• United States

Four WebLogic flaws fixed

Apr 19, 20044 mins

* Patches from BEA, FreeBSD, Trustix, others * Beware latest variant of the Lovegate worm * Security holes force firms to rethink coding processes, and other interesting reading

Today’s bug patches and security alerts:

BEA releases patch for four WebLogic flaws

A set of patches is available from BEA that fix four flaws in its WebLogic Server and WebLogic Express application. The flaws could be exploited to impersonate a user on the system, expose passwords and gain unauthorized administrator access. For more, go to:

Security Advisory BEA04-52.00:

Security Advisory BEA04-53.00:

FreeBSD patches cvs

A flaw in CVS, a version control system for Linux, could be exploited by an attacker to overwrite arbitrary files on the affected machine. For more, go to:


Trustix kernel patch available

A new kernel update is available from Trustix that fixes four flaws in previous releases. The most serious could be exploited to gain root access on the affected machine. For more, go to:


OpenPKG issues MySQL patch

A couple of scripts that ship with MySQL could be exploited in a symlink attack to overwrite arbitrary files on the affected machine. For more, go to:

OpenPKG patches Ethereal

A number of vulnerabilities have been found in the Ethereal protocol analyzer, which could be exploited to crash the application or potentially run arbitrary code on the affected machine. For more, go to:

OpenPKG releases neon fix

A format string vulnerability has been found in the Neon HTTP and WebDAV client library. A fix is available. For more, go to:


Macromedia patches ColdFusion MX 6.1

According to an advisory from Macromedia, “ColdFusion MX 6.1 is vulnerable to a denial of service attack if a malicious user repeatedly uploads files and interrupts each upload before it completes.” For more, go to:


Today’s roundup of virus alerts:

Zafi.A – A worm that spreads via e-mail with a ZIP attachment. The virus terminates security related applications running on the infected machine, leaving it exposed to future attacks. (Panda Software)

W32/Agobot-GP – A network worm that spreads via weakly protected network shares. The virus connects to an IRC server to allow attackers backdoor access to the infected machine. (Sophos)

Troj/Badparty-A – This virus pops up a message asking the user to hit “ok” to begin installing a party invitation application. The virus then tries to destroy the hard drive’s FAT. (Sophos)

W32/Lovgate-V – Another variant of the Lovegate worm family that spreads via e-mail, network shares and file-sharing networks. The virus drops a backdoor on the infected machine. It also attempts to terminate security-related applications running on the machine. (Sophos)

Troj/Loony-E – A backdoor Trojan that allows attackers access to the infected machine via IRC. (Sophos)


From the interesting reading department:

Security holes force firms to rethink coding processes

Microsoft’s issuance last week of 14 security patches raised fears that worm-based attacks would follow and sparked discussion on how to better build code. Network World, 04/19/04.

Users ponder Microsoft security plans

Microsoft should retrofit older software with new security enhancements it plans to release later this year and add more support and better reporting features to its forthcoming patch-management tools, according to users attending at a stop on the company’s current 20-city Security Summit road show. Network World, 04/19/04.

Quantum crypto coming to light

Quantum cryptography, a technology that uses photons to encrypt communications over fiber-optic lines and the air, is starting to come out of the laboratory and into commercial use. Network World, 04/19/04.

Symantec tackling integrated management

Symantec went on tour last week to promote its plan for a converged security, systems and storage management system. Network World, 04/19/04.

NetScreen goes modular

NetScreen Technologies last week rolled out a firewall/VPN box with a modular design for adding new security functions. Network World, 04/19/04.

EarthLink finds rampant spyware, trojans

Internet service provider EarthLink and Webroot Software released a report on Thursday that said an average of almost 28 spyware programs are running on each computer. More serious, Trojan horse or system monitoring programs were found on more than 30% of all systems scanned, raising fears of identity theft. IDG News Service, 04/15/04.