Microsoft patches Windows kernel flaw

Before we get to the roundups for today, I’ve got a reader question to pass along. In October, we had a series of newsletters dealing with problems and solutions for the recently released Windows 2000 Service Pack 3. One  reader’s question went unanswered:

I have a Windows 2000 server and there is a CGI program that calls gethostbyname on the IIS site. It works fine until I installed Win 2000 SP3 on the server. The CGI program always fails in calling gethostbyname and WSAGetLastError() returns error code 10022.When I Changed anonymous user account to Administrator or user who has permission as an administrator, this problem was gone, but I think this is not a ideal solution. What is wrong and how can I fix the problem?

Anyone out there have a solution for the problem? Drop me a line at jmeserve@nww.com

You can read the original two-part series here:

Part 1:

https://www.nwfusion.com/newsletters/bug/2002/01596966.html

Part 2:

https://www.nwfusion.com/newsletters/bug/2002/01601766.html

Today’s bug patches and security alerts:

Microsoft patches Windows kernel flaw

A vulnerability has been found in the way the Windows NT, 2000 and XP kernel parses error messages to a debugger. An attacker could exploit this vulnerability to run arbitrary code on the affected machine, allowing them to overwrite files as well as change settings and permissions. For more, go to:

https://www.microsoft.com/technet/security/bulletin/MS03-013.asp

**********

New patch available for Oracle E-Business Suite 11

A flaw has been found in the Report Review Agent (RRA) code in Oracle E-Business Suite 11i (Versions 1 to 8) and Oracle Applications (10.7 and 11.0). An attacker could exploit this vulnerability to by-pass security and gain access to system files. For more, go to:

https://otn.oracle.com/deploy/security/pdf/2003alert53.pdf

**********

Red Hat, Mandrake Linux release updated GtkHTML package

A flaw in the GtkHTML code, a widget that renders HTML in the Evolution e-mail reader, could be exploited to crash the mail client. Version of Evolution prior to 1.2.4 contain the bug. For more, go to:

Red Hat:

https://rhn.redhat.com/errata/RHSA-2003-126.html

Mandrake Linux:

https://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:046

Related Evolution patch from Mandrake Linux:

https://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:045

**********

SGI patches BSD LPR Subsystem

A number of vulnerabilities have been found in the BSD LPR Subsystem for SGI IRIX. Though not installed by default, users should check their systems and download the appropriate patches. For more, go to:

https://www.networkworld.com/ftp://patches.sgi.com/support/free/security/advisories/20030406-01-P

**********

Debian patches gs-common

Insecure temporary files are created by ps2epsi, a script that is distributed with the gs-common package. A local attacker could exploit the vulnerability to overwrite files owned by the user that invokes ps2epsi. For more, go to:

https://www.debian.org/security/2003/dsa-286

Debian releases fix for LPRng

A flaw in the psbanner, a printer filter that creates a PostScript format banner and is part of LPRng, causes the creation of insecure temporary files. A fix is available. For more, go to:

https://www.debian.org/security/2003/dsa-285

**********

Conectiva releases mutt patch

New versions of mutt is available that fix a potential buffer overflow vulnerability. For more, go to:

https://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000626

**********

Immunix patches cvs vulnerability

A flaw in the Common Vulnerability System (CVS) for the Immunix Secured OS could be exploited by an anonymous user to gain write access to the cvs repository. A patch is available:

https://download.immunix.org/ImmunixOS/7+/Updates/RPMS/cvs-1.11.1p1-4_imnx_2.i386.rpm

Immunix releases kerberos update

According to an alert from Immunix, +ACI-Multiple vulnerabilities have been found in the MIT Kerberos suite. This release removes triple-DES support in Kerberos IV and cross-realm authentication in Kerberos IV, as both are known to be insecure. This release also fixes two denial-of-service attacks against the Kerberos daemons.+ACI- Grab the appropriate update from:

https://www.networkworld.com/ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/

Immunix releases PostgreSQL and MySQL updates

Immunix has released new versions of PostgreSQL and MySQL to fix a number of flaws in the database systems. The flaws could be exploited in a denial-of-service attack or to execute arbitrary commands against the affected system. Grab the appropriate update from:

https://www.networkworld.com/ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/

Immunix patches glibc

As we’ve reported recently, there’s an integer overflow in the Sun XDR RPC library, which is used in many glibc implementations. Immunix has a fix for its operating system. The source code can be downloaded from:

https://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/glibc-2.2-12_imnx_28.src.rpm

**********

Today’s roundup of virus alerts:

Nothing new to report today. Instead we bring you the top 5 viruses for the week of April 7-13, according to Computer Associates.

1. Win32/Lovgate.F.Worm

2. IRC.Flood

3. Win32.Bugbear   

4. Win32.Gibe.B

5. Win32.Ganda.A

**********

From the interesting reading department:

Glitch forces Sallie Mae to increase monthly payments on 800,000 student loans

A computer programming error has forced Sallie Mae, the nation’s largest provider of student loans, to increase the monthly payments of 800,000 borrowers. Boston.com, 04/16/03.

https://www.boston.com/news/daily/16/sallie_mae.htm

Inkra adds intrusion detection

Inkra is adding intrusion detection to the security functions its hardware platforms can perform, potentially reducing the number of devices businesses have to install to protect their networks. Network World Fusion, 04/14/03.

https://www.nwfusion.com/news/2003/0414inkra.html

Server-side SSL boosts security

E-mail is rarely secure, but users rarely care. E-mail is secure enough for most users under most circumstances, even those involving transmission of sensitive content. People leave most messages unencrypted and unsigned because they believe the risks of eavesdropping and tampering are minimal – until someone proves otherwise. Customers have voted with their dollars in favor of e-mail products and hosted services that skimp on end-to-end security. Network World, 04/14/03.

https://www.nwfusion.com/columnists/2003/0414kobielus.html

Computer Associates works on security standards

Computer Associates International Monday threw its hat into the ring of companies and industry organizations that are advocating security open standards and best practices. IDG News Service, 04/14/03.

https://www.nwfusion.com/news/2003/0414casec.html

IMlogic adds security to IM Manager

IMlogic is rolling out an updated version of its IM Manager software, adding virus scanning, content filtering and antispam capabilities, in response to what it says is increasing concerns over the security of companies’ instant messaging infrastructures. IDG News Service, 04/14/03.

https://www.nwfusion.com/news/2003/0414imlogadds.html

Exchange 2003 gets new antispam, antivirus features

Microsoft detailed new antispam and antivirus features that will be incorporated into its upcoming Exchange Server 2003 software Monday, as part of the software giant’s continued Trustworthy Computing push. IDG News Service, 04/14/03.

https://www.nwfusion.com/news/2003/0414excha2003.html