• United States

Another Apache flaw

May 29, 20036 mins

* Patches from Microsoft, Red Hat, SCO others * Top 10 viruses reported in April * Microsoft creates new group to clean its coding act, and other interesting reading

Today’s bug patches and security alerts:

Apache group issues update, warns of security hole

For the second time in as many months, the Apache Software Foundation (ASF) released an updated version of the popular open source Web server software, only to warn users of a critical security hole in previous versions of the software that the update patches. The new version of Apache, 2.0.46, was described as “principally a security and bug fix release” in a bulletin released by the open source organization Wednesday. IDG News Service, 05/28/03.


Related patch:

Red Hat:


Microsoft patches up IIS, Windows Media Services

Microsoft Wednesday released two security bulletins, warning of security holes in its Web server software and in Windows Media Services affecting various versions of the Windows operating system. The Redmond, Wash., vendor released a cumulative patch for its IIS Web server software, a component of Windows NT 4.0, Window 2000 and Windows XP. The patch includes earlier patches for the Web server as well as four new fixes, Microsoft said in Bulletin MS03-018. IDG News Service, 05/29/03.


Microsoft’s Windows Media Services advisory:

Microsoft yanks update after glitch discovered

Microsoft has pulled an update to security software from its Web site after some users who downloaded the code saw their Internet connections go down. A “handful” of users had problems after installing the update to Microsoft’s IPSec software because of the way it interacted with some third-party software, according to a Microsoft statement. IDG News Service, 05/28/03.


Red Hat issues kernel patch for Enterprise Linux

Updated kernel code for Red Hat’s Enterprise Linux is now available and fixes a number of security vulnerabilities in previous releases. One flaw could be exploited to corrupt data on the affected machine. For more, go to:

Red Hat releases updated up2date and rhn_register clients

New versions of the up2date and rhn_register clients for Red Hat Enterprise Linux are now available. The new releases fix a number of bugs in previous versions. For more, go to:

Red Hat patches flaw in CUPS

A flaw in CUPS, a print spooler, for Red Hat Linux could be exploited in a denial-of-service flaw against the affected machine. For more, go to:


SuSE patches glibc

A overflow vulnerability in the xdrmem_getbytes() function that’s part of the XDR RPC library (which is part of glibc) could be exploited to run arbitrary code on the affected machine. For more, go to:


Conectiva issues patch for BitchX

A flaw in BitchX, an IRC client, could be exploited by an attacker to write outside the buffer boundaries causing a denial-of-service. The vulnerability could also be exploited to run arbitrary code on the affected machine. For more, go to:

Conectiva patches netpbm

A “math overflow” vulnerability has been found in netpbm, a library of functions and tools for manipulating certain image formats. The flaw could be exploited by a malicious user using a specially crafted image. The exploit could be used in a denial-of-service attack or to potentially execute arbitrary code on the affected machine. For more, go to:


Authentication bypass found in Axis network camera

Core Security Technologies has found a means of bypassing the authentication system to the Web interface in Axis network video cameras. Using a double slash (“//”) after the camera’s IP address in a URL will drop the user directly into the Web interface. For more and links to the appropriate download for you camera, go to:


SCO patches squid buffer overflow

According to an alert from SCO, “Vulnerability in Squid related to proxy authentication credentials may allow remote web sites to obtain the user’s proxy login and password. FTP proxy in Squid does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.” Squid running on SCO’s OpenServer product is vulnerable. For more, go to:


Flaw found in Kazaa and iMesh codes

FastTrack, the underlying network that helps peer-to-peer services Kazaa and iMesh, contains a vulnerability that could be exploited to run arbitrary code on an affected machine. Kazaa and iMesh are both issuing fixes for the problem. For more, go to:


Today’s roundup of virus alerts:

Nothing new to report today. Instead, we bring you the Top 10 viruses reported in April, according to Sophos:

1.  W32/Klez-H

2.  W32/Lovgate-E

3.  W32/Bugbear-A

4.  W32/Sobig-A

5.  W32/ElKern-C (tie)

5.  W32/Yaha-E (tie)

5.  W32/Yaha-K (tie)

8.  JS/NoClose

9.  W32/Flcss

10. Dial/Datemake-A


From the interesting reading department:

Microsoft creates new group to clean its coding act

Microsoft is expanding its security business unit with a group that will establish new software development processes and create tools for its programmers so that future Microsoft products will have fewer security flaws, a Microsoft executive said. IDG News Service, 05/29/03.

Symantec to provide DOD with threat info

Adding a twist to the notion of “public private partnerships,” a deal between Symantec and the Department of Defense will provide the U.S. government with intelligence gathered from the Cupertino, Calif., company’s DeepSight threat and vulnerability alert services. IDG News Service, 05/27/03.

Juniper adds security

Juniper Networks this week unveiled enhancements to its routers designed to scale security services across its product line and throughout a Juniper-equipped network. The Edge, 05/28/03.

Op-Ed: Leveraging security offerings

As security becomes more than just firewalls and antivirus software, network managers need to look beyond the usual list of security providers. Answers to security problems increasingly can be found in savvy start-ups that are leveraging their security expertise in today’s insecure world. Network World, 05/26/03.