Flaw in Cisco Access Control Server for Windows

Opinion
Apr 24, 20035 mins

* Patches from Microsoft, Red Hat, Gentoo, others * Beware latest e-mail worm exploiting SARS * Review: Windows 2003, and other interesting reading

Today’s bug patches and security alerts:

Flaw in Cisco Access Control Server for Windows

Cisco is warning of a buffer overflow vulnerability in its Access Control Server (ACS) for Windows, which could be exploited in a denial-of-service attack or to gain administrative privileges on the affected machine. A workaround for the problem is to block external access to port 2002 on the ACS machine. A software patch is also available. For more, go to:

https://www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtml

**********

Latest Microsoft bulletins affect Outlook, IE

Two product security patches from Microsoft target a number of critical security flaws in the Outlook Express e-mail application and Internet Explorer Web browser. IDG News Service, 04/23/03.

Story:

https://www.nwfusion.com/news/2003/0423latesmicro.html

Cumulative patch for Outlook Express:

https://www.microsoft.com/technet/security/bulletin/MS03-014.asp

Cumulative patch for Internet Explorer:

https://www.microsoft.com/technet/security/bulletin/MS03-015.asp

Microsoft issues WebDAV patch for NT 4.0

Microsoft has issued an updated advisory for IIS 5.0 users. A previous patch fixed the WebDAV components running on Windows 2000 for which there was an exploit in the wild. Further investigation by Microsoft found that Windows NT 4.0 is also vulnerable to attack, so a patch for that operating system has been added to the original advisory. For more, go to:

https://www.microsoft.com/technet/security/bulletin/MS03-007.asp

Latest Windows XP patch can slow down PCs

Microsoft’s latest security patch can cause computers running Windows XP to slow down to a crawl, affected users say. Windows XP can take up to 10 seconds to start an application after installation of the patch released last Wednesday with security bulletin MS03-013, users wrote in dozens of postings on several online discussion boards. Removing the patch brings system speed back to normal, according to these users. [I can personally attest to this problem as a member of my family had their XP machine suddenly slow to a crawl. After ruling out viruses, spyware or other rogue apps, they rolled back the machine to the point just before this patch was applied and everything worked great.] Microsoft is looking into the issue. IDG News Service, 04/22/03.

https://www.nwfusion.com/news/2003/0422lateswindo.html

**********

Red Hat updated ethereal

A number of vulnerabilities have been found in ethereal, a network monitoring application. The flaws could be exploited in a denial-of-service attack or to run arbitrary code on the affected machine. For more, go to:

https://rhn.redhat.com/errata/RHSA-2003-076.html

**********

Red Hat, Conectiva patch tcpdump vulnerabilities

A number of vulnerabilities have been found in the tcpdump, a command-line utility for monitoring network traffic. Many of the flaws involve improper bounds checking and buffer overflows that could be exploited in a denial-of-service attack. One vulnerability could potentially be used to run arbitrary code on the affected machine. For more, go to:

Red Hat

https://rhn.redhat.com/errata/RHSA-2003-032.html

Conectiva:

https://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000629

**********

Conectiva patches balsa

A buffer overflow has been patches in balsa, a GNOME e-mail client based on some code from mutt, a text-based e-mail client. According to the advisory from Conectiva, “An attacker who is able to control an IMAP server accessed by Balsa can exploit this vulnerability to remotely crash the client or execute arbitrary code with the privileges of the user running it.” For more, go to:

https://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000630

**********

Gentoo releases snort patch

As we reported in our last newsletter, two preprocessor modules in the open-source Snort intrusion detection (IDS) tool contain vulnerabilities that could be exploited to run arbitrary code on the affected machine. Gentoo has releases a patch for its implementation of Snort. For more, go to:

https://forums.gentoo.org/viewtopic.php?t=49268

**********

Debian patches ircii

A buffer overflow in the ircii IRC chat client could be exploited by an attacker with control over a remote server. The flaw could be exploited in a denial-of-service or to potentially run arbitrary code on the affected machine. For more, go to:

https://www.debian.org/security/2003/dsa-291

Temporary file flaw in Debian mime-support packages

A flaw in the mime-support packages for Debian could allow an attacker to arbitrarily overwrite files with the privileges of the user ID running certain mail programs, most likely root. A patch is available. For more, go to:

https://www.debian.org/security/2003/dsa-292

Debian releases patch for gkrellm-newsticker

Two security vulnerabilities have been found in gkrellm-newsticker, a plug-in for the gkrellm system monitor program, which provides a news ticker from RDF feeds. The flaws could be exploited to run arbitrary shell commands on the affected machine. For more, go to:

https://www.debian.org/security/2003/dsa-294

Debian issues patch for kdelibs

According to an alert from Debian, “The KDE team discovered a vulnerability in the way KDE uses Ghostscript software for processing of PostScript (PS) and PDF files.  An attacker could provide a malicious PostScript or PDF file via mail or Web sites that could lead to executing arbitrary commands under the privileges of the user viewing the file or when the browser generates a directory listing with thumbnails.” For more, go to:

https://www.debian.org/security/2003/dsa-293

**********

Today’s roundup of virus alerts:

E-mail worm exploits SARS anxiety

In the latest example of computer virus writers capitalizing on current events, an e-mail worm uses fears about SARS to entice users into opening a file attachment, infecting host machines and helping spread the virus to other machines on the Internet. IDG News Service, 04/23/03.

https://www.nwfusion.com/news/2003/0423newemai.html

**********

From the interesting reading department:

The Network World 200

Our annual look at the biggest companies in networking. See who’s rising, who’s falling and who’s treading water. Network World, 04/21/03.

https://www.nwfusion.com/nw200/2003/

Review: Windows 2003

We tested Windows Server 2003, which officially launches this week, and found that Microsoft’s new server operating system delivers better performance, tighter security and easier management than its predecessor. Network World, 04/21/03.

https://www.nwfusion.com/reviews/2003/0421rev.html