OpenSSL flaw

Today’s bug patches and security alerts:

OpenSSL vulnerability fixed

CERT is warning users of a number of vulnerabilities in most implementations of OpenSSL. Most of the flaws could by used in various denial-of-service attacks against the OpenSSL client or server. For more, go to:

CERT advisory:

https://www.cert.org/advisories/CA-2003-26.html

OpenSSL Project advisory:

https://www.openssl.org/news/secadv_20030930.txt

Vendor advisories:

Cisco:

https://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml

Conectiva:

https://www.nwfusion.com/go2/0929bug2a.html

Debian:

https://www.debian.org/security/2003/dsa-393

EnGarde:

https://www.nwfusion.com/go2/0929bug2b.html

Immunix 7+ (source code):

https://www.nwfusion.com/go2/0929bug2c.html

Mandrake Linux:

https://www.nwfusion.com/go2/0929bug2d.html

Novell advisory (patch due Oct. 6):

https://support.novell.com/servlet/tidfinder/10087450

OpenPKG:

https://www.openpkg.org/security/OpenPKG-SA-2003.044-openssl.html

Red Hat:

https://rhn.redhat.com/errata/RHSA-2003-292.html

SGI:

https://www.nwfusion.com/go2/0929bug2e.html

Slackware:

https://www.nwfusion.com/go2/0929bug2f.html

**********

Mandrake Linux patches Apache2

A flaw in the way Mandrake Linux’s Apache2 implementation handles certain CGI scripts could be exploited in a denial-of-service against Apache’s HTTP service. For more, go to:

https://www.nwfusion.com/go2/0929bug2g.html

Mandrake Linux issues mplayer fix

According to an alert from Mandrake Linux, “A buffer overflow vulnerability was found in MPlayer that is remotely exploitable.  A malicious host can craft a harmful ASX header and trick MPlayer into executing arbitrary code when it parses that particular header.” For more, go to:

https://www.nwfusion.com/go2/0929bug2h.html

**********

SCO, SGI patch sendmail flaw

As we’ve reported, Michal Zalewski has found a bug in the prescan() function of sendmail, including the latest version of the application. Though no exploit is known, it could be possible for an attacker to cause heap and stack structure overflow, according to Zalewski. For more, go to:

SCO UnixWare:

ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.23

SGI:

https://www.nwfusion.com/go2/0929bug2i.html

**********

Conectiva, Trustix patch proftpd

A bug in the way ProFTPD handles ASCII translations could be exploited by a remote user to gain root shell privileges. This could allow the attacker to have complete control over the affected machine. For more, go to:

Conectiva:

https://www.nwfusion.com/go2/0929bug2j.html

Trustix:

https://www.nwfusion.com/go2/0929bug2k.html

**********

SuSE issues fix for mysql

A buffer overflow in the popular mysql database could be exploited by a remote attacker that has access to the “user” table could execute arbitrary SQL commands on the affected machine. For more, go to:

https://www.suse.com/de/security/2003_042_mysql.html

SuSE patches lsh

An attacker could exploit a flaw in lsh, an alternative to OpenSSH, to take control of the affected machine and run the code of choice. For more, go to:

https://www.suse.com/de/security/2003_041_lsh.html

**********

SCO patches network device driver flaw

@Stake has found a vulnerability in many device drivers that could allow an attacker to “harvest sensitive information.” SCO has released a fix for this problem for its UnixWare operating system. For more, go to:

ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.21

SCO patches OpenSSH for UnixWare

A major vulnerability was found in OpenSSH that could be exploited to launch a denial-of-service against the affected machine or to potentially take over the machine to run the code of choice. For more, go to:

ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.22

**********

Debian patches freesweep

A buffer overflow in the freesweep game for Debian could be exploited by a local user to gain the privileges of “games.” A fix is available. For more, go to:

https://www.debian.org/security/2003/dsa-391

**********

SecurityTracker warns of A-Cart vulnerability

A cross-scripting vulnerability has been found in the A-Cart e-commerce suite, according to an alert from SecurityTracker. The flaw could be exploited by an attacker to view cookie and session information on the target machine. For more, go to:

https://www.securitytracker.com/alerts/2003/Sep/1007826.html

**********

Today’s roundup of virus alerts:

Nothing new to report today, so we bring you Central Command’s Dirty Dozen for September 2003:

1.  Worm/Sobig.F

2.  Worm/Gibe.C

3.  Worm/Nachi.A

4.  Worm/Dumaru.A

5.  Worm/Klez.E (including G)

6.  Worm/MiMail.A

7.  Worm/Lovsan.A

8.  Worm/BugBear.B

9.  Worm/Sobig.A

10. Worm/Sircam.A

11. W32/Funlove

12. W32/Yaha.E

**********

From the interesting reading department:

Unpatched IE hole a gold mine for hackers

A long ignored security hole in Microsoft’s Internet Explorer is proving to be a gold mine for hackers, providing an easy way for them to plant malicious programs on vulnerable machines through hacker Web sites and instant messaging applications, security experts warn. IDG News Service, 09/29/03.

https://www.nwfusion.com/news/2003/0929unpatieho.html

Virus experts debate bug names

What’s in a name? That was the question computer virus experts were asking each other at a panel discussion of virus naming conventions at Virus Bulletin 2003 (VB2003), an annual gathering of the world’s leading authorities on computer viruses, worms and malicious code that was held in Toronto last week. IDG News Service, 09/30/03.

https://www.nwfusion.com/news/2003/0930vb2003.html

Denial of Service attacks take down anti-spam sites

It appears that spammers have taken their war to the next level, attacking anti-spam sites. The attacks have forced three spam-blocking list providers offline, two specifically due to Denial of Service attacks, and one due to fear of being attacked. Geek.com, 09/29/03.

https://www.geek.com/news/geeknews/2003Sep/gee20030929021977.htm

Security specialist could face 30 years for downloading from the military and others

A computer security specialist who claimed he hacked into top-secret military computers to show how vulnerable they were to snooping by terrorists was arrested and charged Monday with six felony counts that could bring a 30-year prison sentence. LA Times, 09/30/03.

https://www.nwfusion.com/go2/0929bug2l.html

Motorola builds security into network chips

Motorola Monday announced it is building security engines into processors made for network gear in homes and small and midsized businesses. IDG News Service, 09/29/03.

https://www.nwfusion.com/news/2003/0929motorbuild.html

Neoteris stretching security software with access and content controls

Security vendor Neoteris Monday added to its software access management controls and a host of new features to secure content accessed via a browser. Network World Fusion, 09/29/03.

https://www.nwfusion.com/news/2003/0929neoteris.html