|
|
Enron Mail |
NETWORK WORLD NEWSLETTER: JASON MESERVE on
SECURITY AND BUG PATCH ALERT 01/07/02 Today's focus: FreeBSD releases slew of updates Dear Wincenty Kaminski, In this issue: * Patches and alerts for FreeBSD, Red Hat, Debian, others * Viruses, including one that tries to steal ICQ and e-mail passwords * Popular file-swap programs came with a Trojan horse, plus other interesting reading _______________________________________________________________ FREE WEBCAST: HOW SECURE IS YOUR NETWORK? Are you 100% sure your network is seamlessly secure? Join Enterasys as they present Connectivity without Compromise: Meeting the Challenge of Enterprise Network Security. This webcast is available for your viewing 24x7. VIEW NOW! http://nww1.com/go/0107enter_02.html _______________________________________________________________ Today's focus: FreeBSD releases slew of updates By Jason Meserve Today's bug patches and security alerts: * FreeBSD patches mutt A problem with the way mutt, a text editor for Linux, handles e-mail address headers could be used to execute arbitrary commands on the affected machine. Using specially crafted message headers, a malicious user could exploit a buffer overflow in the application to execute the code with the privileges of the logged-in user. For more, go to: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc * Pine fix available Versions of the popular pine e-mail reader prior to 4.40 contain a vulnerability in the way URLs in messages are handled. A malicious user could embed commands in a URL that will be executed on the affected machine when the embedded URL is launched. FreeBSD users can get more information and download pine updates from: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:05.pine.asc * FreeBSD fixes mod_auth_pgsql According to an alert from FreeBSD, versions prior to mod_auth_pgsql-0.9.9 contain a vulnerability that may allow a remote user to cause arbitrary SQL code to be executed. A hacker may be able to exploit this vulnerability to use a known password hash and gain unauthorized access to Web server data. For more, go to: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:03.mod_auth_ pgsql.asc * Patch available for pw Pw, the utility used for administering user groups, creates an insecure temporary version of the master password file that is readable by any user. Normally, such a file is only viewable via root access. For more, go to: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:02.pw.asc * Directory permission vulnerability in pkg_add The pkg_add utility that ships with FreeBSD creates insecure temporary files when installing new applications. A malicious user could exploit this flaw to modify an application installation and/or gain elevated privileges. For more, go to: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:01.pkg_add.a sc * Red Hat releases new version of teTeX A new version of teTeX containing updates for pdfTeX and pTeX is now available from Red Hat. Previous versions contained a number of bugs that are now fixed. The source code for the new package can be found at: ftp://updates.redhat.com/7.2/en/os/SRPMS/tetex-1.0.7-38.2.src.rpm * Debian patches Exim A bug in versions of Exim prior to Exim 3.34 and Exim 3.952 could lead to uncontrolled program execution. The flaw exists in the way the program directs or routes an address without checking the local part of the address in any way. Debian users can get more information and patches from: http://www.debian.org/security/2002/dsa-097 * Conectiva patches glibc A problem with the glob function that ships with the glibc code library could allow a malicious user to execute arbitrary code on the affected system. For more, go to: http://distro.conectiva.com.br/atualizacoes/?id=a&;anuncio=000447 * Conectiva fixes LibGTop Two vulnerabilities discovered in LibGTop, a utility for fetching system information, could be exploited to gain elevated privileges on the affected system. Conectiva users can get patch information from: http://distro.conectiva.com.br/atualizacoes/?id=a&;anuncio=000448 * Flaw discovered in Geeklog Geeklog is a Weblog application that allows users to create their own Web community. A problem with the way the first new user is created could give that user full administration rights to the site. Geeklog has posted a fix for the problem: http://www.geeklog.org Today's roundup of virus alerts: * W32/Shatrix-A - An e-mail worm that spreads via a message titled "FW:Shake a little" with an attachment called "shake.exe." The virus causes windows to move randomly around the screen and attempts to overwrite certain Web-related files in the directory \inetpub\wwwroot, if it exists. (Sophos) * Bck/NetSpy.10.E - A Trojan Horse that allows a malicious user complete access to the affected system. The application listens for requests via port 7306. (Panda Software) * W32/GOP-A - A worm that attempts to steal ICQ and e-mail passwords. Infected computers will contain the files IMEKernel32.sys and kernelsys32.exe in the Windows system directory. (Sophos) * W32/Hybris-C - A new version of the Hybris worm that is capable of updating itself via the Internet. The virus' properties depend on the components downloaded. Hybris is delivered via an e-mail titled "Snowhite and the Seven Dwarfs - The REAL story!". (Sophos) * VBS/Haptime-Fam - A virus that infects VBS, HTML, HTM, HTT and ASP and attempts to delete certain other files when the month and day are equal. (Sophos) <From the interesting reading department: * Popular file-swap programs had Trojan horse Three popular file-swap programs for some time came with third- party "spyware" software that was installed even if the user opted not to, the software makers admitted this week. http://www.nwfusion.com/news/2002/0103trojan.html IDG News Service, 01/03/02 * AOL fixes security hole in AIM Two days after the announcement of a serious security hole in its popular Instant Messenger program, America Online said Thursday it has fixed the problem. The flaw could have allowed attackers to use the shared game-invitation feature of AOL Instant Messenger (AIM) to attack and run code on target systems running AIM. The problem was fixed when AOL made changes to its servers early Thursday, said Andrew Weinstein, a spokesman with AOL. http://www.nwfusion.com/news/2002/0103aolfixes.html IDG News Service, 01/03/02 * Windows XP security alert revised by FBI agency The FBI's National Infrastructure Protection Center (NIPC) has revised its recent security bulletin regarding Windows XP's universal plug-and-play (UPnP) service. Now, in an updated security bulletin, the NIPC has dropped the recommendation to disable UPnP. Instead, the Washington-based agency recommends that the Microsoft patch be installed to correct the security vulnerability. http://www.nwfusion.com/news/2002/0103xpup.html Computerworld, 01/03/02 * Web site defacement reports jump in 2001 The number of vandalized Web sites recorded by defacement archive Alldas.de jumped in 2001 to 22,379, over five times more than the 4,393 defacements logged in 2000. http://www.nwfusion.com/news/2002/0104vandals.html IDG News Service, 01/04/02 * Archives online Did you take an extended holiday vacation last week? Catch up on all the latest alerts, bugs and viruses at: http://www.nwfusion.com/newsletters/bug/index.html _______________________________________________________________ To contact Jason Meserve: Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at mailto:jmeserve@nww.com. _______________________________________________________________ Register your company on Buy IT, NW Fusion's Vendor Directory and RFP Center and generate new business quick and easy! Promote your brand across our network and access millions of dollars in RFPs. It's the most efficient way to connect with buyers of IT services. Get listed now! http://www.nwfusion.newmediary.com/091201nwwprovnwltr2 _______________________________________________________________ FEATURED READER RESOURCE Network World Fusion's Net.Worker site Whether your company is growing larger or scaling back, corporate managers are looking for ways to cut costs while retaining and recruiting star employees. One smart solution - at least on paper - is to let some employees work from home. Network World's Net.Worker Web site bridges the gap between the telework concept and the hardware, software and services needed to make it happen. We bring you news and reviews, sound advice and keen insight into the technologies and solutions you need to manage a remote and mobile workforce. Visit http://www.nwfusion.com/net.worker/index.html _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.nwwsubscribe.com/nl _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp To unsubscribe from promotional e-mail go to: http://www.nwwsubscribe.com/ep To change your e-mail address, go to: http://www.nwwsubscribe.com/news/scripts/changeemail.asp Subscription questions? Contact Customer Service by replying to this message. Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: mailto:jcaruso@nww.com For advertising information, write Jamie Kalbach, Director of Online Sales, at: mailto:jkalbach@nww.com Copyright Network World, Inc., 2002 ------------------------ This message was sent to: vkamins@enron.com
|