* Patches from SGI, Mandrake Linux, others * Beware Trojan that targets Windows 2000 and NT with IIS 4 or 5 * Symantec expands DeepSight Threat Management alerting service, and other interesting reading
Today’s bug patches and security alerts:
Red Hat releases updated Lynx package
A CRLF injection vulnerability exists in the text-only Lynx browser that could allow the browser to be redirected to a malicious Web site. For more, go to:
https://rhn.redhat.com/errata/RHSA-2003-029.html
**********
SGI patches network vulnerabilities in IRIX
A number of flaws have been found in IRIX’s networking capabilities. These flaws could be used in a denial-of-service attack or to gain elevated privileges on the affected machine. For more, go to:
https://www.networkworld.com/ftp://patches.sgi.com/support/free/security/advisories/20030201-01-P
**********
Debian releases new hypermail packages
A couple of buffer overflow vulnerabilities have been found in the hypermail client for Debian. The flaw could be exploited by sending a file attachment with a long name. An attacker could use this to insert arbitrary code on the affected machine. For more, go to:
https://www.debian.org/security/2003/dsa-248
Debian patches w3mmee packages
A flaw in the w3m browser and related packages could be exploited by a malicious remote user to retrieve cookie information off the affected machine. For more, go to:
https://www.debian.org/security/2003/dsa-249
**********
Mandrake Linux patches postgresql
A previous update to the postgresql package did not include a few fixes, including one to patch a buffer overflow in the cash_words() function. This flaw can be exploited in a local denial-of-service attack or to potentially run arbitrary code on the affected machine. For more, go to:
https://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:062-1
**********
iDefense reports flaw in IBM AIX
A buffer overflow flaw in IBM AIX’s libIM could be exploited to run arbitrary code with the privileges of the application calling the code library. A temporary fix is available from IBM. For more, go to:
ftp://aix.software.ibm.com/aix/efixes/security/libIM_efix.tar.Z
**********
Buffer overflow in NOD32 Antivirus software
A buffer overflow flaw in Eset Software’s NOD32 Antivirus System for Unix and Linux could be exploited by attackers to execute code on the affected machine, potentially with super-user privileges. Users should upgrade to Version 1.013 to fix the problem. For more, go to:
**********
Today’s roundup of virus alerts:
Troj/TKBot-A – A Trojan horse that targets Windows 2000 and NT machines running IIS 4 or 5. The Trojan gets its commands via an IRC channel and can be used to transfer files to and from the infected machine as well as potentially run arbitrary code. (Sophos)
JS/Seeker-C – A JavaScript that redirects Internet Explorer’s start and search pages to different, usually porn, sites. (Sophos)
**********
From the interesting reading department:
Famous hacker suffers break-ins to own corporate Web site
The world’s best-known computer hacker suffered the indignity of having someone break into his new security consulting company’s Web site. But Kevin Mitnick shrugged it off as “quite amusing,” not serious enough for him to call the FBI. DigitalMass.com, 02/11/03.
https://digitalmass.boston.com/news/2003/02/11/mitnick.html
Epic: No suit planned over flaw report
Epic Games, the maker of the Unreal Tournament series of first-person shooters, denied on Tuesday reports that it considered filing a lawsuit against a security company that found holes in its products. 02/12/03.
https://www.businessweek.com/technology/cnet/stories/984191.htm
NAI device helps keep content safe
A new forensic security tool from network security company Network Associates’ Sniffer Technologies unit gives network administrators the ability to capture and replay security breaches as they occur, identifying the source and cause of network security problems. Network World, 02/10/03.
https://www.nwfusion.com/news/2003/0210naigoes.html
Symantec expands DeepSight Threat Management alerting service
Symantec this week said it has expanded its early-warning alert service, which relies on data collected and analyzed from intrusion-detection systems at 19,000 locations around the world, to include information that can be collected through firewalls as well. Network World, 02/12/03.
https://www.nwfusion.com/news/2003/0212symantec.html
**********
Archives online:
We had a pesky “test” newsletter sitting in our archive, but all is clean now. Check our archives now:




