Today's bug patches and security alerts:
New Apache update
The Apache Software Foundation has released Version 2.0.49 of the popular Apache Web server application. The new release is primarily a bug fix, including three potential denial-of-service vulnerabilities. Get the update here:
http://httpd.apache.org/download.cgi
**********
ISS warns of ICQ parsing vulnerability
ISS is warning of a flaw in the way a number of its products parse the ICQ instant messenger protocol. The flaw could lead to a buffer overflow on the affected machine. For more, go to:
http://xforce.iss.net/xforce/alerts/id/166
Related eEye advisory:
http://www.eeye.com/html/Research/Advisories/AD20040318.html
**********
More OpenSSL patches
As we reported last week, there's a flaw in the OpenSSL performs SSL/TLS handshakes that could be exploited in a denial-of-service against an affected machine. Additional patches are available. For more, go to:
CERT advisory:
http://www.us-cert.gov/cas/techalerts/TA04-078A.html
OpenPKG:
http://www.openpkg.org/security/OpenPKG-SA-2004.007-openssl.html
Trustix:
http://www.nwfusion.com/go2/0322bug1a.html
**********
Windows XP Service Pack 2 "preview" available
Microsoft's description: "Microsoft Windows XP Service Pack 2 (SP2) provides an enhanced security infrastructure that defends against viruses, worms, and hackers, along with increased manageability and control for IT professionals and an improved experience for users." You can test it yourself here:
http://www.nwfusion.com/go2/0322bug1b.html
**********
Norton Internet Security 2004 Professional flaw fixed
NGSSoftware is warning of a flaw in the ActiveX control that ships with Symantec's Internet Security 2004 Professional. The control could be exploited by an attacker to execute arbitrary code on the affected machine. Running the LiveUpdate feature should download the appropriate patch. For more, go to:
http://www.ngssoftware.com/advisories/nisrce.txt
**********
Trustix patches Sysstat
A flaw in the way Sysstat, a system statistics gathering tool, uses temporary files could be exploited in a symbolic link attack to overwrite certain files. For more, go to:
http://www.nwfusion.com/go2/0322bug1c.html
**********
Today's roundup of virus alerts:
Witty worm exploits hole in BlackIce security product
A new worm that exploited a hole in some of Internet Security Systems' intrusion protection products seems to be dying down after affecting thousands of IP addresses since Saturday. IDG News Service, 03/22/04.
http://www.nwfusion.com/news/2004/0322wittyworm.html?nl
Related ISS alert:
http://xforce.iss.net/xforce/alerts/id/167
New Bagle worms crawl through old Microsoft hole
Four new versions of the Bagle e-mail worm appeared on Thursday, and antivirus experts warn that new techniques by the worm's creator could make it harder to stop the new worm variants. IDG News Service, 03/18/04.
http://www.nwfusion.com/news/2004/0318newbagle.html?nl
Experts downplay Phatbot danger
Security experts downplayed the danger of a Trojan horse program named Phatbot that uses peer to peer technology to create a network of infected zombies for carrying out attacks or spreading malicious code. IDG News Service, 03/18/04.
http://www.nwfusion.com/news/2004/0318experdownp.html?nl
Troj/Badparty-A - A virus that displays a dialog box "Press OK to install the party invitation..." When the ignorant user click ok, the virus tries to wipe out part of the master boot sector. (Sophos)
W32/Sdbot-GR - Yey another Sdbot variant that runs as a background process awaiting commands from a remote user via IRC. (Sophos)
**********
From the interesting reading department:
Microsoft's delivery of patch tools slips again
Corporate customers who anticipate the springtime release of upgrades to Microsoft's no-cost patch management software have some disappointment ahead: They will not only have to wait till later in the year but also might have to upgrade their systems to use it. Network World, 03/22/04.
http://www.nwfusion.com/news/2004/0322patch.html?nl
Sarvega adding security appliances to XML lineup
Web services start-up Sarvega this week will introduce two security products that should help customers track changes within the security infrastructure, and protect against denial-of-service attacks. Network World, 03/22/04.
http://www.nwfusion.com/news/2004/0322sarvega.html?nl
Spam-busters
MIT recently brought together the nation's top spam fighters at its annual anti-spam conference. Network World caught up with some of the speakers and participants. Here are their stories. Network World, 03/22/04.
http://www.nwfusion.com/research/2004/0322spam.html?nl
Microsoft sold on smart cards
Software giant tightens up in-house security after hacker break-in. Network World, 03/22/04.
http://www.nwfusion.com/news/2004/0322mssecurity.html?nl
Cisco issues security warning
Cisco last week warned that an implementation of Secure Sockets Layer on some of its switches, routers and firewalls could leave these devices vulnerable to denial-of-service attacks. Network World, 03/22/04.
http://www.nwfusion.com/news/2004/0322cisco10gside.html?nl
Security companies squeeze inside the beltway
Well-heeled representatives from companies such as Raytheon, and IBM have long wandered the halls of the U.S. Congress, cultivating close relationships with lawmakers and their staff. But these days, old-line defense and technology contractors are jockeying for lawmakers' time and attention with a hoard of newcomers: Computer security companies. IDG News Service, 03/18/04.
http://www.nwfusion.com/news/2004/0318securcompa.html?nl
Cebit: Web services, ID theft create new markets for RSA
RSA Security is looking into new technologies to secure Web services and protect consumers from identity theft, according to company president and CEO Arthur W. Coviello. IDG News Service, 03/19/04.