Mac OS X update available

* Patches from Debian, SGI, others * Beware e-mail virus that uses multiple subject lines and attachment names to spread * Sourcefire alters Snort intrusion-detection ware, and other interesting reading

Today's bug patches and security alerts:

Mac OS X 10.3.4 available

A new update for Mac OS X is available. This update includes updates for NFS, LoginWindow, TCP/IP and AppleFileServer. For more, go to:


Two flaws in 3Com OfficeConnect Remote 812 ADSL Router

Two separate vulnerabilities have been found in the 3Com OfficeConnect Remote 812 ADSL Router. First, SecurityTracker is reporting that specially crafted telnet packet could be used to crash the router, causing a denial of service.  The workaround for this flaw is to disable telnet access on the device. A second flaw found by iDefense could be exploited to gain access to the device with any username or password. A workaround is available here:

iDefense advisory:


Debian patches xpcd

A buffer overflow flaw has been found in xpcd, a PhotoCD viewer application. A fix is available:

Debian releases gatos patch

A flaw in xatitv, a program in gatos for use with certain ATI video cards, could be exploited to gain root privileges on the affected machine. The xatitv program does not properly drop its root privilege after it initializes. For more, go to:

Debian issues fix for jftpgw flaw

A format string vulnerability in jftpgw, an FTP proxy program, could be exploited to run arbitrary code on the affected machine with the privileges of the jftpgw server process. For more, go to:


SGI Advanced Linux Environment 3 Security Update #1

This update is for SGI ProPack 3 RPMs for the SGI Altix family of systems. It includes updates for OpenSSL, XEmacs, elfutils, ipsec-tools, CVS, squid, mozilla, Ethereal and httpd. For more, go to:

SGI Advanced Linux Environment 3 Security Update #2

Another update for SGI ProPack 3 RPMs for the SGI Altix family of systems. It includes updates for OpenSSL, libpng, cvs, rsync and kdelibs. For more, go to:

SGI Advanced Linux Environment security update #20

A cumulative patch for the SGI ProPack v2.4 RPMs for the SGI Altix family of systems. The update includes fixes for mc, libpng, cvs, cadaver, rsync and kdelibs. For more, go to:

SGI patches libcpr for IRIX

A flaw in the cpr library for IRIX could be exploited to load user-supplied library when the system is restarted. A user could gain root privileges by exploiting this flaw. For more, go to:


OpenPKG releases Apache patch

OpenPKG has issued an update for the popular Apache Web server client. A stack overflow in the SSL/TLS extension module could be exploited if the Subject-DN in the client certificate exceeds 6KB in length. For more, go to:


Today's roundup of virus alerts:

W64.Rugrat.3344 - Symantec is touting this virus as the first that targets the 64-bit Windows operating system. It's only a proof of concept and has not been found in the wild. No word on the potential damage this virus could cause. (Symantec)

W32/Agobot-JF - A multi-talented virus that spreads via network shares and uses IRC to grant backdoor access to intruders. The virus terminates security-related applications on the infected machine, can steal data (including keys to popular games) and be used to launch denial-of-service attacks against remote sites. (Sophos)

W32/Agobot-XX - A lesser Agobot variant that spreads via network shares and uses IRC to allow backdoor access. The virus terminates security applications and tries to limit access to security-related Web sites. (Sophos)

W32/Sdbot-BW - This worm spreads via weak passwords on network shares, vulnerabilities and other holes left by viruses. Attackers are granted backdoor access via IRC and the virus logs keystrokes in a file called "k3ys.txt". (Sophos)

W32/SdBot-BC - All the same functions as W32/Sdbot-BW, minus the key logger. (Sophos)

W32/Bagle-AA - An e-mail virus that uses multiple subject lines and attachment names to spread. The virus mines an infected machine for e-mail addresses and terminates certain security-related applications. (Sophos)


From the interesting reading department:

Vulnerability Feed

Need to know about the latest viruses, worms and holes? Our new Vulnerability Feed scours the 'Net several times a day for the info you need. Network World Fusion.

Tester's Challenge: VoIP security tools are lacking

Ours is a two-part challenge to VoIP vendors. Make VoIP security education and VoIP security technical assistance more readily available. And second, we'd like to see better tools and user interfaces, in the long run, that let users more globally set security parameters. Network World, 05/31/04.

Phear of phishing

Sophisticated e-mail scams are a potential disaster for Internet commerce. Network World, 05/31/04.

CA bringing WLAN mgmt. into its fold

For the past year, Maurice Ficklin quietly has used Computer Associates Unicenter software to manage, optimize and secure the 141-acre wireless LAN network at the University of Arkansas at Pine Bluff. Network World, 05/31/04.

Sourcefire alters Snort intrusion-detection ware

Sourcefire this week is expected to announce add-on software called Intrusion Agent for its intrusion-detection system freeware Snort. The add-on will let the freeware version of Snort work with an updated version of Sourcefire's Defense Center management console, which has supported only the commercial Snort IDS until now. Network World, 05/31/04.

SonicWall bolsters Wi-Fi security

SonicWall is introducing its own Wi-Fi access point that can make it easier for customers to deploy and manage secure wireless networks. Network World, 05/31/04.

Network Associates boosts VirusScan

Network Associates is set to introduce this week an updated version of its server and desktop anti-virus software that augments existing protection with anti-malware capabilities, including intrusion prevention and spyware eradication. Network World, 05/31/04.


Copyright © 2004 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022