• United States

CERT warns of attacks

Aug 04, 20035 mins

* Patches from Novell, FreeBSD, Debian others * Beware a new file-killing virus that hits on the 19th * Concerns mount over possible big Net attack, and other interesting reading

Today’s bug patches and security alerts:

CERT warns of attacks, new holes in Windows

The CERT Coordination Center has received reports of widespread attacks using a recently disclosed security vulnerability and a previously unknown security hole in Microsoft’s Windows operating system, the center said Thursday in an advisory. IDG News Service, 08/01/03.

Read the CERT advisory:


Novell warns of flaw in GroupWise WebAccess

According to an alert from Novell, “When wireless phone users login to GroupWise WebAccess the userid and password are recorded in the Web server’s access_log file.” A workaround is available, and a permanent fix can be obtained by installing GroupWise WebAccess 6.5 SP1. For more, go to:


FreeBSD patches realpath

A flaw in FreeBSD’s realpath function could be exploited by sending a path name that is 1,024 characters long through the function. Any application that calls the function could be susceptible to a denial-of-service attack or an attacker could run arbitrary code. For more, go to:


Debian patches sup

According to an alert from Debian, “sup, a package used to maintain collections of files in identical versions across machines, fails to take appropriate security precautions when creating temporary files. A local attacker could exploit this vulnerability to overwrite arbitrary files with the privileges of the user running sup.” For more, go to:

Debian releases fix for xconq

A buffer overflow in the xconq game for Debian could be exploited by a malicious user to gain the “games” privileges. For more, go to:

Debian issues patch for xtokkaetama

A buffer overflow vulnerability in xtokkaetama, a game for Debian, could be exploited by a malicious user to gain the privileges of “games”. For more, go to:

Cross scripting flaw in Debian’s gallery

Gallery, a PHP-based photo album, contains a cross-scripting vulnerability that could be used to run JavaScript code against the affected machine. For more, go to:


Flaw found in Konqueror

KDE is warning of a vulnerability in Konqueror, in which authentication credentials may be sent to unintended third parties in clear text. An unauthorized user may be able to gain access to a password-protected site by exploiting this flaw. For more, go to:

Mandrake Linux:



Vendors release patch for wuftpd

An off-by-one bug has been found in the popular Washington University FTP Server daemon (wufptd). An attacker could exploit this flaw to gain root privileges on the affected server. For more, go to:

Red Hat:



Mandrake Linux:


Conectiva releases Perl patch

A cross-scripting vulnerability has been found in the Perl module. A fix is available from Conectiva. For more, go to:


Today’s roundup of virus alerts:

Bat/Boohoo-A — This worm spreads via network shares with poor password protection. The virus generates a random range of IP addresses to scan for potential hosts. The virus will delete log files on the infected machine as well as disconnect a range of mapped drives. (Sophos)

W32/Mimail-A — This one got through to my mailbox the other day. Fortunately, I knew better than to open it. It pretends to be from your domain’s administrator account and claims a problem with your password. The infected attachment is called “”. (Sophos, ISS X-Force, Panda Software, CA)

Numan — A file-killing virus that spreads via Kazaa and the mIRC chat application. On the 19th of any month, the virus deletes all .sys, .com and .dll files in the Windows System directory and attempts to delete the directories of anti-virus applications. (Panda Software)

Enegg — An e-mail virus that comes as one of three attachments: “cynthia.exe”, “serial.exe” or “huevos-cartoons.exe”. The virus deletes anti-virus application directories and overwrites the files cmd.exe, msconfig.exe and sysedit.exe. (Panda Software)

Lerok — An e-mail virus that comes with the subject line “Mandar SMS Gratis!” and an attachment called “smssender.exe”. (Panda Software)


From the interesting reading department:

Concerns mount over possible big Net attack

Security experts warn that a recently disclosed security vulnerability in Microsoft’s Windows operating system may soon be used by a powerful Internet worm that could disrupt traffic on the Internet and affect millions of machines worldwide. IDG News Service, 08/01/03.

Hackers set up shop in state agency’s server

Hackers had made a state agency’s network their old Kentucky home before being discovered by auditors, who revealed the incident publicly last week. Network World, 08/04/03.

WLAN security: Users face complex challenges

Best practices in WLAN security hinge on your specific security needs and the technologies you choose to satisfy those needs. Network World, 08/04/03.

IPSec VPN alternatives gain ground

Vendors say Secure Sockets Layer gear now can connect remote users to corporate networks as if they were on the LAN, just like IP Security gear does, but without having to install permanent VPN clients on remote machines. Network World, 08/04/03.