• United States

ISA Server Service Pack 2 released

May 27, 20046 mins

* Patches from FreeBSD, SuSE, others * Beware yet more variants of Agobot * CA goes after patch management, and other interesting reading

Today’s bug patches and security alerts:

Microsoft releases Service Pack 2 for ISA Server 2000

A new service pack is available for Microsoft Internet Security and Acceleration (ISA) Server 2000 that includes all fixes to date for the system as well as some new updates that enhance security and stability. Microsoft urges all users to install SP2. For more, go to:


FreeBSD patches msync

A cache consistency problem in msync could result in user changes not being committed to disk. FreeBSD has issued a fix for the problem:


SuSE, Conectiva patch kdelibs

A flaw in kdelibs telnet URI handling could be exploited by an attacker to truncate or overwrite files on the affected system. For more, go to:


Conectiva patches Libneon:

A buffer overflow has been found in the Neon HTTP and WebDav clients. Fixes are available. For more, go to:

Conectiva releases mailman patch

Three flaws have been patched in the Conectiva mailman implementation. Two cross scripting vulnerabilities and password retrieval issue have been fixec. For more, go to:


19 patches from Gentoo

Gentoo has issued a number of updates that past few weeks. For those that use the Linux variant, here they are:

Apache 1.3 – Multiple flaws:

SquirelMail – Cross scripting vulnerabilities:

Midnight Commands (MC) – Several buffer overflows/format string flaws:

MySQL – Non-secure temporary files:

Opera telnet – URI handling vulnerability:

Firebird – Buffer overflow:

Cadaver – Heap overflow:

Subversion – Buffer overflow:

Neon  – Heap overflow:

CVS – Heap overflow:

Icecast – DoS vulnerability

ProFTPD – Bypass Access Control List:

Pount – Format string vulnerability:

Exim – Buffer overflow:

Libpng  – DoS vulnerability:

Utempter – Symlink flaw: – DAV server flaw:

ClamAV – VirusEvent parameter vulnerability:

LHa – Multiple vulnerabilities:


Today’s roundup of virus alerts:

W32/Agobot-JA – An Agobot variant that spreads via network shares and uses IRC to provide backdoor access. It also renames any file starting with “sound” and attempts to disable access to security-related Web sites. (Sophos)

W32/Agobot-JB – What is this, the one-millionth variant of Agobot? Like it’s predecessors this exploits network shares to spread and uses IRC to provide backdoor access to the infected machine. It kills security related applications, prevents access to security sites and can be used to sniff data. (Sophos)

Troj/Sdbot-BI – A Trojan horse that displays the message “‘Error-38427 A valid dll file was not found, Windows is now deleting file.” when it infects a system. The virus provides backdoor access via IRC and uses network shares to spread. (Sophos)

Troj/StartPa-AE – This Trojan horse changes the Internet Explorer start page each time the infected computer is booted. The malicious code could be dropped by another virus. (Sophos)

Troj/Adtoda-A – A virus that displays two messages on the infected screen warning of some sort of Microsoft penalty. The virus then freezes the machine, creating the need to reboot it. (Sophos)

W32/Francette-K – This virus acts as a backdoor, providing access via an IRC channel.  The virus spreads by exploiting machines already infected by MyDoom. (Sophos)

W32/Rbot-T – A keystroke-logging virus that also attempts to delete certain network shares. The virus spreads via network shares and uses IRC to provide backdoor access. It installs itself as NAVSCAN64.EXE in the Windows System folder. (Sophos)


From the interesting reading department:

CA goes after patch management

Computer Associates Tuesday detailed products and services to couple vulnerability assessments with patch deployment and management. Network World Fusion, 05/25/04.

Microsoft outlines identity management roadmap

Microsoft this week laid out the roadmap for its identity management platform, including federation services that will ship next year and eventually provide Web single sign-on features. Network World Fusion, 05/25/04.

CeBit: SyNet shows new security tools

Securing data and shared PCs is about to get easier: SyNet Electronics has announced two applications, Secure Send and PC-Keeper, for those tasks. PC World, 05/26/04.

Network Associates readies updated security appliances

Network Associates next week will make available the beta version of its WebShield line of gateway security appliances, adding filtering controls to block inbound or outbound content, and set policy based on usage groups. Network World Fusion, 05/24/04.

Can software patching be automated?

How speedily can software patching be done and whether the process in most instances can or should be automated. Network World Fusion, 05/24/04.

Tech Ed: SQL Server getting security boosts

Microsoft at its Tech Ed conference in San Diego on Tuesday will tout plans to add data encryption to its SQL Server database and seek federal government security certification for the platform as well. InfoWorld, 05/25/04.

Viruses nip Russia after the Cold War

For all its disadvantages, the former Soviet Union had one hugely overlooked advantage: it kept hackers, crackers and virus writers confined inside the country by restricting their access to the Internet. IDG News Service, 05/25/04.

Secure coding attracts interest, investment

A new product from computer security firm @stake will help developers search computer code for errors, security holes andother flaws that malicious hackers can use to break applications – and break into computers. IDG News Service, 05/24/04.