• United States

Cisco patches ONS line

Jul 26, 20045 mins

* Patches from Cisco, Debian, SCO, others * Beware Bin Laden suicide virus * Security vendors expand intrusion systems, and other interesting reading

Today’s bug patches and security alerts:

Cisco patches ONS line

According to a Cisco advisory, “Cisco has fixed multiple malformed packet vulnerabilities in the TCP/IP stacks of Cisco ONS 15327 Edge Optical Transport Platform, the Cisco ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH Multiplexer Platform, and the Cisco ONS 15600 Multiservice Switching Platform.” For more, go to:


Samba flaw patched

A buffer overflow has been found in SWAT, the Samba Web Administration Tool. This flaw could be exploited prior to a user being authenticated and could allow an attacker to take control of the affected machine. For more, go to:





Debian patches netkit-telnet-ssl

A format string vulnerability in netkit-telnet-ssl could be exploited by an attacker to run code on the affected machine with the privileges of the telnet daemon. For more, go to:


Debian, Gentoo patch l2tpd

A buffer overflow in l2tpd, a Layer 2 tunneling protocol, could be exploited by an attacker to run any type of code on the affected machine. The attacker would have to send a specially-crafted packet in order to exploit the flaw. For more, go to:




Gentoo patches Unreal Tournament 2003/2004

A flaw in the Unreal Tournament “secure” query could allow an attacker to run the code of choice on the affected server. For more, go to:


SCO patches MMDF

A number of flaws have been fixed in SCO’s MMDF package. For the latest updates, go to:


OpenPKG patches PHP

PHP patches available

A flaw in the popular PHP server-side scripting language could be exploited remotely to cause a “memory_limit request termination” on the affected machine. An attacker could exploit this to take control of the machine and run any code they wanted. For more, go to:


Today’s roundup of virus alerts:

Bin Laden ‘suicide’ virus on net

A virus purporting to show images of Osama Bin Laden’s suicide has been unleashed onto the internet, security experts are warning. BBC Online, 07/24/04.

W32/Lovgate-V – A member of the Lovegate family that spreads via e-mail, file sharing networks and network shares. No word on the damage it can cause, but it does infect a number of files in the Windows System directory. (Sophos)

Troj/Delf-DU – A backdoor Trojan that allows an attacker access to the infected machine via IRC. The attacker can kill processes and launch URLs remotely. The virus installs itself as “services.exe” in the Windows System directory. (Sophos)

W32/Atak-C – Another variant of the mass-mailing Atak worm. No word on permanent damage caused, but it does harvest e-mail addresses from the infected system. (Sophos)

W32/Sdbot-KM – Exploits the DCOM vulnerability on Windows machines to spread. Has a backdoor component accessible via IRC and can be used to launch Syn Flood attacks against other machines. Virus installs itself as “CONF32.EXE” in the Windows System folder. (Sophos)

Troj/Dluca-CQ – An adware application that installs itself as “C:Program FilesInternet Optimizeroptimize.exe”. (Sophos)


From the interesting reading department:

The You Issue

It’s our annual issue all about you, the network pro. We take a look at what makes you smile – your job, your salary and your free time. Use our exclusive salary calculator to see how your pay compares to that of your peers. Network World, 07/26/04.

Security vendors expand intrusion systems

Although it’s the heart of summer, security vendors don’t seem to be going on vacation. Symantec, eEye Digital Security, NFR Security and Vernier Networks are rolling out new products designed to stop worms and other threats. Network World, 07/26/04.

Security freeware abounds

It’s great to get something you need for free. And there are a plethora of tools users can deploy for intrusion detection, network mapping and vulnerability assessment available as free downloads from the Web. Network World, 07/26/04.

SSL making strides against IPSec VPNs

Secure Sockets Layer remote-access gear is winning out over IPSec in some businesses because use of browser-based SSL technology can lead to cost savings, simpler administration and easier connections with partners. Network World, 07/26/04.

Phishers finding easy prey

Leading financial institutions have adopted a more-aggressive attitude toward online identity-theft cons known as “phishing scams” in recent months. But companies could be unwittingly helping phishers trick online shoppers, says a new report from a U.K. Web developer. Network World, 07/26/04.

SonicWall has new wireless options

SonicWall is introducing three security appliances that make it possible to outfit the smallest offices with VPN and firewall protection for wireless LANs and back up the main Internet connection via phone line if the primary link fails. Network World, 07/26/04.

Flordia hacker indicted in big online theft case

A 45-year-old man has been indicted on charges of hacking into the computers of the marketing company Acxiom, in Little Rock, Ark., to access its databases filled with personal, financial and company information, the office of the U.S. Attorney General said Wednesday. IDG News Service, 07/22/04.