Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Apple tops the $100B+ tech club
How to get the IRS' attention: Forge nearly $8 million in tax returns, steal identities
How the Phoenix Suns basketball team takes on social media attacks
Microsoft details Windows 8 for ARM devices
Blogger exposes major Google Wallet security flaw
Web app lets enterprise set security, sharing for Google Apps users
Cloudscaling to offer OpenStack private cloud platform
Macs take on the enterprise
Valentine's Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
Mobile World Congress sneak peek: Quad-core smartphones, Ice Cream Sandwich & more
Microsoft details 'Windows on ARM' program
March debut of 'iPad 3' a sure bet, says analyst
Resume Makeover: How an Information Security Professional Can Target CSO Jobs
FBI unbolts Steve Jobs 1991 investigation file
/

Palm OS security questioned

Related linksToday's breaking news
Send to a friendFeedback

Sign up to receive this and other networking newsletters in your inbox.

By Jason Meserve
Network World Security and Bug Patch Alert Newsletter, 10/02/00

Seems as if there was minor flame war happening last week on BugTraq over the lack of security in the Palm OS platform.

The security consultants at @Stake put out an alert saying the password protection on the Palm OS is trivial and easy to crack. Of course, the attacker must have physical access to the device. This is a mission-critical problem, @Stake went on to say, because many executives have financial and password information stored on the device.

However, another BugTraq poster seems to think @Stake is a little slow on the draw: That it is a well-known fact that the Palm platform is insecure when it comes to protecting sensitive data. Nate Amsden says a program called No Security deletes password protection from a Palm OS without deleting the actual data.

Amsden adds that when the Palm OS is synchronized with third-party applications, such as Jpilot, all private records are transferred and left in the open on the desktop. Amsden concludes, "The private record security is a joke, it always has been."

No Security can be downloaded from: www.geocities.com/SiliconValley/Cable/5206/nosecurity102.zip

Jpilot can be found at:
jpilot.linuxave.net/

Now on with today's bug patches and security alerts:

ISS reports numerous holes in the Check Point FireWall-1
A couple of security gurus have released a list of eight different vulnerabilities that affect the Check Point FireWall-1 product. Internet Security Systems is warning users of the problem and recommends installing the latest service packs. To read about the holes and possible fixes click here.

ISS reports new version of Trinity and Stacheldraht distributed denial-of-service tools
ISS has discovered new version of the Trinity and Stacheldraht tools used to launch massive distributed denial-of-service attacks. These tools can be used to bring down Web sites in attacks similar to those launched against CNN, Yahoo and others back in February. ISS says the new tools have been found in the wild and can infect corporate and always-on home users. For more click here.

Delphis reports buffer overrun in HP OpenView Node Manager
According to Delphis' Security Team, the OverView 5 CGI script that comes as part of Hewlett-Packard OpenView can be used to crash the SNMP.EXE program. Remote users can send a large "get" string using port 80 to the service, causing a buffer overflow and a crash. A patch is available from HP.

Cisco Secure PIX Firewall Mailguard vulnerability
A bug in the Cisco Secure PIX Firewall Mailguard program contains a vulnerability that could allow an outside user to bypass mail filtering. For more information click here.

Guninski: IE 5.5 exposes user files
Georgi Guninski is reporting yet another security flaw in Microsoft Internet Explorer 5.5. This one involves the GetObject() function in JScript and the htmlfile ActiveX object. The resulting file will have full rights to the document object model and could be used to view files on the user's machine. A demonstration can be found here.

Microsoft releases patch for "OCX Attachment" vulnerability
A vulnerability in Windows Media Player 7 could allow a malicious user to write a program to crash an e-mail system. Using an attachment, when the e-mail is read and closed, the program could be used to shutdown the e-mail system. For more information click here.

Caldera reports format bug in LPRng
According to the Caldera alert, there is a format bug in the LPRng printer daemon that possibly could be exploited to obtain root privilege. This problem is particularly severe because it can be exercised remotely. Upgrade packages can be found by clicking here.

Linux-Mandrake releases numerous patches:Linux-Mandrake, following the moves of other Linux vendors, has released a patch for the xpdf file viewer client. The client contains vulnerabilities in the way it handles some temp files and the way it passes URLs to a browser. The latter could be used to execute malicious code on an affected machine.

The company has also issued a patch for sysklogd, a system-logging tool. Sysklogd and its sister module klogd contain a formatting bug that could give root access to the local user.

The esound module for GNOME used for multiplexing access to audio devices contains a race condition that could allow certain files and directories to become world-writeable. Esound creates a .esd directory under /tmp. This .esd directory is world-writeable and stores the Unix domain socket. This could cause the race condition if exploited properly.

All patches for Linux-Mandrake can be downloaded from: ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates

UnixWare SCOhelp HTTP server format string vulnerability
SCO UnixWare comes with the SCOhelp HTTP server for delivering manual and help pages. The server listens for requests on port 457/tcp. A string format vulnerability could allow an external user to execute arbitrary commands as "nobody" on the server. Disabling the port will rid of the vulnerability, but help pages will not be available. Visit the UnixWare home page for a patch.

FreeBSD warns of problem with catopen and setlocale functions
FreeBSD is warning of possible problems in the catopen() and setlocale() functions that are used for displaying text in international versions of the software. The flaws could be used to execute third-party software on the affected system. Patches can be found at the FreeBSD site.

Delphis reports multiple holes in Talentsoft WebPlus app server
The Delphis Security Team has found three holes in the Talentsoft WebPlus application server that could be used to gather information about the machine's configuration. By passing a single "." to a Common Gateway Interface (CGI) application, a user can determine the physical path of the script. By passing the "about" option to a CGI script, the server will give up the internal IP address of the machine, even if network address translation or a firewall is being used. Also, it is possible to view the Wireless Markup Language source code of some files. Patches can be downloaded from Talentsoft.

Today's roundup of virus alerts:

XM97/Divi-T -- An Excel macro virus that infects every open workbook. However, the virus does not have a destructive payload. (Sophos)

WM97/Thus-AM -- A Word macro virus that attempts to delete all files on the C: drive on December 13th. (Sophos)

From the interesting reading department:

Kevin Mitnick bares all
Kevin Mitnick once made a hobby out of breaking into computer systems, causing many network administrators - not to mention the Federal Bureau of Investigations - a lot of grief in the process. He spoke to the public Wednesday for the first time since being released from prison in January, telling a group of corporate managers in the computer-security field how to keep hackers like him out of their networks. The Industry Standard, 09/28/00.

Archives available

For those who may have missed an alert or are new to the list, back issues of this newsletter are available at www.nwfusion.com/newsletters/bug/.

Write me at jmeserve@nww.com

RELATED LINKS

Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at jmeserve@nww.com.

Security and Bug Patch Alert archive
Past newsletters.

Archive of Network World on Security newsletters

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.