• United States

Bug Alert: Slammed!

Jan 27, 20035 mins

* Patches from Microsoft, OpenPKG, others * Beware "polymorphic" worm * U.S. agencies get help with security patches, and other interesting reading

It’s never a good sign to turn on the weekend edition of NBC’s Today show and see a that a major virus is slowing Internet traffic to a crawl. If you haven’t heard already, the “Slammer” or “Sapphire” virus is affecting Microsoft SQL servers by flooding the systems with tons of traffic. I couldn’t pull up late Saturday afternoon, presumably because of the worm. However, there is good news:

1. The virus seems to be slowing:

2. It doesn’t cause any permanent damage beyond slowing systems down to a crawl.

3. There is a patch, which has been out since July, for the vulnerability that the worm exploits:

Today’s bug patches and security alerts:

Buffer overflow in Microsoft Locator Service

A buffer overflow vulnerability in Microsoft’s Locator Service could be exploited to crash or run arbitrary code on the affected machine. For more, go to:

Microsoft advisory:

Related CERT advisory:

Microsoft releases cumulative patch for Content Management Server

A cross-scripting vulnerability has been found in Microsoft’s Content Management Server. An attacker could exploit this flaw to embed script into pages served by the CMS. This malicious code could then be run on a third-party machine. For more, go to:

Microsoft patches SMB flaw

The Server Message  Block protocol used for file-sharing in Windows 2000 and XP contains a flaw that could allow an attacker to lower SMB’s level of security. The attacker could then be able to monitor and change data inside an SMB session. For more, go to:

Microsoft: Flaw in Outlook 2002 certificate handling

A flaw in the way Outlook 2002 uses a V1 Exchange Server Security certificate when encrypting a message could leave the message unprotected and sent in clear text. For more, go to:


More news on the CVS flaw

The CERT Coordination Center security organization has warned of a critical vulnerability in the widely-used Concurrent Versions System (CVS) software which could enable an unauthenticated remote attacker with read-only access to execute arbitrary code, alter program operation, read sensitive information, or cause a denial of service to servers. IDG News Service, 01/24/03.


CERT advisory:

Vendor patches:



Mandrake Linux:


OpenPKG patches python

A flaw in the way the python scripting language creates filenames could be exploited to run arbitrary code on an affected machine. For more, go to:


More DHCP packages available

As we’ve been reporting, a serious security flaw has been found in the Internet Software Consortium’s Dynamic Host Configuration Protocol that ships with many operating systems. An attacker could exploit this flaw to take control of the affected system. Additional operating system

patches are now available:





Today’s roundup of virus alerts:

Troj/Dloader-BO – A Trojan horse that runs a file from within three days of infecting a computer. No word on damage caused by this worm and it’s companion files. (Sophos)

Redlof.B – A “polymorphic” worm that spreads via Outlook, HTT and HTML pages. The work disguises itself as Outlook stationary. (Panda Software)

Buffy.D – This worm spreads via IRC, displaying messages on the infected machine each time it is restarted. No word on other potential damage caused by this virus. (Panda Software)

Oror.Q – An Outlook virus that takes advantage of well-documented (and patches) iFrame vulnerabilities. The virus shuts down and deletes processes and files related to antivirus software. (Panda Software)

Pornspa.F – A virus that dials out to a premium dial up service related to porn. (Panda Software)


From the interesting reading department:

Gates celebrates Trustworthy Computing in e-mail

Microsoft has come far to deliver on its “Trustworthy Computing” promise, but more needs to be done, Microsoft Chairman and Chief Software Architect Bill Gates said in an e-mail late Thursday. IDG News Service, 01/24/03.

Software automates video surveillance

Companies and government agencies now can keep an eye on their facilities without having guards constantly watch monitors, thanks to software from ObjectVideo, the start-up announced Monday. IDG News Service, 01/27/03.

U.S. agencies get help with security patches

U.S. government agencies gained a new tool for fighting computer vulnerabilities this week with the launch of a service that helps them find the security patches they need. IDG News Services, 01/24/03.

ISS reins in security management

Internet Security Systems last week reinforced its security management package to let it manage and correlate information about security events from across its family of intrusion-detection and vulnerability-assessment products. Network World, 01/27/03.


Archives online:

We’ve got archives. Come take a look: