• United States

Tivoli, WebSphere flaws

Jun 07, 20045 mins

* Patches from NetBSD, Gentoo, others * Beware new worm that targets Microsoft vulnerabilities * Identity management takes on new shape, importance, and other interesting reading

Today’s bug patches and security alerts:

IBM products vulnerable

According to a Panda Software advisory, “IBM has reported that some of its products are vulnerable to ‘credential impersonation’ attacks, based on capturing the details of legitimate users.” This impacts a number of Tivoli and WebSphere applications. For more, go to:


Linksys router flaw not as bad as first thought

We reported late last week that the Web-based administration console for the Linksys WRT54G Wireless G router could still be available via ports 80 and 440 on the WAN connection even if that option is disabled. This is only the case if the built-in firewall (enabled by default) is also turned off. Linksys has released a Beta firmware upgrade that fixes the issue, but those that have the firewall turned on with their existing firmware should not be vulnerable. I tested the firewall-enabled theory and it works. The new firmware can be downloaded from:


Windows 2000 domain issue fixed

A flaw in Windows 2000 could let users with expired passwords into the system if the Fully Qualified Domain Name (FQDN) has eight characters. A fix is available. For more, go to:;en-us;830847


Opera “phishing” vulnerability

Like many Web browsers, Opera allows shortcut icons that help visually identify a site by logo. However, the browser excepts icons with larger widths, which could be used to obscure the URL of the current site. This could be exploited to redirect users to phishing sites that look like legitimate operations. For more, go to:


NetBSD patches cvs vulnerability

A heap overflow in the cvs version control system could be remotely exploitable. A fix is available for NetBSD users with the application installed:


Gentoo issues two neon-related patches

A number of format string and heap overflow vulnerabilities have been found in neon, a WebDAV and HTTP client used by multiple applications. Two different patches are available from Gentoo related to the neon:



Gentoo patches MPlayer, xine-lib

A flaw in the way MPlayer and xine-lib handle RTSP media streams could result in a remotely exploitable buffer overflow. For more, go to:


Mandrake Linux releases patch for krb5

According to Mandrake Linux, “Multiple buffer overflows exist in the krb5_aname_to_localname() library function that if exploited could lead to unauthorized root privileges.” For more, go to:


Today’s roundup of virus alerts:

New worm targets two Microsoft vulnerabilities

Anti-virus software companies are warning customers about a new e-mail worm that targets unpatched Microsoft Windows machines with either of two recently disclosed software vulnerabilities. The new worm, known as both “Plexus” and “Explet.A,” was first detected on Wednesday and spreads by exploiting Windows machines with vulnerabilities used by two recent worms, Sasser and Blaster. IDG News Service, 06/04/04.

W32/Korgo-A – A virus that attempts to exploit the Microsoft LSASS vulnerability. It scans for other infected hosts and contains a backdoor component that could allow more malicious code to be uploaded to the infected machine. (Sophos)

W32/Korgo-D – A Korgo variant that exploits the LSASS vulnerability, scans for potential IP addresses to infect and uploads the information to a set of IRC servers. The virus also deletes “ftpupd.exe” and tries to disable certain anti-virus applications. (Sophos)

W32/Agobot-JM – Another Agobot variant that exploits a number of Microsoft Windows vulnerabilities, all of which have patches available. This variant terminates security-related applications and prevents access to anti-virus Web sites. It also tries to steal application keys for certain popular programs. (Sophos)


From the interesting reading department:

Review: McAfee’s low-end AV management tool shines

We take a quick look at McAfee Security’s ProtectionPilot 1.0 management console. Network World, 06/07/04.

Tech Update: WSS protects SOAP messages

The Web Services Security specification defines mechanisms to protect messages designed for use with Web services. Network World, 06/07/04.

Management Strategies: Worth the wait

Security clearances take more than a year to obtain, but federal IT work pays well. Network World, 06/07/04.

Identity management takes on new shape, importance

Driven by network security concerns, regulatory legislation and cost savings, identity management is climbing the corporate importance meter. Network World, 06/07/04.

Start-up picks up bad behaviors

Start-up Determina makes its debut this week with server-based intrusion-prevention system software that blocks attacks – such as buffer overflows often seen with computer worms such as Blaster and Sasser – that can compromise corporate computers. Network World, 06/07/04.

Vendors offer tools to control, secure WLANs

Newbury Networks and ActivCard respectively this week will roll out tools to let customers better manage and secure their wireless networks. Network World, 06/07/04.

Netegrity updates eProvision product

Identity management software company Netegrity last week unveiled IdentityMinder eProvision 4.0, with improved workflow features that let administrators create and manage policies for extending or curtailing user access to network resources and applications. Network World, 06/07/04.

DataPower, Reactivity add to their XML security line

Amid the growing corporate interest in Web services-based infrastructures, DataPower and Reactivity this week will introduce upgrades designed to help users boost XML security. Network World, 06/07/04.