• United States

More on the Cisco IOS flaw

Jul 21, 20034 mins

* Patches from SGI, Debian, Trustix, others * Beware variants of the Kazaa worm * NetScaler upgrades SSL remote access, and other interesting reading

More on the Cisco IOS flaw that we reported on last week:

Attacks already exploiting Cisco IOS vulnerability

Security experts are warning that ready-made code which exploits a recently announced Cisco IOS software vulnerability is circulating and attacks using the exploit are taking place. IDG News Service, 07/18/03.

Link to Cisco advisory on the matter:

CERT advisory:

Foundstone SNScan v1.05 – tool for detecting the flaw:

Today’s bug patches and security alerts:

SGI patches IRIX login flaw

A flaw in the login code for IRIX 6.5 could result in a core dump and be lead to a root compromise on the affected machine. For more and a patch, go to:

SGI patches nsd flaw

Numerous vulnerabilities have been discovered in SGI IRIX Name Service Daemon (nsd). These flaws could be exploited in a denial-of-service attack. For more, go to:


Mandrake Linux updates kernel

A number of problems have been found in the Mandrake Linux kernel. The flaws could be exploited in a denial-of-service attack, to overwrite arbitrary files or steal sensitive information from the affected machine. For more, go to:


Debian patches overflows in traceroute-nanog

Debian’s traceroute-nanog, an enhanced traceroute application, contains buffer and integer overflow flaws. These vulnerabilities could be exploited to execute arbitrary code on the affected machine. For more, go to:

Debian releases fix for falconseye

Falconseye, a game for Debian Linux, is vulnerable to a buffer overflow that could give an attacker the privileges of ‘games’. For more, go to:


Trustix patches nfs-utils

A buffer overflow vulnerability has been found in the nfs-utils package, which provides a daemon for the kernel NFS server. An attacker could exploit the flaw in a denial-of-service attack, though it does not appear as if code could be executed. For more, go to:


Red Hat issues Mozilla update

A heap buffer overflow in Mozilla could be exploited by an attacker to run arbitrary code on the affected machine. For more, go to:


Conectiva patches ucd-snmp

A heap overflow has been found in Conectiva’s ucd-snmp tool snmpnetstat. An attacker with control of the SNMP server could exploit the flaw to run arbitrary code on the affected machine. For more, go to:

Connectiva fixes phpgroupware flaw

A cross-scripting vulnerability has been found in phpgroupware. An attacker could exploit this to gain sensitive information or change browser behavior via a specially crafted URL. For more, go to:


Today’s roundup of virus alerts:

W32/Gruel-B,C,D,E – All variants of the original W32/Gruel-A worm, which spreads via an e-mail message claiming to be a critical Windows update. The virus disables a number of Windows functions such as task manager and shutdown on the infected machine. (Sophos)

More on the original worm:

W32/Mapson-C – This virus spreads via IRC, e-mail and peer-to-peer networks. No word on the damage it causes. (Sophos)


From the interesting reading department:

Start-up sets stage for tighter security

Start-up Trusted Network Technologies is preparing an upgrade to its unique authentication and access-control offering that could prompt businesses to rethink their use of firewalls. Network World, 07/21/03.

Avaya’s new firewalls speak VoIP

Avaya this week is expected to launch several security gateways that promise to let customers more easily support IP phone calls through firewalls. Network World, 07/21/03.

NetScaler upgrades SSL remote access

Businesses have a new option for Secure Sockets Layer remote access equipment as NetScaler adds software to its Web-acceleration appliance. Network World, 07/21/03.

The You Issue

Your annual look at your job, salary, future and free time. Network World, 07/21/03.

Dell halts Axim shipments over software problem

Dell has halted shipments of its Axim PDAs after discovering a software glitch that affects users of PDAs shipped with Microsoft’s new Windows Mobile 2003 operating system. IDG News Service, 07/17/03.