Microsoft Windows Image Rendering Memory Limit DoS Research
Luis Alberto Cortes Zavala
We make the research about this send we found the following situation:
We prefer to call it as “Microsoft Windows Image Rendering Memory Limit DoS”, on
our research we test the following OS:
- Microsoft Windows 2k (All Patches)
- Microsoft Windows XP (Without And with all patches, Including SP)
The first time I try to exploit this I found my windows advisement of “Virtual Memory is Full”, and then the OS Crashed, after some test I found that it depends of the amount of memory needed to render the image for windows crashes or not, as the same the amount of virtual memory that we use to have.
Due to a bug one of our developers made between 9.0.1 and 9.0.2 the email address of each member is shown to everyone.
Please upgrade your Dragonfly 9.0.2 to 9.0.3 to solve this issue. http://dragonflycms.com/Downloads_9x/details/id=28.html
If you can't upgrade your 9.0.2 please post a message in our forums including the revision number of your 'modules/Your_Account/userinfo.php' and we will gladly help you.
The PHP Development Team would like to announce the immediate release of
PHP 5.0.4 and 4.3.11 .
These are maintenance releases that in addition to non-critical bug fixes
address several security issues. All Users of PHP are strongly
encouraged to upgrade to one of these releases as soon as possible.
UNIRAS (UK Gov CERT)
Advisory Type: Alert
Id: 20050128-00078 Ref: 09/2005 Date: 28 January 2005 Time: 09:10
Abstract: The worm installs a malicious trojan executable spoolcll.exe in the System32 directory. spoolcll.exe is installed as a new service "Event Monitor".
Vendors affected: Microsoft
Operating Systems affected: Windows
Applications/Services affected: MySQL
Impact: Denial of service
Warning, a security hole was recently found in AWStats versions from 5.0 to 6.2 when AWStats is used as a CGI: A remote user can execute arbitrary commands on your server using permissions of your web server user (in most cases user "nobody").
If you use AWStats with another version or is not available as a CGI, you are safe. If not, it is highly recommanded to upgrade to 6.4 version that fix all known security holes.