• United States

Apple releases Mac OS X security update

Jun 12, 20034 mins

* Patches from SGI, Debian, others * Beware worm that spreads via ADMIN$ and IPC$ network shares * Microsoft to kill popular Linux antivirus product, and other interesting reading

Today’s bug patches and security alerts:

Apple releases Mac OS X security update

Two vulnerabilities have been fixed in Apple’s Mac OS X. One flaw in the Apple File Service could be exploited to overwrite arbitrary files. The second flaw involves passwords being sent in cleartext when logging on via Kerberos on an LDAPv3 server. For more, go to:


Vulnerability in Netware HTTP Stack patched

The HTTP stack used in NetWare 6 is vulnerable to an “ABEND” (abnormal end) when it receives a modified TCP keep-live request. A patch is available. For more, go to:


SGI patches webmin

A flaw in the IRIX Web setup package (webmin) from SGI could allow unauthorized remote access to the applications. A fix is available. For more, go to:


Debian, Mandrake Linux update kernel packages

A number of vulnerabilities have been fixes in new kernel updates from Debian and Mandrake Linux. Users should update their kernel implementations as soon as possible. For more, go to:


Mandrake Linux:


Debian patches xaos

According to an alert from Debian, “XaoS, a program for displaying fractal images, is installed setuid root on certain architectures in order to use svgalib, which requires access to the video hardware.  However, it is not designed for secure setuid execution, and can be exploited to gain root privileges. For more, go to:


OpenPKG patches gzip

A flaw in the way GNU Zip’s (gzip) znew command creates temporary files could be exploited in a symlink attack against the affected machine. For more, go to:


Immunix patches teTeX

A number of potential vulnerabilities and bugs in teTeX have been patched by Immunix. Updates can be downloaded from:


@Stake warns of flaw in Nokia GGSN (IP650 Based)

According to an alert from @Stake, “There exists a vulnerability in the TCP stack that allows an attacker to cause the GGSN to kernel panic and shutdown. This potentially allows an attacker to crash all data connectivity within a GPRS based network.” For more, go to:


Today’s roundup of virus alerts:

W32/Mapson-A – A virus that spreads via e-mail and peer-to-peer file-sharing networks. The virus sends itself to email addresses found in the infected machine’s MSN Messenger contact list. It also displays random messages on the infected machine’s screen. (Sophos)

Win32.Mofei.B – This worm spreads via ADMIN$ and IPC$ network shares. The worm acts as a back door Trojan horse for attackers to exploit. (Computer Associates)

W32/Backzat-K – A worm that spreads in the form a .scr file via mIRC, AIM95 and the KaZaA file-sharing network. No word on any permanent damage cause. (Sophos)

W32/Jeefo-A – A worm that creates a couple registry entries to ensure it runs on a computer’s restart. No word on permanent damage caused. (Sophos)


From the interesting reading department:

Microsoft still certifying leaky drivers, firm says

Months after promising to tighten up its procedures for certifying third-party software drivers, Microsoft is still giving the green light to network interface card (NIC) drivers that leak sensitive user information from machines running Windows Server 2003, according to a prominent security company. IDG News Service, 06/09/03.

Related NGSSoftware advisory:

Microsoft to buy Romanian antivirus company

Microsoft Tuesday announced it is buying Bucharest, Romania-based antivirus software vendor GeCAD Software for an undisclosed price, triggering speculation from analysts that Microsoft has its eye on competing directly in the antivirus market. Network World Fusion, 06/10/03.

Microsoft to kill popular Linux antivirus product

The RAV product line will be discontinued after Microsoft completes the acquisition of the technology, Microsoft said. GeCAD, which claims its products protect over 10 million users worldwide, will support current customers through the end of their contracts, Microsoft said. IDG News Service, 06/11/03.

Quantum leap for secret codes

British researchers say they are close to producing an off-the-shelf system that exploits quantum physics to create a secure communications channel. BBC News, 06/05/03.

Unisys suite aims to detect criminal patterns

A new family of products and services from Unisys is designed to make it possible for financial institutions to detect more complex kinds of fraud and spot identity theft and money laundering schemes earlier. IDG News Service, 06/10/03.