* Patches from Debian, Mandrake Linux, Slackware, others * Beware new minmail variant * Task force issues more cybersecurity goals, and other interesting reading Today’s bug patches and security alerts:Experts warn of TCP vulnerabilityInternet security experts Tuesday warned of a serious security vulnerability in the TCP, a critical communications protocol used on the majority of computer networks in the world, according to an advisory from the U.K.’s National Infrastructure Security Co-Ordination Centre (NISCC). IDG News Service, 04/20/04.https://www.nwfusion.com/news/2004/0420experwarn.html?nl CERT advisory:https://www.us-cert.gov/cas/techalerts/TA04-111A.html ISS alert:https://xforce.iss.net/xforce/alerts/id/170NetBSD advisory:https://www.nwfusion.com/go2/0419bug2a.htmlSGI advisory:https://www.nwfusion.com/go2/0419bug2b.html **********Cisco warns of more critical software holesCisco warned its customers about two critical security holes that affect almost every product the company makes. The vulnerabilities could be used by malicious hackers to create so-called “denial-of-service” attacks, causing Cisco products to abruptly restart or drop active connections with other devices. IDG News Service, 04/21/04.https://www.nwfusion.com/news/2004/0421ciscowarns.html?nl Cisco warns of hijack code for VPN gear, Network World Fusion, 04/20/04.https://www.nwfusion.com/news/2004/0420ciswarn.html?nlCERT IOS SNMP advisory:https://www.us-cert.gov/cas/techalerts/TA04-111B.htmlCisco non-IOS TCP advisory:https://www.nwfusion.com/go2/0419bug2c.htmlCisco IOS TCP advisory:https://www.nwfusion.com/go2/0419bug2d.htmlCisco SNMP Message Processing advisory:https://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml**********More CVS patches availableA flaw in CVS, a version control system for Linux, could be exploited by an attacker to overwrite arbitrary files on the affected machine. For more, go to:Debian:https://www.debian.org/security/2004/dsa-486Slackware:https://www.nwfusion.com/go2/0419bug2e.html**********Mandrake Linux, Slackware patch utempterUtempter’s shared library is vulnerable to a symlink attack that could be used to overwrite arbitrary files. For more, go to:Mandrake Linux:https://www.nwfusion.com/go2/0419bug2f.htmlSlackware:https://www.nwfusion.com/go2/0419bug2g.html**********Slackware patches tcpdumpA flaw in the way Tcpdump, a network monitoring tool, handles ISAKMP could be exploited to run arbitrary code on the affected machine. For more, go to:https://www.nwfusion.com/go2/0419bug2h.html**********Red Hat releases kernel patchA new kernel update is available for that fixes a number of minor vulnerabilities is previous releases. For more, go to:https://rhn.redhat.com/errata/RHSA-2004-166.html**********NetBSD patches OpenSSLTwo vulnerabilities in OpenSSL could be exploited in a denial-of-service against the affected machine. For more, go to:https://www.nwfusion.com/go2/0419bug2i.html**********Today’s roundup of virus alerts:W32/Sdbot-CP – A worm that spreads via weakly protected network shares and uses IRC to listen for commands from a remote attacker. The virus also terminates security-related applications on the infected machine. (Sophos)W32/Zafi-A – A worm that spreads via e-mail and collects URLs typed into Internet Explorer. The virus only spreads in April 2004 and on May 1, will display a message on the infected machine’s screen. (Sophos)Troj/Loony-E – Another virus that infects machines and allows backdoor access via IRC. (Sophos)W32/Agobot-ZY – Like some of its predecessors, this version of Agobot spreads via weakly protected network shares and uses IRC to allow backdoor access to the infected machine. (Sophos)W32/Agobot-QF – Similar to Agobot-ZY above, this worm spreads via network shares, uses IRC to allow backdoor access and attempts to disable security-related applications running on the infected machine. (Sophos)W32/Agobot-EV – A different variant of the Agobot worm. This one spreads via peer-to-peer networks and uses TCP to accept remote commands. The virus also sniffs network traffic and can be used as a denial-of-service attack drone. It also attempts to steal software keys from popular games. (Sophos)W32/Blaster-G – A variant of the Blaster worm that attempts to exploit a Windows DCOM RPC vulnerability. The virus resets the IE start page on the infected machine. (Sophos)Troj/DDosSmal-B – This Trojan horse is designed to run a denial-of-service attack against a remote Web site. No word on how it spreads though. (Sophos)W32/Mimail-V – A new Mimail variant that spreads via e-mail, network shares and file sharing networks. In addition to allowing backdoor access, the virus terminates anti-virus applications and any copies of the Bagle worm running on the infected machine. (Sophos)Netsky-V, X, Y and Z – Four new variants of the Netsky worm. All spread via e-mail and are designed to run denial-of-service attacks against specific Web sites. (Sophos, Panda Software)MyDoom.J – Spreads via e-mail and peer-to-peer networks, exploiting a DLL used by the Bugbear.B worm. MyDoom.J opens notepad and displays junk characters on the infected machine. (Panda Software)**********From the interesting reading department:Task force issues more cybersecurity goalsIT vendors should improve default security settings in their products, a committee of the National Cyber Security Partnership Task Force (NCSP) said in a set of recommendations it has released on technical standards. IDG News Service, 04/19/04.https://www.nwfusion.com/news/2004/0419taskforce.html?nlWS-Security receives official blessing from OASISWeb Services Security 1.0, the foundation specification for creating a security infrastructure around Web services, officially became a standard Monday, paving the way for corporate adoption. Network World Fusion, 04/19/04.https://www.nwfusion.com/news/2004/0419wssec.html?nlPasswords revealed by sweet dealMore than 70% of people would reveal their computer password in exchange for a bar of chocolate, a survey has found. BBC News, 04/20/04.https://news.bbc.co.uk/1/hi/technology/3639679.stmTeenager comes to Microsoft’s aidA teenage computer whiz from Aberdeen has averted a potential crisis at software giant Microsoft. BBC News, 04/15/04.https://news.bbc.co.uk/1/hi/scotland/3630649.stm Related content news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Cloud Computing Networking news Gartner: Just 12% of IT infrastructure pros outpace CIO expectations Budget constraints, security concerns, and lack of talent can hamstring infrastructure and operations (I&O) professionals. By Denise Dubie Dec 07, 2023 4 mins Network Security Data Center Industry feature Data centers unprepared for new European energy efficiency regulations Regulatory pressure is driving IT teams to invest in more efficient servers and storage and improve their data-center reporting capabilities. By Maria Korolov Dec 07, 2023 7 mins Enterprise Storage Enterprise Storage Enterprise Storage news analysis AMD launches Instinct AI accelerator to compete with Nvidia AMD enters the AI acceleration game with broad industry support. First shipping product is the Dell PowerEdge XE9680 with AMD Instinct MI300X. By Andy Patrizio Dec 07, 2023 6 mins CPUs and Processors Generative AI Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe