Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Ex-Bay Networks CEO: Nortel's enterprise group could do well on its own
Net neutrality advocates score big win with broadband stimulus rules
Security guard charged with hacking hospital systems
Cisco looks to accelerate virtualization deployments
Apple patching serious SMS vulnerability on iPhone
Could Cisco take on Microsoft with office app service?
Nortel enterprise data chief wants to bring back Bay Networks
Government releases $4 billion in broadband stimulus funds
Why the iPhone can't be 'killed'
IBM bundles x86 servers with VMware, offers special financing
Users note virtualization foot-dragging among app vendors
Five slick search engines you should know about
FTC opens all out assault on economic cyber-scammers
Happy birthday! The Walkman turns 30
Cisco won't take on Amazon in cloud
Security /

Formmail.pl used for spam mailings

Related linksToday's breaking news
Send to a friendFeedback

Sign up to receive this and other networking newsletters in your inbox.

By Jason Meserve
Network World Security and Bug Patch Alert, 03/21/01

I got a call from Baltimore Technologies this week regarding a mention in last week's newsletter titled "Kerberos 4/5 problem found" (www.nwfusion.com/newsletters/bug/2001/00519077.html). The newsletter mentioned a problem in Baltimore Technologies' Websweeper product that had been reported by Defcom Labs. According to the vendor, there is no flaw, and the alert is the result of a miscommunication between the company and Defcom Labs.

So those Websweeper customers looking for a patch can relax and have a nice weekend.

Advertisement:

Today's bug patch and security alerts:

Spam bug in Formmail.pl reported

Formmail.pl, one of the most-used programs on the Web, is designed to send data entered into a Web form to an e-mail address. A flaw in the way the program works could be exploited by a malicious user who could use Formmail as a spam server. Panda Software recommends users fix the recipient e-mail address in the Perl file and set the source code to be inaccessible by outside users. Panda Software can be found at:

www.pandasoftware.com

Vulnerability in Redi stock-trading program found

Redi, a real-time stock-trading application, transmits passwords and user information in clear text. This information could be gathered to gain access to trading accounts. A patch is available from:

www.redi.com/rpdownload.html

Microsoft responds to IIS flaw discovered by Guniniski

A week or two ago I mentioned that Georgi Guniniski had discovered a possible flaw in Microsoft's Internet Information Server 5.0 that could be exploited to restart system services remotely. Microsoft has issued a statement saying this flaw was fixed in a previously released patch. The patch can be downloaded from:

www.microsoft.com/technet/security/bulletin/MS01-016.asp

Conectiva patches cups

The cups printing system for Linux contains a couple of buffer-overflow and insecure, temporary-file handling vulnerabilities. Though cups is not installed by default in Conectiva's flavor of Linux, the company is still urging users to upgrade:

ftp://atualizacoes.conectiva.com.br/6.0/RPMS/cups-1.1.6-6cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/6.0/RPMS/cups-libs-1.1.6-6cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/6.0/RPMS/cups-doc-1.1.6-6cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/6.0/RPMS/cups-devel-static-1.1.6-6cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/6.0/RPMS/cups-devel-1.1.6-6cl.i386.rpm

Conectiva releases slrn patch

As we reported in our last edition, there's a buffer-overflow vulnerability in the slrn newsreader for Linux. Conectiva users can download the source code for the fix from:

ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/slrn-0.9.6.3-1cl.src.rpm

ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/slrn-0.9.6.3-1cl.src.rpm

ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/slrn-0.9.6.3-1cl.src.rpm

ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/slrn-0.9.6.3-1cl.src.rpm

ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/slrn-0.9.6.3-1cl.src.rpm

ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/slrn-0.9.6.3-1cl.src.rpm

ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/slrn-0.9.6.3-1cl.src.rpm

ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/slrn-0.9.6.3-1cl.src.rpm

ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/slrn-0.9.6.3-1cl.src.rpm

Conectiva issues patch for icecast

The freeware icecast audio server for Linux contains buffer-overflow and format-string vulnerabilities that may be remotely exploitable. Conectiva users can download updated packages from:

ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/icecast-1.3.9-2cl.src.rpm

ftp://atualizacoes.conectiva.com.br/4.1/i386/icecast-1.3.9-2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/icecast-1.3.9-2cl.src.rpm

ftp://atualizacoes.conectiva.com.br/4.2/i386/icecast-1.3.9-2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/icecast-1.3.9-2cl.src.rpm

ftp://atualizacoes.conectiva.com.br/5.0/i386/icecast-1.3.9-2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/icecast-1.3.9-2cl.src.rpm

ftp://atualizacoes.conectiva.com.br/5.1/i386/icecast-1.3.9-2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/icecast-1.3.9-2cl.src.rpm

ftp://atualizacoes.conectiva.com.br/6.0/RPMS/icecast-1.3.9-2cl.i386.rpm

Conectiva issues patch for Zope

Zope, the open source application server, contains a number of permission flaws that could allow malicious users to gain elevated privileges or modify source code. Conectiva has released its version of the fix:

ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/Zope-2.1.7-10cl.src.rpm

ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/Zope-2.1.7-10cl.src.rpm

ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/Zope-2.1.7-10cl.src.rpm

ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/Zope-2.1.7-10cl.src.rpm

Linux-Mandrake, Conectiva, Trustix release mutt patches

A format-string vulnerability has been discovered in mutt, an Internet Message Access Protocol mail client for Linux. This can affect most versions of Linux. Linux-Mandrake users can download new version of mutt from:

www.linux-mandrake.com/en/ftp.php3

Conectiva users download source code here:

ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/mutt-1.2.5-6cl.src.rpm

ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/mutt-1.2.5-6cl.src.rpm

ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/mutt-1.2.5-6cl.src.rpm

ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/mutt-1.2.5-6cl.src.rpm

ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/mutt-1.2.5-6cl.src.rpm

ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/mutt-1.2.5-6cl.src.rpm

ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/mutt-1.2.5-6cl.src.rpm

ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/mutt-1.2.5-6cl.src.rpm

Trustix users can find updates at:

www.trusix.net/pub/Trustix/updates/

ftp://ftp.trusix.net/pub/Trustix/updates/

Linux-Mandrake releases sgml-tools fix

As we reported earlier this week, a vulnerability in the way temporary files are handled by sgml-tools in a multiuser system could allow documents to be accessed by unauthorized viewers. Linux-Mandrake has released a patch for the problem that can be downloaded from:

www.linux-mandrake.com/en/ftp.php3

Patch available for licq

The licq client for Linux-Mandrake contains a security vulnerability in the way it passes URLs to a browser. The URLs are not properly checked and could included piped commands that can be used to execute arbitrary commands on the affected system. Linux-Mandrake users can download the appropriate patch from:

www.linux-mandrake.com/en/ftp.php3

Today's roundup of virus alerts:

New 'Injustice' virus spreads political message

A new e-mail borne virus designed to spread a pro-Palestinian message is popping up in some North American mail systems, according to alerts from the major virus vendors. Fortunately, this does not cause any malicious damage to the computer it infects. Network World Fusion, 03/20/01.

www.nwfusion.com/news/2001/0320injustice.html

WM97/Flop-A: This virus infects Word documents stored on floppy disks. (Sophos)

VBS/Linda-A: This is one of the VBS viruses that overwrites certain file types - in this case, many important file types. Spreads via IRC and Outlook and comes with the subject line "Important message for <recipient name>" and a body text of "This is the attached file you asked from me." The attachment may have a different name each time. (Sophos)

WM97/Marker-GN: A Word macro virus that changes an infected document's summary information. The author and comments fields are changed. (Sophos)

WM97/Ded-M: Another Word macro virus spawned from the combination of the WM97/Ded-B and WM97/Class viruses. No word on what type of damage it could cause. (Sophos)

WM97/Opey-X: This Word macro virus activates if the month is after July and at certain times of the day. It changes Word's user information and the infected document's summary information. It will also display messages and cause Word to exit suddenly. (Sophos)

From the interesting reading department:

Results of the recent Honeynet Project Forensic Challenge released

The Honeynet Project, a group of security officials dedicated to researching hacking techniques (and a way to stop them), has released the latest results from its Forensic Challenge. They can be viewed at:

project.honeynet.org/challenge/results/

Microsoft preps security features for IE

The next version of the Microsoft's Internet Explorer Web browser will integrate new privacy protocols, giving Web surfers more control over what kinds of cookies to accept, according to a Microsoft release on Wednesday. IDG News Service, 03/21/01.

www.nwfusion.com/news/2001/0321iesec.html

FBI names new chief for computer security division

The Federal Bureau of Investigations announced the appointment of a new chief for the National Infrastructure Protection Center, the office responsible for protecting the nation's computer networks against hackers and cyberterrorists. IDG News Service, 03/21/01.

www.nwfusion.com/news/2001/0321fbichief.html

SSH inventor denied trademark request

The Internet engineering community rebuffed one of its own security gurus this week, by rejecting a request from the inventor of the popular Secure Shell protocol to change the technology's acronym to protect his company's trademark on the term. Network World Fusion, 03/21/01.

www.nwfusion.com/news/2001/0321ssh.html

Archives available

For dedicated readers of Security and Bug Patch Alert who need to refer back to something written in this space for the past year, we have a searchable index:

www.nwfusion.com/newsletters/bug/index.html

 

RELATED LINKS

Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at jmeserve@nww.com.

Security and Bug Patch Alert archive
Past newsletters.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.