• United States

Trend Micro patches ‘p’ problem in eManager

May 27, 20036 mins

* Patches from Mandrake Linux, Slackware, others * Beware e-mail virus with "error.hta" attachment * Network World supplement: Security for today's workforce, and other interesting reading

Today’s bug patches and security alerts:

Trend Micro patches ‘p’ problem

A recent update to Trend Micro’s eManager e-mail security product did more than block spam e-mail – it took aim at the letter “p,” blocking all e-mail messages containing the popular consonant. IDG News Service, 05/23/03.

eManager update page:


Microsoft works to fix backup compatibility flaw

A change to Microsoft’s tape back-up feature makes file back-up tapes created with Windows Server 2003 incompatible with previous versions of Windows including Windows XP and Windows 2000. The problem is due to a change in the Windows Server 2003 version of the free ntbackup.exe utility that comes with Windows operating systems and was first disclosed in the online security news group NTBugtraq. IDG News Service, 05/23/03.

Microsoft warns firewall does not block IPv6 traffic

Microsoft is warning Windows XP and 2003 users of a flaw in the way its Internet Connection Firewall (ICF) or Basic Firewall handle IPv6 traffic. When IPv6 is enabled and the firewall is turned on, IPv4 traffic will be filtered properly, but all IPv6 traffic will be allowed through. For more, go to:;EN-US;Q306203


Slackware, Mandrake Linux patch GnuPG

A flaw in the way keys held my multiple users is validated could allow certain users greater access than they’re intended to recieve. For more, go to:


Mandrake Linux:


Slackware releases patch for XDR overflow

A overflow vulnerability in the xdrmem_getbytes() function that’s part of the XDR RPC library could be exploited to run arbitrary code on the affected machine. For more, go to:

Slackware issues patch for quotacheck

A bug has been found in the way certain options in the quotacheck application are used. For more, go to:

Slackware pathces BitchX

A flaw in BitchX, an IRC client, could be exploited by an attacker to write outside the buffer boundaries causing a denial-of-service. The vulnerability could also be exploited to run arbitrary code on the affected machine. For more, go to:

Slackware users can download mod_ssl update

An upgrade to mod_ssl is available that “provides RSA blinding by default which prevents an extended timing analysis from revealing details of the secret key to an attacker,” according to an alert from Slackware. For more, go to:

Slackware patches flaw in EPIC4 IRC client

A flaw in the EPIC4 IRC client could be exploited by a malicious IRC server operator to crash the affected client or potentially run arbitrary code on the machine. For more, go to:


Mandrake Linux updates LPRng

A flaw in LPRng’s psbanner use of temporary files could be exploited in symlink attack to overwrite certain file on the affected machine. For more, go to:

Mandrake Linux patches lpr

According to an alert from Mandrake Linux, “A buffer overflow was discovered in the lpr printer spooling system that can be exploited by a local user to gain root privileges.  This can be done even if the printer is configured properly.” For more, go to:


Today’s roundup of virus alerts:

W32/Anacon-B – A mass mailing worm with a Trojan horse component that allows backdoor access to the infected machine. The virus spreads via Outlook, network shares and peer-to-peer networks. (Sophos)

VBS/Petik.N – A nasty little virus that attempts to overwrite all files on the infected machine. It spreads via network shares, making it more dangerous in a corporate network. (Panda Software)

W32/Melare – A nondestructive virus that spreads via e-mail with a subject line of “Alert! SARS is being Spread!” and an attachment called “SARS_IMAGE.JPG”. It just send itself out to everyone listed in the infected machine’s Outlook address book. (Panda Software)

W32/Redisto – This virus spreads via e-mail and peer-to-peer networks. It blocks firewall and antivirus applications on the infected machine. (Panda Software)

WM97/Panjang-A – A Word macro virus that seems to infected Office 95 documents but does not seem to cause permanent damage. (Sophos)

Troj/Peido-B – A virus that spreads via e-mail with an attachment called “error.hta”. The virus drops a Trojan horse program on the infected machine. (Sophos)

WM97/Lazy-C – Similar to WM97/Panjang-A, this virus infects Office 95 documents but does not seem to cause permanent damage. (Sophos)


From the interesting reading department:

Network World supplement: Security for today’s workforce

Wireless LANs, remote access from anywhere, instant messaging. Today’s sophisticated workforce is demanding more of the corporate network. Meeting their needs securely is the greatest concern of today’s network executive. The following special content will help guide you through your latest security options. Network World, 05/26/03.

The human firewall

Giving out sensitive data to people without first authenticating their identity and access privileges is one of the most common and worst mistakes employees can make. Allowing a stranger inside an organization without authorization is yet another example of a broken link in the human firewall chain. Network World, 05/26/03.

Cisco tightens security

Cisco is wheeling out a smorgasbord of security upgrades and advanced threat-protection technologies in an effort to help users integrate security management. Network World, 05/26/03.

802.11i shores up wireless security

802.11i includes two big security upgrades: Wi-Fi Protected Access (WPA) and Robust Security Network (RSN). Network World, 05/26/03.

ISS hatches ‘virtual patching’ plan

Internet Security Systems is readying technology it says could benefit companies fed up with current patch management techniques. More precisely, ISS will enable its vulnerability-assessment scanner to gang up with its network- and host-based intrusion-detection systems (IDS) to stop newly discovered attacks or worms that could damage unprotected servers or desktops on enterprise networks. Network World Fusion, 05/26/03.