• United States

Microsoft warns of JPEG handling flaw

Sep 16, 20046 mins

* Patches from Microsoft, F-Secure, Mandrake Linux, others * Beware latest MyDoom variants * NEC extends quantum cryptography range and speed, and other interesting reading

Today’s bug patches and security alerts:

JPEG handling flaw threatens PCs, Microsoft warns

A security flaw in the way many Microsoft applications process JPEG images could allow an attacker to gain control over a computer running the software, Microsoft warned Tuesday. IDG News Service, 09/14/04.

Microsoft advisory:

Microsoft patches WordPerfect converter

A flaw in the WordPerfect converter code could be exploited by an attacker to run their code of choice on the affected machine. Most recent versions of Office and Works are impacted by the problem. For more, go to:


Mozilla updates browsers after bug hunt

Mozilla released a series of security updates for its Firefox and Mozilla 1.7 browsers yesterday that resolve the first security vulnerabilities to come from the Mozilla Foundation’s Security Bug Bounty Program. Its Thunderbird email client also needs patching for similar reasons. The Register, 09/15/04.


New Apache bug fix update available

The Apache Software Foundation and the Apache HTTP Server Project have released Version 2.0.51 of the popular server. This is a bug fix release that repairs problems in IPv6, configuration file parsing, mod_ssl, and mod_dav_fs. For more, go to:

Mandrake Linux:



iDefense warns of flaw in F-Secure Internet Gatekeeper Content Scanning Server

A denial-of-service vulnerability has been found in the F-Secure Internet Gatekeeper Content Scanning Server. The server does not properly handle malformed packets on port 18,971. An attacker could exploit this to crash the server. For more, go to:

F-Secure patch:


Mandrake Linux, OpenPKG release Samba patches

A flaw in version of Samba prior to 3.0.6 and 2.2.11 that could exploited in a denial-of-service attack against the Samba Daemon (smbd). For more, go to:

Mandrake Linux:



Vendors patch CUPS

According to an alert from Debian, “Alvaro Martinez Echevarria discovered a problem in CUPS, the Common UNIX Printing System.  An attacker can easily disable browsing in CUPS by sending a specially crafted UDP datagram to port 631 where cupsd is running.” For more, go to:


Mandrake Linux:



Axis patches vulnerable network cameras

A number of Axis video cameras are vulnerable to an attack by a remote user. Each of the cameras has an on-board HTTP server for management and service images. An attacker could bypass the authentication scheme to gain access. For more, go to:


Today’s roundup of virus alerts:

Virus writers add network sniffer to worm

Virus writers have grafted a network sniffer into the latest variant of the SDBot worm series. So far there are no reports of SDBot-UH in the wild but the inclusion of selective network sniffing along with keystroke logging features and other backdoor capabilities has security researchers worried. The Register, 09/14/04.

W32/Rbot-IY – An Rbot variant that spreads via network shares and allows backdoor access via IRC. No word on what file it infects. (Sophos)

W32/Rbot-JC – Another typical Rbot variant. See Rbot-IY above. This one uses a random filename. (Sophos)

Troj/Optix-PRO – The only description we have of this one: “Troj/Optix-PRO is a backdoor Trojan.” Fortunately, the threat level is low. (Sophos)

W32/Nyxem-C – According to Sophos, This is “an internet worm which spreads via network shares and by sending itself to contacts in the Outlook address book, to Yahoo Messenger and Yahoo Pager contacts and to email addresses found within files that have an extension of HTM or DBX.” (Sophos)

Troj/Psyme-AS – A Javascript downloader program that exploits the ADODB stream flaw in IE. The virus replaces the Windows Media executable file (wmplayer.exe). (Sophos)

W32/MyDoom-W – A new MyDoom variant that spreads via e-mail that looks to be from “Jenna K.” and contains a ZIP attachment of photos. (Sophos)

W32/MyDoom-X – Another MyDoom variant. This one infects “oz2.exe and to the Windows system folder with the filename oz11111.exe”. The virus tries to launch a DDoS attack against between Sept. 29 and Oct. 29. (Sophos)

W32/Bagle-AM – Another Bagle variant that uses mass e-mail to spread. The virus uses a variety of subject line and attachment names for its infected messages. The virus harvests the infected machine for e-mail addresses. (Sophos)


From the interesting reading department:

Brazil is world ‘hacking capital’

Brazil has become the global capital for computer hacking and Internet fraud, according to experts meeting in the country’s capital, Brasilia. BBC Online, 09/14/04.

NEC extends quantum cryptography range and speed

NEC researchers have developed a quantum cryptography system with sufficient speed and range to make it commercially viable. It could go on sale in the second half of 2005, the researchers said Thursday. IDG News Service, 09/16/04.

Backspin:  SP2 confounds the world

While we should applaud Microsoft for doing something positive about security, I find it depressing that the richest software company in the world can’t get the usability issues sorted out. Network World, 09/13/04.

‘Net Buzz:  Are 4% of your co-workers morons?

No one can claim ignorance of the fact that using company computers to send smutty e-mail or visit naughty Web sites can get you canned faster than telling off the boss. Network World, 09/13/04.

Nutter’s Help Desk:  Protecting Linux servers

I am starting to move my company to Linux as the server platform of choice.  With the seemingly continual stream of alerts about the different hacks possible, I know that I should put some type of firewall in place to protect the servers.  What are my options? Network World, 09/13/04.

Bottom Line:  A VoIP security plan of attack

From a security viewpoint, VoIP is a nightmare, combining the worst vulnerabilities of IP networks and voice networks. But VoIP’s security challenges can be solved. All it takes is a plan. Network World, 09/13/04.