• United States

Buffer overflow in Oracle database

Oct 23, 20034 mins

* Patches from Conectiva, SCO, Mandrake Linux * Beware worms that give attacker access to infected machines via IRC channel * SSH boosts e-commerce security, and other interesting reading

Today’s bug patches and security alerts:

Buffer overflow in Oracle database

SecurityTracker is reporting a buffer overflow vulnerability in the Oracle command line interface. An attacker could exploit this to run the code of choice or potentially gain elevated privileges. For more, go to:


Opera browser flaw fixed

A buffer overflow in the way HREFs are handled by the browser could be exploited in a denial-of-service attack or to potentially run code on the affected machine. Download Version 7.21 to fix this issue:

@Stake advisory:


Conectiva patches fileutils

A buffer overflow vulnerability has been found in Conectiva’s  “ls” directory listing command found the fileutils package. The flaw could be exploited in a denial-of-service attack. For more, go to:


SCO patches issue with /tmp

SCO is warning that several scripts improperly use the /tmp directory. A malicious user could exploit this using a symlink attack. For more, go to:


Mandrake Linux patches gdm

Two flaws in Mandrake Linux’s gdm package could be exploited to freeze or crash the application to freeze or crash. A fix is available. For more, go to:


Today’s roundup of virus alerts:

Troj/IRCBot-P – Yet another Trojan horse application that spreads via IRC and allows an attacker to access the infected machine via an IRC channel. (Sophos)

W32/Dafly-B – A virus that attaches itself to Windows Executable file. It changes a bunch of registry keys and displays a message on the infected machine. (Sophos)

W32/Opaserv-R – A worm that spreads via network shares. It drops a couple of .dat file on the infected machine but no word on any permanent damage cause. (Sophos)

Troj/CoreFloo-C – This virus arrives as an executable file with a random 7 character name. The virus gives an attacker access to the infected machine via an IRC channel and attempts to protect various virus-related processes. (Sophos)

W32/Agobot-AA – Another worm that attempts to provide unauthorized access to the infected machine via an IRC channel. This virus spreads via network shares with weak or no password protection. (Sophos)


From the interesting reading department:

Aruba boosts Wi-Fi security, remote mgmt.

Aruba Wireless Networks this week is scheduled to launch a fixed-configuration wireless LAN switch aimed at bringing advanced Wi-Fi management and security to branch offices, or expanding deployments throughout a larger company. Network World, 10/20/03.

Juniper spearheads plan to fortify ‘Net

Juniper last week disclosed an ambitious plan to unite the industry around a common vision for public networking that could make the Internet secure and reliable enough for full-fledged global commerce. Network World, 10/20/03.

Authentication upgrade on tap from Funk

Funk Software is introducing upgraded software that lets Cisco gear users authenticate and gain access to wireless networks via Funk’s RADIUS servers, Network World, 10/20/03.

Check Point gets into appliance business

Check Point – formerly a software-only company – now offers two lines of low-end VPN-firewall appliances for branch offices and home offices. Network World, 10/20/03.

SSH boosts e-commerce security

SSH Communications Security next month plans to release its Tectia product suite for securing access to proprietary e-commerce applications by making use of the IETF standard Secure Shell Protocol instead of the Web-based encryption standard Secure Sockets Layer. Network World, 10/20/03.

NetScreen announces deep inspection firewall

Citing an increase in attacks that take advantage of holes in existing firewall technology, NetScreen Technologies Mondaysaid that it will release new “deep packet inspection” features across its line of network firewall products. IDG News Service, 10/20/03.

Symantec adds patch management to Ghost software

A new version of the Ghost computer cloning and restoration product from Symantec adds features that deploy software patches and reduce the network bandwidth used by the program, the company said Monday. IDG News Service, 10/20/03.

Symantec purchases SSL VPN maker SafeWeb

Anti-virus and computer security company Symantec Monday said that it purchased SafeWeb of Emeryville, Calif., for $26 million in cash. SafeWeb makes technology that givesworkers secure, remote access to network resources over the Internet. IDG News Service, 10/20/03.