• United States

Cisco reports VPN vulnerabilities

May 12, 20035 mins

* Patches from SCO, Red Hat, Conectiva, others * Beware "Mother's Day Virus" * Check Point digs deep into packets, and other interesting reading

Today’s bug patches and security alerts:

Cisco reports VPN vulnerabilities

Cisco Wednesday warned customers of three vulnerabilities in its Cisco VPN 3000 Series concentrators and VPN 3002 Hardware Client that could allow attackers to see private data or carry out a denial-of-service attack. There are workarounds to mitigate the effects of these vulnerabilities, and users can protect against them by upgrading to the latest version of code for the devices, according to an advisory from Cisco. The Cisco 3005, 3015, 3030, 3060 and 3080 VPN Concentrators and the Cisco VPN 3002 Hardware Client all may be affected by the vulnerabilities. IDG News Service, 05/08/03.


Cisco advisory:


SCO warns of tcp packet handling flaw in OpenLinux

According to an alert from SCO, “Allowing TCP packets with both the SYN and FIN bits set significantly improve an attacker’s chances of circumventing a firewall.” For more, go to:

SCO patches file command

A buffer overflow in OpenLinux’s file command could be exploited by providing a malicious binary file to examine. A patch is available for the vulnerability. For more, go to:

SCO: Several vulnerabilities in Samba

SCO has released an updated version of Samba for OpenLinux that fixes a number of serious vulnerabilities in earlier versions of the code. The flaws could be exploited to execute arbitrary commands on the affected machine. For more, go to:


New redhat-config-network package fixes bugs

A number of bugs have been found in the redhat-config-network, a package for configuring network access in Red Hat Linux 7.3. The bugs are less security related and more performance related. For more, go to:


Conectiva patches buffer overflow in slocate

A buffer overflow vulnerability exists in slocate, a utility for indexing and finding files, that could be exploited to gain the privileges of the slocate user. A fix is available. For more, go to:


Mandrake Linux patches kopete

A flaw in the GnuPG plug-in for kopete, a KDE instant messenger client, could be exploited to run arbitrary commands on the affected machine. For more, go to:


Today’s roundup of virus alerts:

W32/Randon-I – A worm that spreads via network shares and an open port 445. The virus looks to exploit poorly configured usernames and passwords. It allows access to the infected machine to unauthorized users via IRC channels. (Sophos)

W32/Fizzer-A – Another worm that acts as a Trojan horse as well. The virus spreads via Outlook and provides access to the infected machine via IRC channels. (Sophos, Central Command)

Troj/Boa-A – This is a key logging Trojan horse that periodically sends what it logs to its author. Usernames and passwords, as well as other sensitive information, could be swept up by this Trojan. (Sophos)

W32/Kickin-A – A virus that spreads via e-mail – using a variety of subject lines, messages and attachment names – and peer-to-peer applications. The virus tries to open IE every 5 minutes and points at one of three Web sites. (Sophos)

Troj/Sdbot-Fam – A family of Trojan horse programs that provide access to the infected machine via IRC. The Trojan’s run as a background process waiting for a connection. (Sophos)

CERT warns of Mother’s Day threat

The CERT Coordination Center is warning Internet users to beware of a new e-mail-borne threat that could allow an attacker to run malicious code on a victim’s computer. The new threat, known as “Peido-B,” “VBS/Inor.B” or “Mother’s Day Virus” arrives in an e-mail that masquerades as an administrative message.  IDG News Service, 05/09/03.


From the interesting reading department:

Symantec releases security tools

Symantec this week will announce two software packages intended to prevent security breaches. Vulnerability Assessment 1.0 is a host-based scanning tool that resides on servers and desktops. It continuously checks software for vulnerabilities so it can be patched or protected by temporarily blocking ports. Network World, 05/12/03.

Check Point digs deep into packets

Check Point next month is set to give its firewall customers the ability to detect and block application-layer attacks such as Code Red, Nimda and SQL slammer worms. Network World, 05/12/03.

Passport flaw leaves user info up for grabs

Microsoft has scrambled to shut down a flaw in its Passport service that could potentially reveal users’ critical personal information, a company spokesman confirmed Thursday. The flaw, which was reported to the company late Wednesday, was located in the service’s password recovery system and would allow attackers to change an account password if they knew the user name. IDG News Service, 05/08/03.

Passport woes point to process, credibility problems

The disclosure Wednesday of a serious security vulnerability in the .Net Passport service underscored shortcomings with the development and management of the single sign-on technology and may undermine Microsoft’s efforts to win wider adoption of Passport among businesses and individuals, an industry analyst said. IDG News Service, 05/09/03.

Fluffi Bunni worked for Siemens

A man reputed to be the leader of an international hacking ring worked in the U.K. offices of Siemens Communications, according to a statement released by the company. IDG News Service, 05/08/03.

IBM spinoff aims to secure servers

Start-up 14 South Networks – an IBM spinoff – this week is scheduled to debut a blade that slides into PCI-based servers and provides firewall and VPN protection based on Check Point technology. Network World, 05/12/03.