• United States

NetBSD issues three patches

Oct 13, 20033 mins

* Patches from NetBSD, Debian and Mandrake * Advertising-related Trojan Horses and e-mail worms * SANS top vulnerabilities include Outlook, P2P; and other interesting reading

Today’s bug patches and security alerts:

NetBSD, Debian patch sendmail

A bug in the sendmail implementations from NetBSD and Debian could be exploited to gain elevated privileges on the affected machine. For more, go to:




NetBSD issues OpenSSL fix

A stack-overrun vulnerability in NetBSD’s implementation of OpenSSL could be exploited to crash the affected system. A second vulnerability could be exploited to run malicious commands on the machine. For more, go to:

NetBSD releases update for XFree86

According to an alert from NetBSD, “There is an integer overflow in the XFree86 font libraries, which could lead to potential privilege escalation and/or remote code execution.” For more, go to:


Mandrake Linux patches sane packages

A number of bugs and potential security vulnerabilities were found in sane, a package used with document scanners. Most of these are pretty minor. For more, go to:


Today’s roundup of virus alerts:

W32/Inmotecd-A — A worm that spreads via MAPI-based e-mail systems such as Outlook and comes with an infected .pif file. No word on any permanent damage caused by this virus. (Sophos)

IRCBot.D — This worm spreads in a message claiming to be an update from an anti-virus vendor. The message in entitled “Last Update” and an attachment called “NAV32.EXE”. The virus logs on to an IRC server to get commands from a remote user. (Panda Software)

Ruledor.A — A Trojan Horse that redirects URL requests to a list of advertiser sites. It also displays pop-up adds on the infected machine. (Panda Software)

Pup.A — Another advertising-related Trojan Horse. This virus displays random ads in the Internet Explorer window. (Panda Software)


From the interesting reading department:

SANS top vulnerabilities include Outlook, P2P

Microsoft’s Outlook e-mail program and peer-to-peer software have been included for the first time on the SANS Institute’s annual list of the 20 security vulnerabilities most exploited by attackers on the Internet. IDG News Service, 10/09/03.

SEC busts hacker for securities fraud, ID theft

The U.S. Securities and Exchange Commission (SEC) has filed civil charges against a Pennsylvania man for computer hacking and identity theft in a scheme last July to dump worthless options for Cisco stock. IDG News Service, 10/09/03.

Microsoft unveils security initiatives

Microsoft CEO Steve Ballmer announced a gaggle of security initiatives Thursday that he said would shore up the security of its customers’ systems against what he said in a statement was a “wave of criminal attacks.” IDG News Service, 10/09/03.

SSL gear makers prep mgmt., security updates

Now that SSL remote access is gaining acceptance among business networking executives, vendors of the gear are in the thick of adding peripheral features to make management simpler and to beef up security. Network World Fusion, 10/09/03.