• United States

Mac flaws uncovered

Oct 30, 20033 mins

* Patches from Apple, Slackware, others * Beware Sober virus * Developers get hands on Microsoft's NGSCB, and other interesting reading

Today’s bug patches and security alerts:

@Stake reports Mac vulnerabilities

A file overwrite vulnerability has been found in the Apple Mac OS X 10.3 operating system. An attacker could exploit this to gain shell privileges to overwrite and read files on the affected machine. For more, go to:

For the latest Apple Updates (including a fix for this problem):


Apple patches QuickTime Java implementation

A flaw in the QuickTime Java implementation for Mac OS X 10.3 and X Server 10.3 could be exploited to gain unauthorized system access. For more, go to:


Slackware issues gdm patch

A flaw in GDM could be exploited by an attacker to cause the application to crash. For more, go to:

Slackware patches fetchmail

A buffer overflow flaw in the popular fetchmail program could be exploited to cause the application to crash. A fix is available. For more, go to:


SGI issues three service packs

SGI has released three new “environment updates” that fix a number of vulnerabilities in its IRIX operating system. For more, go to:


Debian patches thttpd

Two vulnerabilities have been found in Debian’s thttpd code. One flaw could be exploited to browse the entire disk contents. Another flaw could be exploited by an attacker to run arbitrary code. For more, go to:


DoS flaw in apache2 fixed

Mandrake Linux, OpenPKG and Immunix have released a fix for their implementations of the apache2 code. A flaw in the way certain scripts are handled could result in a denial-of-service against the http process. For more, go to:

Mandrake Linux:


Immunix (source code):


Today’s roundup of virus alerts:

Sober virus in the wild but slow-moving

An e-mail-borne virus that apparently originated in Germany is in the wild but has not yet spread widely or affected many users, an anti-virus researcher said Monday. IDG News Service, 10/28/03.

W32/Holar-I – A worm that spreads via e-mail and peer-to-peer networks and causes the infected machine to stop responding after the virus has run 30 times. (Sophos)

W32/Marq-A – This virus spreads via e-mail and requires the recipient to click on a link. The Web page the link directs users to contains the viral code. (Sophos)

W32/Agobot-AF – Another variant of the Agobot worm family. This one too exploits Windows RPC DCOM vulnerability. (Sophos)


From the interesting reading department:

Developers get hands on Microsoft’s NGSCB

In addition to showing off its next-generation Longhorn operating system this week, Microsoft for the first time handed out code that underlies its closely watched Next-Generation Secure Computing Base security technology. IDG News Service, 10/30/03.

Intel steps up security on motherboards

Intel will begin offering motherboards with a new security option this week. The motherboards come with a chip called a Trusted Platform Module (TPM) that allows documents to be encrypted and safely stored on the fly using an RSA accelerator to generate up to 2048-bit RSA encryption and decryption., 10/27/03.