* Patches from Symantec, Trustix, Slackware, others * Red Hat closes out support for Red Hat Linux 9 * Redmond enlists security vendors to automate policy compliance, and other interesting reading Strange request of the week: A colleague of mine is writing an article for our annual You Issue about network managers that collect antiques in their spare time. If you fit the bill and are willing to be interviewed about your hobby, e-mail Brett Cough at bcough@nww.com.Today’s bug patches and security alerts:ISS reports Symantec firewall flawISS is reporting that vulnerabilities have been found in the DNS and NBNS (NetBIOS Name Service) protocol processing functions used by Symantec firewall products. An attacker could exploit the flaws to cause a buffer overflow and potentially gain kernel-level access on the compromised system. For more, go to: https://xforce.iss.net/xforce/alerts/id/176Official response from Symantec: https://www.nwfusion.com/go2/0517bug1a.htmlISS credits eEye with finding the flaws:Symantec Multiple Firewall Remote DNS KERNEL Overflowhttps://www.eeye.com/html/Research/Advisories/AD20040512D.htmlSymantec Multiple Firewall NBNS Response Processing Stack Overflowhttps://www.eeye.com/html/Research/Advisories/AD20040512A.html Symantec Multiple Firewall DNS Response Denial-of-Servicehttps://www.eeye.com/html/Research/Advisories/AD20040512B.htmlSymantec Multiple Firewall NBNS Response Remote Heap Corruptionhttps://www.eeye.com/html/Research/Advisories/AD20040512C.html **********Critical 802.11 wireless flaw identifiedA serious wireless network technology flaw that could lead to the breakdown of some critical infrastructures in just 5 seconds has been identified by Queensland University of Technology’s (QUT) Information Security Research Centre, a finding that is likely to have worldwide ramifications. Computerworld, 05/13/04.https://www.nwfusion.com/news/2004/0513critical.html?nl**********Slackware, Trustix patch ApacheA couple of vulnerabilities have been found in the popular Apache Web server code. One could be used in a denial-of-service attack against the affected machine. Another could be used to send shell escape commands via Apache’s errorlog. For more, go to:Slackware:https://www.nwfusion.com/go2/0517bug1b.htmlTrustix:https://www.trustix.org/errata/2004/0027/**********Red Hat closes out support for Red Hat Linux 9As of April 30, Red Hat is no longer supporting its Red Hat Linux 9 (or previous) operating system. It released a flurry of updates on the last day of support:Utempter symlink vulnerability:https://rhn.redhat.com/errata/RHSA-2004-175.htmlLibpng out-of-bounds error:https://rhn.redhat.com/errata/RHSA-2004-181.htmlPatch for OpenOffice’s neon:https://rhn.redhat.com/errata/RHSA-2004-163.htmlSeveral flaws in Midnight Commander (mc):https://rhn.redhat.com/errata/RHSA-2004-173.htmlFour vulnerabilities in LHA:https://rhn.redhat.com/errata/RHSA-2004-179.htmlPotential arbitrary code execution in X-Chat:https://rhn.redhat.com/errata/RHSA-2004-177.htmlDoS flaw in httpd’s mod_ssl package:https://rhn.redhat.com/errata/RHSA-2004-182.html**********Trustix patches kernelAn integer overflow in the SCTP code found in Trustix’s kernel could be exploited by a local user to gain root access. For more, go to:https://www.trustix.org/errata/2004/0029/**********SuSE updates Midnight Commander (mc):A number of vulnerabilities have been found in the file manager system Midnight Commander (mc). The flaws could be exploited by a local user to gain the privileges of the user running mc. For more, go to:https://www.suse.com/de/security/2004_12_mc.html**********Today’s roundup of virus alerts:Wallon worm uses Yahoo, Microsoft to spreadAnti-virus software companies issued warnings and software updates on Tuesday and Wednesday for a new worm, Wallon, that uses deceptive Web links to Yahoo.com to trick users into downloading malicious programs. IDG News Service, 05/13/04.https://www.nwfusion.com/news/2004/0513walloworm.html?nlNew worm targets Sasser code flawA new Internet worm is spreading by exploiting a flaw in the Sasser worm, according to an alert issued Thursday. The new worm, tentatively named Dabber, takes advantage of a vulnerability in an FTP server component in the Sasser worm and may have infected thousands of computers infected with Sasser. IDG News Service, 05/13/04.https://www.nwfusion.com/news/2004/0513newworm.html?nlW32/Agobot-ZH — Another Agobot variant that spreads via network shares protected by weak passwords. The virus provides backdoor access to the infected machine via IRC and terminates certain anti-virus applications. (Sophos)W32/Agobot-JI — A multi-purpose Agobot variant that spreads via weakly protected network shares. In addition to being a backdoor access point and disabling security applications and access to security Web sites, the virus can also sniff certain network traffic and be used to launch denial-of-service attacks against remote sites. (Sophos)W32/Sdbot-IK –Like some of the Agobot worms, this Sdbot variant spreads via weakly protected network shares, installing itself in the Windows System directory with the names wnetmgr.exe and cool.exe. This virus allows backdoor access via IRC, terminates certain security applications and attempts to redirect browser requests for security-related Web sites. (Sophos)Troj/StartPa-AE — A virus that changes various Internet Explorer attributes each time the infected machine is started. (Sophos)W32/Spybot-TA — Like the name implies, this virus can be used as a keylogger and a backdoor access channel via IRC. It also disables certain security-related applications running on the infected machine. It seems to spread via Kazaa and other filesharing networks. (Sophos)Troj/Agent-A — Here’s what Sophos says about this virus: “Troj/Agent-A is a BMP file that downloads an executable to C:sys.exe.” (Sophos)W32/Sober-G — A new variant of the Sober mass mailing worm. It uses harvested e-mail address and random subject and infected file names to spread. Most infected files though end in “.zip”. (Sophos)**********From the interesting reading department:Redmond enlists security vendors to automate policy complianceMicrosoft is working with anti-virus vendors to ensure that in the future its software will be able to verify a user’s desktop is secure and updated anti-virus signatures are in place before granting access to corporate resources. Network World, 05/17/04.https://www.nwfusion.com/news/2004/0517mssecurity.html?nlTechnology Insider: Web application securityIn this Technology Insider, we’ll show you how to protect your Web apps from tricky maneuvers like SQL injection, cross-scripting, cookie poisoning and authentication hijacking. Network World, 05/17/04.https://www.nwfusion.com/techinsider/2004/0517techinsider.html?nlAre you 133t?One-time hacker slang now ridiculed by all except those who use it. Network World, 05/17/04.https://www.nwfusion.com/news/2004/0517widernetleet.html?nlBluetooth’s sprawl heightens security concernsMichael Ciarochi used to see Bluetooth as just a convenient way to hook up a keyboard to a laptop or PDA at HomeBanc Mortgage, where he’s senior WAN/security engineer. That was until he got a shipment of new laptops as part of a planned technology upgrade. Much to his surprise, each system came with a built-in Bluetooth radio, creating what he says amounted to a hidden window into any sensitive or confidential data that might be stored on the laptops’ hard drives. Network World, 05/17/04.https://www.nwfusion.com/news/2004/0517bluetooth.html?nlStart-up reveals NIC-styled encryptionStart-up Seclarity last week unveiled a security-based network interface card called SiNic that customers can use for peer-to-peer encryption and firewall protection for desktops and servers. Network World, 05/17/04.https://www.nwfusion.com/news/2004/0517seclarity.html?nlFurther Sasser arrests but no charges in GermanyPolice in Lower Saxony, Germany, arrested five young men on Tuesday in connection with the Sasser Internet worm but all have been released without charge, a police spokesman said Thursday. IDG News Service, 05/13/04.https://www.nwfusion.com/news/2004/0513furthsasse.html?nl Related content news Broadcom to lay off over 1,200 VMware employees as deal closes The closing of VMware’s $69 billion acquisition by Broadcom will lead to layoffs, with 1,267 VMware workers set to lose their jobs at the start of the new year. By Jon Gold Dec 01, 2023 3 mins Technology Industry Mergers and Acquisitions news analysis Cisco joins $10M funding round for Aviz Networks' enterprise SONiC drive Investment news follows a partnership between the vendors aimed at delivering an enterprise-grade SONiC offering for customers interested in the open-source network operating system. By Michael Cooney Dec 01, 2023 3 mins Network Management Software Network Management Software Network Management Software news Cisco CCNA and AWS cloud networking rank among highest paying IT certifications Cloud expertise and security know-how remain critical in building today’s networks, and these skills pay top dollar, according to Skillsoft’s annual ranking of the most valuable IT certifications. Demand for talent continues to outweigh s By Denise Dubie Nov 30, 2023 7 mins Certifications Certifications Certifications news Mainframe modernization gets a boost from Kyndryl, AWS collaboration Kyndryl and AWS have expanded their partnership to help enterprise customers simplify and accelerate their mainframe modernization initiatives. By Michael Cooney Nov 30, 2023 4 mins Mainframes Cloud Computing Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe