• United States

Linux CUPS vulnerability fixed

Nov 10, 20033 mins

* Patches from Debian, SCO, Red Hat, others * Beware P2P virus SpyBot * Paper finds new wireless standard less secure, and other interesting reading

Today’s bug patches and security alerts:

Linux CUPS vulnerability fixed

A flaw in versions of Common Unix Printing System prior to 1.1.19 could be exploited via the Internet Printing Protocol (IPP) to cause CUPS to enter a busy loop, resulting in a denial of service. For more, go to:

Red Hat:

Mandrake Linux:



Debian patches postgresql

Two bugs found in the postgresql database code could be exploited to trigger a buffer overflow, which could be used to run malicious code on the affected server. For more, go to:


Conectiva releases fix for thttpd

A flaw in the tiny http server (thttpd) for Conectiva’s Linux implementation could be exploited to by pass the virtual-hosting mechanism to read arbitrary files on the affected machine. For more, go to:


Conectiva, SCO patch net-snmp

A flaw in earlier versions of net-snmp, an implementation of the Simple Network Management Protocol (SNMP) for network monitoring, could be exploited to allow users access to MIB objects that normally would be excluded from their view. For more, go to:


SCO OpenLinux:


SCO, Conectiva release ethereal patch

A number of flaws have been found in ethereal, a free network monitoring tool for Linux/Unix. The vulnerabilities could be exploited in a denial-of-service attack or to potentially execute the attacker’s code of choice. For more, go to:


SCO releases Apache update for OpenServer

Version 2.0.48 of the Apache Web server is primarily a bug fix release, according to an alert from SCO. In addition to some minor bugs, this release also fixes a CGI path redirect flaw and a buffer overflow in the mod_alias and mod_rewrite. For more, go to:

SCO issues fix for CDE libDtHelp

According to an alert from SCO, “The Common Desktop Environment (CDE) is a standard desktop environment for UNIX based systems. CDE libDTHelp contains a buffer overflow that can be exploited by a local user using specially crafted environment variables. An authenticated local user may be able to execute arbitrary code with root privileges.” For more, go to:


Red Hat patches fileutils

A buffer overflow vulnerability has been found in Red Hat Linux’s “ls” directory listing command found the fileutils package. The flaw could be exploited in a denial-of-service attack. The fix can be downloaded here:


Today’s roundup of virus alerts:

W32/SpyBot-W, V – A peer-to-peer virus that disables certain utilities and waits for commands sent via IRC. (Sophos)


From the interesting reading department:

Virus writers dismiss Microsoft’s bounty fund

Though cyberspace outlaws may look over their shoulder one extra time before launching a computer virus or worm, they won’t be deterred by the $5 million bounty fund established by Microsoft to help capture and convict them, two virus writers said. IDG News Service, 11/07/03.

Paper finds new wireless standard less secure

A new paper by a leading security expert says that the new Wi-Fi Protected Access (WPA) security standard may be less secure, in certain scenarios, than WEP, the wireless standard it was designed to replace. IDG News Service, 11/07/03.