Another Blaster-like vulnerability

It wouldn’t be a Thursday without a security release from Microsoft.

On a more serious note, my thoughts and prayers to everyone on this second anniversary of the 9/11 terrorist attacks.

Today’s bug patches and security alerts:

Blaster II? Microsoft warns of new security holes

Only weeks after the appearance of the Blaster worm, Microsoft released a software patch for still more holes similar to those Blaster exploited. The three new vulnerabilities are all rated “critical” and could be used by a remote attacker to take control of vulnerable systems, installing programs or changing data stored on a hard drive, Microsoft said on Wednesday. IDG News Service, 09/10/03.

https://www.nwfusion.com/news/2003/0910blastii.html

Microsoft advisory: Buffer overrun in RPCSS service could allow code execution:

https://www.microsoft.com/technet/security/bulletin/MS03-039.asp

CERT advisory:

https://www.cert.org/advisories/CA-2003-23.html

**********

WinAmp flaw found

A buffer overflow has been found in the midi module for WinAmp 2.91 and 3.0. The flaw could be exploited to run arbitrary code on machine running WinAmp 2.91 or to crash machines running version 3.0. No patch is available yet from NullSoft, so users are advised to play midi files with another application until one is available. For more, go to:

https://www.nwfusion.com/go2/0908bug2a.html

**********

Buffer overflow vulnerability in pine

iDefense has found a couple of buffer problems in the pine e-mail client. Both of the flaws could be exploited to run arbitrary code on the affected machine. Pine Version 4.58 fixes the problem. For more, go to:

iDefense advisory:

https://www.idefense.com/advisory/09.10.03.txt

How to obtain Pine updates:

https://www.washington.edu/pine/getpine/

Red Hat update:

https://rhn.redhat.com/errata/RHSA-2003-273.html

Slackware update:

https://www.nwfusion.com/go2/0908bug2b.html

**********

Red Hat patches flaw in GtkHTML

Red Hat is reporting a flaw in GtkHTML, the HTML rendering engine for the Evolution e-mail reader. A user could get the application to point to a null pointer, causing the system to crash. For more, go to:

https://rhn.redhat.com/errata/RHSA-2003-264.html

**********

SCO releases Samba update for OpenServer

A flaw in SCO’s Samba implementation for OpenServer could be exploited by a remote user to gain root access to the affected machine. The updated binaries can be found here:

ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.13

**********

Today’s roundup of virus alerts:

W32/Blaxe-A – A worm that spreads via peer-to-peer networks using a number of different filenames. Looks like the most damage it causes is to overwrite the .exe files in the directory of the P2P application. (Sophos)

**********

From the interesting reading department:

Hackers jump through holes in Microsoft patch

Security experts are warning Microsoft customers about silent Internet attacks that exploit a security flaw in the Internet Explorer Web browser, potentially allowing remote attackers to run malicious code on vulnerable machines. IDG News Service, 09/08/03.

https://www.nwfusion.com/news/2003/0908hackejump.html

Study: ISPs should block ‘Net attack ports

Internet service providers should take security matters into their own hands by blocking access to communications ports on their customers’ computers which are commonly exploited by Internet worms and other malicious programs, according to a SANS Institute report. IDG News Service, 09/08/03.

https://www.nwfusion.com/edge/news/2003/0908studyisps.html

Sobig’s success prompts calls for secure e-mail

Even seasoned antivirus experts hadn’t seen anything like the Sobig-F e-mail worm: Within hours of its release on Aug. 19,it created a million copies of itself and was spreading worldwide, shattering speed records set by earlier viruses. IDG News Service, 09/09/03.

https://www.nwfusion.com/news/2003/0909sobigs.html

Sobig’s wake is Sobig

Although the Sobig virus is still worming its way around the network, causing headaches for IT organizations, already thoughts are turning to the lessons learned. And at some companies that may mean a separation of church and state or rather: work and home. Network World Web Business Newsletter, 09/04/03.

https://www.nwfusion.com/newsletters/ecomm/2003/0901ecom2.html

Romanian man to be charged in Blaster release

A Romanian man will be charged with violating that country’s cybercrime laws by releasing a version of the W32.Blaster Internet worm, according to a source involved in the investigation. IDG News Service, 09/10/03.

https://www.nwfusion.com/news/2003/0910romanian.html

‘Homeless hacker’ Lamo surrenders to feds

Computer hacker Adrian Lamo surrendered Tuesday morning to U.S. Marshals at the federal courthouse in Sacramento, Calif., according to an FBI spokeswoman. IDG News Service, 09/09/03.

https://www.nwfusion.com/news/2003/0909homeless.html

In computer security, a bigger reason to squirm

Despite the brochures and educational Web sites that the antivirus industry churns out, some experts fear that many users will never alter their surfing habits. New York Times, 09/07/03.

https://www.nytimes.com/2003/09/07/technology/07WORM.html