Americas

  • United States

Symantec patches pcAnywhere flaw

Opinion
Nov 17, 20035 mins
NetworkingSecurity

* Patches from Symantec, SCO, Conectiva, others * Beware e-mail worm posing as a message from PayPal * Adoption of IPS increasing, cautiously, and other interesting reading

Today’s bug patches and security alerts:

Symantec patches pcAnywhere flaw

A security flaw has been found in Symantec pcAnywhere remote control application when the software is set to the service-mode configuration. A local user could exploit this to search all system files and gain full permissions over directories in the affected system. A fix is available via Symantec’s LiveUpdate service. For more, go to:

https://www.nwfusion.com/go2/1117bug1a.html

**********

BEA issues several updates

According to an alert from Panda Software, “BEA has released several updates for BEA WebLogic Server and Express, which fix five different vulnerabilities that can be used to launch Denial of Service attacks or steal confidential data.” The five different alerts are linked below:

https://www.nwfusion.com/go2/1117bug1b.html

https://www.nwfusion.com/go2/1117bug1c.html

https://www.nwfusion.com/go2/1117bug1d.html

https://www.nwfusion.com/go2/1117bug1e.html

https://www.nwfusion.com/go2/1117bug1f.html

**********

ISS warns of PeopleSoft IClient vulnerability

A security vulnerability in the PeopleSoft IClient servlet, which helps provide real-time connectivity between PeopleSoft and other applications, could be exploited by a remote attacker to run arbitrary code on the affected machine. For more, go to:

https://xforce.iss.net/xforce/alerts/id/157

**********

SCO patches flaw in UnixWare procfs handling

A flaw in the way procfs descriptors are handled in UnixWare could be exploited by a local user to gain elevated privileges on the affected machine. A fix is available. For more, go to:

ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.32

SCO releases patch for unzip vulnerability

The popular file compress/decompress utility unzip contains a directory transversal vulnerability. An attacker could exploit this to overwrite arbitrary file on the infected machine. For more, go to:

ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-031.0.txt

**********

Conectiva patches postgresql

Two bugs found in the postgresql database code could be exploited to trigger a buffer overflow, which could be used to run malicious code on the affected server. For more, go to:

https://www.nwfusion.com/go2/1117bug1g.html

Conectiva releases update for mpg123

A buffer overflow in the mpg123 player client could be exploited by a malicious MP3 file and used to run arbitrary code on the affected machine. For more, go to:

https://www.nwfusion.com/go2/1117bug1h.html

Conectiva issues fix for xinetd

A couple of memory leaks in xinetd could be exploited in a denial-of-service attack against the affected machine. For more, go to:

https://www.nwfusion.com/go2/1117bug1i.html

**********

Red Hat fixes zebra DoS vulnerability

Two flaws in zebra, an open source TCP/IP routing software package, could be exploited in a denial-of-service attack. For more, go to:

https://rhn.redhat.com/errata/RHSA-2003-307.html

**********

Today’s roundup of virus alerts:

Phishes and bugs: New worm uses PayPal scam

A new e-mail worm is spreading on the Internet and posing as a message from PayPal, the online payment company, in an effort to harvest credit card numbers and account passwords, leading anti-virus companies warned on Friday. IDG News Service, 11/14/03.

https://www.nwfusion.com/news/2003/1114phishandb.html?nl

W32/Opaserv-V – A worm that spreads via network shares. It also attempts to download updates to its code from a remote Web site. No word on any permanent damage caused by this virus. (Sophos)

Sinala.A – This Windows virus spreads via e-mail (with an attachment called “ALANIS.EXE”) and peer-to-peer file-sharing networks. It exploits the MHTML vulnerability in Outlook Express. The virus tries to download new code from a remote Web site. (Panda Software)

Sdbot.BL – A Trojan horse that spreads via IRC and e-mail. It listens to a specific IRC channel for commands, allowing an attacker unfettered access to the infected machine. (Panda Software)

**********

From the interesting reading department:

Dumb defaults

Our first challenge to all vendors mentioned in this column – and Cisco in particular as the 800-pound network gorilla – is to address the dumb security defaults they ship with their products. There are more than a few instances of these dumb defaults, but for the purpose of our discussion, we’ll point to some of the more egregious examples. Network World, 11/17/03.

https://www.nwfusion.com/go2/1117bug1j.html

ISPs take on DDoS attacks

The largest ISPs are promising new tools by next year that will help predict and better defend against worms and viruses that act like distributed DoS attacks and true distributed DoS strikes. Network World, 11/17/03.

https://www.nwfusion.com/news/2003/1117specialfocus.html?nl

Adoption of IPS increasing, cautiously

Blocking attacks with intrusion-prevention systems rather than simply monitoring for them with intrusion-detection systems is slowly gaining ground inside corporations and government agencies, despite worries about disrupting legitimate traffic. Network World, 11/17/03.

https://www.nwfusion.com/news/2003/1117ipsgain.html?nl

Security experts band together

The Global Council of Chief Security Officers says its purpose will be to help IT security executives in all industries and branches of government boost their effectiveness within their organizations. Network World, 11/17/03.

https://www.nwfusion.com/news/2003/1117cso.html?nl

Breaking the glass firewall

IT women are gravitating to information security, where cross-disciplinary skills are key. Network World, 07/17/03.

https://www.nwfusion.com/research/2003/1117women.html?nl

Microsoft seeks government, private security alliances

Microsoft is in talks with governments and companies in several countries to establish partnerships to help protect computer users against cyber attacks, it said Friday. IDG News Service, 11/14/03.

https://www.nwfusion.com/news/2003/1114microseeks.html?nl