|
|
Enron Mail |
---------------------- Forwarded by Vince J Kaminski/HOU/ECT on 03/07/2000=
=20 09:43 AM --------------------------- "NW Security and Bug Patch Alert" <Security-BugPatch@bdcimail.com< on=20 03/07/2000 08:22:13 AM Please respond to "Security and Bug Patch Alert Help" <NWReplies@bellevue.c= om< To: <vkamins@enron.com< cc: =20 Subject: Welcome NETWORK WORLD FUSION FOCUS: JASON MESERVE on SECURITY AND BUG PATCH ALERT TODAY'S FOCUS: BUG ALERT: WELCOME 03/06/00 Dear Wincenty Kaminski, Today's Focus: Bug Alert: Welcome --------------------------------------------------------------- By Jason Meserve Welcome to the Security and Bug Patch Alert newsletter! Given the recent spate of high-profile denial-of-service and hack attacks and the large number of people who have signed up for this newsletter before this first edition has been even published, it is clear that security is a major concern in the IT community as it should be. With technology now being looked upon as a profit rather than cost center, IT departments face more pressure to keep critical systems up and running as well as secure. No chief information officer or network manager wants to have to tell the CEO that their e-commerce site has been broken into and customer credit card data copied. Stories like that tend to stick in a potential customer=01,s mind more than an expensive Super Bowl ad. It=01,s hard enough to keep up with the latest new technologies, never mind latest security patch for your operating system or e-commerce application. But we=01,re here to help. Once a week we=01,ll publish a list of patches and alerts from all the major vendors and security organizations with links to the source. We=01,ll also provide other (hopefully) useful resources for the security- conscious IT manager. Comments and suggestions are always welcome! Send mail to jmeserve@nww.com. Now on with the latest patches and alerts: Security glitch hits Foundry switches From this week=01,s Network World: A security problem has cropped up in Foundry Networks=01, ServerIron switches that make the devices susceptible to denial-of-service attacks. Read the story: http://www.nwfusion.com/archive/2000/89454_03-06-2000.html Download the patch: http://www.foundrynet.com/bugTraq.html ******** New version of Apache Web server released The Apache Server Project released Version 1.3.12 of the popular Apache Web server this week. The new release fixes what Apache calls a cross- site scripting problem that could allow malicious HTML tags to be inserted into client-side scripts. Download the new version at: http://www.apache.org/dist/ ******** Problem with Linux htdig package Both FreeBSD and Debian are reporting a problem with the htdig package that runs on their respective platforms. The problem is with the htsearch and could allow a user to read any file on the local machine accessible to the user ID that the script is running under (which in most cases is =01+nobody=01,). For more information from Debian: http://www.debian.org/security/ to download a patch from FreeBSD: http://www.freebsd.org/ports/ ******** nmh Linux package patched Versions of nmh prior to 1.0.3 have a vulnerability that could allow malicious users to modify the MIME headers in a mail message that may cause nmh=01,s mshow command to execute arbitrary commands. A patch is available at: ftp://ftp.mhost.com/pub/nmh/nmh-1.0.3.tar.gz ******** Zombie Zapper 1.1 available Zombie Zapper 1.1 helps shut down the Troj_Trinoo denial-of-service client on Windows NT and Unix machines. More information at: http://razor.bindview.com/tools/index.shtml ******** Problem with MySQL password authentication According to the makers of FreeBSD, a vulnerability in the MySQL database server (prior to Version 3.22.32) could allow anyone that can connect to the database to access it without a password. More information at: http://www.mysql.com/Manual_chapter/manual_Privilege_system.html ******** To contact Jason Meserve: ------------------------- Jason Meserve is a staff writer with Network World, covering search engines, portals, videoconferencing, IP Multicast and document management. He also oversees the "Security Alerts" page on Fusion (http://www2.nwfusion.com/security/bulletins.html). Jason can be reached at mailto:jmeserve@nww.com. ********************************************************* Subscription Services To subscribe or unsubscribe to any Network World e-mail newsletters, go to: http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp To change your email address, go to: http://www.nwwsubscribe.com/news/scripts/changeemail.asp Subscription questions? Contact Customer Service by replying to this message. Other Questions/Comments Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: mailto:jcaruso@nww.com For advertising information, write Jamie Kalbach, Account Executive, at: mailto:jkalbach@nww.com Network World Fusion is part of IDG.net, the IDG Online Network. IT All Starts Here: http://www.idg.com Copyright Network World, Inc., 2000
|