Apple patches OpenSSH and sendmail flaws

Today’s bug patches and security alerts:

Apple patches OpenSSH and sendmail flaws in Mac OS X

A new Mac OS X update provides fixes for the recently discovered sendmail and OpenSSH flaws as well as a number of smaller bugs found in previous editions of the operating system. Users should download Version 10.2.8 to get all the latest fixes and updates. For more, go to:

https://docs.info.apple.com/article.html?artnum=61798

**********

FreeBSD fixes arp flaw

A vulnerability in FreeBSD’s Address Resolution Protocol (ARP) implementation could be exploited by an attacker to crash the affected machine. The attacker could flood the system with bogus arp requests, causing a “system panic” and ultimately a crash. For more, go to:

https://www.nwfusion.com/go2/0922bug2a.html

**********

SCO, Conectiva, Slackware patch Wu-ftpd flaw

According to the alert from SCO, “Wu-ftpd FTP server contains remotely exploitable off-by-one bug. A local or remote attacker could exploit this vulnerability to gain root privileges on a vulnerable system.” For more, go to:

SCO OpenServer:

ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.20

Conectiva:

https://www.nwfusion.com/go2/0922bug2b.html

Slackware:

https://www.nwfusion.com/go2/0922bug2c.html

**********

Slackware issues ProFTPD update

A bug in the way ProFTPD handles ASCII translations could be exploited by a remote user to gain root shell privileges. This could allow the attacker to have complete control over the affected machine. For more, go to:

https://www.nwfusion.com/go2/0922bug2d.html

**********

NetBSD upgrades sysctl(2) security

Three potential denial-of-service vulnerabilities were found in NetBSD’s kernel sysctl(2) function. The various flaws could be exploited to cause a system panic. For more, go to:

https://www.nwfusion.com/go2/0922bug2e.html

NetBSD fixes ibcs2 bug

A flaw in the way large parameters are handled by NetBSD’s ibcs2 function could be exploited to view sensitive system information that could be used in other attack scenarios against the affected machine. For more, go to:

https://www.nwfusion.com/go2/0922bug2f.html

**********

Root vulnerability in Denian’s hztty fixed

A buffer overflow in hztty, an application for translating Chinese characters in a terminal session, could be exploited to by an attacker to gain root access on the affected machine. A fix is available. For more, go to:

https://www.debian.org/security/2003/dsa-385

Debian plugs gopher buffer overflows

A number of buffer overflow vulnerabilities have been found in the Debian’s implementation of the gopher  server. These flaws could be exploited to run an attacker’s code of choice on the machine with the privileges of “gopher”. For more, go to:

https://www.debian.org/security/2003/dsa-387

Debian patches libmailtools-perl

Poor input checking in libmailtools-perl, a Perl application for passing mail to other applications, could result in malicious commands being run on the affected machine. For more, go to:

https://www.debian.org/security/2003/dsa-386

Debian issues new ipmasq packages

A flaw in ipmasq, a form of network address translation for Debian Linux, could be exploited to forward unauthorized traffic from the outside world to an internal client on the network. For more, go to:

https://www.debian.org/security/2003/dsa-389

**********

Red Hat issues new Apache and mod_ssl packages

This latest Apache update from Red Hat fixes a number of vulnerabilities found in previous versions of the popular Web server software. For more, go to:

https://rhn.redhat.com/errata/RHSA-2003-243.html

Red Hat releases Perl update

According to an alert from Red Hat, “Updated Perl packages that fix a security issue in Safe.pm and a cross-sitescripting (XSS) vulnerability in CGI.pm are now available.” For more, go to:

https://rhn.redhat.com/errata/RHSA-2003-256.html

**********

Today’s roundup of virus alerts:

W32/Dumaru-B – Another worm that spreads via an e-mail that claims to be a Microsoft patch. The infected message comes from “security@microsoft.com” with a subject line of “Use this patch immediately !” and an attachment called “patch.exe”. The virus drops a keystroke logger and attempts to disable security-related software running on the infected machine. (Sophos)

W32/Lovgate-R – A worm that drops backdoor functionality on the infected machine, allowing an attacker to gain access to and control the system. The virus spreads via network shares and e-mail. (Sophos)

**********

From the interesting reading department:

U.S. immigration system hit by virus

The U.S. Department of State struggled Tuesday to quell an outbreak of the W32.Welchia Internet worm on the department’s computer systems. IDG News Service, 09/24/03.

https://www.nwfusion.com/news/2003/0924immigration.html

An inside look at tracing a network intrusion

Lawrence Baldwin traces the steps he took to investigate an intrusion into his network.

https://www.nwfusion.com/go2/0922bug2g.html

If These Networks Get Hacked, Beware

America’s critical transportation, power, and communications systems remain quite vulnerable and lack funds to remedy that. BusinessWeek, 09/16/03.

https://www.nwfusion.com/go2/0922bug2h.html

Gov’t agency uses buying power to encourage security

The U.S. government has started to use its immense purchasing power to influence cybersecurity, beginning with a Department of Energy contract with Oracle that requires the software vendor to build in security configurations. IDG News Service, 09/23/03.

https://www.nwfusion.com/news/2003/0923govt.html

Sophos buys anti-spam vendor ActiveState for $23 million

U.K. anti-virus company Sophos Wednesday said it bought the Canadian company ActiveState for $23 million in cash, adding ActiveState’s line of anti-spam products to Sophos’ enterprise anti-virus software. IDG News Service, 09/24/03.

https://www.nwfusion.com/news/2003/0924sophobuys.html

Symantec adds anti-virus to early warning system

Changes to Symantec’s DeepSight Threat Management System announced Monday will add data on computer viruses and worms to an Internet early warning system, providing enterprise customers with the ability to track the outbreaks on the Internet, Symantec said. IDG News Service, 09/23/03.

https://www.nwfusion.com/news/2003/0923symanadds.html

Calif. law protects all from security breaches

No matter where you live in the U.S., your identity theft protection is about to improve. And you can thank the California legislature for that. PC World, 09/23/03.

https://www.nwfusion.com/news/2003/0923califlawp.html

TruSecure tackles risk management

TruSecure, a managed security services company, waded into the crowded waters of security software applications Monday with the announcement of a new enterprise security management application called Risk Commander. IDG News Service, 09/22/03.

https://www.nwfusion.com/news/2003/0922trusetackl.html

RSA upgrades ClearTrust software for Web access control

RSA Security has upgraded its ClearTrust server software for policy-based access to Web applications, adding support for Security Assertions Markup Language  (SAML) 1.1 and identity-management features licensed from Thor Technologies. Network World Fusion, 09/22/03.

https://www.nwfusion.com/news/2003/0922rsa.html