what is the word
Subscribe About Mail us
SciTech News - Google issues patches to cover security flaws in Google Mini

Google issues patches to cover security flaws in Google Mini
Search engine giant Google has patched a number of severe security flaws in Google Mini after the failings were publicly exposed by HD Moore of the Metasploit Project on Monday. Search engine giant Google has patched a number of severe security flaws in Google Mini after the failings were publicly exposed by HD Moore of the Metasploit Project on Monday.

In an advisory released, it was stated that the flaws can permit intruders to carry our damaging operations like cross-site scripting or a port scan and also locate particular files on the target system.

Metasploit pointed out that in some versions a remote URL is supplied as a path for an XSLT style sheet that customizes the search interface. The search interface makes use of the proxystylesheet' form variable to decide the style sheet relevant to the search results. This variable could either be a local file name or a HTTP URL.

Trouble brews as the input to the "proxystylesheet" parameter isn't appropriately protected which facilitates the invaders to perform malicious script code operations, also known as cross-site scripting attack. The procedure takes place through the Google Mini's error message system, or by means of a nasty XSLT style sheet.

The advisory further added that this malevolent XSLT style sheet can be exploited further to accomplish wicked Java class processes on the appliance.

The system commands can be implemented as an unprivileged user jointly with the vulnerable kernel version which leads to a remote root shell.

That apart, the shortcomings in the appliances can also enable the attackers to execute a basic port scan, which in addition can lead to more spiteful attacks. And if you thought the worst is past, the illegal invaders could even detect a specific file on your system. The last mentioned danger, if exposed, can allow the attackers to duplicate your base operating system and kernel version.

Meanwhile, Google stated that it had taken the requisite measures and released the patches for the infected appliances. It also affirmed that none of the consumers have reported complaints due to the susceptibly as yet.

A trimmed down version of the enterprise-oriented Google Search Appliance, Google Mini is targeted towards firms with close to 1,000 employees as well as units of big organizations. It is capable of logging 100,000 documents and is compatible with 220 varied file formats like HTML, PDF and Microsoft Office.

A blemish has also been found in Google's Gmail service through which hackers could control email accounts but Google claimed it was only a small imperfection and patches for it had already been provided.
Written by : Tabitha Ratliff | Published on : 17:09:00 EST Wed, 23 Nov 2005
Of interest »
» Google lures potential customers
» Google Mini features

New News »





Something to say?

Title
Your Name

Your Email


Enter this code Below

  


© 2006 What is the word | All Rights Reserved
RSS Channels » Money | Showbiz | SciTech | Lifestyle | Travel | USWorld