* Patches from Cisco, Microsoft, Red Hat, others * Beware latest variant of Gruel virus family * Kentucky state auditor says hackers infiltrated agency network, and other interesting reading Today’s bug patches and security alerts:Cisco patches Aironet wireless vulnerabilitiesNetwork hardware giant Cisco released a software patch and warned customers on Monday about two security holes that affect some editions of the Aironet wireless access point. IDG News Service, 07/29/03.https://www.nwfusion.com/news/2003/0729ciscopatch.html Get the Cisco patch:https://www.nwfusion.com/go2/0728bug2a.html **********Microsoft fixing another faulty patchMicrosoft Tuesday acknowledged that a recent security patch is causing problems on machines running the Windows NT 4.0 operating system. IDG News Service, 07/30/03.https://www.nwfusion.com/news/2003/0730microfixin.htmlPatch in question:https://www.microsoft.com/technet/security/bulletin/MS03-029.asp **********Red Hat releases updated openssh packagesA flaw in the openssh PAM authentication module could be exploited to determine if an account name is valid or not. An attacker could use this information to narrow the focus of an attack against a target machine. For more, go to:https://rhn.redhat.com/errata/RHSA-2003-222.html Red Hat patches semiSemi, a MIME library for emacs, contains a vulnerability in the way it utilizes temporary files. This could be exploited to run arbitrary code on the affected machine. For more, go to:https://rhn.redhat.com/errata/RHSA-2003-234.html**********SGI patches IRIX nsdA vulnerability in the name services daemon (nsd) for SGI IRIX could be exploited to gain root access on the affected machine. A fix is available. For more, go to:https://www.nwfusion.com/go2/0728bug2b.html**********Conectiva issues Apache patchA denial-of-service vulnerability in the Apache Web server code for Conectiva has been fixed as well as a few other minor bugs. For more, go to:https://www.nwfusion.com/go2/0728bug2c.htmlConectiva patches mnogosearch buffer overflowA pair of buffer overflow vulnerabilities have been found in Conectiva’s mnogosearch. Both flaws could be exploited to run arbitrary commands on the affected Web server. For more, go to:https://www.nwfusion.com/go2/0728bug2d.html**********SCO releases Samba update for OpenServerSCO has patched a flaw in the Samba implementation for OpenServer that could be exploited by an anonymous user to gain root privileges. For more, go to:ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.13**********Today’s roundup of virus alerts:W32/Gruel-M – Yet another variant of the Gruel virus family. Spreads via e-mail disguised as a virus alert notice and can change passwords and lock the infected system. (Sophos)W32/Cidu-A – This virus, written in Delphi, attempts to overwrite .exe files on the infected machine, open the CD tray, disable the task bar and replace desktop icons. (Sophos)W32/Randon-R – A network worm that exploits weak or non-existent passwords on network shares to spread. The virus drops a number of files on the infected machine. (Sophos)**********From the interesting reading department:Kentucky state auditor says hackers infiltrated agency networkHackers, apparently from outside the U.S., have made one Kentucky state agency’s computer network their old Kentucky home, according to Kentucky’s state auditor. Network World Fusion, 07/30/03.https://www.nwfusion.com/news/2003/0730kentucky.htmlExploit code posted for Windows holeSeveral independent coding groups have posted code on the Internet that can allow hackers to exploit a previously disclosed vulnerability in Microsoft’s Windows operating system. IDG News Service, 07/28/03.https://www.nwfusion.com/news/2003/0728exploit.htmlRelated ISS utility:https://www.iss.net/support/product_utilities/ms03-026rpc.phpDell’s Axim patch delayedDell missed a self-imposed deadline to post a fix on its support Web site for the performance problems that have plagued the Windows Mobile 2003 versions of its Axim handheld. The company had quietly posted an FTP link to the patch Wednesday, but pulled that file after some users were able to discover a way to upgrade their Pocket PC 2002 operating systems without a license, a Dell spokeswoman said. IDG News Service, 07/30/03.https://www.nwfusion.com/news/2003/0730dellaxim.htmlSecure Computing buys content-filter companySecure Computing Tuesday announced it has agreed to acquire Seattle-based N2H2, a maker of Web-based content-filtering products Bess and Sentian, which can be integrated with Cisco firewalls and the Cisco Content Engine. Network World Fusion, 07/29/03.https://www.nwfusion.com/news/2003/0729seccomp.html Related content news AWS launches Cost Optimization Hub to help curb cloud expenses At its ongoing re:Invent 2023 conference, the cloud service provider introduced several new and free updates that are expected to help enterprises optimize their AWS costs. By Anirban Ghoshal Nov 28, 2023 3 mins Amazon re:Invent Events Industry how-to Getting started on the Linux (or Unix) command line, Part 4 Pipes, aliases and scripts make Linux so much easier to use. By Sandra Henry-Stocker Nov 27, 2023 4 mins Linux news AI partly to blame for spike in data center costs Low vacancies and the cost of AI have driven up colocation fees by 15%, DatacenterHawk reports. By Andy Patrizio Nov 27, 2023 4 mins Generative AI Data Center news Nvidia’s made-for-China chip delayed due to integration issues: Report Nvidia’s AI-focused H20 GPUs bypass US restrictions on China’s silicon access, including limits on-chip performance and density. By Sam Reynolds Nov 24, 2023 4 mins CPUs and Processors Generative AI Technology Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe