* Patches from SCO, Conectiva, others * Beware viruses that attempt to allow access to an infected machine via IRC * Symantec: Security attacks getting more aggressive, and other interesting reading A few follow-up items surrounding the SQL Slammer worm that brought some Internet traffic and commerce to a screeching halt last weekend:* Reader Scott Morizot took some exception with my (and the general media’s) assertions that lazy administrators should be blamed for not applying a patch that’s been available from Microsoft for the past 6 months. Morizot makes some good points in saying that some MSDE installations include SQL server code and could be infected by the virus, but many users may not know such code exists in their systems because it is not a full SQL Server implementation. An excellent point.While at ComNet, we heard from a number of people that say some of these patches have not been installed because of the testing that’s required before implementing them on production systems. I don’t buy this one so much. Obviously, the time it takes to test these patches is well worth it if you can protect against this weekend’s mess.* Speaking of ComNet, my colleague Denise Dubie and I took to the show floor to gather reaction to the SQL Slammer worm from attendees: https://www.nwfusion.com/news/2003/0129reactions.html* Keynote Systems, which monitors Internet performance, is claiming the SQL Slammer event “affected more users for a longer duration than any previous performance event.” Keynote’s measurements show of the 40 major U.S. Web sites, 50% of them were slowed between midnight and 1 p.m. last Saturday, with availability dropping to 10%. SQL Slammer seems to have outpaced the 2001 Baltimore Tunnel Fire, Code Red, Nimda and the February 2000 denial-of-service attacks against eBay, Yahoo, CNN and others.Fortunately, this happened on a Saturday morning and not a weekday.* Finally, a couple of companies have released advisories for products that use Microsoft’s SQL Server and could be affected if the proper patches are not applied:Cisco:https://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtmlVeritas: https://support.veritas.com/docs/254244Today’s bug patches and security alerts:Major flaws in older versions of MIT KerberosVersions of the MIT Kerberos 5 prior to and including 1.2.5 contain multiple security vulnerabilities. The flaws could be exploited to crash the affected KDC or potentially gain access. Users should upgrade to Version 1.2.7. For more, go to: https://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt**********Additional MySQL patches availableAs we’ve reported with other flavors of Linux, two vulnerabilities have been found in the popular MySQL database application. One flaw could be exploited to crash the affected machine, the other to bypass a password check and execute arbitrary code on the machine. For more, go to:OpenPKG:https://www.openpkg.org/security/OpenPKG-SA-2003.008-mysql.htmlEnGarde:https://www.linuxsecurity.com/advisories/engarde_advisory-2817.html**********Debian fixes dhcp3 packageA flaw in Debian’s implementation of DHCP3 could lead to a “storm of packets” being sent from the client to a server, resulting in a potential denial of service. For more, go to:https://www.debian.org/security/2003/dsa-245Debian releases new kdegamesA flaw in the kdegames for Debian could be exploited to run arbitrary commands on the affected system. A local or remote attacker could exploit this flaw. For more, go to:https://www.debian.org/security/2003/dsa-240Debian patches noffleA flaw in noffle, an offline news server, could potentially be exploited by a remote user to run arbitrary commands on the affected machine with the privliges of noffle, usually “news”. For more, go to:https://www.debian.org/security/2003/dsa-244Tomcat patch for Debian users availableThree major flaws have been found in the Tomcat application server for Debian. The flaws could be exploited to get a directory listing, read XML data or use a cross-scripting attack to execute arbitrary commands on affected systems. For more, go to:https://www.debian.org/security/2003/dsa-246*********Updated fetchmail packages availableA couple of flaws have been found in fetchmail. These flaws could be exploited by a remote user to run arbitrary code on the affected machine. For more, go to:EnGarde:https://www.linuxsecurity.com/advisories/engarde_advisory-2818.htmlMandrake Linux:https://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:011**********SCO releases CUPS patchAs we’ve recently reported, a number of flaws have been found in Cups, a popular printing service for Unix and Linux. The flaws could be exploited to gain remote and root access to the affected system. For more, go to:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-004.0.txt**********Conectiva patches libpngA buffer overflow flaw in PNG image handling software libpng could be exploited to run arbitrary code on the affected machine. An attacker would have to craft a PNG file to trigger the overflow. For more, go to:https://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000564**********OpenPKG patches wgetA directory traversal flaw in wget could allow a malicious user to write files outside the download directory of the affected machine. For more, go to:https://www.openpkg.org/security/OpenPKG-SA-2003.007-wget.html**********Today’s roundup of virus alerts:Troj/SadHound-A – A Trojan horse that drops a love note on the infected machine as well as a backdoor that is accessible to an attacker via IRC. (Sophos)W32/NetSpree-A – Another virus that attempts to allow access to the infected machine via IRC. This virus drops a program for launching distributed denial-of-service attacks against other targets. The virus also spreads by trying to infect other machines on the same LAN. (Sophos)**********From the interesting reading department:Microsoft slammed by its own product’s vulnerabilityMicrosoft fell victim to a software vulnerability in one of its own products on Saturday, when the W32.Slammer worm infested host machines on the Redmond, Wash., company’s network, flooding that network with traffic. IDG News Service, 01/28/03.https://www.nwfusion.com/news/2003/0128msslam.htmlSee also, ComNet attendees react to SQL Slammer:https://www.nwfusion.com/news/2003/0129reactions.htmlInternet Worm Unearths New HolesThe computer bug that ravaged systems throughout the world over the weekend showed how the increasing use of the Internet by businesses, banks and local governments has created vulnerabilities where few ever suspected them. Washington Post, 01/29/03.https://www.washingtonpost.com/wp-dyn/articles/A57550-2003Jan28.htmlFAA: Slammer didn’t hurt us, but other attacks comingThe Federal Aviation Administration survived last weekend’s Slammer worm attack with only one administrative server compromised, and the agency that controls commercial air traffic in the U.S. is taking a multipronged attack to network security, said Daniel Mehan, assistant administrator for information services and chief information officer at the FAA. IDG News Service, 01/28/03.https://www.nwfusion.com/news/2003/0128faaslamm.htmlSAP offers new homeland security productThe product, Security Resource Management, is designed to support processes necessary for homeland security, including border security, emergency preparedness and response, countermeasures, information analysis and external coordination, the Walldorf, Germany, software company said Wednesday in a statement. IDG News Service, 01/29/03.https://www.nwfusion.com/news/2003/0129sapoffer.htmlSymantec: Security attacks getting more aggressiveThe number of security attacks on the Internet seem to be leveling off after a rocket-like rise during the last decade, but the attacks still happening are more sophisticated, said the president and COO of security vendor Symantec. IDG News Service, 01/29/03.https://www.nwfusion.com/news/2003/0129symantalks.htmlSymantec links Host IDS into ManHunt net monitorSymantec has expanded its ManHunt network intrusion detection system (IDS) by adding a software agent to monitor and analyze events detected by its host-based intrusion detection software, Host IDS 4.0. IDG News Service, 01/28/03.https://www.nwfusion.com/news/2003/0128symanlinks.html**********Archives online:If you’re like me and fall behind on e-mail reading quite a bit, our online archive is here to help:https://www.nwfusion.com/newsletters/bug/ Related content news Dell provides $150M to develop an AI compute cluster for Imbue Helping the startup build an independent system to create foundation models may help solidify Dell’s spot alongside cloud computing giants in the race to power AI. By Elizabeth Montalbano Nov 29, 2023 4 mins Generative AI news DRAM prices slide as the semiconductor industry starts to decline TSMC is reported to be cutting production runs on its mature process nodes as a glut of older chips in the market is putting downward pricing pressure on DDR4. By Sam Reynolds Nov 29, 2023 3 mins Flash Storage Technology Industry news analysis Cisco, AWS strengthen ties between cloud-management products Combining insights from Cisco ThousandEyes and AWS into a single view can dramatically reduce problem identification and resolution time, the vendors say. By Michael Cooney Nov 28, 2023 4 mins Network Management Software Cloud Computing opinion Is anything useful happening in network management? Enterprises see the potential for AI to benefit network management, but progress so far is limited by AI’s ability to work with company-specific network data and the range of devices that AI can see. By Tom Nolle Nov 28, 2023 7 mins Generative AI Network Management Software Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe