• United States

Microsoft, Cisco flaws patched

Jul 17, 20035 mins

* Patches from Red Hat, Debian, Microsoft, Cisco, others * Beware new worm that poses as a Microsoft patch * From the interesting reading department; Vendors can't wait for homeland security

Last week, I sent out a plea for help from a Fusion reader having problems with Windows 2002 SP4. You can read about the issue here:

Last week, I sent out a plea for help from a Fusion reader having problems with Windows 2002 SP4. You can read about the issue here:

A potential solution has been submitted by reader Charles Olin:

Don’t know if the individual has tried uninstalling SP4 & uninstalling SP3, then just do a fresh install of SP4 only.  Now this would be dependant upon if the user had selected the option to pack up previous SP installation. Let me know if this helps the individual.  Without much more detail on if the individual had backed up SP installations and further information it’s really hard to pin point.

Hope that works. Thanks Charles for your help.

Today’s bug patches and security alerts:

Microsoft warns of widespread Windows vulnerability

Microsoft warned customers about three new security flaws in Windows Wednesday, including a buffer overrun in the implementation of a common protocol that could give remote attackers total control over a Windows system. IDG News Service, 07/16/03.


Microsoft advisories:

ISA Server error:

CERT advisory on Windows RPC flaw:


CERT issues warning on Cisco IOS DoS vulnerability

All Cisco devices running IOS are vulnerable to a denial-of-service attack, according to an alert from CERT. The flaw could be exploited using a specially crafted IPv4 packet. When the device crashes, it will not trigger an alert or reboot on its own. For more, go to:

CERT advisory:

Cisco advisory:


Linux vendors patch nfs-utils DoS vulnerability

A buffer overflow vulnerability has been found in the nfs-utils package, which provides a daemon for the kernel NFS server. An attacker could exploit the flaw in a denial-of-service attack, though it does not appear as if code could be executed. For more, go to:

Red Hat:




Immunix (binary):


Red Hat patches xpdf

A vulnerability in xpdf could be exploited by a malicious user to run arbitrary commands on the affected machine. To exploit the flaw, the attacker has to embed commands into URLs in the PDF document. For more, go to:


Debian issues patch php4

Version 4.3.2 of php4, the popular scripting language for Web sites, is now available for Conectiva users. This release fixes a number of bugs and minor security flaws found in previous releases. For more, go to:


Conectiva issues fix for pam module

A flaw in the PAM authentication module could allow an attacker to gain superuser privileges. The attacker would need to trick a user into running the su command in order to steal their credentials. For more, go to:

Conectiva patches gnupg

According to an alert from Conectiva, “During the development of GnuPG 1.2.2, a bug has been found in the key validation code. This bug causes keys with more than one user ID to give all user IDs on the key the amount of validity given to the most-valid key. In this situation, GnuPG would not emit a warning when a low trust ID is used for encryption if that key also contains a trusted enough ID.” For more, go to:

Conectiva issues fix for mpg123

A flaw in mpg123, a command line MP3 player for Conectiva, could be exploited to run arbitrary code on the affected machine. For more, go to:


Today’s roundup of virus alerts:

New worm poses as Microsoft patch

Antivirus company TruSecure is warning users about a new e-mail worm that is beginning to spread on the Internet and over the Kazaa peer-to-peer network. IDG News Service, 07/16/03.

Troj/Ataka-E – Sophos describes this a “multicomponent IRC backdoor Trojan.” Doesn’t say what the Trojan allows access to or if it causes any permanent damage. (Sophos)

Troj/Golon-A – Another Trojan horse that creates a couple registry entries to ensure it runs each time the infected machine is started. (Sophos)

Troj/CMJSpy-B – A Trojan/key logging virus that installs itself as “WINGMT.EXE” in the Windows system folder. This virus tries to download components off the Internet and terminate certain processes. (Sophos)

W32/Coconut-A – This Word macro virus comes via an e-mail entitled “The Coconut Game” with an attachment called “coconut.exe”. It pops up a stupid game but does not seem to cause any permanent damage. (Sophos)

Troj/Webber-A – A password-stealing Trojan Horse that attempts to download functions from the Internet and sends out the information it steals via a CGI script to another Web address. (Sophos)


From the interesting reading department:

Vendors can’t wait for homeland security

Domestic security experts and representatives from technology companies Tuesday announced an industry coalition to protect the nation’s infrastructure of mainframe computers from cyber attacks. Network World, 07/15/03.