Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Ex-Bay Networks CEO: Nortel's enterprise group could do well on its own
Net neutrality advocates score big win with broadband stimulus rules
Security guard charged with hacking hospital systems
Cisco looks to accelerate virtualization deployments
Apple patching serious SMS vulnerability on iPhone
Could Cisco take on Microsoft with office app service?
Nortel enterprise data chief wants to bring back Bay Networks
Government releases $4 billion in broadband stimulus funds
Why the iPhone can't be 'killed'
IBM bundles x86 servers with VMware, offers special financing
Users note virtualization foot-dragging among app vendors
Five slick search engines you should know about
FTC opens all out assault on economic cyber-scammers
Happy birthday! The Walkman turns 30
Cisco won't take on Amazon in cloud
Security /

More sendmail patches available

Today's breaking news
Send to a friendFeedback

Advertisement:

Sign up to receive this and other networking newsletters in your inbox.

By Jason Meserve
Network World Virus and Bug Patch Alert Newsletter, 04/07/03

Today's bug patches and security alerts:

More sendmail patches available

Advertisement:

As we reported last week, there is another vulnerability in the sendmail mail transfer agent. This one is a buffer overflow in the way long e-mail addresses in a message header is parsed. An attacker could exploit the flaw to run arbitrary code on the affected machine. For more, go to:

SGI:
ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P

Debian:
www.debian.org/security/2003/dsa-278

Conectiva:
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000614

NetBSD:
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-009.txt.asc
**********


Red Hat releases Eye of GNOME update

A vulnerability in the Eye of GNOME package for Red Hat could be exploited by a remote user sending a specially crafted filename to the affected system. By exploiting this flaw, the attacker could run arbitrary code on the affected machine. For more, go to:
https://rhn.redhat.com/errata/RHSA-2003-128.html


Red Hat releases new mutt and balsa products

New versions of balsa and mutt are available that fix a potential buffer overflow vulnerability. For more, go to:
https://rhn.redhat.com/errata/RHSA-2003-109.html


Red Hat patches NetPBM

A flaw in the NetPBM image viewing code could be exploited to run arbitrary code on the affected machine. Attackers would need to craft special images to take advantage of this vulnerability. For more, go to:
https://rhn.redhat.com/errata/RHSA-2003-060.html
**********


NetBSD Kerberos fix available

A number of vulnerabilities have been found in Kerberos packages based on MIT's implementation of the code. NetBSD users can get the appropriate patch from:
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-006.txt.asc
**********


SuSE patches openssl

A flaw in the openssl package used in many Unix/Linux implementations could allow TSL/SSL communications to be passed in plain text. SuSE users can get more information and a patch from:
www.suse.com/de/security/2003_024_openssl.html
**********


Debian patches apcupsd

A buffer overflow in the apcupsd daemon for APC's Unbreakable Power Supplies could be exploited by a remote user to gain root privileges on the affected machine. For more, go to:
www.debian.org/security/2003/dsa-277


Debian releases fix for S/390 kernels

As we've reported over the past couple weeks, a number of Linux vendors have released update kernels to fix a variety of problems. The most serious could lead to a local user gaining root privileges on the affected system. SuSE has released a patch for its kernel implementation. For more, go to:
www.debian.org/security/2003/dsa-276
**********


Conectiva updates snort

A flaw in the snort open-source network monitoring software could be exploited by an attacker feeding specially crafted RPC traffic into the network stream. The malicious RPC packets could crash the sensor and potentially be used to run arbitrary code on the affected machine. For more, go to:
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000613


Conectiva patches dhcp

A denial-of-service vulnerability exists in Conectiva's dhcp client implementation. An attacker could send a storm of packets to the affected client, causing it to crash. For more, go to:
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000616


Conectiva releases file patch

A flaw in file, a command line tool for determining a file's content, could be exploited to cause a buffer overflow on the affected machine. For more, go to:
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000617


Conectiva issues samba patch

A flaw in the open-source Samba file server could be exploited to run arbitrary code on the affected machine. Conectiva has issues a fix for this problem. Updated packages can be downloaded from:
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000615
**********


CA warns of Day Light savings time problem in antivirus packages

Computer Associates late last week warned users that the INOTASK function could start using 100% of the processor utilization if tasks were scheduled to run between 2 a.m. and 3 a.m. Sunday morning. You'd know by now if this affects you. For more, customers can logon to CA support below:
esupport.ca.com/premium/antivirus/infodocs/7x/av7-1010.asp
**********

 

Today's roundup of virus alerts:

Trj/Kamuflao3 - A three-part Trojan horse that allows an intruder access to the infected machine. (Panda Software)

Grimgram - This worm spreads via e-mail and the Kazaa file-sharing network. It e-mails sensitive information from the infected machine to achiel2015@latinmail.com. (Panda Software)
**********

 

From the interesting reading department:

Report finds 84% jump in security incidents

The number of computer security incidents and attacks detected at businesses worldwide soared by 84% between the fourth quarter of 2002 and the first quarter of this year, fueled in part by a surge in the number of mass-mailing worms, according to a report due out Monday from Internet Security Systems. IDG News Service, 04/04/03.
www.nwfusion.com/news/2003/0404reporfinds.html


Latest Apache release fixes DOS vulnerability

The latest release of Apache 2.0 fixes a number of security vulnerabilities including an as-yet-undisclosed flaw that could be used to launch a denial of service attack against machines running the popular Web server, according to information released by the Apache Software Foundation (ASF). IDG News Service, 04/03/03.
www.nwfusion.com/news/2003/0403newapach.html


Texan charged with breaching Yale computer system

A Texan is accused of breaking into Yale University's computer system from home. Jason Jarrell, 19, who lives with his mother in Coppell, Texas, was arraigned in New Haven Superior Court Thursday and charged with six counts of computer crime. He is accused of tapping into computers at five university centers, including two computer systems used to research AIDS, cancer, heart disease and Alzheimer's disease. Boston.com, 04/04/03.
www.boston.com/dailynews/094/region/Texan_charged_with_breaching_Y:.shtml


Security start-up to block Trojans

Start-up WholeSecurity debuts this week with Web server software designed to prevent remote-access Trojans or eavesdropping software from penetrating the network during e-commerce or employee interactions over the Internet. Network World, 04/07/03.
www.nwfusion.com/news/2003/0407miscsec.html


Box speeds SSL traffic, balances loads

Nauticus says its N2000 and N2000V intelligent switches will help customers reduce costs and improve data center performance. Network World, 04/07/03.
www.nwfusion.com/news/2003/0407nauticus.html


Fortinet uncorks security mgmt. app

Fortinet this week is introducing a management appliance that claims to make it simpler for customers to configure, create policies for and administer the large groups of the company's multifaceted FortiGate security appliances. Network World, 04/07/03.
www.nwfusion.com/news/2003/0407infrafortinet.html


Errors in IBM's DB2 cause outage at Danske Bank

Flaws in IBM's DB2 database software were responsible for a chain of glitches that turned a routine hardware repair into a weeklong operational crisis, Danske Bank said Thursday in a report on an outage it suffered in March. IDG News Service, 04/04/03.
www.nwfusion.com/news/2003/0404erroribm.html


Network Associates buys two start-ups

Making good on a recent pledge to expand into new segments of the security industry, Network Associates last week bought its way into the emerging intrusion-prevention system market by agreeing to acquire two start-ups for a combined $220 million. Network World, 04/07/03.
www.nwfusion.com/news/2003/0407nai.html

RELATED LINKS

Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at jmeserve@nww.com.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.