• United States

More patch management suggestions

Sep 15, 20035 mins

* Patches from SuSE, Conectiva, Debian, others * Beware Trojan spreading via e-mail entitled "Fraudulent escrow service" * Organizations scramble to patch Microsoft flaws, and other interesting reading

Here’s another suggested patch management solution. Reader Frank Kistner writes:

Get Microsoft to enter into a partnership agreement with AOL (Geez, what am I saying…) such that AOL includes all Microsoft patches on the CDs that AOL mails to ‘x’ million households every year.  This could actually be a valuable service to those people who would otherwise simply throw the CDs away, and to those people who have only dial-up internet access.

Another option would be for Microsoft to enter into a partnership agreement with major computer stores (Best Buy, CompUSA, etc) whereby the computer stores would operate a ‘patch kiosk’.  Microsoft could make a machine that looks and works much like an ATM – you put in a blank CD, pay a few dollars, answer a few questions (e.g. what operating system do you have?) and get all of the latest Microsoft patches.

I like some of Frank’s ideas. Expanding his second suggestion, a store such as Best Buy, CompUSA or even Walmart could sell those handy little USB drives that a user takes home, plugs into his machine and has all his system information downloaded to it. The drive is brought back into the store, plugged into the kiosk, where the system information is analyzed. All the necessary patches and updates could then be downloaded back to the USB drive and taken home for installation. Granted, if you’ve got a high-speed line, this a moot point. But there are still a lot of dial up users out there.

Today’s bug patches and security alerts:

Conectiva, Engarde, SuSE patch pine

As we reported last week, iDefense has found a couple of buffer problems in the pine e-mail client. Both of the flaws could be exploited to take control of the affected machine and run any application of the attacker’s choosing. Pine Version 4.58 fixes the problem. For more, go to:





Conectiva patches flaw in GtkHTML

Conectiva has released a fix for a flaw in GtkHTML, the HTML rendering engine for the Evolution e-mail reader. A user could get the application to point to a null pointer, causing the system to crash. For more, go to:


Mandrake Linux, Debian release patch for xfree86

A flaw in the xterm package that comes with xfree86 could be exploited by an attacker to send arbitrary commands to the command line. The commands would not execute until the user press enter on the affected machine. If a funky command pops up on your command line that you didn’t enter, delete it. For more, go to:

Mandrake Linux:



Debian releases new sane-backends

A number of vulnerabilities were found in sane API set, used for interfacing with various scanners. An attacker could exploit this to cause a segfault or cosume large amounts of memory, causing the machine to crash. For more, go to:


Today’s roundup of virus alerts:

Troj/Backsm-A – A backdoor Trojan horse program that connects to a third-party IRC server to give an attacker access to the affected machine. (Sophos)

Mimail.B – Another Trojan horse. This one spreads via e-mail entitled “Fraudulent escrow service” with an attachment called “INFO.ZIP”. The virus logs keystrokes on the infected machine. (Panda Software)

Gaobot.L – Another backdoor program that spreads similar to Blaster by exploiting the RPC DCOM vulnerability in Windows. The virus uses port 9900 to connect to an IRC server and waits for commands. (Panda Software)

Vote.K – An e-mail virus that attempts to overwrite a number of popular file types on the infected machine. (Panda Software)


From the interesting reading department:

White paper: Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server

David Litchfield of NGSSoftware Ltd presents several methods of bypassing the protection mechanism built into Microsoft’s Windows 2003 Server that attempts to prevent the exploitation of stack based buffer overflows. Recommendations about how to thwart these attacks are made where appropriate. NGSSoftware, 09/08/03. (PDF file)

Organizations scramble to patch Microsoft flaws

Organizations that use Microsoft’s Windows software were scrambling Thursday to patch vulnerable systems after the companysent word on Wednesday of three more critical Windows software vulnerabilities. IDG News Service, 09/11/03.

Viruses salute 9/11

Two viruses currently spreading on the ‘Net use references to the September 11, 2001 terrorist attacks in the U.S. as lead-ins to unwittingly unleash their vengeance., 09/12/03.

Symantec pumps up security appliance family

Symantec this week announced a family of all-in-one security appliances that will give customers a variety of ways to beef up securitywithout adding multiple devices to their networks. Network World, 09/12/03.

Sobig-F worm finally self-terminates

Your worm has expired; but don’t worry – there’s sure to be another one soon., 09/11/03.

Hacker Lamo free on bail after court appearance

Accused computer hacker Adrian Lamo has been released on bail after being charged Friday in federal court with breaking into the computer network of The New York Times Co. IDG News Service, 09/12/03.