• United States

Microsoft updates for March

Mar 11, 20046 mins

* Patches from Mandrake Linux, Red Hat, others * Beware Trojan spreading via an attachment called "" * Breaking code in the name of good, and other interesting reading

Today’s bug patches and security alerts:

Microsoft releases March security updates

Microsoft continued its policy of releasing monthly security updates with three new software patches on Tuesday, including fixes for the MSN Messenger instant messaging program, Windows Media Services and the Outlook e-mail client. IDG News Service, 03/09/04.

Related Microsoft bulletins:

Office Security – Outlook flaw:

Microsoft Windows Security Bulletin Summary for March:

Microsoft MSN Products Security Bulletin Summary:

CERT advisory, re: Outlook flaw:


NGSSoftware warns of IBM DB2 vulnerability

It was discovered that IBM DB2’s Remote Command Server executes remote commands with administrator rights for any valid Windows logon. This means a low-level guest user can still run commands with administrative privileges. For more, go to:

IBM advisory:


Squid Proxy flaw patched

A problem with the way the Squid Proxy Cache server handles certain URLs could be exploited by a malicious user to skip certain access controls. Squid Proxy 2.5 fixes the issue:

Related Security Tracker article:


Sysstat vulnerability fixed

A flaw in the way Sysstat, a system statistics gathering tool, uses temporary files could be exploited in a symbolic link attack to overwrite certain files. For more, go to:


Red Hat:


New kdelibs fix

A flaw in the way various kdelibs packages handle cookie paths between client and server could be exploited by a malicious user to steal cookie information. For more, go to:


Mandrake Linux:

Red Hat:


Python updates available

A buffer overflow in python 2.2’s getaddrinfo() function could be used to access memory where shell code is located. Only Version 2.2 is affected and only those systems that do not have IPv6 enabled. For more, go to:


Mandrake Linux


Mandrake Linux, Red Hat patch gdk-pixbuf

A denial-of-service vulnerability exists in gdk-pixbuf, a package for loading images in applications like Evolution. A fix is available. For more, go to:

Mandrake Linux:

Red Hat:


Mandrake Linux releases fix for mozilla

A number of vulnerabilities in mozilla 1.4 have been fixed by Mandrake Linux. For more, go to:


Debian updates wu-ftpd

Two flaws have been found in wu-ftpd for Debian. One could allow a user to traverse the root directory and there’s a buffer overflow in the code that deals with S/key authentication. For more, go to:


OpenPKG patches mutt

A buffer overflow in mutt, a mail user agent, could be exploited in a denial-of-service attack. For more, go to:

OpenPKG releases libtool fix

An insecure temporary directory is created by OpenPKG’s libtool implementation, which could leave an affected system vulnerable to a symlink attack. For more, go to:


Today’s roundup of virus alerts:

W32/Randex-AA – Another Trojan horse that spreads via weakly protected network shares and uses IRC to receive commands from an attacker. The virus also collects CD keys for games installed on the infected machine. (Sophos)

W32/Agobot-DQ – We sound like we’re repeating ourselves, but this too is a virus that tried to spread via network shares that are weakly protected. The virus listens on a certain port for commands and also tries to kill certain security-related applications running on the infected machine. (Sophos)

Troj/Cidra-D – A Trojan that spreads via e-mail with an infected attachment called “”. The Trojan acts as a proxy, redirecting TCP traffic through the infected machine. (Sophos)

Troj/Domwis-A – A backdoor Trojan that allows an attacker to take control of the infected machine. The Trojan can download remote files and execute them on the infected machine as well. (Sophos)

Troj/Eyeveg-C – A password stealing Trojan that e-mails its bounty to a remote Web site. (Sophos)

W32/Bereb-B – A peer-to-peer worm that logs on to an IRC channel once a machine is infected. (Sophos)


From the interesting reading department:

Cisco releases security products, features

New hardware and enhancements to Cisco’s software products will make computer networks more resilient to attack, the company said Tuesday. IDG News Service, 03/09/04.

Patching: The cure that’s worse than the disease?

You might be familiar with the cliche that the cure can be worse than the disease. When it comes to patching software, Microsoft’s David Aucsmith now appears to be saying that the cure is frequently the cause of the disease. Network World, 03/08/04.

Breaking code in the name of good

It may seem odd to release a book called “Exploiting Software: How to break code” at a security conference.  But co-authors Gary McGraw and Greg Hoglund did just that at the RSA Conference in San Francisco in February and weren’t thrown out on their ears.  That’s because their real intent is to help people build better code by showing them how attackers work.  Network World Editor in Chief John Dix caught up with McGraw to learn more about the book, which was three-and-a-half years in the making, and follows McGraw’s other books, “Building Secure Software” and “Securing Java.” Network World Fusion, 03/08/04.

Teros enters XML security space

Application firewall maker Teros Monday said that it is adding features to protect Web services to its Secure Application Gateway product line. IDG News Service, 03/08/04.

China’s Legend develops PC security technology

Legend Group, China’s largest PC maker, is developing technologies that could be used to make computers more secure. IDG News Service, 03/09/04.