• United States

CERT warns of Snort flaw

Apr 21, 20035 mins

* Patches from Debian, Conectiva, others * Beware NetBIOS Trojan * PDA and wireless security hot topic at RSA, and other interesting reading

Thanks to alert reader Barry Stone we may have a solution to the problem mentioned in our last newsletter. To recap the problem:

I have a Windows 2000 server and there is a CGI program that calls gethostbyname on the IIS site. It worked fine until I installed Win 2000 SP3 on the server. The CGI program always fails in calling gethostbyname and WSAGetLastError() returns error code 10022.When I Changed anonymous user account to Administrator or user who has permission as an administrator, this problem was gone, but I think this is not a ideal solution. What is wrong and how can I fix the problem?

Stone’s solution:

Make sure the program calls WSAStartup() before calling gethostbyname().

Thanks for the help.

Today’s bug patches and security alerts:

CERT warns of Snort flaw

Two preprocessor modules in the Snort intrusion detection systems (IDS) contain vulnerabilities that could be exploited to run arbitrary code on the affected system, according to an alert from CERT. Snort IDS versions 1.8 through 2.0 RC1 are affected by the problem. For more, go to: advisory:


Debian releases patch for Epic

A buffer overflow vulnerability has been discovered in Epic, an IRC client. The flaw could be exploited to crash the client and potentially run arbitrary code with the privileges of the Epic user. For more, go to:

Debian patches sendmail-wide

A buffer overflow flaw in the sendmail-wide’s address parsing code could be exploited by a malicious user. Debian is recommending that users upgrade their packages to protect against this flaw. For more, go to:

Debian issues fix for OpenSSL flaw

According to an alert from Debian, “Researchers discovered two flaws in OpenSSL, a Secure Socket Layer library and related cryptographic tools. Applications that are linked against this library are generally vulnerable to attacks that could leak the server’s private key or make the encrypted session decryptable otherwise.” For more, go to:

Fix available for Debian’s rinetd

A security vulnerability has been found in rinetd, an IP connection redirection server. A problem with memory sizing could be exploited in a denial-of-service attack or to potentially run arbitrary code on the affected machine. For more, go to:


Conectiva patches ethereal

A number of vulnerabilities have been found in ethereal, a network monitoring application. The flaws could be exploited in a denial-of-service attack or to run arbitrary code on the affected machine. For more, go to:

Conectiva releases fix for vixie-cron

A flaw in the vixie-cron package, a task scheduling utility, could be exploited by a local user to gain root privileges on the affected system. The crontab command does not properly drop it’s root privilege in some cases when a local user is scheduling tasks. For more, go to:


Mandrake Linux patches xfsdump

A flaw has been found in the way the xfsdump utility writes quota data to a file. The file is created in an unsafe manner. This could be exploited to gain root privileges. For more, go to:

Mandrake Linux issues eog patch

Versions 2.2.0 and earlier of the Eye of the GNOME (eog) program, used for displaying graphics, contain a vulnerability that could be exploited to run arbitrary code on the affected machine. An attacker would have to pass specially crafted filenames to eog in order to exploit this vulnerability. For more, go to:

Patch for Mandrake Linux’s kde3 implementation

According to an alert from Mandrake Linux, “A vulnerability was discovered by the KDE team in the way that KDE uses Ghostscript for processing PostScript and PDF files. A malicious  attacker could provide a carefully constructed PDF or PostScript file to an end user (via web or mail) that could lead to the execution of arbitrary commands as the user viewing the file. The vulnerability can be triggered even by the browser generating a directory listing with thumbnails.” For more, go to:


Today’s roundup of virus alerts:

Win32.Deborm.Q – This NetBIOS virus drops two backdoor Trojan horse programs on the infected machine. It targets other machines on the local network by attempting to log on to accounts with no passwords, such as Administrator, Guest and Owner. (Computer Associates)


From the interesting reading department:

Office workers give away passwords for a cheap pen

Workers are prepared to give away their passwords for a cheap pen, according to a somewhat unscientific – but still illuminating – survey published today. The second annual survey into office scruples, conducted by the people organizing this month’s InfoSecurity Europe 2003 conference, found that office workers have learned very little about IT security in the past year. The Register, 04/17/03.

CA takes charge on security management

Computer Associates last week announced it is spearheading an effort to establish common industry specifications for building security information management products. Network World, 04/21/03.

PDA and wireless security hot topic at RSA

Companies offering products to secure content stored on wireless devices were out in force at this year’s RSA Conference in San Francisco, underscoring the increased urgency with which companies are addressing the security threats posed by mobile workers. IDG News Service, 04/17/03.