|
|
Enron Mail |
NETWORK WORLD NEWSLETTER: JASON MESERVE on
SECURITY AND BUG PATCH ALERT 01/22/02 Today's focus: New Red Hat patches available Dear Wincenty Kaminski, In this issue: * Patches and alerts for Red Hat pine, uuxqt and enscript, plus others * Viruses, including two that try to disable installed antivirus software * Security worries are holding back Web services, plus other interesting reading _______________________________________________________________ PRODUCT INFO IN ONE CONVENIENT LOCATION! Heard about a new product launch? Curious to find out if the features and benefits of this new product will meet your critical business needs? Network World Fusion's Product Central section includes all the info you need to make informed decision about new products and also includes a product finder function. Check it out at http://nww1.com/go/ad216.html _______________________________________________________________ Today's focus: New Red Hat patches available By Jason Meserve Today's bug patches and security alerts: * Red Hat patches pine A problem with the way pine, a popular e-mail reader for Unix/Linux, handles URLs embedded in a message could allow a malicious user to execute arbitrary commands on the affected system. Red Hat users can get more information and download the appropriate patch from: https://www.redhat.com/support/errata/RHSA-2002-009.html * Patch available for uuxqt utility Red Hat has patched the uuxqt utility that ships with the Taylor UUCP package. A flaw in the code does not remove long options, which could be exploited to allow local users to gain uid and gid uucp privileges. For more, go to: https://www.redhat.com/support/errata/RHSA-2001-165.html * Updated enscript package available According to an alert from Red Hat, GNU enscript, a program for converting ASCII files to PostScript, contains a vulnerability. When it creates temporary files, it does so with predictable filenames in a manner that would follow symbolic links. This could allow a local user to overwrite files written by the user running enscript or read the contents of the temporary files. For more, go to: https://www.redhat.com/support/errata/RHSA-2002-012.html * FreeBSD fixes k5su A fix is available for k5su, a Kerberos 5 version of su. Previous releases could allow a nonprivileged user to gain superuser privileges. FreeBSD users can get more information and download the appropriate fix from: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc * Linux-Mandrake patches stunnel The stunnel package for Linux-Mandrake contains a string format vulnerability. A malicious user could exploit this flaw to execute code as the owner of the stunnel process. For more, go to: http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-004.php * Patch available for at package A bug in the at package could lead to a heap corruption. A malicious user could exploit this to gain the daemon's user privileges. For more, go to: http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-007.php * Conectiva patches MySQL MySQL is a popular database shipped with many versions of Linux. Conectiva has released a patch for the database to fix a problem with the way MySQL sets world-readable permissions for certain log files. The files record most commands sent to the database, including change password commands. For more, go to: http://distro.conectiva.com.br/atualizacoes/?id=a&;anuncio=000455 Today's roundup of virus alerts: * W32/Klez-E - A Windows virus that spreads via Outlook or network-attached drives. The virus will attempt to delete certain file types and disable any installed anti-virus software. (Sophos, Computer Associates) * W32/ElKern-B - This is a virus dropped by the W32/Klez-E worm. It's an executable that runs on Windows 98, ME, 2000 and XP. No word on the damage it may cause. (Sophos) * W32/Klez-F - Much like W32/Klez-E, this virus spreads via Outlook and network-attached drives. It disables anti-virus software and drops another virus on the infected machine. (Sophos, Panda Software) * WM97/Marker-KC - A Word macro virus that FTPs summary information to the codebreaker's Web site when the infected document is closed. (Sophos) * XM97/Laroux-OM - An Excel macro virus with no malicious payload. It creates a file called Negs.xls in the XLSTART directory. (Sophos) * VBS/NetLog.B - A virus written in VBS that scans a range of IP addresses looking for shared C: drives to infect. A distributed denial of service attack could occur if a number of infected machines reside on the same network and are actively scanning for new hosts. (Panda Software) <From the interesting reading department: * Top Web services worry: Security The absence of security and reliability is proving to be a major stumbling block in convincing companies that Web services can thrive outside of corporate firewalls. http://www.nwfusion.com/news/2002/0121webservices.html Network World, 01/21/02 * Vendors tout easier VPNs A new breed of products is emerging to rival traditional Internet-based VPN offerings that give remote users and business partners secure access to corporate networks. The IP Security VPN alternatives promise to save customers vast amounts of administrative time by using easily configurable hardware and requiring little or no software on remote machines. http://www.nwfusion.com/news/2002/0121ssl.html Network World, 01/21/02 * Another IPSec VPN alternative While some vendors are threatening IP Security VPN dominance on the remote access front, newcomer Flatrock is trying to horn in on the site-to-site connectivity side of the business. http://www.nwfusion.com/news/2002/129353_01-21-2002.html Network World, 01/21/02 * Cisco readying security initiatives A Cisco official Tuesday hinted at several upcoming security initiatives, including a gigabit-speed intrusion detection appliance and an effort to enable service providers to offer new classes of VPN and voice-over-IP services. http://www.nwfusion.com/news/2002/0117cisco.html Network World Fusion, 01/17/02 * Archives online Read everything ever written in this newsletter for free: http://www.nwfusion.com/newsletters/bug/index.html _______________________________________________________________ To contact Jason Meserve: Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at mailto:jmeserve@nww.com. _______________________________________________________________ NW Fusion's Buy IT provides the resources you need to make better buying decisions. Post your IT needs anonymously and FREE! Search our directory of qualified providers, review company White Papers, and select the right provider. Buy IT helps get your projects done right. Try it today! http://nwfusion.newmediary.com/nww120601nwltrb _______________________________________________________________ FEATURED READER RESOURCE Network World Fusion's Net.Worker site Whether your company is growing larger or scaling back, corporate managers are looking for ways to cut costs while retaining and recruiting star employees. One smart solution - at least on paper - is to let some employees work from home. Network World's Net.Worker Web site bridges the gap between the telework concept and the hardware, software and services needed to make it happen. We bring you news and reviews, sound advice and keen insight into the technologies and solutions you need to manage a remote and mobile workforce. Visit http://www.nwfusion.com/net.worker/index.html _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.nwwsubscribe.com/nl _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp To unsubscribe from promotional e-mail go to: http://www.nwwsubscribe.com/ep To change your e-mail address, go to: http://www.nwwsubscribe.com/news/scripts/changeemail.asp Subscription questions? Contact Customer Service by replying to this message. Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: mailto:jcaruso@nww.com For advertising information, write Jamie Kalbach, Director of Online Sales, at: mailto:jkalbach@nww.com Copyright Network World, Inc., 2002 ------------------------ This message was sent to: vkamins@enron.com
|