• United States

Cisco releases Catalyst software update

Apr 28, 20035 mins

* Patches from SGI, Red Hat, others * Beware virus that spreads via e-mail with subject line "Saludos" * Privacy concerns dog initial RFID plans, and other interesting reading

A number of Network World reporters, myself included, will be in Las Vegas this week covering NetWorld+Interop. We’ll keep you up to date on all the show happenings via our breaking news page and our N+I Weblog:

Breaking news page:


Today’s bug patches and security alerts:

Cisco releases Catalyst software update

A flaw in Version 7.5(1) of the Cisco Catalyst software could allow a malicious user to gain access to enable mode without a password. Once inside the system, the attacker can gain higher levels of access by bypassing password authentication. Catalyst users should upgrade to software Version 7.6(1) to fix the problem. For more, go to:


New version of Bugzilla available

Versions of Bugzilla prior to 2.16.3 contain a vulnerability that could echo raw HTML back to a user, a flaw that could be exploited in a symlink attack. Version 2.16.3 fixes the problem. For more, go to:


Debian, SuSE release new KDE/kdelibs packages

A flaw in the way KDE and kdelibs uses Ghostscript software to process PostScript and PDF files could be exploited to run arbitrary code on the affected machine. An attacker would have to provide a malicious PostScript or PDF file via e-mail or a Web server. For more, go to:




Mandrake Linux updates ethereal

A number of vulnerabilities have been found in ethereal, a network monitoring application. The flaws could be exploited in a denial-of-service attack or to run arbitrary code on the affected machine. For more, go to:


SGI patches password flaw in Irix LDAP

SGI’s implementation of LDAP for its Irix operating system contains a flaw in the way certain passwords are verified. Current implementations do not check whether LDAP server provides the “Userpassword” attribute for each entry in the password database. A malicious user could exploit this to log on without a password. For more, go to:

SGI updates patch for BSD LPR Subsystem

A previous patch for the BSD LPR Subsystem implementation for Irix did not properly fix the vulnerabilities in the code. A new patch is available with all the proper updates. For more, go to:


Red Hat patches mICQ

Version 0.4.9 and earlier of mICQ, a messaging and conferencing program, contain a vulnerability that could be exploited in a denial-of-service attack. The denial-of-service could be caused by sending malformed ICQ packets to the affected mICQ client. For more, go to:

Red Hat releases patch for LPRng package

A temporary file vulnerability has been found in the LPRng print spooler package. An attacker could use a symbolic link attack to write arbitrary files with the privileges of “lp”. For more, go to:

Red Hat fixes cross-scripting flaw in squirrelmail

A number of cross-scripting vulnerabilities have been found in squirrelmail, a PHP-based Webmail package. The flaws could be exploited by a remote attacker to run scripts on the affected machine. For more, go to:


Today’s roundup of virus alerts:

Opex – This worm spreads through peer-to-peer file sharing networks by making copies itself on the infected machine with names that make the file look like a utility application. (Panda Software)

Tavo – A virus that spreads mainly via e-mail messages with a subject line of “Saludos” and an attachment called “IESRACK.VBS”. On the 11th of each month, the virus displays a message. On 12/1, it deletes file in My Documents and on 12/9 it displays more messages. Finally, every 8 minutes, the virus checks the floppy drive for a writeable disk to infect. (Panda Software)

Morb – This Trojan horse spreads through e-mail, IRC and peer-to-peer networks. It replies to all messages in the infected machine’s inbox with a copy of itself attached. It also opens port 81 to allow access by a remote attacker. (Panda Software)

Alor – Another Trojan horse that allows an attacker to access the infected machine via port 12345. The attacker could carry out several actions on the machine. (Panda Software)


From the interesting reading department:

Windows Server 2003 Security Guide:

Review: WatchGuard Firebox V200 firewall/VPN

WatchGuard Technologies, a leader in small office/home office firewall/ VPN appliances, is targeting the big boys with a high-end device aimed squarely at Cisco’s PIX 535 and NetScreen Technologies’ NetScreen-5200. Network World, 04/28/03.

RenewData uncovers, prevents ‘smoking guns’

Start-up RenewData is at the center of a ripe and growing business thanks to government regulations aimed at uncovering corporate malfeasance. The company is focused on recovering e-mail messages and files attorneys and clients request from the hundreds of tapes that businesses keep offsite. Network World Fusion, 04/24/03.

Privacy concerns dog initial RFID plans

Now Benetton appears to be retreating from its RFID endorsement after privacy objections. This month the company declared that no microchips are present in the garments it produces and sells, and that it hasn’t made any decisions about using RFID. Network World, 04/28/03.

Wireless security is rising, but it’s not fully baked yet

In interoperability testing that NetWorld+Interop’s iLabs Wireless Security team conducted earlier this month, we found that products supporting 802.1X – the proposed standard for authentication in wireless networks – worked well together most of the time, but we identified some problem areas that need attention from standards bodies and vendors alike. Network World, 04/28/03.