• United States

H.323 vulnerabilities uncovered

Jan 15, 20044 mins

* Patches from Red Hat, Mandrake Linux, others * Beware virus that spreads via a message claiming to be from PayPal * Scam looks for bank card numbers, and other interesting reading

Today’s bug patches and security alerts:

Microsoft warns of VoIP vulnerability

Microsoft issued its first security patches of the new year Tuesday, warning users about a critical vulnerability in a component of the Microsoft Internet Security and Acceleration (ISA) Server used to control IP telephony traffic. IDG News Service, 01/13/04.

Microsoft patches:

H.323 issue:

Exchange 2003 vulnerability:

MDAC vulnerability:

Microsoft products are not the only ones affected by the H.323 issue. CERT has released an advisory on the issue and some vendors have released patches. For more, go to:

Cisco alert:


Buffer overflow in Yahoo Messenger

The download component of the Yahoo Messenger product contains a buffer overflow that could allow an attacker to run any code on the affected machine. Users should upgrade to Version For more, go to:


Flaw in KDE VCF reader

A buffer overflow in KDE’s VCF file reader could be exploited by an attacker to run arbitrary code on the affected machine. For more, go to:

Related Slackware patch:


Red Hat, SuSE patch tcpdump

A flaw in the ISAKMP message handling function of tcpdump, a network monitoring utility, could be exploited to send the tool into an endless loop. For more, go to:

Red Hat:



Additional Linux kernel fixes available

As we reported last week, a vulnerability in the Linux kernel could be exploited to gain root access on the affected machine. More vendors have made fixes available:

Debian (IA-64):



Mandrake Linux patches ethereal

Two vulnerabilities have been found in the ethereal network monitoring package. Both could be used to crash the service. For more, go to:


Debian releases CVS patch:

A flaw in the account management for the CVS pserver could allow anyone with access to the server to modify the CVSROOT/passwd file to give themselves root access to the affected machine. For more, go to:


Today’s roundup of virus alerts:

Troj/Inor-B – This virus is dropped on the target machine when it visits a malicious Web site. No word on any permanent damage caused. (Sophos)

W32/Rirc-A – Another worm that attempts to exploit weak passwords for network shares in order to spread. The virus connects to an IRC server to report its status. (Sophos)

Troj/Mmdload-A – Similar to the Mimail-N virus, this little gnat spreads via a message purporting to be from PayPal. (Sophos)


From the interesting reading department:

ISS scoops up content security company

Internet Security Systems (ISS) Wednesday moved to bolster its content security capabilities, announcing that it purchased content security company Cobion for $33.4 million. IDG News Service, 01/14/04.

Microsoft extends Windows 98, ME support to 2006

Microsoft, days before it was to end support for Windows 98 and Windows 98 Second Edition (SE), has decided to extend the life of the products until June 30, 2006. IDG News Service, 01/12/04.

Scam looks for bank card numbers

Apparently, some criminals on the Internet need to invest in spell-checkers. A fake e-mail making the rounds Monday asks clients of Citibank’s online banking service to verify their e-mail, bank card number and PIN by clicking on a link in the e-mail. Citibank issued a statement Monday saying the notice did not come from the company, and the fake e-mail looks something less than professional. IDG News Service, 01/12/04.