January promises to be a busy month for Web server and database administrators alike: A security research firm in Russia says it plans to release information about a slew of previously undocumented vulnerabilities in several widely-used commercial software products.
Evgeny Legerov, founder of Moscow based Intevydis, said he intends to publish the information between Jan 11 and Feb 1. The final list of vulnerabilities to be released is still in flux, Legerov said, but it is likely to include vulnerabilities (and in some cases working exploits) in:
- Web servers such as Zeus Web Server, Sun Web Server (pre-authentication buffer overflows)
- Databases, including Mysql (buffer overflows), IBM DB2 (local root vulnerability), Lotus Domino and Informix
- Directory servers, such as Novell eDirectory, Sun Directory and Tivoli Directory.
Intevydis is best known for their exploit pack, the VulnDisco Pack Professional, which they sell as an add-on to Immunity CANVAS.
As far as I can tell, the exploits will be released on the Intevydis blog. Already today, they have posted a DoS vulnerability for Sun Directory 7.0.