A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Waterfall_Cache has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 47

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 194

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Memcache_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 275

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Filesystem_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 440

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; APC_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 628

Urgent Security Patch for Windows PCs

Urgent Security Patch for Windows PCs

By ServerWatch Staff (Send Email)
Posted Sep 13, 2002


Christopher Rice

Any unpatched WinNT/2K/XP or .NET machine on your network that's listening on port 139 and/or 445 can be crashed in about two seconds with a malformed SMB packet.

Any unpatched WinNT/2K/XP or .NET machine on your network that's listening on port 139 and/or 445 can be crashed in about two seconds with a malformed SMB packet.

Server Message Block (SMB) is the protocol that Microsoft uses to share files, printers, and serial ports. SMB is also used to communicate between computers by using named pipes and mail slots. In a networked environment, servers make file systems and resources available to clients. Clients make SMB requests for resources, and servers make SMB responses in what is described as a client server, request-response protocol.

By sending a specially-crafted packet request, an attacker can mount a denial-of-service attack on the target server computer. This may cause your computer to stop responding (hang). The attacker could use both a user account and anonymous access to accomplish this. Though not confirmed, it may be possible for the attacker to then start arbitrary code.

It was bad enough in theory, but now a script-kiddie friendly GUI version of the exploit has been posted on PacketStorm, and it works against all of the above. We worked through the weekend to get a large percentage of our boxes patched -- you may have to do the same. You can try for yourself at:


http://www.w2knews.com/rd/rd.cfm?id=020902RN-PacketStorm


[Editor's note] The fact that this vulnerability is out there, and that someone has created a GUI to exploit it that can sit on a desktop as an icon makes it really dangerous.


The patch and the MSFT article can be found here:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q326830&

 

Let me know if you know any other holes or security leaks like this one.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.


 

 


Thanks for your registration, follow us on our social networks to keep up-to-date