BEA releases patches for WebLogic line

Today’s bug patches and security alerts:

BEA releases patches for WebLogic line

Vulnerabilities have been found in a number of BEA WebLogic products. One vulnerability affects the way Tuxedo 8.0 and 8.1, WebLogic Enterprise 5.0.1 and 5.1, WebLogic Server and Express 5.1, 6.1, 7.0 and 7.0.0.1 handle SSL certificates. Another flaw was found in the way WebLogic Server and Express 7.0 and 7.0.0.1 handle passwords, leaving some in cleartext. Patches are available for both of these vulnerabilities:

https://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-31.jsp

https://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-30.jsp

**********

@Stake warns of password protection weakness in Apple AirPort

The security team at @Stake is warning of a password disclosure vulnerability with the management interface for the Apple AirPort wireless access point. Administering the device over an unencrypted wireless or nonsecure wired connection could allow a network sniffer to steal the password information. The best way to avoid this is to administer the device using a cross-over cable. For more, go to:

https://www.atstake.com/research/advisories/2003/a051203-1.txt

**********

Red Hat patches vulnerabilities in kernel

Red Hat has discovered three vulnerabilities in Version 2.4 of its Linux kernel. An update is available to fix these issues. For more, go to:

https://rhn.redhat.com/errata/RHSA-2003-172.html

Updated xinetd packages available from Red Hat

A flaw in the way memory was handled by xinetd could be exploited by a malicious user to cause a denial-of-service against the affected machine. A fix is available. For more, go to:

https://rhn.redhat.com/errata/RHSA-2003-160.html

New version of Red Hat’s KDE fixes flaws

Red Hat is reporting a couple of vulnerabilities have been found in the KDE graphical environment for its implementation of Linux. The flaws could be exploited by a malicious user to run arbitrary commands on the affected machine. For more, go to:

https://rhn.redhat.com/errata/RHSA-2003-002.html

Red Hat issues patch for tcpdump

A flaw in the way tcpdump handles certain privileges could be exploited to run commands as root. A fix is available. For more, go to:

https://rhn.redhat.com/errata/RHSA-2003-174.html

**********

SGI patches OpenSSL vulnerabilities

SGI has released a patch for its implementation of OpenSSL on the IRIX operating system. A number of vulnerabilities have been found in previous versions of the OpenSSL code. For more, go to:

https://www.networkworld.com/ftp://patches.sgi.com/support/free/security/patches/6.5.19/

**********

SCO patches kernel module loader

According to an alert from SCO, “The kernel module loader in the Linux kernel allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.” The vulnerability affects SCO’s OpenLinux operating sysetm. For more, go to:

ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-020.0.txt

SCO issues patch for mgetty

A couple of flaws have been found in the mgetty fax package for OpenLinux. The first could exploited to modify the permissions of a fax transmission. The other flaw could be exploited in a denial-of-service attack or to execute arbitrary code on the affected machine. For more, go to:

ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-021.0.txt

**********

Today’s roundup of virus alerts:

W32/Lovgate-J – Another version of the Lovegate family of worms. Sophos says it has not seen this one in the wild yet, but will be adding definitions for it in its July 2003 update. (Sophos)

W32/Winur-D – A virus that spreads via ICQ and peer-to-peer filesharing networks. Every 10 seconds, the virus launches a denial-of-service attack using ping www.whitepower.org -l 65500 -t. (Sophos)

The top five viruses for the week of May 5, according to Computer Associates:

1. Win32.Klez.H  

2. Win32.Bugbear

3. Win95.Spaces.Family

4. Win32.Yaha.E

5. Win32.Sobig

**********

From the interesting reading department:

Fizzer worm may be fizzling

Almost a week after it first appeared on the Internet, the Fizzer worm appears to be losing momentum, but experts disagree on whether or not the new computer virus has peaked. Fizzer was first detected late last week and spread slowly at first, according to a statement by antivirus company Sophos. IDG News Service, 05/13/03.

https://www.nwfusion.com/news/2003/0513fizzeworm.html

Security firms accept debate challenge

Last month, I invited four of the leading security hardware suppliers to a debate at the upcoming CeBIT America conference, and I’m pleased to report that all of them accepted the challenge. On June 18 in New York City, Network World Senior Editor and security expert Ellen Messmer will join me on stage to grill Cisco, Network Associates, Nokia and Symantec in the first portion of the Network World Security Showdown – an unscripted, presidential-style debate. Network World, 05/12/03.

https://www.nwfusion.com/columnists/2003/0512edit.html

Plugging corporate data leaks

Have you ever forwarded an e-mail to someone, then realized you left in original comments that the recipient wasn’t supposed to see? Or maybe you accidentally forwarded a private company memo to a journalist or client? Company information should be guarded at all times, and accidentally sending private information can be just as bad as doing it on purpose. Network World, 05/12/03.

https://www.nwfusion.com/columnists/2003/0512schwartau.html