* Patches from RealNetworks, Debian, OpenPKG, others * Beware the first Trojan for Mac OS X * Security vendors bolster line of defense, and other interesting reading Today’s bug patches and security alerts:Another Cisco router/switch vulnerability reportedCisco this week warned users that a flaw in the VPN blade for its Catalyst 6500 switch could be used by net attackers to crash the device. Network World Fusion, 04/09/04.https://www.nwfusion.com/news/2004/0409cisvuln.html?nl Cisco advisory:https://www.nwfusion.com/go2/0412bug1a.html **********CERT warns of Internet Explorer vulnerabilityCERT has issued an advisory warning of potential cross-scripting vulnerability in the way Internet Explorer handles the ITS protocol. An attacker could exploit this to run arbitrary script on the affected machine. For more, including a workaround, go to:https://www.us-cert.gov/cas/techalerts/TA04-099A.html**********Flaw in Citrix MetaFrame Password Manager patched A vulnerability in Citrix MetaFrame Password Manager 2.0 could leave user credentials stored unencrypted on a local machine. An attacker could access and use the unprotected information to access network resources. For more, go to:https://support.citrix.com/kb/entry.jspa?entryID=4062**********RealNetworks player flaw patched RealNetworks has released an update for RealPlayer 8, RealOne Player, RealOne Player v2 for Windows that fixes a buffer overflow in one of its plug-ins. An attacker could run arbitrary code on the affected machine. The update can be found here:https://service.real.com/help/faq/security/040406_r3t/en/**********Heap overflow in WinampNGSSoftware is reporting a flaw in the way the popular Nullsoft Winamp loads certain metafiles could be exploited by an attacker to overwrite heap memory. By exploiting the flaw, the attacker could run arbitrary code on the affected machine. For more, go to:https://www.ngssoftware.com/advisories/winampheap.txtA fix is available in Winamp 5.03:https://www.winamp.com/player/**********Debian, OpenPKG patch squidA flaw in the way the squid proxy servers deals with access control lists could be exploited by an attacker to bypass authentication. For more, go to:Debian:https://www.debian.org/security/2004/dsa-474OpenPKG:https://www.openpkg.org/security/OpenPKG-SA-2004.008-squid.html**********Debian, OpenPKG release patch for tcpdumpA flaw in the way Tcpdump, a network monitoring tool, handles ISAKMP could be exploited to run arbitrary code on the affected machine. For more, go to:Debian:https://www.debian.org/security/2004/dsa-478OpenPKG:https://www.openpkg.org/security/OpenPKG-SA-2004.010-tcpdump.html**********OpenPKG issues shareutils fixA buffer overflow vulnerability has been found in the shareutils package for OpenPKG. The application does not properly bounds check a certain command line function. For more, go to:https://www.nwfusion.com/go2/0412bug1b.htmlOpenPKG releases Midnight Commands (mc) patchA flaw in the way Midnight Commands (mc) handles certain symlinks could be exploited to execute code on the affected machine. An attacker would have to package the code in a .tar.gz or a cpio file and get the user to open it. For more, go to:https://www.openpkg.org/security/OpenPKG-SA-2004.009-mc.htmlOpenPKG fetchmail implementation patchedA denial-of-service vulnerability has been found in fetchmail’s head rewrite code. An attacker could use this to crash the affected machine. Download the update here:https://www.nwfusion.com/go2/0412bug1c.html**********Mandrake Linux patches mplayerNot enough memory is allocated for the buffer that accepts a URL from the server when MPlayer makes a request. This could result in a heap overflow that could be exploited to run arbitrary code on the affected machine. For more, go to:https://www.nwfusion.com/go2/0412bug1d.htmlMadrake Linux fixes ipsec-tools flawThe “Racoon” utility in Mandrake Linux’s ipsec-tools package does not properly verify certain client signatures, potentially resulting in unauthorized access to the affected machine. For more, go to:https://www.nwfusion.com/go2/0412bug1e.html**********Today’s roundup of virus alerts:OS X Trojan horse is a nagThe first Trojan for Mac OS X is anything but, experts say, and Thursday’s warning from anti-virus company Intego was unnecessarily alarmist. By Leander Kahney. Wired, 04/09/04.https://www.wired.com/news/mac/0,2125,63000,00.htmlW32/SdBot-CM – A network worm that installs a backdoor Trojan on the infected machine. The Trojan can be used to install other malicious code, steal system information and run denial-of-service attacks against another machine. (Sophos)W32/Agobot-GA – Another Agobot variant that exploits weakly protected network shares to spread. The virus installs a backdoor accessible via IRC and disables certain security-related applications. (Sophos)**********From the interesting reading department:Expert releases Cisco wireless hacking toolOne day after it disclosed a security vulnerability in a wireless networking product, Cisco must contend with a new threat – the long-promised release of a hacking tool that targets wireless networks running its LEAP wireless authentication protocol. IDG News Service, 04/08/04.https://www.nwfusion.com/news/2004/0408expert.html?nlSecurity vendors bolster line of defenseIBM, Network Associates and Symantec each disclosed plans last week to beef up their security product lines to provide more defense for networks. Network World, 04/12/04.https://www.nwfusion.com/news/2004/0412mcafee.html?nlManagement Strategies: Gearing up for the CISSP examA Certified Information Systems Security Practitioner shares study tips for obtaining the hot certification. Network World, 04/12/04.https://www.nwfusion.com/careers/2004/0412man.html?nlSoftware enhances digital rights managementRights management vendor Liquid Machines last week released the latest version of its data-protection software that lets customers extend corporate document access controls to partners and suppliers. Network World, 04/12/04.https://www.nwfusion.com/news/2004/0412liquid.html?nlCybersecurity task force sparks debateA cybersecurity task force convened by a U.S. House subcommittee chairman released a series of recommendations this week, but some of the results created rifts between IT vendors and security advocates, including a request to allow IT purchasers to band together to dictate security standards to vendors. IDG News Service, 04/09/04.https://www.nwfusion.com/news/2004/0409cybertask.html?nlOASIS approves WS-Security Web services specWS-Security, a widely supported proposal for securing Web services, has been accepted by the Organization for the Advancement of Structured Information Standards (OASIS) as an official standard. IDG News Service, 04/08/04.https://www.nwfusion.com/news/2004/0408oasis.html?nl Related content news analysis Cisco, AWS strengthen ties between cloud-management products Combining insights from Cisco ThousandEyes and AWS into a single view can dramatically reduce problem identification and resolution time, the vendors say. By Michael Cooney Nov 28, 2023 4 mins Network Management Software Network Management Software Networking opinion Is anything useful happening in network management? Enterprises see the potential for AI to benefit network management, but progress so far is limited by AI’s ability to work with company-specific network data and the range of devices that AI can see. By Tom Nolle Nov 28, 2023 7 mins Generative AI Network Management Software brandpost Sponsored by HPE Aruba Networking SASE, security, and the future of enterprise networks By Adam Foss, VicePresident Pre-sales Consulting, HPE Aruba Networking Nov 28, 2023 4 mins SASE news AWS launches Cost Optimization Hub to help curb cloud expenses At its ongoing re:Invent 2023 conference, the cloud service provider introduced several new and free updates that are expected to help enterprises optimize their AWS costs. By Anirban Ghoshal Nov 28, 2023 3 mins Amazon re:Invent Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe