessor

I just found out about the vulnerability in Snort DCE/RPC Preprocessor. This preprocessor is vulnerable to a stack-based buffer overflow that could potentially allow attackers to execute code with the same privileges as the Snort binary.

It affected the followings :

  • Snort 2.6.1, 2.6.1.1, and 2.6.1.2
  • Snort 2.7.0 beta 1

Recommended Actions:

  • Open-source Snort 2.6.1.x users are advised to upgrade to Snort 2.6.1.3 (or later) immediately.
  • Open-source Snort 2.7 beta users are advised to mitigate this issue by disabling the DCE/RPC preprocessor in snort.conf file. This issue will be resolved in Snort 2.7 beta 2.