* Patches from Cisco, Mandrake Linux, Debian * Beware Blaster/LoveSan * Navy unifies its monitoring networks, and other interesting reading Pardon the pun, but I feel blasted. Looking for a little rest and relaxation while on vacation this week in Western Mass. I was called to duty to help eliminate this pesky Blaster/LoveSan/what-ever-you-want-to-call-it virus from a relative’s Windows XP machine.Every five minutes the machine was shutting down thanks to this latest pest making it difficult at best to grab the necessary information and files to purge the machine of this beast. Compounding the problem: a dial-up Internet connection. I used the Sophos Blaster FAQ page as my guide:https://www.sophos.com/support/disinfection/blastera.htmlOn the first attempt to download the Resolve cleaning program, the machine shutdown after 98% of the application was downloaded. Try two succeeded and the virus was cleaned… for about five minutes. Oh, and even though Norton Anti-Virus had the latest data files and could spot the infection, all it did was tell me it was there, but could do nothing about it. After hitting “ok” the same message just kept appearing. Real helpful. Trying to download the patch from Microsoft via Windows Update was a major pain because by the time the site figured out all the patches that this machine needed, the virus was back and the machine was shutting down. Renaming all the TFTP executables on the system did not stem the tide either. I am really surprised that I have hair left on my head. I followed all the recommended blocking steps (XP’s Internet Protection scheme) and disabling Distributed COM, which gave me just enough time to grab the patch I needed (went directly to the patch info page instead of through Windows Update), get installed and cleanse the machine one more time. Total time was 90-plus minutes.I can’t imagine what it was like for IT staffs battling an infection across hundreds of machines. Thankfully, I only had to deal with one. Some organizations have learned from past infections and put into place an aggressive protection scheme, they are the lucky ones. https://www.nwfusion.com/news/2003/0814atabos.htmlSome were not so lucky:https://www.nwfusion.com/go2/0811bug2a.htmlHopefully, most of you made it through the mess unscathed.For more on the virus:Update: Blaster worm infections spreading rapidly Network World, 08/12/03.https://www.nwfusion.com/news/2003/0812blastinfect.htmlSophos description of the virus and its variants:https://www.sophos.com/virusinfo/analyses/w32blastera.html https://www.sophos.com/virusinfo/analyses/w32blasterb.htmlhttps://www.sophos.com/virusinfo/analyses/w32rpcspybota.htmlJuly 16th advisory from Microsoft regarding the flaw that blaster exploits:https://www.microsoft.com/security/security_bulletins/ms03-026.aspCERT advisory:https://www.cert.org/advisories/CA-2003-20.htmlToday’s bug patches and security alerts:CERT warns of flaw in GNU Project FTP Server compromiseAccording to an alert from CERT, the primary FTP servers for the GNU Project maintained by the Free Software Foundation had a root compromise. Users downloading code from this and other related sites should watch for potential malicious code. For more, go to:https://www.cert.org/advisories/CA-2003-21.html**********Cisco patches CiscoWorks CMFAccording to an alert from Cisco, “Two vulnerabilities exist in CiscoWorks Common Management Foundation (CMF) versions prior to and including 2.1. The first vulnerability is a privilege escalation vulnerability where a guest user may obtain administrative privileges within the application via a specially crafted URL. The second vulnerability is an ability to run arbitrary commands on the CiscoWorks server due to an error in processing user input.” For more, go to:https://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml**********Mandrake Linux releases patch for postfixA new version of postfix, a mail transfer agent, is available that fix two vulnerabilities in older versions of the software. One flaw could be exploited in a denial-of-service (DoS) attack against the affected machine. Another flaw could be exploited to use postfix as a distributed DoS tool for launching attacks against random IP addresses. For more, go to:https://www.nwfusion.com/go2/0811bug2b.htmlMandrake Linux issues fix for PHPA number of vulnerabilities have been found in Mandrake Linux’s implementation of PHP. A couple flaws were found in the mail() function, which could be exploited to modify command line arguments. Another flaw could be used to insert malicious code into a Web page. For more, go to:https://www.nwfusion.com/go2/0811bug2c.html**********Debian patches xpcdA buffer overflow in Debian’s xpcd could be exploited by a local attacker to gain root privileges on the affected machine. For more, go to:https://www.debian.org/security/2003/dsa-368Debian issues fix for man-dbA previous patch for man-db did not properly fix the problem it was intended to solve. A new version of the patch is now available.https://www.debian.org/security/2003/dsa-364Debian warns of flaw in pam-pgsqlA vulnerability in the pam-pgsql module for Debian could be exploited by a malicious user to execute arbitrary code with the privileges of the application requesting PAM authentication. For more, go to:https://www.debian.org/security/2003/dsa-370Debian patches overflow in zblastA buffer overflow exists in the game zblast that can be triggered when saving a high score. A local user could exploit the flaw to gain the privileges of the “games” group. For more, go to:https://www.debian.org/security/2003/dsa-369**********Today’s roundup of virus alerts:W32/Randex-D – A Trojan horse that “listens” to a specific IP address for further instructions. The virus spreads via network shares with weak passwords. (Sophos)**********From the intersting reading department:Product Peek: WholeSecurity Confidence Online Enterprise EditionWholeSecurity’s Confidence Online provides a layer of protection for known and unknown Windows clients remotely connecting to your network. Network World, 08/11/03.https://www.nwfusion.com/reviews/2003/0811prodpeek.htmlNavy unifies its monitoring networksThe U.S. Navy has put its Naval Network Warfare Command in charge of monitoring the Navy’s hundreds of different networks used by more than 400,000 personnel around the world in order to detect security violations. Network World, 08/11/03.https://www.nwfusion.com/news/2003/0811navy.htmlSymantec set to release security appliance lineFulfilling a promise it made earlier in the year, Symantec will release next month a line of gateway security appliances, the Symantec Gateway Security Appliance 5400 Series. IDG News Service, 08/11/03.https://www.nwfusion.com/news/2003/0811symantec.html Related content how-to Doing tricks on the Linux command line Linux tricks can make even the more complicated Linux commands easier, more fun and more rewarding. By Sandra Henry-Stocker Dec 08, 2023 5 mins Linux news TSMC bets on AI chips for revival of growth in semiconductor demand Executives at the chip manufacturer are still optimistic about the revenue potential of AI, as Nvidia and its partners say new GPUs have a lead time of up to 52 weeks. By Sam Reynolds Dec 08, 2023 3 mins CPUs and Processors Technology Industry news End of road for VMware’s end-user computing and security units: Broadcom Broadcom is refocusing VMWare on creating private and hybrid cloud environments for large enterprises and divesting its non-core assets. By Sam Reynolds Dec 08, 2023 3 mins Mergers and Acquisitions news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Cloud Computing Networking Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe