|
|
Enron Mail |
NETWORK WORLD FUSION FOCUS: JASON MESERVE on
SECURITY AND BUG PATCH ALERT 12/11/00 - TODAY'S FOCUS: Cisco fixes bugs in switches and routers Dear Wincenty Kaminski, In this issue: * Patches and alerts from Cisco, Microsoft and more * Viruses, including two that spread by e-mail * A warning about hackers targeting e-commerce sites, and other interesting reading * IT Job Spot(tm): Exclusive opportunities with hot companies. ~~~~~~~ This newsletter sponsored by LUCENT TECHNOLOGIES ~~~~~~ Voted "Best in Test" and a "Good Buy" for carrier/ISP applications, Lucent Technologies' Secure VPN Solutions garnered top ratings by Mier Communications' recent Independent Lab Test Report. The products, which included Lucent's VPN Firewall Brick, Lucent Security Management Server, and the Lucent IPSec Client, were lab-tested using a methodology and test bed for evaluating VPNs in carrier-class applications. To obtain a copy of the report and for more information on Lucent Secure VPN Solutions, visit http://nww1.com/go/2204319a.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Networking For Small and Medium Businesses You are just one day away from mastering the new network products and services that can make your business more competitive and more profitable! Interactive presentations, roundtable discussions and one-on-one time with leading networking specialists equip you with the information you need to build a network that's more efficient - and much easier to manage. Join Network World and PC World at this exciting event! For more information visit http://nww1.com/go/2184773a.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Today's Focus: Cisco fixes bugs in switches and routers --------------------------------------------------------------- By Jason Meserve (write me at jmeserve@nww.com) I got an interesting response to a Network World column I mentioned last week titled "Universal secure messaging will rely on outsourcers." The column was written by James Kobielus, who talked about authenticating digital signatures. Reader John R. agrees with assumption in the column, saying that for these signatures attached at the bottom of the message to carry any weight, they need to be validated. To prove his point, he attached a signature to his message. To the naked eye, one would think it's OK. But, the signature was one he pulled off an old CERT alert. Obviously, I don't check digital signatures that vigorously. John writes there are a couple other common foibles in dealing with e-mail signatures: * Assumption that if the "from: ID" is of a friend, it must have been consciously sent by that person. "Besides outright SMTP forgery (fakemail via port 25), it is possible that another person is using the friend's system and sent the e-mail, or that a software routine hooked into the friend's e-mail account. The latter has been the [modus operandi] of some recent worms and Trojans, "John writes. * Failure to understand the difference between the userID and the domain portions of an e-mail address. "In one type of Web scam, a [perpetrator] gets, say, a Hotmail or Juno account with a user ID that looks a lot like a trusted company name. Naive people receive the email and think it is from a trusted company. For example, a scam artist getting a "Network_World@hotmail.com" address and passing himself off as a Network World representative," he writes. "Loosely related to the e-mail insecurities are some Web link tricks, but this is for another time." Thanks for the e-mail John. Maybe we'll have to start signing our e-mails. You can read the Kobielus column at: http://www.nwfusion.com/columnists/2000/1127kobielus.html Today's bug patches and security alerts: DoS bug in Cisco Catalyst switches A bug exists in Cisco Catalyst switches that could allow a user to launch a denial-of-service attack. If repeated, failed telnet requests are made to the switch, the device could fail to accept traffic and commands until rebooted. For more information: http://www.cisco.com/warp/public/707/catalyst-memleak-pub.shtml Cisco fixes multiple vulnerabilities in CBOS Cisco last week announced that it had fixed a number of holes in CBOS, the operating system for its 600-series family of routers. The problems range from possible SYN flood denial-of- service vulnerabilities to a locking problem when a specific URL is sent to the router. For more information: http://www.cisco.com/warp/public/707/CBOS-multiple.shtml Microsoft releases tool for "SNMP Parameters" vulnerability A bug in the way Windows 2000 handles some SNMP parameters could allow a user in a network group to monitor or change network service maliciously. This tool fixes the problem in the registry key. For more information: http://www.microsoft.com/technet/security/bulletin/ms00-096.asp A similar vulnerability affects Windows NT 4.0 as well as Version 4.0's RAS Administration Key and MTS Package Administration key. Windows NT 4.0 users can find more information and patches at: http://www.microsoft.com/technet/security/bulletin/ms00-095.asp Local root compromise in Lexmark MarkVision The Lexmark MarkVision printer management utility for Unix contains an overflow that could allow a user to gain root access on the affected system. By exploiting the vulnerability, the user could execute code as root. For fixes: ftp://ftp.lexmark.com/pub/driver/unix/MarkVision/V4.4 New BitchX patches fix DoS vulnerability The popular Linux IRC client BitchX contains two vulnerabilities. First, a stack overflow exists in the client that can be exploited if a malformed Domain Name System (DNS) answer is processed. A second vulnerability allows the malformed packets to be hidden by valid DNS packets. For more information on BitchX: http://www.bitchx.org/ Remote command vulnerability in phpGroupWare According to an alert from Secure Reality, phpGroupWare makes insecure calls to the include () function of PHP which can allow the inclusion of remote files, and thereby the execution of arbitrary commands on the remote web server with the permissions of the Web server user, usually 'nobody'. PhpGroupWare is a groupware program that combines calendar, e- mail, file sharing and to do lists into one application. For a patch: http://sourceforge.net/project/showfiles.php?group_id=7305 Conectiva releases fixed version of Bash The Bash module for Linux contains vulnerability in its creation of temporary files. The files are written in a predictable manner and can be exploited by an attacker to overwrite files on the affected system. For downloads: ftp://atualizacoes.conectiva.com.br/4.0/i386/bash-1.14.7-24cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.0es/i386/bash-1.14.7-24cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.1/i386/bash-1.14.7-24cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/bash-1.14.7-24cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/bash-1.14.7-26cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/bash-1.14.7-29cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bash1-1.14.7-31cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/bash-1.14.7-2 6cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/bash-1.14.7-26 cl.i386.rpm Caldera fixes problem in tcsh The tcsh command writes insecure temporary files that can be exploited via a symlink attack. This attack can be used to overwrite arbitrary files. For updates: OpenLinux Desktop 2.3: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/ OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/ OpenLinux eDesktop 2.4: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/ Red Hat reports race condition in diskcheck According to the Red Hat alert, a race vulnerability exists where a user can replace the temp file used by diskcheck with symlinks to other files on the system, making it possible to corrupt those files. Users of Red Hat Powertools 6.0, 6.1, and 6.2 can download the patch from: ftp://updates.redhat.com/powertools/6.2/noarch/diskcheck-3.1.1-10.6x.noarch. rpm Today's roundup of virus alerts: W32/Xtc: This Trojan spreads via e-mail and Internet Relay Chat and appears as an attachment called services.exe. The accompanying message claims the attachment is an update for a product. (Sophos, Computer Associates) W32/Hybris-B: E-mail worm that can attempt to update itself off the Internet and displays a spiral on the screen that can be difficult to close. It also copies itself into compressed files containing .exe files. (Sophos) XM97/Laroux-EH: Another Excel spreadsheet virus. No word on the payload. (Sophos) WM97/Ded-J: A Word macro virus that spreads but does not cause damage. (Sophos) WM97/Marker-FX: A Word macro virus that spreads but does not cause damage. (Sophos) <From the interesting reading department: Feds warn about rise in attacks against e-commerce sites As the busy holiday shopping season gets into full swing, a federal security agency affiliated with the FBI is warning that attacks by malicious hackers against e-commerce Web sites and other companies doing business online are on the rise. Computerworld, 12/06/00. http://www.nwfusion.com/news/2000/1206fedswarn.html Embedded HTML 'bugs' pose potential security risk Although seasoned network administrators may have grown accustomed to the nuisance of unsolicited e-mail, or spam, these messages may soon pose severe security threats to company networks, thanks to emerging software geared to give e- marketers more access to personal data. InfoWorld, 12/06/00. http://www.nwfusion.com/news/2000/1206bugs.html Write me at jmeserve@nww.com Catch up on any missed bug patch and security alert newsletters by clicking to: http://www.nwfusion.com/newsletters/bug/index.html To contact Jason Meserve: ------------------------- Jason Meserve is a staff writer with Network World, covering search engines, portals, videoconferencing, IP Multicast and document management. He also oversees the "Security Alerts" ppage on Fusion http://www2.nwfusion.com/security/bulletins.html. Jason can be reached at mailto:jmeserve@nww.com. ------------------------- Got a technical question related to new technology on your corporate network? Post it at Experts Exchange on Fusion at http://nwfusion.experts-exchange.com/. Another network professional may have the solution to your problem. *************************************************************** IT Job Spot(tm) presented by http://www.ITcareers.com With LeadersOnline, your IT career advancement is in the hands of recruiting professionals...not monsters. We bring exclusive opportunities to you through our convenient web-based search process. LeadersOnline finds high-quality, $75K-$200K IT positions meeting your specific requirements. Developed by Heidrick & Struggles, the world's leading executive search firm, LeadersOnline matches top IT professionals with clients needing emerging leaders in mission-critical positions. Invest 10 minutes to register with LeadersOnline today. It's free and confidential. We'll do the rest. http://ad.doubleclick.net/clk;2192266;4831248;j *************************************************************** May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.nwwsubscribe.com/nl ********************************************************* Subscription Services To subscribe or unsubscribe to any Network World e-mail newsletters, go to: http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp To change your email address, go to: http://www.nwwsubscribe.com/news/scripts/changeemail.asp Subscription questions? Contact Customer Service by replying to this message. Other Questions/Comments Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: mailto:jcaruso@nww.com For advertising information, write Jamie Kalbach, Account Executive, at: mailto:jkalbach@nww.com Network World Fusion is part of IDG.net, the IDG Online Network. IT All Starts Here: http://www.idg.com Copyright , 2000 Network World, Inc.
|