* Patches from a variety of Linux vendors, others * Beware mass-mailing worm Hiton-A * Companies take cover as worm war breaks out, and other interesting reading Today’s bug patches and security alerts:Flaw in WinZipA buffer overflow vulnerability has been found in versions of WinZip prior to 9.0. This flaw affects the way certain MIME types (not ZIP) are handled by the application. An attacker could exploit this to run arbitrary commands on the affected machine. Users should upgrade to WinZip 9.0 to fix the problem. For more, go to:https://www.winzip.com/fmwz90.htm **********DoS vulnerability found in Cisco CSS 11000 The Cisco CSS 11000 Series Content Services Switches could be susceptible to a denial-of-service attack. An attacker would have to send malformed UDP packets to the switch’s management port. For more, go to:https://www.cisco.com/warp/public/707/cisco-sa-20040304-css.shtml**********NetScreen warns of flawA cross-site scripting vulnerability has been found in NetScreen IVE running Versions 3.0 to 3.3.1. The flaw could be used to steal session cookie information and potentially run malicious scripts on the affected machine. For more, go to:https://www.netscreen.com/services/security/alerts/ive_xss.txt **********Linux vendors patch libxml2A flaw in the way libxml2 parses remote data retrieved using FTP or HTTP could be exploited to cause a buffer overflow. This in turn could be used to run arbitrary code on the affected machine. For more, go to:Debian: https://www.debian.org/security/2004/dsa-455Mandrake Linux:https://www.nwfusion.com/go2/0308bug1a.htmlNetwosix:https://www.netwosix.org/adv04.htmlOpenPKG:https://www.openpkg.org/security/OpenPKG-SA-2004.003-libxml.htmlTrustix:https://www.nwfusion.com/go2/0308bug1b.html**********Overflow in Adobe Acrobat Reader 5.1NGSSoftware is warning of a stack overflow in Adobe Acrobat Reader 5.1. The flaw is in the way files with XML Forms Data Format (XFDF) are handled. The latest version of Acrobat Reader (ver. 6.0) fixes this vulnerability. For more, go to:NGSSoftware advisory:https://www.ngssoftware.com/advisories/adobexfdf.txtAdobe downloads page:https://www.adobe.com/support/downloads/main.html**********Debian releases kernel update for armSeveral vulnerabilities in Debian’s Linux kernel 2.2.19 for ARM-based systems have been patched. For more, go to:https://www.debian.org/security/2004/dsa-456**********Trustix patches nfs-utilsA bad DNS setup could be exploited in a remote denial-of-service attack against an affected Trustix server. For more, go to:https://www.nwfusion.com/go2/0308bug1c.html**********Today’s roundup of virus alerts:Troj/Ranck-K – A Trojan horse that sets itself up as a proxy, allowing an attacker to route HTTP traffic through the infected machine. (Sophos)W32/Hiton-A – We mentioned this one last week, but now we have some real details. The mass-mailing worm terminates certain security-related processes on the infected machine as well as redirects HTTP requests to anti-virus sites to the local machine. (Sophos)Troj/HacDef-100 – A backdoor Trojan that allows an unauthorized user access to most of the infected machine’s file system. (Sophos)W32/Cissi-B – Like many recent viruses, this one attempts to spread via e-mail or network shares with weak passwords. Once it infects a target, the virus connects to an IRC server and awaits instruction. (Sophos)**********From the interesting reading department:Microsoft’s long road to securityCompany makes progress, but experts and users say it still has a long way to go. Network World, 03/08/04.https://www.nwfusion.com/news/2004/0308microsoft.html?nlCompanies take cover as worm war breaks outAn Internet gang war of sorts broke out last week as the creators of two mass-mailer computer worms battled to outdo each other by releasing a dozen variants of the worms, called Bagle and Netsky, in rapid-fire fashion. Network World, 03/08/04.https://www.nwfusion.com/news/2004/0308wormworld.html?nlVendors set to advance security plansVendors are pursuing a variety of security initiatives intended to rein in the worst effects of problems such as worm attacks, which sometimes scan at ferocious speeds for vulnerable machines. Network World, 03/08/04.https://www.nwfusion.com/news/2004/0308security.html?nlFeature: Inside the DoD’s crime labWhenever a U.S. government agency investigating a crime or a cybercrime has digital evidence that’s too difficult to analyze, they send it to the Department of Defense computer forensics lab. Network World, 03/08/04.https://www.nwfusion.com/research/2004/0308dod.html?nlWhite paper: Divide and Conquer“HTTP Response Splitting” is a new application attack technique which enables various new attacks such as web cache poisoning, cross user defacement, hijacking pages with sensitive user information and an old favorite, cross-site scripting (XSS). Sanctum, 03/2004.https://www.sanctuminc.com/pdf/whitepaper_httpresponse.pdf Related content news analysis Cisco, AWS strengthen ties between cloud-management products Combining insights from Cisco ThousandEyes and AWS into a single view can dramatically reduce problem identification and resolution time, the vendors say. By Michael Cooney Nov 28, 2023 4 mins Network Management Software Cloud Computing opinion Is anything useful happening in network management? Enterprises see the potential for AI to benefit network management, but progress so far is limited by AI’s ability to work with company-specific network data and the range of devices that AI can see. By Tom Nolle Nov 28, 2023 7 mins Generative AI Network Management Software brandpost Sponsored by HPE Aruba Networking SASE, security, and the future of enterprise networks By Adam Foss, VicePresident Pre-sales Consulting, HPE Aruba Networking Nov 28, 2023 4 mins SASE news AWS launches Cost Optimization Hub to help curb cloud expenses At its ongoing re:Invent 2023 conference, the cloud service provider introduced several new and free updates that are expected to help enterprises optimize their AWS costs. By Anirban Ghoshal Nov 28, 2023 3 mins Amazon re:Invent Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe