• United States

Red Hat issues kernel updates

Jan 05, 20046 mins

* Patches from Red Hat, Apple, Gentoo, others * Beware another version of the Sober worm * Companies mull commercial vs. freeware SSH, and other interesting reading

We’re back from the holiday break. Happy New Year to all our faithful readers!

Today’s bug patches and security alerts:

Red Hat issues kernel updates

Red Hat has issued two kernel updates. One for Version 2.4 of its kernel is a general bug fix release. A second update fixes a flaw that could allow unauthorized root access to the infected machine. For more, go to:

Updated kernel resolves security vulnerability:

General kernel update:

Red Hat patches Apache flaws

A minor buffer overflow vulnerability has been found in Red Hat’s implementation of the popular Apache Web server software. A fix is available. For more, go to:


Apple patches Jaguar and Panther

Updates are available for Apple’s Jaguar (Mac OS X 10.2.8 and Mac OS X Server 10.2.8) and Panther (Mac OS X 10.3.2 and Mac OS X Server 10.3.2) operating systems. These updates fix a number of minor security vulnerabilities. For more, go to:




Updated Flash player fixes flaw

A flaw in the way the Macromedia Flash Player works with Opera and Internet Explorer could be exploited to gain access to information stored on the affected machine. Version ( of the player can be downloaded to fix the problem. For more, go to:


SGI releases Advanced Linux Environment security update #7

A new security update is available from SGI that includes “updated RPMs for SGI ProPack v2.3 for the Altix family of systems.” For more, go to:


Gentoo patches lftp

According to an alert from Gentoo, “Two buffer overflow problems have been found in lftp, a multithreaded command-line based FTP client. A specially created directory on a web server could be used to execute arbitrary code on the connecting machine. The user’s machine has to connect to a malicious web server using HTTP or HTTPS, then issue an “ls” or “rels” command.” For more, go to:

Gentoo issues cvs update

A new version of cvs is available (1.11.11) that fixes a flaw that could allow the cvs server to use root privileges. An attacker could exploit this to run arbitrary code on the affected machine. For more, go to:


Mandrake Linux issues fix for XFree86

A flaw in the XDM display manager that comes with XFree86 could result in root privileges being granted to anyone with a valid login credential. For more, go to:

Mandrake Linux releases patch for proftpd

A flaw in the way proftpd handles ASCII translation could be exploited by an attacker to create a root shell on the affected machine. For more, go to:

Mandrake Linux patches irssi

Versions of irssi prior to 0.8.9 could be exploited by a user to crash another user’s irssi client. For more, go to:


Today’s roundup of virus alerts:

W32/Sober-C – Yet another version of the Sober worm that spreads via e-mail and peer-to-peer networks. The infected file is allegedly a tool to protect against such viruses. Sober can overwrite a number of popular file types, including executables. (Sophos, Panda Software)

Duster.B – A Trojan horse that spreads via Kazaa and network shares. Once it infects a machine, the virus connects to an IRC server to await further instructions. (Panda Software)

Wincap.B – A password-stealing virus that attempts to capture the passwords used to log on to specific financial Web sites. (Panda Software)

W32/Bodiru-A – This worm spreads via peer-to-peer networks and is used to launch a denial-of-service attack against It also terminates anti-virus related processes on the infected machine. (Sophos)

Troj/Tofger-L – A key logging Trojan horse that send captured information to a remote Web site. (Sophos)

W32/Opaserv-S – This worm attempts to take advantage of weak network shares used by Windows 95 and 98. The virus also tried to update itself from a remote Web site. (Sophos)

Firedaemon.A – A hacking tool that can setup services to run on the infected Windows 2003/XP/2000/NT machines. This virus itself is not malicious but could be exploited by other “malware.” (Panda Software)

Memwatcher.B – An adware program that displays banners in Internet Explorer and generates traffic for two URLs. (Panda Software)


From the interesting reading department:

Technology Update: New IDS tool fends off false positives

Passive fingerprinting improves intrusion detection. Network World, 01/05/04.

Management Strategies: How to quantify downtime

Calculating downtime’s drag on productivity and profit can help make the case for network improvements. Network World, 01/05/04.

Companies mull commercial vs. freeware SSH

It’s a battle going on across many large corporations: should they manage remote servers via Open Secure Shell freeware or commercial SSH products? Network World, 01/05/04.

Nokia upgrades its SSL remote-access software

Nokia has upgraded its Secure Sockets Layer remote-access gear to better handle key popular applications such as Microsoft Exchange and Lotus Notes. Network World, 01/05/04.

IT vs. the mischief makers

As cyberpunks crank up their games, network executives fight back by building security-aware corporate cultures. Network World, 12/22/03.

Mitnick offers cash for hacking tales

Noted computer hacker Kevin Mitnick is offering cash in exchange for tales of hacking escapades to fill a new book he is writing for publisher John Wiley & Sons. IDG News Service, 12/30/03.

Guide for Mapping Types of Information and Information Systems to Security Categories

NIST has completed the first draft of NIST Special Publication 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories. The purpose of the draft guideline is to assist Federal government agencies in identifying information types and information systems and assigning impact levels for confidentiality, integrity, and availability. National Institute of Standards and Technology.