Your SlideShare is downloading. ×
Qualys Threads
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Qualys Threads

270

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
270
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Half live Explosure Prelevance perstitance
  • when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC
  • An attacker can obtain a client's public host key during a connection attempt and use it to open and authenticate an SSH session to another server with the same access rights as the victim.
  • Transcript

    • 1. Qualys Threads May 2011 26 th of August 2011 – TGIF IT Security
    • 4. Overview
      • Qualys Top 10 Threads
      • 5. Internal Vulnerability
      • 6. External Vulnerability
      • 7. Q&A
    • 8.
      • Qualys Top 10 Threads
      • List of Top 10 External and Internal Vulnerabilities
          • Dynamically updated
          • 9. 200 millions IP audits
      • Based on “ Laws of Vulnerabilities 2.0 “
      • 10. No patches
          • Work-around may be possible
    • 11. Internal Thread
      • M$ Windows Print Spooler Remote Code Execution Vulnerability
          • CVE-2010-2729
          • 12. MS10-061
          • 13. Affects all versions of Windows
      • Allows remote attackers to
          • create files in the system
          • 14. execute arbitrary code
      • Recommendation: update the system KB2347290
    • 15. External Thread
      • SSH Protocol Version 1 Supported
          • CVE-2001-1473
          • 16. Affects SSH 1.2.24 … 1.2.31
      • Men-in-the-middle attack
          • Gain privileges of a system
      • Recommendation: update to SSH 2.4.0
    • 17. Questions?

    ×