Mac OS X patches

Today’s bug patches and security alerts:

OS X patch ‘not enough’ – experts

Internet security firm Secunia is critical of the security software update Apple released Friday evening. Secunia director and CEO Niels Henrik Rasmussen contacted Macworld UK this morning to warn that his company doesn’t believe Apple’s fix has gone far enough. MacWorld UK, 05/24/04.

https://www.macworld.co.uk/news/main_news.cfm?NewsID=8736

Links to the Apple updates:

Mac OS X 10.3.3 “Panther” and Mac OS X 10.3.3 Server:

https://www.nwfusion.com/go2/0524bug1a.html

Mac OS X 10.2.8 “Jaguar” and Mac OS X 10.2.8 Server:

https://www.nwfusion.com/go2/0524bug1b.html

**********

SGI patches kernel

SGI has releases “SGI ProPack 3:Kernel Update #1” to fix four different flaws. For more, go to:

https://www.nwfusion.com/go2/0524bug1c.html

**********

NetBSD patches systrace

A flaw in the NetBSD systrace_exit() function could be exploited by a local use to gain root access. For more, go to:

https://www.nwfusion.com/go2/0524bug1d.html

**********

Debian releases fix for cadaver

A flaw in neon, an HTTP and WebDav client library that’s part of cadaver, could lead to a buffer overflow. For more, go to:

https://www.debian.org/security/2004/dsa-507

Debian issues patch for heimdal

A flaw in Debian’s heimdal, a free implementation of Kerberos 5, could be exploited to cause “unexpected behavior” on the affected machine. For more, go to:

https://www.debian.org/security/2004/dsa-504

Debian patches mah-jong

A vulnerability in the mah-jong game for Debian could be exploited by any connected client to crash the affected game server. For more, go to:

https://www.debian.org/security/2004/dsa-503

**********

OpenPKG patches rsync

Versions of rsync prior to 2.6.1 to not properly sanitize paths during read/write operations. An attacker could exploit this to write files outside the authorized area. For more, go to:

https://www.openpkg.org/security/OpenPKG-SA-2004.025-rsync.html

**********

Mandrake Linux updates kernel

A new kernel update from Mandrake Linux fixes a number of minor vulnerabilities from previous releases. For more, go to:

https://www.nwfusion.com/go2/0524bug1e.html

Mandrake Linux releases Apache update

Four vulnerabilities in the popular Web server software have been fixed with this release. The most serious of the flaws could have been exploited to bypass certain security restrictions. For more, go to:

https://www.nwfusion.com/go2/0524bug1f.html

Mandrake Linun fixes flaw in passwd

A memory leak and a flaw in password lengths has been patched by Mandrake Linux. For more, go to:

https://www.nwfusion.com/go2/0524bug1g.html

Mandrake Linux issues libuser patch

A flaw in the libuser library could be exploited to crash applications linked to the library or to write four gigabytes of useless data to the affected machine’s hard drive. For more, go to:

https://www.nwfusion.com/go2/0524bug1h.html

**********

Today’s roundup of virus alerts:

OF97/Exedrop-C – A Microsoft Office virus that drops an unnamed Trojan horse on the infected machine. (Sophos)

W32/Agobot-IY – An Agobot variant that spreads via network shares and uses IRC to provide backdoor access to the infected machine. The virus installs itself as “DVRCONF.EXE” in the Windows System directory and disables certain security applications. It can be used to sniff for passwords and launch denial-of-service attacks against remote sites. (Sophos)

W32/Bobax-C – This Bobax variant exploits the same Microsoft Windows LSASS vulnerability as the Sasser worm. It’s main function is to act as a mail relay for sending spam. (Sophos)

Troj/Dloader-IU – According to Sophos, “Troj/Dloader-IU is a downloader Trojan that copies a file from the website technalytics.net to a file in the Windows system folder named TMPFLE.EXE and executes it.” (Sophos)

Kibuv.A – Like Bobax, Kibuv imitates the Sasser worm by exploiting the LSASS vulnerability in Windows. No word on what damage this miscreant can cause. (Panda Software)

**********

From the interesting reading department:

Microsoft scrambling to secure Web services

Microsoft this week is scheduled to plug a major gap in its perimeter security software by integrating a partner’s XML filtering and acceleration technology into its firewall and caching server. The move is designed to let corporate users secure the flow. Network World, 05/24/04.

https://www.nwfusion.com/news/2004/0524microsoft.html?nl

Review: Breaking through IP telephony

In tests, Avaya and Cisco attempt to strut VoIP security stuff. Network World, 05/24/04.

https://www.nwfusion.com/reviews/2004/0524voipsecurity.html?nl

Experts disagree about seriousness of IOS code theft

While the FBI and Cisco scrambled last week to recover source code stolen from the network giant, expert opinion differs about how serious a threat the incident is for corporate customers. Network World, 05/24/04.

https://www.nwfusion.com/news/2004/0524ciscoios.html?nl

Core Security unwraps security-test tool

Core Security Technologies this week updated Core Impact, its security penetration-test tool for desktops and servers that lets customers run a series of exploits to determine how far into corporate resources a hacker could burrow. Network World, 05/24/04.

https://www.nwfusion.com/news/2004/0524core.html?nl

Sygate’s new devices batten down net endpoints

Sygate this week is announcing new hardware that can discover unauthorized devices on networks and check known devices periodically to ensure they are functioning and continue to comply with security policies. Network World, 05/24/04.

https://www.nwfusion.com/news/2004/0524sygate.html?nl

Hackers penetrate global finance firms

Hackers have succeeded in compromising networks within most multinational financial institutions during the last year, a survey claims. Vnunet.com, 05/19/04.

https://www.vnunet.com/news/1155258