• United States

Adobe SVG Viewer flaws

Oct 09, 20034 mins

* Patches from Red Hat, SCO, others * Beware Trojan programs that attack via IRC * Critics raise security concerns about VeriSign service, and other interesting reading

Quick clarification from the last newsletter: Looks like I incorrectly read Microsoft’s advisory for the new cumulative patch for Internet Explorer. In my description of the release I said the patch also fixes a flaw in Windows Media Player, which is not the case, as reader Bill Del Vecchio points out:

“This update to IE may help prevent use of Media Player to launch an attack, but it does not fix Media Player. In the bulletin, Microsoft specifically recommends the Media Player update (828026) in addition to the MS03-040 patch.”

To refresh, the bulletin in question can be found here:

Thanks Bill for helping clarify the issue.

Today’s bug patches and security alerts:

Flaws found in Adobe SVG Viewer

GreyMagic Software is reporting it has found three vulnerabilities Adobe’s SVG Viewer, used for parsing Scalable Vector Graphics. One flaw helps bypass a disabled Active Scripting setting in Internet Explorer. Another flaw could be exploited by an attacker to read any file on the affected system. And a third flaw could be used to redirect users to the attacker’s URL of choice. For more, go to:


Red Hat releases updated Perl packages

The new Perl packages from Red Hat fix security problems in and a cross-scripting vulnerability in For more, go to:

Red Hat patches MySQL

A buffer overflow has been found in the MySQL password table. According to Red Hat, an attacker could exploit this to run any code on the affected machine. For more, go to:

Red Hat issues updated sane packages

A number of bugs and potential security vulnerabilities were found in sane, a package used with document scanners. Most of these are pretty minor. For more, go to:


SCO patches wu-ftpd for OpenLinux

An “off-by-one” flaw in the wu-ftpd code for SCO OpenLinux could be exploited by a local or remote user to gain root privileges on the affected machine. For more, go to:


Conectiva patches mplayer

Conectiva’s mplayer, a multimedia application that plays multiple formats of audio and video, contains a bug in the way ASX metafiles are parsed. An attacker could exploit this to gain access to the affected machine with the privileges of the user requesting the media file. For more, go to:


Today’s roundup of virus alerts:

Troj/Bdoor-AAG – A Trojan horse program that allows an attacker access to an infected machine via IRC. (Sophos)

Troj/Ircbot-M – Yet another Trojan horse program that attempts to connect to a specific IRC channel, which an attacker can use to control the infected machine. (Sophos)

W32/Agobot-AE – This worm attempts to exploit the DCOM RPC vulnerabilities in Windows. Like the previously mentioned viruses, Agobot-AE also attempts to connect to an IRC channel in order to allow an attacker access to the infected machine. (Sophos)


From the interesting reading department:

The Worm FAQ

Frequently asked questions on worms and worm containment. From

Critics raise security concerns about VeriSign service

VeriSign’s Site Finder service has caused problems with the way some e-mail and other Web applications function and collected more information about Web surfers than some other services designed to redirect mistyped URLs, critics of the new Web search site said Tuesday. IDG News Service, 10/07/03.

Nutter’s Help Desk: Finding intruders with Snort

I am trying to be proactive at our company about finding an intrusion or a potential one before much if any damage has been one.  Several individuals I have talked to at other companies have recommended I look at something called Snort.  The problem is that I am not that familiar with Linux.  What are my options? Network World Fusion, 10/06/03.

White paper: Effective strategies for risk management

With information security now demanding a significant level of attention from organizations, the traditional approach of identifying risk in purely technical terms has proven insufficient. Today, organizations must consider the areas that factually affect information security and integrate those findings into an overall risk management program to ensure effective and appropriate technology spending. Guardent, 09/03. (PDF file)