Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Ex-Bay Networks CEO: Nortel's enterprise group could do well on its own
Net neutrality advocates score big win with broadband stimulus rules
Security guard charged with hacking hospital systems
Cisco looks to accelerate virtualization deployments
Apple patching serious SMS vulnerability on iPhone
Could Cisco take on Microsoft with office app service?
Nortel enterprise data chief wants to bring back Bay Networks
Government releases $4 billion in broadband stimulus funds
Why the iPhone can't be 'killed'
IBM bundles x86 servers with VMware, offers special financing
Users note virtualization foot-dragging among app vendors
Five slick search engines you should know about
FTC opens all out assault on economic cyber-scammers
Happy birthday! The Walkman turns 30
Cisco won't take on Amazon in cloud
Security /

Oracle 9i database flaws found

Related linksToday's breaking news
Send to a friendFeedback

Sign up to receive this and other networking newsletters in your inbox.

By Jason Meserve
Security and Bug Patch Alert, 02/06/02

Today's bug patches and security alerts:

* Security holes found in Oracle software

Despite the vendor's claims, Oracle's Oracle9i database is breakable, a U.K. security firm reported Wednesday. Several security flaws were discovered in the company's software, including one that could allow a hacker to gain access to Oracle's database server without a user ID or password. The flaws were discovered by a security expert from Next Generation Security Software in Sutton, U.K.

www.nwfusion.com/news/2002/0207oraclehole.html

IDG News Service, 02/07/02

Oracle alerts:

otn.oracle.com/deploy/security/alerts.htm

* Flaw in Office v. X for Mac

A flaw in the way Microsoft's antipiracy Network Product Identification (PID) Checker for Office v. X on the Mac works could cause the product to fail. If the PID gets a malformed request, the entire program will crash and be inoperable. For more, go to:http://www.microsoft.com/technet/security/bulletin/ms02-002.asp

* DoS vulnerability in BlackICE products

Internet Security Systems (ISS) X-Force group is reporting a denial-of-service vulnerability in its line of BlackICE security products. According to the company's alert, all current versions of BlackICE Defender, BlackICE Agent and RealSecure Server Sensor running on Windows 2000 or Windows XP can be remotely crashed using a modified ping flood attack. ISS is said to be working on a fix for the problem and has some workarounds available. For more, go to:

www.iss.net/security_center/alerts/advise109.php

* FreeBSD patches rsync

A flaw in the way rsync, a synchronization tool for Linux, uses signed and unsigned numbers could be exploited to run arbitrary code on the affected machine. FreeBSD users can download the appropriate patch from:

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:10.rsync.asc

* FreeBSD: Flaw found in fstatfs

A flaw in fstatfs, a file system statistics program, could allow an unprivileged user to cause the kernel to "panic." For more, go to:

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:09.fstatfs.asc

Today's roundup of virus alerts:

* W32/Klez-G - A Windows virus that drops a compressed version of the W32/ElKern-B on the infected machine. The virus exploits a preview-pane viewing vulnerability in Outlook and spreads via e-mail and shared network drives. (Sophos)

* WM97/Comical-A - A Word macro virus that spreads via an e-mail titled "A comical story for you," with an attachment called "comical_story.doc". It seems to just be a mass-mailer and does not cause permanent damage to the affected machine. (Sophos)

* W32/Tariprox-B - This is a proxy worm that sets up between an Outlook Express or Outlook client and the SMTP server. It uses the port 25 connection to the server to spread itself to other users. (Sophos)

From the interesting reading department:

* Microsoft stops writing, starts cleaning its code

After nearly 25 years of writing software code, Microsoft is taking a break to do a little housecleaning. The company has ordered a temporary halt in the development of new code and has instructed its developers to go back and check for security holes in the piles of ones and zeros already written. The cleanup targets the gamut of Microsoft products, from its desktop operating systems to its newly released .Net tools, a Microsoft spokeswoman confirmed Monday. Each division will stop writing new code for about one month. www.nwfusion.com/news/2002/0205mscode.html

IDG News Service, 02/05/02

* Funk releases 802.1x software for WLAN security

Funk Software will ship this month a new product that lets network executives introduce the latest wireless LAN security standards but do so with existing authentication servers, such as RADIUS. www.nwfusion.com/news/2002/0204funk.html

Network World Fusion, 02/04/02

* Zone Labs ships security-policy management tool

Although Zone Labs has shipped a personal firewall for the desktop for about two years, it has not been until this week that the company made available a security-policy management console for administrators to remotely install and configure the firewall.

www.nwfusion.com/news/2002/0205zlabs.html

Network World Fusion, 02/05/02

* Man who hacked NASA computers gets 21 months

A hacker who broke into computers at NASA and Oregon State University and stole passwords, credit card numbers and free calling minutes was sentenced to 21 months in prison Monday. www.usatoday.com/life/cyber/tech/2002/02/05/hacker-sentenced.htm

USA Today, 02/05/02

* Press release: Say it with flowers this Valentine's Day

Sophos is urging computer users to remain vigilant against the threat of viruses during the run up to Valentine's Day. Exchanging electronic Valentine's cards and downloading romance-themed programs from the Internet increases the risk of spreading viruses. Love-struck computer users opening these " e-cards " may find that they will be hit by more than just Cupid's arrow. Read the whole release at:

www.sophos.com/virusinfo/articles/valentine2.html

* Archives online

We keep everything written in this newsletter stored on Fusion for you to reference. Check it out at:

www.nwfusion.com/newsletters/bug/index.html

RELATED LINKS

Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at jmeserve@nww.com.

Security and Bug Patch Alert archive
Past newsletters.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.