• United States

Oracle releases patches, finally

Sep 02, 20045 mins

* Patches from Oracle, SuSE, HP, others * Beware new Bagle variant * Symantec joins anti-phishing group, and other interesting reading

Today’s bug patches and security alerts:

Oracle releases delayed security patches

Oracle this week released security patches that plug several vulnerabilities reported last month in its database software and other products.  IDG News Service, 09/02/04.

Oracle advisory (PDF):

CERT advisory:


Vulnerabilities in MIT Kerberos 5 distribution

There are two vulnerabilities relating the to the MIT Kerberos 5 distribution. First, the ASN.1 decoder library that ships with the distribution is vulnerable to a denial-of-service attack:

Second, the “Key Distribution Center (KDC) program contains a double-free vulnerability that potentially allows a remote attacker to execute arbitrary code,” according to an advisory from MIT.

Related Kerberos advisories:

Cisco VPN 3000 Series Concentrators vulnerable:



Gaim update available

Two remotely exploitable buffer overflows have been found in  gaim, a general purpose Instant Messaging client that works with

multiple IM services. Users should upgrade to Version 8.82.

Gentoo Gaim update:


SuSE patches kernel

A number of vulnerabilities, which could be exploited in a denial-of-service attack, have been found in the SuSE kernel. An update is available:


HP patches CDE libDtHelp

A buffer overflow in the HP-UX CDE libDtHelp library could be exploited in a denial-of-service against an affected machine. Patches are available by logging into the HP IT Resource Center:


Debian, Gentoo patch QT

A flaw in the QT library BMP image handler could be exploited by a remote user to run their code of choice on the affected machine with the privileges of the user viewing the image. For more, go to:




Debian releases Python 2.2 update

According to an alert from Debian, “A buffer overflow bug in Python’s getaddrinfo function, which could allow an IPv6 address, supplied by a remote attacker via DNS, to overwrite memory on the stack.” A previous fix for this problem did not remedy the issue, this one supposedly does.


Today’s roundup of virus alerts:

W32/Tzet-B – A network worm that spreads via shared machines with little or no password protection. The virus runs as “iglmtray.exe” It drops a bunch of Trojan horse files on the infected machine. (Sophos)

Troj/LegMir-R – A password stealing Trojan horse that installs itself as “_Win32.exe” in the Windows System directory. No word on how it spreads. (Sophos)

W32/Rbot-HI – An Rbot variant that logs keystrokes, may delete network shares and can allow backdoor access via IRC. It installs itself as “SYSTESMS.EXE” in the Windows System folder and spreads via network shares with weak password protection. (Sophos)

W32/Rbot-HO – Another keystroke logger with the added ability to steal CD game keys. Spreads the same was as Rbot-HI, but uses the file  “syswin32.exe”. (Sophos)

W32/Rbot-HQ – Can’t virus writers go for something a little different than Rbot? Like all variants, it spreads via network shares, infects “mscnsz.exe” in the Windows System folder and can be used as a spam relay. (Sophos)

W32/Rbot-HR – Similar functionality to Rbot-HQ, except the infected file is “winusb.exe”. (Sophos)

Troj/BagleDl-A – A new Bagle variant that tries download a gif image from 131 different Web sites. The virus also terminates certain security-related applications running on the infected machine. (Sophos)


From the interesting reading department:

McAfee releases VirusScan with intrusion prevention

Anti-virus software company McAfee said Monday that a new version of its VirusScan Enterprise software contains so-called “intrusion prevention” features that can protect computers from attacks such as buffer overflows, which are often used by viruses, worms and malicious hackers to compromise vulnerable Microsoft Windows machines. IDG News Service, 08/30/04.

Symantec joins anti-phishing group

Anti-virus software company Symantec said Wednesday that it joined a group devoted to fighting online identity theft attacks known as “phishing scams.” IDG News Service, 09/01/04.

Gearhead: Tie ’em up and lock ’em down

Now in your network environment just consider what one of your users with an empty iPod, access to a USB port and bad intentions could get away with . . . chills you to the marrow, doesn’t it? And when you think of it, the whole idea of any I/O devices on PCs being available when they aren’t actually needed is pretty dumb. So what’s a sysadmin to do? Network World, 08/30/04.

Backspin:  Market factors meet medical gear, upgrades

The reality is it is all about politics and economics, not computer technology and IS people. I just want everybody involved to stop whining. Network World, 08/30/04.

Nutter’s Help Desk:  How to sniff a network

Which is the best way to connect a protocol analyzer to an Ethernet network in order to “sniff” the packets on the wire? Network World, 08/30/04.