• United States

Vendors patch XFree86 flaw

Feb 17, 20044 mins

* Patches from Mandrake Linux, Red Hat, others * Beware yet another version of MyDoom * Cisco teams with IBM on infrastructure security, and other interesting reading

Today’s bug patches and security alerts:

Vendors patch XFree86 flaw

A flaw in the way font aliases are handled by various implementations of the XFree86 Window System could be exploited by an attacker to gain root privileges on the affected operating system. For more, go to:

iDefense advisory:

Immunix 7.3 (source code):


Mutt patches available

A number of Linux vendors have released patches for mutt, a text-mode mail user agent. An attacker could send a specially crafted message that would cause mutt to segfault, potentially allowing arbitrary code to be executed on the affected machine. For more, go to:

Netwosix Linux (source code):




Mandrake Linux updates mailman packages

A new patch for mailman fixes a cross-site scripting vulnerability in the mailing list application. For more, go to:

Mandrake Linux patches NetPBM

A temporary files vulnerability exists in NetPBM that could allow an attacker create or overwrite files with the privileges of another user. For more, go to:


Red Hat updates PWLib

A number of bugs in PWLib, a cross-platform library that supports the OpenH323 project, could be exploited in a denial-of-service attack against an affected machine. For more, go to :


Firm warns of PHPNuke vulnerabilities

According to an alert from Scan Associates, “There [are] multiple SQL injection [flaws] in multiple PHPNuke modules, which [could] allow an attacker to get ‘admin hash’ and gain admin access to a PHPNuke Website.” For more, go to:


Today’s roundup of virus alerts:

W32/Deadhat-B – A Trojan horse that spreads via the SoulSeek filesharing network using a variety of file names. The virus tries to connect to an IRC server and terminates certain security-related applications. (Sophos)

W32/MyDoom-E – Yet another version of the MyDoom worm that spreads via e-mail and the Kazaa peer-to-peer network. It copies itself to the Windows folder in a file called taskmon.exe. This is a legitimate file on Windows 95/98/ME. (Sophos)

W32/Agobot-CW – Another version of the Agobot work that tries to exploit the Windows DCOM and RPC vulnerabilities. The virus attempts to connect to an IRC server and download backdoor functionality. (Sophos)


From the interesting reading department:

Review: Network Intrusion-Prevention Systems

With our first “In the Wild” IPS test, we’ve spent the last five months testing 11 products on our live distributed network connecting sites in Los Angeles, San Jose and Tuscon, Ariz., to help sort out the real from the rhetoric. Network World, 02/16/04.

Treating management, security as one

In the new data center, technologies that protect and control will work more closely together. Network World, 02/16/04.

Cisco teams with IBM on infrastructure security

A collaboration between Cisco and IBM on security could make it easier for customers to authenticate IBM-based laptop and PC clients on Cisco-based LAN and remote-access infrastructures. Network World, 02/16/04.

Cisco strengthens WLAN security

Cisco last week submitted a protocol to the IETF that could serve as an alternative to the proprietary scheme that the company promotes for securing wireless LANs. Network World, 02/16/04.

Maxspeed speeds up patch management

Patch management is on the minds of every IT organization, and thin-client vendor Maxspeed hopes to ensure they don’t forget about their embedded systems. Network World, 02/16/04.

Ghost plagues Microsoft machine

It was another bad day at the office for Microsoft yesterday. Seventy-two hours after being forced to explain yet another serious hole in its Windows operating system, the software giant was hit by the most embarrassing security breach so far when portions of the secret blueprint for Windows were leaked over the internet. The Guardian, 02/14/04.,3604,1148153,00.html