• United States

Cisco wireless security hole

Apr 08, 20046 mins

* Patches from Apple, Macromedia, others * Beware new versions of Netsky worm * Network Intelligence adds analysis to security tools, and other interesting reading

Today’s bug patches and security alerts:

Cisco warns of wireless security hole

Networking equipment maker Cisco is warning customers about a security hole in two products used to manage wireless LANs and e-business services in corporate data centers. IDG News Service, 04/07/04.

Cisco advisory:


Apple releases security update

Apple has released a new security update for its Panther and Jaguar (Mac OS X) server and client operating systems. The patch covers bugs in CUPS, libxml2, Mail and OpenSSL. For more, go to:

Mac OS X 10.3.3 “Panther” and Mac OS X 10.3.3 Server:

Mac OS X 10.2.8 “Jaguar” and Mac OS X 10.2.8 Server:


Macromedia patches Dreamweaver flaw

A vulnerability in the way Macromedia Dreamweaver accesses remote databases could expose DNS information to attackers. A malicious user could then send SQL commands to the remote database, essentially taking control of it. For more, go to:


iDefense warns of Perl flaw

According to an alert from iDefense, “Remote exploitation of a buffer overflow in the ‘win32_stat’ function of ActiveState’s ActivePerl and Larry Wall’s Perl could allow for the execution of arbitrary commands.” For more, go to:


eMule flaw fixed

A vulnerability in eMule, an IRC client, could be exploited to run arbitrary code on the affected machine. For more, go to:


Gentoo Linux updates

Like with our last newsletter regarding SCO, Gentoo has a whole host of updates that its released in the past week or so for its flavor of Linux. Here’s the recap:


A flaw in the way certain MIME types are decoded by this image handler could be exploited to crash the application or run arbitrary commands.

Linux Kernel do_mremap function

A flaw in the memory mapping function in the Gentoo Linux kernel could be exploited to run arbitrary commands. For more, go to:


Multiple buffer overflows in Courier, an IMAP and MTA agent, could be exploited to gain unauthorized access to the affected machine. For more, go to:


A buffer overflow in the oftpd daemon could be exploited remotely, resulting in a denial of service. For more, go to:

Fetchmail 6.2.5

A remote buffer overflow has been fixed. For more, go to:


A flaw in the way invalid passwords are handled could be exploited in a denial-of-service attack. For more, go to:


A denial-of-service and buffer overflow vulnerabilities have been found in Monit, a system administration utility. For more, go to:


A flaw in the way “sandboxed” temporary files are handled could lead to a denial-of-service attack. For more, go to:


Unauthorized access may be gained remotely by exploiting a buffer overflow in KDE-PIM. For more, go to:


A flaw in the way Tcpdump, a network monitoring tool, handles ISAKMP could be exploited to run arbitrary code on the affected machine. For more, go to:


“Multiple vulnerabilities in the way sysstat handles symlinks may allow an attacker to execute arbitrary code or overwrite arbitrary files,” Gentoo reports. For more, go to:


According to Gentoo, “Racoon (a utility in the ipsec-tools package) does not verify digital signatures on Phase1 packets.” Anyone with a X.509 certificate can gain access. For more, go to:


The util-linux login program may leak sensitive system information. For more, go to:


A flaw in the ClamAV may be exploited in a denial-of-service attack. For more, go to:


Today’s roundup of virus alerts:

New Netsky worms change their stripes

New versions of the Netsky e-mail worm are spreading on the Internet and may be the work of a different author than previous editions of that worm, according to anti-virus software companies. IDG News Service, 04/06/04.

W32/Nackbot-D – A peer-to-peer worm that spreads via shared network folders. The virus disables various security related application, steals license keys to popular games and installs backdoor functionality accessible via IRC. (Sophos)

Troj/Small-AG – A Trojan horse that attempts to connect to various Web sites and displays ads for porn sites. (Sophos)

W32/Lovgate-V – Another Lovegate variant that spreads via e-mail, network shares and filesharing networks. It attempts to drop file on the infected machine that could give unauthorized access to a remote user. (Sophos)

W32/Agobot-FV – Yet another variant of the Agobot worm family. This one spreads via weakly protected network shares, installing backdoor functionality accessible via IRC. It also disables security-related applications running on the infected machine. (Sophos)

W32/Bugbear.c and e – Two similar variants of the bug bear worm that spread via e-mail and disable security related applications running on the infected machine. They also log keystrokes and send logged data to a remote site. (Sophos, Panda Software)

W32/Sdbot-HB – Like other viruses mentioned today, this nuisance spreads via network shares, disables security applications and drops a backdoor accessible via IRC. (Sophos)

Troj/Dloader-N – A Trojan horse that attempts to download a remote file and execute it. Fortunately, the remote file does not seem to exist. (Sophos)

Troj/Bagle-X – Acts as a backdoor proxy, allowing the infected machine to become a Spam relay. (Sophos)

Troj/Webber-H – A two-part Trojan horse. The first piece is the mass-mailer for spreading to more machines. The second part is downloaded from a remote site and used to steal information off the infected machine. (Sophos)


From the interesting reading department:

New company finds holes in raw code

A new company hopes to make life a lot harder for malicious hackers, releasing technology that analyzes computer code for security violations and enforces secure coding practices. IDG News Service, 04/05/04.

Network Intelligence adds analysis to security tools

Network Intelligence Wednesday released an upgraded version of its software along with a line of appliances that support it, which the company says will provide enterprise security managers with deeper analysis tools for potential security threats. Network World Fusion, 04/07/04.

Aruba strengthens wireless voice security

Aruba Wireless this week unveiled a software application to protect VoIP calls on wireless LANs. Network World Fusion, 04/02/04.

MCI adds SSL VPN, boosts secure remote access

MCI announced plans for a host of security features and a new partnership Tuesday that it said will provide more security for mobile and remote workers. IDG News Service, 04/06/04.