* Patches from SGI, Debian, others * Beware the latest Trojans * Intrusion prevention to highlight RSA show, and other interesting reading
Today’s bug patches and security alerts:
Apple releases Mac OS X 10.2.5 to fix a number of flaws
The new Mac OS X 10.2.5 releases fixes a number of vulnerabilities that have been plaguing Unix-based systems over the past couple weeks. Version 10.2.5 includes patches for Apache 2.0, OpenSSL, Samba, sendmail and DirectoryService vulnerabilities. Some of these flaws could be exploited to run arbitrary code on the affected machine. For more, go to:
Updating from Mac OS X 10.2.4:
https://www.info.apple.com/kbnum/n120210
Updating from Mac OS X 10.2 through 10.2.3:
https://www.info.apple.com/kbnum/n120211
**********
SGI warns of Brocade switch vulnerability
According to an alert from SGI, “The Brocade firmware is not part of IRIX and is in fact not installed on any IRIX machine, but is instead shipped installed in certain Brocade switches SGI supplies in certain system configurations. This vulnerability could result in a denial of service attack on TCP/IP connectivity to the switch. TCP/IP connectivity for the switch is not a requirement for the switch to handle storage properly, and is there for management purposes.” For more, go to:
https://www.networkworld.com/ftp://patches.sgi.com/support/free/security/advisories/20030405-01-I
**********
SGI, Debian patch xfsdump
Xfsdump creates insecure temporary files that could be exploited to gain root access. For more, go to:
SGI:
https://www.networkworld.com/ftp://patches.sgi.com/support/free/security/advisories/20030404-01-P
Debian:
https://www.debian.org/security/2003/dsa-283
**********
Mandrake Linux updates Kernel 2.4
As we’ve reported over the past couple weeks, a number of Linux vendors have released update kernels to fix a variety of problems. The most serious could lead to a local user gaining root privileges on the affected system. Conectiva has released a patch for its kernel implementation. For more, go to:
https://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:038-1
**********
Debian releases mutt patch
New versions of mutt is available that fix a potential buffer overflow vulnerability. For more, go to:
https://www.debian.org/security/2003/dsa-274
Debian patches moxftp
A flaw in the bound checking of the moxftp client could be exploited to run arbitrary code on the affected machine. The code would have to be stored on a malicious FTP server. For more, go to:
https://www.debian.org/security/2003/dsa-281
**********
Debian, Gentoo update kdegraphics
A flaw in the way kdegraphics process PDF and PostScript files could be exploited to run arbitrary commands on the affected machine. An attacker would have to provide a malicious file via e-mail or a Web site to exploit the flaw. For more, go to:
Debian:
https://www.debian.org/security/2003/dsa-284
Gentoo (kde 3.x):
https://forums.gentoo.org/viewtopic.php?t=46837
Gentoo (kde 2.x):
https://forums.gentoo.org/viewtopic.php?t=47058
**********
Conectiva patches openssl
A flaw in the openssl package used in many Unix/Linux implementations could allow TSL/SSL communications to be passed in plain text. Conectiva users can get more information and a patch from:
https://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625
Conectiva releases patch for man
A flaw in the way the man (manual) command is implemented could allow a malicious user to run arbitrary files on the affected machine. To exploit this flaw, the attacker would have to insert an executable into system path. For more, go to:
https://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000620
Conectiva issues zlib fix
A buffer overflow in zlib’s gzprintf() function could be exploited in a denial-of-service attack or possibly run arbitrary code on the affected machine. For more, go to:
https://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000619
**********
FileMaker Pro database passwords vulnerable
A flaw in the way the FileMaker Pro database server verifies passwords with a FileMaker client could be exploited by an attacker to steal the password information. For more information, go to:
https://www.filemaker.com/ti/108462.html
**********
Today’s roundup of virus alerts:
W32/Refoav-A – Another e-mail virus that comes in a message entitled “Fw:Ipresionante” and an attachment called “foavre.exe”. The virus displays a number of non-English messages on the infected machine’s screen. (Sophos)
RedKod.13 – A Trojan horse that infects Windows XP, 2000 and NT. The virus opens port 4820 and allows an attacker to send messages via e-mail, run files, view documents and restart the computer. (Panda Software)
Doahi – A Trojan horse that shuts down the infected machine. Arrives as a file called “die.exe”. (Panda Software)
Cult.C – Another e-mail virus. This one spreads as an attachment called “BLUEMOUNTAINECARD.PIF.” It can act as a Trojan by opening a port for access by a third party. If you block .PIF files at the mail gateway, there should be no chance of this one getting through. (Panda Software)
W32/Lovgate-E and G – These viruses seem to be the same. They spread via e-mail and network shares and can allow an attacker in through a backdoor, giving them administrator access. (Computer Associates, Sophos)
WM97/Kingpawn-A – This Word macro virus seems to spread via various IRC chat programs. The virus sets an editing password of “IAMAPORNKING” on infected documents. (Sophos)
W32/Ganda-A – A worm that spreads via e-mail and infects .EXE and .SCR files. The virus will also attempt to terminate any running process named firewall, security, antivirus etc. (Sophos)
**********
From the interesting reading department:
Be the hacker
Ethical hacking of your own Web site can reveal problems and vulnerabilities before the bad guys find them. Network World, 04/14/03.
https://www.nwfusion.com/research/2003/0414hack.html
Intrusion prevention to highlight RSA show
Attendees at this week’s RSA Conference will get a good look at an emerging cluster of products designed to identify attacks and block nefarious traffic before it can invade corporate networks. Network World, 04/14/03.
https://www.nwfusion.com/news/2003/0414rsa.html
Nortel raises VoIP security flag at RSA show
Nortel this week will use the RSA show to roll out product enhancements designed to help lock down IP telephony networks. Network World, 04/14/03.
https://www.nwfusion.com/news/2003/0414rsaside2.html
XML security standard touted at show
A group of application security vendors affiliated with the Organization for the Advancement of Structured Information Standards (OASIS) will next week announce a proposal for an XML standard for application vulnerabilities. The announcement will be made at the RSA Conference being held in San Francisco. IDG News Service, 04/11/03.
https://www.nwfusion.com/news/2003/0411standorgan.html
Citadel adds power to its scan-patch tool
Citadel next month plans to ship an updated version of its software scan-and-patch tool that promises to let users quickly install software patches or strip out a troublesome patch and apply the old code back into the application. Network World, 04/14/03.




