Bug Alert: SpamAssassin flaw

Patch and virus news from Apache, Gentoo, Red Hat and more

Got an e-mail from a reader about my statement in the last newsletter that I don’t buy the excuse that people don’t apply patches because of the testing. My explanation made the reader think I don’t believe in testing patches before installing them on production systems. I do believe people should test first. Some Microsoft systems were hit while testing was being done. If you’re working on applying the patch and get hit in the process, I feel badly for you.

What I meant is that it’s a lame excuse when people don’t apply a patch because they think the testing is too much. Test, test and test again, then patch. If you want to keep your systems safe it’s the only way.

Today’s bug patches and security alerts:

Flaw found in SpamAssassin

A buffer overflow vulnerability in the spam utility SpamAssassin could be exploited by an attacker to run arbitrary code on the affected machine, according to a report on SecurityTracker. For more, go to:

https://www.securitytracker.com/alerts/2003/Jan/1005989.html

Related advisories/patches:

Gentoo:

https://forums.gentoo.org/viewtopic.php?t=33319

**********

Apache Tomcat fix releases

Three major flaws have been found in the Apache Tomcat server software. The flaws could be exploited to get a directory listing, read XML data or use a cross-scripting attack to execute arbitrary commands on affected systems. Users should update to Version 3.3.1a. For more, go to:

https://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/

**********

Red Hat updates Kerberos to fix FTP flaw

A flaw in the Kerberos FTP client could be exploited to write files outside the current directory and potentially to execute arbitrary code on the affected machine. Red Hat users can download the update from:

https://rhn.redhat.com/errata/RHSA-2003-020.html

**********

SCO patches CVS vulnerability

A vulnerability in the popular Concurrent Version System (CVS) server could allow a malicious user to run arbitrary code on the affected machine. SCO is urging users to upgrade to the latest version to ensure systems are not vulnerable. For more, go to:

ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-006.0.txt

**********

Gentoo patches slocate

A buffer overflow vulnerability has been found in Gentoo’s implementation of slocate. A patch is available to fix this flaw. For more, go to:

https://forums.gentoo.org/viewtopic.php?t=33321

**********

Today’s roundup of virus alerts:

Winpao — A Trojan horse that steals system information and mails it to the virus’ author. The virus can also mess with the Windows Registry in a way that will prevent a majority of files from running correctly. (Panda Software)

**********

From the interesting reading department:

Next ‘Slammer’ could be worse

As cleanup of the MS-SQL Slammer worm continued last week, talk among security experts centered on two facets of the attack that might portend greater trouble: the remarkable speed with which Slammer spread, and the idea that future versions might carry a nefarious payload. Network World, 02/03/03.

https://www.nwfusion.com/news/2003/0203slammer.html

Expert weighs code release after Slammer

Saturday’s Slammer worm was based on sample code published to help explain the threat posed by the security vulnerability that Slammer exploited, according to David Litchfield, the security expert who discovered the vulnerability. IDG News Service, 01/30/03.

https://www.nwfusion.com/news/2003/0130expertslam.html

SSL: The secret handshake of the ‘Net

Secure Sockets Layer has become the de facto standard for secure communications between end users and Internet sites, and today, SSL support is built into virtually every browser. Network World, 02/03/03.

https://www.nwfusion.com/news/tech/2003/0203techupdate.html

Sana Security claims cure for server intrusion

Start-up Sana Security says its software can learn normal server activity and detect or block abnormal behavior, such as buffer-overflow attempts, which aim to subvert the server’s security. Network World, 02/03/03.

https://www.nwfusion.com/news/2003/0203sana.html

Security tool offers to rein in at-work IM use

At-work instant messaging addicts beware: Web security firm Blue Coat Systems is planning to release an application that can monitor, log and manage employees’ consumer instant messaging use. IDG News Service, 01/31/03.

https://www.nwfusion.com/news/2003/0131securtool.html

BIOS maker to unveil ‘bunker environment’ for PCs

Phoenix Technologies, the maker of BIOS software for most of the world’s PCs, plans to unveil next month a software environment for PCs and other devices that creates a “bunker” in which critical utilities can be stored. IDG News Service, 01/30/03.

https://www.nwfusion.com/news/2003/0130biosmaker.html

**********

Archives online:

As a service to our faithful readers, we’ve got an online archive of this newsletter for your reference:

https://www.nwfusion.com/newsletters/bug/