New IE patch available

New cumulative patch for Internet Explorer

A new “critical” update for Internet Explorer from Microsoft rolls all previous patches into one download. The cumulative patch applies to IE 5.01 and greater. It also includes a fix for Windows Media Player that was previously released. For more, go to:

https://www.microsoft.com/technet/security/bulletin/MS03-040.asp

**********

More OpenSSL patches available

As we reported last week, a number of vulnerabilities have been found in most implementations of OpenSSL. Most of the flaws could be exploited in a denial-of-service attack against an OpenSSL server or client. For more, go to:

Apple:

https://docs.info.apple.com/article.html?artnum=61798

FreeBSD:

https://www.nwfusion.com/go2/1006bug1a.html

SCO:

ftp://ftp.sco.com/pub/unixware7/713/uw713up/openssl.image

SuSE:

https://www.suse.com/de/security/2003_043_openssl.html

**********

Cisco warns its WLAN security can be cracked

The proprietary security system used by Cisco to protect wireless LANs widely deployed by enterprises can be defeated by a “dictionary attack” designed to crack passwords. To counter the security threat, the company is warning customers to institute strong password policies. Cisco posted a security bulletin on its Web site Aug. 7 about the vulnerability of its Lightweight Extensible Authentication Protocol (LEAP) to dictionary attacks, according to Ron Seide, product line manager in the company’s wireless business unit. Computerworld, 10/02/03.

https://www.nwfusion.com/news/2003/1002ciscowarns.html

Cisco advisory:

https://www.nwfusion.com/go2/1006bug1b.html

**********

Debian patches webfs

Two flaws have been discovered in Debian webfs, a small HTTP server for static content. One flaw could be exploited to traverse the server directory structure beyond the HTTP root. A buffer overflow could be exploited to run the attacker’s code of choice on the affected machine. For more, go to:

https://www.debian.org/security/2003/dsa-392

**********

FreeBSD patches procfs

A couple of vulnerabilities in the FreeBSD process file system (procfs) could be exploited in a denial-of-service attack or to potentially read large chunks of kernel memory. The information from memory could contain passwords or other sensitive system information. For more, go to:

https://www.nwfusion.com/go2/1006bug1c.html

FreeBSD issues fix for filedesc

According to an alert from FreeBSD, “A programming error in the readv system call can result in the given file descriptor’s reference count being erroneously incremented.” This could be exploited by a malicious user in a denial-of-service against the affected machine or to potentially gain elevated privileges. For more, go to:

https://www.nwfusion.com/go2/1006bug1d.html

**********

FreeBSD, SCO patch OpenSSH flaw

A major vulnerability was found in OpenSSH that could be exploited to launch a denial-of-service attack against the affected machine or to potentially take over the machine to run the code of choice. For more, go to:

FreeBSD:

https://www.nwfusion.com/go2/1006bug1e.html

SCO OpenServer:

ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.24

**********

Today’s roundup of virus alerts:

Trojan uses Microsoft hole to hijack Web browsers

Computer hackers have found another way to exploit an unpatched hole in Microsoft’s Internet Explorer Web browser, using a specially designed attack Web site to install a Trojan horse program on vulnerable Windows machines. The Trojan horse program is called Qhosts-1. IDG News Service, 10/02/03.

https://www.nwfusion.com/news/2003/1002trojan.html

XF97/Wisab-A — An Excel macro virus that spreads via a formula sheet called “XL4Test5”. No word on any potential damage caused by an infection. (Sophos)

Troj/Hackarmy-A — A backdoor Trojan horse that logs on to an IRC server to await instructions. (Sophos)

W32/Gibe-F — Another variant of the Gibe virus that attempts to steal user information via a faked account information dialog box. Like its cousins, this virus spreads via e-mail (it has its own SMTP engine), file-sharing networks and IRC channels. (Sophos)

Petala.A — Not a body part, but a virus that provides a backdoor to infected systems. An attacker accesses the infected machine via IRC, where they can stop processes, copy files and more. (Panda Software)

**********

From the interesting reading department:

Security debate rages

Strong aftershocks continue from the Gartner report that declared intrusion-detection technology dead and predicted the market for such products would be gone by 2005. Network World, 10/06/03.

https://www.nwfusion.com/news/2003/1006ids.html

Five tips for securing a converged net

IP telephony and voice over IP are by no means the standard for carrying enterprise voice just yet. But these technologies have been in the real world long enough for users to have learned some tricks for protecting a converged infrastructure against network threats, both external and internal from inside the firewall. Network World, 10/06/03.

https://www.nwfusion.com/news/2003/1006voip.html

Fortifying BGP: No quick fix

Seven years later, BBN’s Secure BGP, which establishes a public-key infrastructure to stymie IP address spoofing, is still a work in progress and has yet to be implemented in Internet routers. Network World, 10/06/03.

https://www.nwfusion.com/news/2003/1006bgp.html

Microsoft could face security failure liability

Last month, Steven Adler, senior security strategist for Microsoft in Europe, the Middle East and Africa, stood up before a crowd of company executives and IT professionals, and apologized for the damage and losses caused by the recent onslaught of computer viruses that have attacked his company’s software. IDG News Service, 10/03/03.

https://www.nwfusion.com/news/2003/1003microcould.html

Security suit against Microsoft could turn huge

A 50-year-old Los Angeles mother of two who fell victim to hackers has sued Microsoft seeking damages and an order requiring the vendor to improve its security notification system. IDG News Service, 10/03/03.

https://www.nwfusion.com/news/2003/1003secursuit.html

Worm chatter

As everyone probably knows firsthand by now, we’ve all been suffering through a particularly bad period of worm infestation on the ’Net lately. Variants of the Sobig and Blaster (a.k.a. LovSan) worms (often called “viruses” in press reports) caused major hang-ups worldwide. Network World Security Newsletter, 09/16/03.

https://www.nwfusion.com/newsletters/sec/2003/0915sec1.html

Internet Security report from Symantec is ugly

Volume IV of Symantec’s biannual Internet Security Threat Report was released yesterday, and its results will not make ’Netizens happy. Some of the notable statistics from the report include a 12% increase in the number of vulnerabilities, a 20% rise in malicious codes, and a 19% jump in worms and viruses, with companies experiencing about 38 attacks per week. Geek.com, 10/02/03.

https://www.geek.com/news/geeknews/2003Oct/gee20031002022027.htm