Microsoft patch-o-rama

Today’s bug patches and security alerts:

Four new security updates from Microsoft

April showers bring Microsoft patches, in this case four of them that patch some 20 various flaws. Three of the advisories/patches have been labeled “critical” (meaning potential code execution on an exploited machine) and the other is “important.” More here:

Microsoft issues flood of critical patches, IDG News Service, 04/13/04

https://www.nwfusion.com/news/2004/0413microissue.html?nl

Microsoft advisories:

Security Update for Microsoft Windows

https://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

Cumulative Update for Microsoft RPC/DCOM

https://www.microsoft.com/technet/security/bulletin/ms04-012.mspx

Cumulative Security Update for Outlook Express

https://www.microsoft.com/technet/security/bulletin/ms04-013.mspx

Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution

https://www.microsoft.com/technet/security/bulletin/ms04-014.mspx

Related advisories:

iDefense advisory: Microsoft Help and Support Center Argument Injection Vulnerability

https://www.nwfusion.com/go2/0412bug2a.html

ISS alert: Multiple Vulnerabilities in Microsoft Products

https://xforce.iss.net/xforce/alerts/id/169

Foundstone: Microsoft ASN.1 Double Free Heap Memory Corruption

https://www.foundstone.com/products/sa/fs-sa-04-13-04.pdf

Foundstone: Microsoft Releases Bulletins for Numerous Vulnerabilities in Windows, RPC DCOM, Outlook Express, and Jet:

https://www.foundstone.com/products/sa/fs-sa-04-13-04-ms.pdf

**********

Red Hat, SuSE patch cvs

A flaw in CVS, a version control system for Linux, could be exploited by an attacker to overwrite arbitrary files on the affected machine. For more, go to:

Red Hat:

https://rhn.redhat.com/errata/RHSA-2004-154.html

SuSE:

https://www.suse.com/de/security/2004_08_cvs.html

**********

SGI Advanced Linux Environment security update #17

The “SGI Advanced Linux Environment security update #17, which includes updated RPMs for SGI ProPack v2.3 and SGI ProPack v2.4 for the SGI Altix family of systems” fixes problems in Ethereal and Mozilla. For more, go to:

https://www.nwfusion.com/go2/0412bug2b.html

**********

Red Hat patches subversion

No, it’s not a spy tool, but a version control system. A flaw in subversion could allow a remote user to run arbitrary code on the affected machine. For more, go to:

https://rhn.redhat.com/errata/RHSA-2004-159.html

**********

Conectiva issues squid patch

A flaw in the way access control lists are handled by the squid proxy application could allow a user to gain access to pages they normally wouldn’t have access to. For more, go to:

https://www.nwfusion.com/go2/0412bug2c.html

Conectiva patches mod_python

A flaw in mod_python could be exploited in a denial-of-service attack against the affected machine. For more, go to:

https://www.nwfusion.com/go2/0412bug2d.html

**********

Debian updates

Debian has released a handful of updates for its kernel:

Kernel-image-2.4.17-hppa:

https://www.debian.org/security/2004/dsa-475

Kernel-image-2.4.17-hppa, kernel-image-2.4.18-hppa:

https://www.debian.org/security/2004/dsa-480

Kernel-source-2.4.17, kernel-patch-2.4.17-apus, kernel-patch-2.4.17-s390, kernel-image-2.4.17-s390:

https://www.debian.org/security/2004/dsa-482

Linux-kernel-2.4.17-ia64:

https://www.debian.org/security/2004/dsa-481

Linux-kernel-2.4.18-alpha+i386+powerpc:

https://www.debian.org/security/2004/dsa-479

Debian patches sysstat

The isag utility in sysstat does not properly create temporary files, which could be exploited by a local attacker to overwrite files on the affected system. For more, go to:

https://www.debian.org/security/2004/dsa-460

Debian issues patch for interchange

According to Debian, “A vulnerability was discovered recently in Interchange, an e-commerce and general HTTP database display system.  This vulnerability can be exploited by an attacker to expose the content of arbitrary variables. An attacker may learn SQL access information for your Interchange application and use this information to read and manipulate sensitive data.” For more, go to:

https://www.debian.org/security/2004/dsa-471

**********

Gentoo patches GNU automake

Automake, which generates ‘makefile.in’ files, could be vulnerable to a symbolic link attack. A user could exploit this to gain elevated privileges on the affected machine. For more, go to:

https://forums.gentoo.org/viewtopic.php?t=158992

Gentoo makes Heimdal fix available

According to an alert from Gentoo, “Heimdal contains cross-realm vulnerability allowing someone with control over a realm to impersonate anyone in the cross-realm trust path.” Sounds like a plot from the Matrix. For more, go to:

https://forums.gentoo.org/viewtopic.php?t=159355′

Scorched 3D server patches by Gentoo

A flaw in the Scorched 3D game server could be exploited in a denial-of-service attack against the affected machine. For more, go to:

https://forums.gentoo.org/viewtopic.php?t=159415

**********

Today’s roundup of virus alerts:

W32/Agobot-FZ – An IRC Trojan that spreads to machines via weakly protected network shares. It also attempts to disable various security-related applications running on the infected machine. (Sophos)

Troj/Webber-H – A two-part Trojan that uses a mass-mailer to spread and then downloads a password stealing application. (Sophos)

Troj/LdPinch-L – A password-stealing Trojan horse that also attempts to download malicious code from a remote site. (Sophos)

W32/Sdbot-HL – Yet another IRC Trojan that allows attackers access to the infected machine. It spreads via weakly-protected network shares. (Sophos)

W32/Agobot-GG – Like Agobot-FZ mentioned above, the virus uses IRC channels to allow attackers into the infected machine and attempts to disable security related applications. (Sophos)

**********

From the interesting reading department:

Attacks at universities raise security concerns

Malicious hackers in recent weeks have infiltrated computer systems at universities in the U.S. and worldwide, leading to questions about the security of scientific research data, according to an official at the National Science Foundation. IDG News Service, 04/14/04.

https://www.nwfusion.com/news/2004/0414attack.html?nl

Company warns of bugged spam messages

Hidden code in e-mail messages is increasingly being used to track the success of unsolicited commercial (“spam”) e-mail campaigns, according to a warning by an anti-spam technology company Tuesday. IDG News Service, 04/13/04.

https://www.nwfusion.com/news/2004/0413bugged.html?nl

Cisco releases WLAN security protocol

Cisco announced the availability of a protocol that’s designed to defeat brute-force dictionary attacks that capture users’ passwords in its wireless LAN products. The company urged end users and systems administrators to download the related patch from its Web site. Computerworld, 04/13/04.

https://www.nwfusion.com/news/2004/0413ciscorelea.html?nl

On Security: Let’s end pass-the-buck security

At InfowarCon in 1997, one of the first public debates was held on who should protect the private sector (an economic national security asset) from the “bad guys” – not just from hacking, but also international espionage and terrorism. There were two camps. One suggested that the government should take the protective lead. The other camp said, “No, keep the Feds out of my company. We’ll take care of ourselves.” Network World, 04/12/04.

https://www.nwfusion.com/columnists/2004/0412schwartau.html?nl

Mobile security start-up receives fresh funding

Mobile security vendor Senforce Technologies has reaped $12.4 million in its latest venture funding round. Network World Fusion, 04/14/04.

https://www.nwfusion.com/news/2004/0414senforce.html?nl

Microsoft bolsters executive ranks at security unit

Microsoft, as part of its battle against cybersecurity threats, is moving two senior executives to its security business and technology unit, the company said Monday. IDG News Service, 04/12/04.

https://www.nwfusion.com/news/2004/0412microbolst.html?nl