More on the Cisco IOS flaw

More on the Cisco IOS flaw that we reported on last week:

Attacks already exploiting Cisco IOS vulnerability

Security experts are warning that ready-made code which exploits a recently announced Cisco IOS software vulnerability is circulating and attacks using the exploit are taking place. IDG News Service, 07/18/03.

https://www.nwfusion.com/news/2003/0718cisattacks.html

Link to Cisco advisory on the matter:

https://www.nwfusion.com/go2/0714bug2a.html

CERT advisory:

https://www.cert.org/advisories/CA-2003-15.html

Foundstone SNScan v1.05 – tool for detecting the flaw:

https://www.foundstone.com/resources/proddesc/snscan.htm

Today’s bug patches and security alerts:

SGI patches IRIX login flaw

A flaw in the login code for IRIX 6.5 could result in a core dump and be lead to a root compromise on the affected machine. For more and a patch, go to:

https://www.nwfusion.com/go2/0721bug1a.html

SGI patches nsd flaw

Numerous vulnerabilities have been discovered in SGI IRIX Name Service Daemon (nsd). These flaws could be exploited in a denial-of-service attack. For more, go to:

https://www.nwfusion.com/go2/0721bug1b.html

**********

Mandrake Linux updates kernel

A number of problems have been found in the Mandrake Linux kernel. The flaws could be exploited in a denial-of-service attack, to overwrite arbitrary files or steal sensitive information from the affected machine. For more, go to:

https://www.nwfusion.com/go2/0721bug1c.html

**********

Debian patches overflows in traceroute-nanog

Debian’s traceroute-nanog, an enhanced traceroute application, contains buffer and integer overflow flaws. These vulnerabilities could be exploited to execute arbitrary code on the affected machine. For more, go to:

https://www.debian.org/security/2003/dsa-348

Debian releases fix for falconseye

Falconseye, a game for Debian Linux, is vulnerable to a buffer overflow that could give an attacker the privileges of ‘games’. For more, go to:

https://www.debian.org/security/2003/dsa-350

**********

Trustix patches nfs-utils

A buffer overflow vulnerability has been found in the nfs-utils package, which provides a daemon for the kernel NFS server. An attacker could exploit the flaw in a denial-of-service attack, though it does not appear as if code could be executed. For more, go to:

https://www.nwfusion.com/go2/0721bug1d.html

**********

Red Hat issues Mozilla update

A heap buffer overflow in Mozilla could be exploited by an attacker to run arbitrary code on the affected machine. For more, go to:

https://rhn.redhat.com/errata/RHSA-2003-162.html

**********

Conectiva patches ucd-snmp

A heap overflow has been found in Conectiva’s ucd-snmp tool snmpnetstat. An attacker with control of the SNMP server could exploit the flaw to run arbitrary code on the affected machine. For more, go to:

https://www.nwfusion.com/go2/0721bug1e.html

Connectiva fixes phpgroupware flaw

A cross-scripting vulnerability has been found in phpgroupware. An attacker could exploit this to gain sensitive information or change browser behavior via a specially crafted URL. For more, go to:

https://www.nwfusion.com/go2/0721bug1f.html

**********

Today’s roundup of virus alerts:

W32/Gruel-B,C,D,E – All variants of the original W32/Gruel-A worm, which spreads via an e-mail message claiming to be a critical Windows update. The virus disables a number of Windows functions such as task manager and shutdown on the infected machine. (Sophos)

More on the original worm:

https://www.nwfusion.com/news/2003/0716kazaaworm.html

W32/Mapson-C – This virus spreads via IRC, e-mail and peer-to-peer networks. No word on the damage it causes. (Sophos)

**********

From the interesting reading department:

Start-up sets stage for tighter security

Start-up Trusted Network Technologies is preparing an upgrade to its unique authentication and access-control offering that could prompt businesses to rethink their use of firewalls. Network World, 07/21/03.

https://www.nwfusion.com/news/2003/0721trustednetworks.html

Avaya’s new firewalls speak VoIP

Avaya this week is expected to launch several security gateways that promise to let customers more easily support IP phone calls through firewalls. Network World, 07/21/03.

https://www.nwfusion.com/news/2003/0721avaya.html

NetScaler upgrades SSL remote access

Businesses have a new option for Secure Sockets Layer remote access equipment as NetScaler adds software to its Web-acceleration appliance. Network World, 07/21/03.

https://www.nwfusion.com/news/2003/0721netscaler.html

The You Issue

Your annual look at your job, salary, future and free time. Network World, 07/21/03.

https://www.nwfusion.com/you/2003/

Dell halts Axim shipments over software problem

Dell has halted shipments of its Axim PDAs after discovering a software glitch that affects users of PDAs shipped with Microsoft’s new Windows Mobile 2003 operating system. IDG News Service, 07/17/03.

https://www.nwfusion.com/news/2003/0717dellhalts.html