• United States

New version of the Apache code released

Jul 14, 20034 mins

* Patches from Debian, OpenPKG * Beware more attempts to exploit weak or non-existent passwords to access the common network share ADMIN$ * Equant pushing IDS service, and other interesting reading

Today’s bug patches and security alerts:

New version of the Apache Server code

The Apache Software Foundation has released an update for the popular Apache Web server. Version 2.0.47 fixes four moderate vulnerabilities found in earlier releases. For more, go to:

Related vendor fix:



Debian patches teapop

A SQL-injection vulnerability has been found in teapop, a POP3 mail server for Debian Linux. The flaw could be exploited to run arbitrary SQL commands under the privileges of the database user teapop has authenticated. For more, go to:

Flaw in phpsysinfo patched by Debian

A flaw in phpsysinfo, a Web-based program to display status information about the system, could be exploited to read local files or execute arbitrary PHP commands on the affected machine. A patch for the problem is available. For more, go to:

New skk, ddskk packages available from Debian

The skk and ddskk packages, used for Kana to Kanji conversion, do not properly secure the temporary files that it uses. This could be exploited to overwrite arbitrary files on the affected machine. For more, go to:

Buffer overflow in Debian’s xbl patched

A buffer overflow in xbl could be exploited by a malicious user to gain the gid of the user “games”. for more, go to:


OpenPKG patches imagemagick

A flaw in the way imagemagick uses temporary files could be exploited by a malicious user to overwrite or create arbitrary files on the affected machine. For more, go to:

OpenPKG issues fix for infozip

A flaw in Version 5.50 and earlier of unzip/infozip could allow arbitrary files to be overwritten. This could allow malicious code to be placed on the affected machine. For more, go to:


Today’s roundup of virus alerts:

W32/Israz-A – An e-mail worm that spreads via its own SMTP engine. The worm also spreads via Kazaa. E-mail messages containing the virus look like support information from legitimate companies such as Yahoo or Microsoft. No word on any permanent damage caused. (Sophos)

App/ViewMov-A – Is not really a virus but a service offered by a company sending out links to comics. The applet does have a EULA that a user must agree to. (Sophos)

W32/Mofei-B – Another worm that attempts to exploit weak and a non-existent passwords on the network shares ADMIN$ and IPC$. The virus comes with a backdoor component as well that could allow an intruder access to the infected machine. (Sophos)

Troj/Migmaf-A – A Trojan horse that allows an external user to view objectionable Web sites via the infected machine. The infected machine is a reverse proxy in this case. (Sophos)

IRC.Sx2 – This Trojan horse is delivered by a variety of means and can be exploited to control the infected computer remotely. (Panda Software)

Graps – Another virus that attempts to connect to the common network share ADMIN$ via weak or non-existent passwords. A Trojan included with the virus allows an attacker access to the data on the infected machine. (Panda Software)

Ronoper.B – A virus spreading via e-mail and IRC channels, this virus shuts down all antivirus related processes on the infected machine. (Panda Software)


From the interesting reading department:

Boeing lets single sign-on project fly

Boeing last week made public the first phase of a standards-based identity management project that could serve as an industry model for integrating single sign-on access controls across business partners’ networks. Network World, 07/14/03.

Equant pushing IDS service

Equant last week announced a managed service that it says will address a major shortcoming of intrusion-detection systems: too many false alarms. Network World, 07/14/03.

NetScreen among firms adding IPv6 to firewalls

NetScreen, a maker of network security appliances, last week made available to existing customers a beta version of firewall and VPN software that supports IPv6. Network World, 07/14/03.