Cisco Content Switch flaw fixed

Today’s bug patches and security alerts:

DoS vulnerability in Cisco Content Switch 11000 Series

According to an alert from Cisco, “The Cisco Content Service Switch (CSS) 11000 and 11500 series switches respond to certain DNS name server record requests with an error code and no Start of Authority (SOA) records, which can be negatively cached by some DNS name servers resulting in a potential denial-of-service attack for a particular domain name hosted by a CSS.” For more, go to:

https://www.cisco.com/warp/public/707/cisco-sa-20030430-dns.shtml

**********

Conectiva releases Apache update

Two vulnerabilities have been found in the popular Apache Web server. The first could be exploited in a denial-of-service attack against the affected machine. A second vulnerability leaks information about CGI scripts running on the server. For more, go to:

https://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000632

Conectiva issues glibc patch

One of the functions in the Conectiva’s glibc library contains an integer overflow vulnerability that could be exploit to crash any application that calls the function. A patch is available. For more, go to:

https://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000633

**********

Red Hat fixes zlib

A buffer overflow vulnerability has been found in zlib, a lossless compression utility called by many other applications. An update is available to fix this flaw. For more, go to:

https://rhn.redhat.com/errata/RHSA-2003-079.html

Red Hat issues patch for MySQL

Two flaws have been found in Red Hat’s implementation of the popular MySQL database. One flaw could be exploited to crash the service and the other to gain root access. Any one using a version of MySQL prior to 3.23.56 is probably affected by one or both of the problems. For more, go to:

https://rhn.redhat.com/errata/RHSA-2003-093.html

**********

Mandrake Linux, EnGarde and Debian release snort patches

As we’ve been reporting, two preprocessor modules in the open-source Snort intrusion detection (IDS) tool contain vulnerabilities that could be exploited to run arbitrary code on the affected machine. Mandrake Linux, EnGardge and Debian have released patches for their implementations of Snort. For more, go to:

Mandrake Linux:

https://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:052

EnGarde:

https://www.linuxsecurity.com/advisories/engarde_advisory-3217.html

Debian:

https://www.debian.org/security/2003/dsa-297

**********

Gentoo, Conectiva patch balsa

A buffer overflow has been patches in balsa, a GNOME e-mail client based on some code from mutt, a text-based e-mail client. An attacker with control of an IMAP server could exploit the vulnerability to cause a denial of service or to run arbitrary code on the affected machine. For more, go to:

Gentoo:

https://forums.gentoo.org/viewtopic.php?t=51074

Conectiva:

https://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000635

**********

EnGarde release tcpdump update

A number of vulnerabilities have been found in tcpdump, a network monitoring utility. EnGarde has issued a patch for the problem and is urging users to upgrade as soon as possible. For more, go to:

https://www.linuxsecurity.com/advisories/engarde_advisory-3218.html

**********

Gentoo issues patch for mgetty

A couple of flaws have been found in the mgetty fax package for Gentoo. The first could exploited to modify the permissions of a fax transmission. The other flaw could be exploited in a denial-of-service attack or to execute arbitrary code on the affected machine. For more, go to:

https://forums.gentoo.org/viewtopic.php?t=50570

Gentoo reports flaw in monkeyd

A buffer overflow exists in the way monkeyd handles forms submitted with the POST request method. Gentoo is recommending users download the appropriate update. For more, go to:

https://forums.gentoo.org/viewtopic.php?t=50568

Gentoo warns of buffer overflow in pptpd

A buffer overflow vulnerability has been found in pptpd’s handling of 16-bit packet headers. Gentoo recommends users update their pptpd packages as soon as possible. For more, go to:

https://forums.gentoo.org/viewtopic.php?t=50569

**********

Today’s roundup of virus alerts:

W32/Cailont-A (Also known as Nolor) – A typical worm that spreads via e-mail with varying subject lines and body text. Once infected, the virus will open up a Web page with VBS script embedded in it and begin spreading to other machines. (Sophos, Panda Software)

W32/Kullan-A – A backdoor program that can provide access to the infected machine. The attacker could view keystroke logs, e-mail files and other sensitive data. (Sophos)

W97M/Aurity – This Word macro virus infects individual documents as well as the global Normal.dot template file. The virus disables macro protection on the infected machine. (Panda Software)

W32/Halfint – A virus that spreads via file-sharing services and network shares. The virus creates 36 copies of itself with varying names. It does not cause any permanent damage to the machine it infects. (Panda Software)

Bck/Optix.Pro.13 – A backdoor program that opens port 3410 to outside access. The virus also attempts to terminate antivirus and firewall-related processes on the infected machine. (Panda Software)

**********

From the interesting reading department:

Systematic security

Protecting your IT infrastructure requires translating security policy into people, processes and technology. Network World, 05/05/03.

https://www.nwfusion.com/careers/2003/0505man.html

Product Peek: Alexander SPK for Windows

Living through a server crash on Microsoft Windows can try the patience of the most seasoned system administrator. While the frequency of crashes has been greatly reduced since the release of Windows 2000 Server, it still happens – and usually at the most inopportune time. Determining the cause of a crash is not a task for the faint of heart – unless you have Alexander System Protection Kit (SPK) for Windows. Network World, 05/05/03.

https://www.nwfusion.com/reviews/2003/0505productpeek.html

ID management software gathers steam

Identity management software promises to automate the process of time-intensive tasks such as setting up user groups, access rules and workflow rights by using myriad technologies including directories, single sign-on, authentication and certification. Network World, 05/05/03.

https://www.nwfusion.com/news/2003/0505identitymgmt.html

Corp. security spending not in line with real-world requirements

A new study shows that most large companies don’t spend enough of their IT budgets on upgrading their security infrastructures – a situation that could lead to bigger problems in the face of government legislation and corporate mergers and acquisitions. Network World, 05/05/03.

https://www.nwfusion.com/news/2003/0505nemertes.html

Ecora boosts patch-management pack

With patch management quickly becoming a cog in a larger process to secure desktops and servers, vendors continue to construct platforms that tie together patch and configuration management software into one platform. Network World, 05/05/03.

https://www.nwfusion.com/news/2003/0505ecora.html

Bush aide: R&D low priority for security

After successfully creating a new domestic security framework since the attacks of Sept. 11, 2001, the federal government must tackle the bigger job of building on that framework and putting new security systems and procedures into place, according to a senior White House advisor on science and technology policy. IDG News Service, 05/02/03

https://www.nwfusion.com/news/2003/0502bushaide.html