• United States

Flaws in Oracle database

Mar 01, 20044 mins

* Patches from FreeBSD, Debian, SGI, others * Beware more Bagle variants * Students engineer a winner, and other interesting reading

Today’s bug patches and security alerts:

Flaws in Oracle database

Two functions in Versions 9ir2 and earlier of Oracle Database Server have been discovered by SecuriTeam. The flaws could be exploited to run arbitrary code on the affected server. Oracle users should logon to Metalink for updates:


ISS warns of SMB processing flaw

ISS has issued a warning about a module used in its own products: “A vulnerability was discovered in the SMB (Server Message Block) protocol parsing routines of the ISS Protocol Analysis Module (PAM) component found in some ISS products. The flaw relates to incorrect parsing of the SMB protocol, which may lead to a heap overflow condition.” For more, go to:

Related eEye advisory:


Trillian IM clients patched

A couple vulnerabilities have been found in the Trillian and Trillian Pro instant messaging clients. An attacker could exploit these flaws to run arbitrary code on the affected machine. A patch for the free version is available here:

Members should upgrade to Version 2.011 via this link:

E-matters advisory:


FreeBSD patches jail

Guess security at the jail wasn’t so good… sorry, couldn’t resist. Jail is a sandbox application that allows administrators to lock a process down so it cannot interact with other processes. Turns out, a coding problem could all someone with superuser privileges to gain full read and write access. For more, go to:


Debian releases patch for lbreakout2

A buffer overflow in the lbreakout2 game could be exploited by a malicious user to gain the privileges of “games”. For more, go to:


Mandrake Linux updates mtools

A flaw in the mformat program could allow certain files to be created with 0666 permissions. Also, the tool does not drop permissions when reading local configuration files. For more, go to:


Immunix, SGI patch kernel

As we’ve been reporting, a flaw in the various Linux kernel implementations could be exploited to gain root privileges on the affected machine. More fixes are available:

Immunix 7+ (source code):



Red Hat patches mod_python

A flaw in Version 3.03 and prior of mod_python could be exploited in a denial-of-service attack against the affected machine. For more, go to:

Red Hat releases libxml2 fix

A flaw in the way libxml2 parses long URLs from remote sites could be exploited by an attacker to potentially run arbitrary code on the affected machine. For more, go to:


Today’s roundup of virus alerts:

Bagle F, G – More Bagle variants. Like the previous versions, these too spreads via their own SMTP engine. This one uses a password-protected ZIP file to carry the malicious code. (Sophos)

Bagle C, D – Two new variants of the Bagle worm have been spotted. Both virus have their own SMTP engines for sending infected messages. Both open a backdoor on port 2745 and listen for remote commands. (Sophos, Panda Software)

W32/Agobot-FE – Another variant of the Agobot worm that attempts to allow unauthorized third-party access to the infected machine via an IRC channel. The virus also attempts to stop a number of security-related applications that may be running on the target machine. (Sophos)

W32/Nachi-D – Another Nachi variant that targets machines already infected with MyDoom-A. Like its predecessors, it too attempts to connect via ports 135 and 445. (Sophos, Panda Software)

W32/Maddis-A – A password-stealing Trojan that spreads via network shares. The virus sends its collected information to a set of predefined sites. (Sophos)


From the interesting reading department:

Students engineer a winner

The Simon Fraser University students come up with an anti-theft device for laptops. Vancouver Sun, 02/26/04.

NMap 3.50 available

Nmap (“Network Mapper”) is an open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts, according to its author, Fyodor. Download the new version here: