Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-073: Vulnerability in SMBv2

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-073: Vulnerability in SMBv2
# 1  
Old 12-24-2007
S-073: Vulnerability in SMBv2
A remote code execution vulnerability exists in the SMBv2 protocol that could allow a remote anonymous attacker to run code with the privileges of the logged-on user. The risk is MEDIUM. Could allow a remote anonymous attacker to run code with the privileges of the logged-on user.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

5 More Discussions You Might Find Interesting

1. Red Hat

Use of SMBv2 in RHEL 6.3

I am mounting a shared drive from RHEL 6.3 system to Windows server 2008 R2 system and then copying files from RHEL system to Windows Server 2008 R2 system through a shell scripts.At present, Micro Soft declared SMBv1 as vulnerable.I am using "mount -t cifs" to mound the shared drive. Can I use... (2 Replies)
Discussion started by: Anjan Ganguly
2 Replies

2. IP Networking

Common Vulnerability

Hi there, I am trying to find info about the commonly used ports and how it can be vulnerable and to identify them? For example, I would like to identify how to man-in-the-middle using these ports 21(FTP),22(SSH),23(TELNET), (1 Reply)
Discussion started by: alvinoo
1 Replies

3. News, Links, Events and Announcements

Bash vulnerability

Not sure if there is a post about it here somewhere already. Anyway: Remote exploit vulnerability in bash CVE-2014-6271 | CSO Online (3 Replies)
Discussion started by: zaxxon
3 Replies

4. UNIX for Dummies Questions & Answers

Vulnerability Alerts

Aside from CERT, are there any additional sources for unix/linux vulnerabilities? (1 Reply)
Discussion started by: kmgrady01
1 Replies

5. Cybersecurity

SNMP Vulnerability

SNMP Vulnerability: In a few minutes wire services and other news sources will begin breaking a story about widespread vulnerabilities in SNMP (Simple Network Management Protocol). Exploits of the vulnerability cause systems to fail or to be taken over. The vulnerability can be found in... (1 Reply)
Discussion started by: dpatel
1 Replies
Login or Register to Ask a Question

LEARN ABOUT CENTOS

dblink_connect_u

DBLINK_CONNECT_U(3)					  PostgreSQL 9.2.7 Documentation				       DBLINK_CONNECT_U(3)

NAME

       dblink_connect_u - opens a persistent connection to a remote database, insecurely

SYNOPSIS

       dblink_connect_u(text connstr) returns text
       dblink_connect_u(text connname, text connstr) returns text

DESCRIPTION

       dblink_connect_u() is identical to dblink_connect(), except that it will allow non-superusers to connect using any authentication method.

       If the remote server selects an authentication method that does not involve a password, then impersonation and subsequent escalation of
       privileges can occur, because the session will appear to have originated from the user as which the local PostgreSQL server runs. Also,
       even if the remote server does demand a password, it is possible for the password to be supplied from the server environment, such as a
       ~/.pgpass file belonging to the server's user. This opens not only a risk of impersonation, but the possibility of exposing a password to
       an untrustworthy remote server. Therefore, dblink_connect_u() is initially installed with all privileges revoked from PUBLIC, making it
       un-callable except by superusers. In some situations it may be appropriate to grant EXECUTE permission for dblink_connect_u() to specific
       users who are considered trustworthy, but this should be done with care. It is also recommended that any ~/.pgpass file belonging to the
       server's user not contain any records specifying a wildcard host name.

       For further details see dblink_connect().

PostgreSQL 9.2.7						    2014-02-17						       DBLINK_CONNECT_U(3)