ISA Server Service Pack 2 released

Today’s bug patches and security alerts:

Microsoft releases Service Pack 2 for ISA Server 2000

A new service pack is available for Microsoft Internet Security and Acceleration (ISA) Server 2000 that includes all fixes to date for the system as well as some new updates that enhance security and stability. Microsoft urges all users to install SP2. For more, go to:

https://www.nwfusion.com/go2/0524bug2a.html

**********

FreeBSD patches msync

A cache consistency problem in msync could result in user changes not being committed to disk. FreeBSD has issued a fix for the problem:

https://www.nwfusion.com/go2/0524bug2b.html

**********

SuSE, Conectiva patch kdelibs

A flaw in kdelibs telnet URI handling could be exploited by an attacker to truncate or overwrite files on the affected system. For more, go to:

Conectiva:

https://www.nwfusion.com/go2/0524bug2c.html

SuSE:

https://www.suse.com/de/security/2004_14_kdelibs.html

**********

Conectiva patches Libneon:

A buffer overflow has been found in the Neon HTTP and WebDav clients. Fixes are available. For more, go to:

https://www.nwfusion.com/go2/0524bug2d.html

Conectiva releases mailman patch

Three flaws have been patched in the Conectiva mailman implementation. Two cross scripting vulnerabilities and password retrieval issue have been fixec. For more, go to:

https://www.nwfusion.com/go2/0524bug2e.html

**********

19 patches from Gentoo

Gentoo has issued a number of updates that past few weeks. For those that use the Linux variant, here they are:

Apache 1.3 – Multiple flaws:

https://forums.gentoo.org/viewtopic.php?t=178094

SquirelMail – Cross scripting vulnerabilities:

https://forums.gentoo.org/viewtopic.php?t=176067

Midnight Commands (MC) – Several buffer overflows/format string flaws:

https://forums.gentoo.org/viewtopic.php?t=178096

MySQL – Non-secure temporary files:

https://forums.gentoo.org/viewtopic.php?t=177773

Opera telnet – URI handling vulnerability:

https://forums.gentoo.org/viewtopic.php?t=177697

Firebird – Buffer overflow:

https://forums.gentoo.org/viewtopic.php?t=176732

Cadaver – Heap overflow:

https://forums.gentoo.org/viewtopic.php?t=175698

Subversion – Buffer overflow:

https://forums.gentoo.org/viewtopic.php?t=175681

Neon  – Heap overflow:

https://forums.gentoo.org/viewtopic.php?t=175676

CVS – Heap overflow:

https://forums.gentoo.org/viewtopic.php?t=175675

Icecast – DoS vulnerability

https://forums.gentoo.org/viewtopic.php?t=175282

ProFTPD – Bypass Access Control List:

https://forums.gentoo.org/viewtopic.php?t=175266

Pount – Format string vulnerability:

https://forums.gentoo.org/viewtopic.php?t=175183

Exim – Buffer overflow:

https://forums.gentoo.org/viewtopic.php?t=173594

Libpng  – DoS vulnerability:

https://forums.gentoo.org/viewtopic.php?t=173593

Utempter – Symlink flaw:

https://forums.gentoo.org/viewtopic.php?t=173046

OpenOffice.org – DAV server flaw:

https://forums.gentoo.org/viewtopic.php?t=172298

ClamAV – VirusEvent parameter vulnerability:

https://forums.gentoo.org/viewtopic.php?t=172264

LHa – Multiple vulnerabilities:

https://forums.gentoo.org/viewtopic.php?t=171339

**********

Today’s roundup of virus alerts:

W32/Agobot-JA – An Agobot variant that spreads via network shares and uses IRC to provide backdoor access. It also renames any file starting with “sound” and attempts to disable access to security-related Web sites. (Sophos)

W32/Agobot-JB – What is this, the one-millionth variant of Agobot? Like it’s predecessors this exploits network shares to spread and uses IRC to provide backdoor access to the infected machine. It kills security related applications, prevents access to security sites and can be used to sniff data. (Sophos)

Troj/Sdbot-BI – A Trojan horse that displays the message “‘Error-38427 A valid dll file was not found, Windows is now deleting file.” when it infects a system. The virus provides backdoor access via IRC and uses network shares to spread. (Sophos)

Troj/StartPa-AE – This Trojan horse changes the Internet Explorer start page each time the infected computer is booted. The malicious code could be dropped by another virus. (Sophos)

Troj/Adtoda-A – A virus that displays two messages on the infected screen warning of some sort of Microsoft penalty. The virus then freezes the machine, creating the need to reboot it. (Sophos)

W32/Francette-K – This virus acts as a backdoor, providing access via an IRC channel.  The virus spreads by exploiting machines already infected by MyDoom. (Sophos)

W32/Rbot-T – A keystroke-logging virus that also attempts to delete certain network shares. The virus spreads via network shares and uses IRC to provide backdoor access. It installs itself as NAVSCAN64.EXE in the Windows System folder. (Sophos)

**********

From the interesting reading department:

CA goes after patch management

Computer Associates Tuesday detailed products and services to couple vulnerability assessments with patch deployment and management. Network World Fusion, 05/25/04.

https://www.nwfusion.com/news/2004/0525capatch.html?nl

Microsoft outlines identity management roadmap

Microsoft this week laid out the roadmap for its identity management platform, including federation services that will ship next year and eventually provide Web single sign-on features. Network World Fusion, 05/25/04.

https://www.nwfusion.com/news/2004/0525msid.html?nl

CeBit: SyNet shows new security tools

Securing data and shared PCs is about to get easier: SyNet Electronics has announced two applications, Secure Send and PC-Keeper, for those tasks. PC World, 05/26/04.

https://www.nwfusion.com/news/2004/0526cebitus.html?nl

Network Associates readies updated security appliances

Network Associates next week will make available the beta version of its WebShield line of gateway security appliances, adding filtering controls to block inbound or outbound content, and set policy based on usage groups. Network World Fusion, 05/24/04.

https://www.nwfusion.com/news/2004/0524netassoc.html?nl

Can software patching be automated?

How speedily can software patching be done and whether the process in most instances can or should be automated. Network World Fusion, 05/24/04.

https://www.nwfusion.com/weblogs/security/005182.html?nl

Tech Ed: SQL Server getting security boosts

Microsoft at its Tech Ed conference in San Diego on Tuesday will tout plans to add data encryption to its SQL Server database and seek federal government security certification for the platform as well. InfoWorld, 05/25/04.

https://www.nwfusion.com/news/2004/0525techsql.html?nl

Viruses nip Russia after the Cold War

For all its disadvantages, the former Soviet Union had one hugely overlooked advantage: it kept hackers, crackers and virus writers confined inside the country by restricting their access to the Internet. IDG News Service, 05/25/04.

https://www.nwfusion.com/news/2004/0525virusnipr.html?nl

Secure coding attracts interest, investment

A new product from computer security firm @stake will help developers search computer code for errors, security holes andother flaws that malicious hackers can use to break applications – and break into computers. IDG News Service, 05/24/04.

https://www.nwfusion.com/news/2004/0524securcodin.html?nl