BIND vulnerability patched

* Patches from EnGarde, Red Hat, OpenPKG, others * Several new Trojan horses on the loose * Microsoft shares its internal IT security practices and other interesting reading

Today's bug patches and security alerts:

BIND 8 vulnerability patched

A programming error in the BIND 8 DNS server could "result in a DNS message being incorrectly cached as a negative response." This could lead to a denial of service against legitimate domain names. For more, go to:

EnGarde:

http://www.nwfusion.com/go2/1201bug1a.html

FreeBSD:

http://www.nwfusion.com/go2/1201bug1b.html

Immunix (source code):

http://www.nwfusion.com/go2/1201bug1c.html

SuSE:

http://www.suse.com/de/security/2003_47_bind8.html

Trustix:

http://www.nwfusion.com/go2/1201bug1d.html

**********

New critical vulnerabilities discovered in IE

A set of new security vulnerabilities has been discovered in Microsoft's Internet Explorer Web browser, which used together could allow hackers to compromise user PCs, researchers warned Tuesday. IDG News Service, 11/26/03.

http://www.nwfusion.com/news/2003/1126msie.html?nl

**********

Critical flaw in GnuPG

According to an alert from gnupg.org, "Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Note that this is a real-world vulnerability which will reveal your private key within a few seconds." For more, go to:

http://www.nwfusion.com/go2/1201bug1e.html

Mandrake Linux fix:

http://www.nwfusion.com/go2/1201bug1f.html

**********

Stunnel fix available

Previous versions of stunnel for Linux are vulnerable to "leaking file descriptors." This information could be used to hijack stunnel's services. For more, go to:

Mandrake Linux:

http://www.nwfusion.com/go2/1201bug1g.html

Red Hat:

https://rhn.redhat.com/errata/RHSA-2003-296.html

Trustix:

http://www.nwfusion.com/go2/1201bug1h.html

**********

OpenPKG patches zebra

A denial-of-service vulnerability has been found in zebra, "a multiserver routing software package which provides TCP/IP-based routing protocols also with IPv6 support such as RIP, OSPF and BGP." For more, go to:

http://www.openpkg.org/security/OpenPKG-SA-2003.049-zebra.html

**********

Red Hat patches XFree86

According to an alert from Red Hat, "Multiple integer overflows in the transfer and enumeration of font libraries in XFree86 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks." For more, go to:

https://rhn.redhat.com/errata/RHSA-2003-288.html

Red Hat issues fix for EPIC

A flaw in EPIC, an advanced ircII chat client, could be exploited by a malicious IRC server to crash the effected machine or potentially execute arbitrary commands. For more, go to:

https://rhn.redhat.com/errata/RHSA-2003-342.html

Red Hat releases patch for iproute

A local denial-of-service vulnerability in the iproute packages for Red Hat has been fixed. For more, go to:

https://rhn.redhat.com/errata/RHSA-2003-316.html

Red Hat patches Pan

According to a Red Hat advisory, "A bug in Pan versions prior to 0.13.4 can cause Pan to crash when parsing an article header containing a very long author e-mail address. This bug causes a crash (denial of service) but is not further exploitable." For more, go to:

https://rhn.redhat.com/errata/RHSA-2003-311.html

**********

Today's roundup of virus alerts:

Troj/Sysbug-A - A Trojan horse application that can be used to steal information or provide access to an infected machine. Spreads via an e-mail with a subject line of "Re[2]: Mary" and an attachment "Private.zip". (Sophos, Panda Software)

Troj/Litmus-AS - Another Trojan horse. This one provides access to the infected machine via IRC. It could also steal password information. (Sophos)

Troj/HacDef-084 - A Trojan horse that operates at the kernel level of a Windows PC. It can intercept all network traffic and redirect it as well as steal other sensitive information on the infected machine. (Sophos)

W32/Agobot-AS, AW - Two new versions of the Agobot Trojan horse that attempt to exploit DCOM RPC and the RPC locator vulnerabilities in Windows. In addition to allowing unauthorized access via IRC, both viruses attempt to disable certain security-related applications on the infected machine. (Sophos)

W32/Sdbot-I - Yet another Trojan that provides access to the infected machine via IRC. This one spreads via weakly protected network shares. (Sophos)

Psshutdown.A - A hacking tool that allows an attacker to remotely shutdown the infected machine, which could result in loss of unsaved data. (Panda Software)

Randex.BF - A Trojan horse that spreads by generating random IP addresses to target using easily guessable passwords. Once inside a machine, the virus connects to an IRC server. (Panda Software)

**********

From the interesting reading department:

Security at Microsoft

Microsoft is committed to sharing its internal IT security practices in order to help its customers successfully secure their environments. This paper describes what the Microsoft Corporate Security Group does to prevent malicious or unauthorized use of digital assets at Microsoft. Microsoft.com, Nov. 2003.

http://www.nwfusion.com/go2/1201bug1i.html

Patching: Process matters

The list of all-too-familiar names - Nachi, Klez, Lovsan, SoBig, BugBear, Swen, Blaster and Yaha - represents only a sampling of the most prevalent worms and viruses that slithered into corporate networks this fall. But they all have one thing in common: Patches were readily available before most damage had been done. So why do these intruders continue to wreak such havoc? Network World, 12/01/03.

http://www.nwfusion.com/research/2003/1201howtopatch.html?nl

Lock down your WLAN

Take these nine steps, then breathe more easily. Network World, 12/01/03.

http://www.nwfusion.com/research/2003/1201howtowlan2.html?nl

Mirage protects the LAN

Mirage Networks is wheeling out an appliance designed to halt quick-spreading, LAN-based worms and viruses by neutralizing individual infected machines rather than cordoning off entire parts of affected networks. Network World, 12/01/03.

http://www.nwfusion.com/news/2003/1201mirage.html?nl

A better VPN on the way?

There might soon be a new standard that makes IP Security VPNs more secure and easier to configure. Network World, 12/01/03.

http://www.nwfusion.com/news/2003/1201ike.html?nl

TechNet to release enterprise security tool

Arthur Coviello, president and CEO of RSA Security, co-chair of TechNet New England and a cybersecurity task force member, described the tool and the task force's goals to Network World Editor in Chief John Dix. Network World, 12/01/03.

http://www.nwfusion.com/news/2003/1201technet.html?nl

Security notes: The many paths to security policy enforcement

Cisco recently launched a strategic push to adapt first its routers and then its switches to be able to automatically block Microsoft-based desktops from network connection if the user needs updated anti-virus software or a Microsoft patch. Network World Fusion, 12/01/03.

http://napps.nwfusion.com/weblogs/security/003787.html?nl

Keeping watch for interstellar computer viruses

Add one more worry to the computerized world of the 21st century. Could a signal from the stars broadcast by alien intelligence also carry harmful information in the spirit of a computer virus? Could star folk launch a "disinformation" campaign - one that covers up aspects of their culture? Perhaps they might even mask the "real" intent of dispatching a message to other civilizations scattered throughout the Cosmos. Space.com, 11/11/03.

http://www.space.com/scienceastronomy/space_hackers_031111.html

Wells Fargo offers reward for stolen computers

Wells Fargo is offering a $100,000 reward for information leading to the arrest and conviction of thieves who stole computers earlier this month containing confidential information about some of its customers. IDG News Service, 11/22/03.

http://www.nwfusion.com/news/2003/1122wellsfargo.html?nl

Hatch says he's 'shocked' at hacking of files

Sen. Orrin Hatch (R-Utah) who has made cracking down on the theft of digital files over computer networks one of his crusades, said Tuesday that he was "shocked" that a member of his own staff hacked into Senate Democrats' protected files on the computer network of the Senate Judiciary Committee he heads. The Salt Lake Tribune, 11/26/03.

http://www.sltrib.com/2003/nov/11262003/utah/114498.asp

Digital crackdown

Battling digital crooks requires a rare combination of skills. There's no blood here - just stacks of cold hard drives, waiting to give up their secrets. The Boston Globe, 12/01/03.

http://www.nwfusion.com/go2/1201bug1j.html

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2003 IDG Communications, Inc.