• United States

Five patches from Debian

Jan 20, 20044 mins

* Patches from Debian, Mandrake Linux, Slackware * Beware new e-mail worm Beagle 2 * Microsoft's latest patch raises questions about its tools, and other interesting reading

Today’s bug patches and security alerts:

Debian patches netpbm-free

A number of the graphic conversion tools that make up netpbm-free have been found to create insecure temporary files. An attacker could exploit this to overwrite files on the affected machine with the privileges of the user running netpbm-free. For more, go to:

Debian issues fix for mc flaw

A vulnerability in mc (Midnight Commander), a file management tool, could be exploited by using malicious code hidden inside a compressed file. This code could be run on the affected machine when the compressed file is opened by mc. For more, go to:

Debian releases patch for mod-auth-shadow

Debian is warning of a vulnerability of mod-auth-shadow that could allow a user to gain access to the affected machine using an expired password. Mod-auth-shadow is an Apache module. For more, go to:

Debian reports flaw in jitterbug

A flaw in jitterbug, a bug tracking system, could be exploited to run arbitrary commands on the affected machine. For more, go to:


Debian, EnGarde, OpenPKG patch tcpdump

A flaw in the ISAKMP message handling function of tcpdump, a network monitoring utility, could be exploited to send the tool into an endless loop. For more, go to:





Mandrake Linux patches KDE

A buffer overflow in KDE’s VCF file reader could be exploited by an attacker to run arbitrary code on the affected machine. For more, go to:


Slackware patches INN

A buffer overflow has been found in inn 2.4.0 implemented by Slackware. The flaw could be exploited remotely to allow an attacker to run arbitrary code on the affected machine. For more, go to:


Today’s roundup of virus alerts:

New e-mail worm spreading worldwide

Beagle 2, the European Space Agency’s Mars explorer, did not have much success with its mission of exploring the surface of the Red Planet. But a new e-mail worm with the same name is apparently having better luck exploring the Internet, according to warnings issued Monday by leading anti-virus software companies. The new worm, known as W32.Beagle and W32.Bagle, appeared on Sunday. IDG News Service, 01/19/04.

Troj/Proxin-A – A backdoor Trojan that infects Windows PCs. No word on how it spreads. (Sophos)

Exploit/URLSpoof – Not a virus but a means of disguising a URL so it looks as if clicking it will bring you to one site, but in reality you’re delivered to another (most likely malicious). (Panda Software)

Troj/Divix-A – A Trojan that uses mIRC to gain unauthorized access to the infected machine. (Sophos)

Troj/Weasyw-A – Another Trojan horse virus. This one attempts to redirect Internet Explorer to a number of pre-defined sites. (Sophos)

W32/SdBot-DC – Yet another backdoor Trojan horse. This one spreads via weakly protected network shares. (Sophos)


From the interesting reading department:

Microsoft’s latest patch raises questions about its tools

Questions are being raised about how well Microsoft’s own tools for scanning and patching are working to apply its most recent patch, MS04-003, to correct security vulnerabilities associated with what’s called the Microsoft Data Access Component. Network World Fusion, 01/16/04.

NetScaler beefs up Web switch

NetScaler this week is set to launch two high-end versions of its Web switch/security gateway products that could help Web-based companies accelerate the processing, encryption and filtering of Web-based traffic for sites that receive millions of hits per day. Network World, 01/19/04.

Flaw in standard puts VoIP gear at risk

Voice over IP is making it easier to wage cyberwar, an analyst reported last week, just as flaws that make some VoIP products vulnerable were revealed. Network World, 01/19/04.

ISS backs new IPS offering with cash-or-credit guarantee

Internet Security Systems is so confident that the managed security offering it is announcing next week will automatically block certain network attacks that it pledges to pay customers thousands of dollars in credit or cash if the service fails. Network World, 01/19/04.

AMD chips include buffer overflow protection

Advanced Micro Devices’ Opteron and Athlon 64 processors can detect a commonly used attack against PCs connected to the Internet and render it harmless by blocking malicious code from executing, AMD said this week. IDG News Service, 01/14/04.