Enron Mail

From: vince.kaminski@enron.com To: vkaminski@aol.com Subject: Top 10 viruses Cc: Bcc: Date: Tue, 7 Nov 2000 09:05:00 -0800 (PST) ---------------------- Forwarded by Vince J Kaminski/HOU/ECT on 11/07/2000 05:12 PM --------------------------- "NW Security and Bug Patch Alert" <Security-BugPatch@bdcimail.com< on 11/07/2000 12:01:16 PM Please respond to "Security and Bug Patch Alert Help" <NWReplies@bellevue.com< To: <vkamins@enron.com< cc: Subject: Top 10 viruses NETWORK WORLD FUSION FOCUS: JASON MESERVE on SECURITY AND BUG PATCH ALERT 10/30/00 - TODAY'S FOCUS: Top 10 viruses Dear Wincenty Kaminski, In this issue: * Patches and alerts, including three from Microsoft * New viruses, including a Sonic variant * A Carnivore debate, and other interesting reading ~~~~~~ This newsletter sponsored by LUCENT TECHNOLOGIES ~~~~~~~ Voted "Best in Test" and a "Good Buy" for carrier/ISP applications, Lucent Technologies' Secure VPN Solutions garnered top ratings by Mier Communications' recent Independent Lab Test Report. The products, which included Lucent's VPN Firewall Brick, Lucent Security Management Server, and the Lucent IPSec Client, were lab-tested using a methodology and test bed for evaluating VPNs in carrier-class applications. To obtain a copy of the report and for more information on Lucent Secure VPN Solutions, visit http://nww1.com/go/2029014a.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Did you know that Network World now has 36 newsletters? Get the latest network news in NetFlash Daily. Keep up to date with newsletters focused on your key technologies. Get bug alerts, financial news, product reviews, seminar alerts and much more - all in your inbox! Sign up today at: http://www.nwwsubscribe.com/foc35/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Today's Focus: Top 10 viruses --------------------------------------------------------------- By Jason Meserve (write me at jmeserve@nww.com) To start off the month of November, here is a list of the Top 10 reported viruses for October, courtesy of Sophos: 1. W32/Apology-B. 2. VBS/LoveLet-AS. 3. VBS/Kakworm. 4. W32/Qaz. 5. XM97/Jini-B. 6. VBS/LoveLet-G. 7. WM97/Marker-C. 8. W32/Pretty. 9. (tie) W32/Flcss. 9. (tie) WM97/Thus-T. Today's bug patches and security alerts: Microsoft releases patch for "Indexing Services Cross Site Scripting" vulnerability We reported this vulnerability in the last edition of the newsletter - it was another Georgi Guninski find. Microsoft Internet Information Server contains a security hole that could allow a malicious user to inject code into a Web page that can be used to access a remote computer. A similar problem was discovered a few months ago in a previous version of the software. For more information: http://www.microsoft.com/technet/security/bulletin/fq00-084.asp Patch available for "Netmon Protocol Parsing" vulnerability The Network Monitoring tool that ships with Windows NT, 2000 and Microsoft System Management Server contains a flaw that could allow a malicious user to gain access to the affected system. The problem resides in Netmon's parsers, which have several unchecked buffers that can be exploited by sending a malformed frame to the server. For more information: http://www.microsoft.com/technet/security/bulletin/fq00-083.asp Patch available for "Malformed MIME Header" vulnerability By passing specially formed MIME headers to Microsoft Exchange Server 5.5, an external user can crash the server. The system will need to be rebooted before it will work again. For more information: http://www.microsoft.com/technet/security/bulletin/fq00-082.asp ********** Red Hat releases patch for kpackage The kpackage module that comes with Red Hat Linux 7.0 crashes when files are installed or uninstalled. Patches can be downloaded from: ftp://updates.redhat.com/7.0/i386/kpackage-1.3.10-7.i386.rpm ftp://updates.redhat.com/7.0/i386/kpackage-1.3.10-7j1.i386.rpm Updated svgalib package available The svgalib that ships with Red Hat Linux Powertools contains a bug that causes it to crash when the library is compiled into other applications. Updates can be downloaded from: ftp://updates.redhat.com/powertools/7.0/i386/svgalib-1.4.1-12.i386.rpm ftp://updates.redhat.com/powertools/7.0/i386/svgalib-devel-1.4.1-12.i386.rpm ********** HP reports vulnerability in dtterm Hewlett-Packard has released a patch for the dtterm module after it was discovered the module could be exploited to gain root access. The alert does not mention how this could be accomplished. Patches and workarounds can be found at the HP IT Resource page: http://itrc.hp.com ********** Allaire issues patch for JRun DoS vulnerability After a slew of patches last week for JRun, Allaire has returned again this week with another patch. This one protects against possible denial-of-service attacks. By sending malformed URLs, the Java servlet handler leaks memory and could consume all system resources. For more information and a patch: http://www.allaire.com/handlers/index.cfm?ID=18085&;Method=Full ********** FreeBSD reports DoS vulnerability in getnameinfo() function FreeBSD has issued a patch for the KAME project that fixes a problem in the getnameinfo() function, a protocol-independent name resolver library. By sending a malformed request to the function, it is possible under certain circumstances to crash the affected server. Patches can be downloaded from: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:63/getnameinfo.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:63/getnameinfo.patch.asc Top allows reading of kernel memory The top module, which displays system resource usage, contains a format string vulnerability that could allow unprivileged users to execute arbitrary code on the affected FreeBSD machine. For patches: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:62/top.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:62/top.patch.asc ********** USSR reports flaw in Ultraseek search engine USSR Labs is reporting a denial-of-service vulnerability in the Ultraseek search engine. By sending malformed URLs to port 8765 (Ultraseek's default port) it is possible to crash the search engine. For more information and links to patches: http://www.ussrback.com/labs56.html ********** Today's virus alerts: XM97/Divi-Y - A variant of the XM97/Divi-A Excel macro virus. No other information was given in the alert. (Sophos) XM97/Divi-W - Another variant of XM97/Divi-A. Puts the file ODR.XLS in the XLSTART subdirectory. (Sophos) XM97/Barisada-G - This Excel macro virus variant activates on April 24, 2001 between 2 p.m. and 3 p.m. It leads the user through a series of dialog boxes before attempting to delete the content of the infected spreadsheet. (Sophos) WM97/Class-FB - This Word macro virus is a morph of two previous viruses, WM97/Class-B and WM97/Panther. No other information was provided in the alert. (Sophos) Win32/Sonic.B.Worm - A variant of the first Sonic virus, this one spreads via e-mail and comes with the subject line of "I'm your poison" and an attachment called "lovers.exe." (Computer Associates, Sophos) WM97/Bablas-AS - This Word macro virus infects the Tool/Macro and Tools/Template menus. When they're accessed, a message will appear. (Sophos) WM97/Marker-FQ - Virus attempts to change the author information in Word to "Ethan Frome." (Sophos) ********** Fusion Face-off: Does Carnivore go to far? James Dempsey of the Center for Democracy and Technology and John Collingwood, of the FBI, debate the merits of Carnivore. Read what they have to say and weigh in with your own opinion. http://www.nwfusion.com/cgi-bin/WebX.cgi?230@@.ee6f90e AOL 6.0 wreaks havoc with some PCs AOL 5.0 was an unmitigated disaster for the online giant. Soon after its release, users began complaining about network settings getting blown away, key Windows files being rewritten, and in some cases, PCs becoming utterly inoperable. Some of the exact same problems are beginning to crop up with AOL 6.0, launched last week. Network World, 10/31/00. http://www.nwfusion.com/news/2000/1031aol.html ********** Archives available For those of you who love this newsletter so much that you want to read it again and again, we keep all of them on Fusion in HTML format. Click on over to: http://www.nwfusion.com/newsletters/bug/ To contact Jason Meserve: ------------------------- Jason Meserve is a staff writer with Network World, covering search engines, portals, videoconferencing, IP Multicast and document management. He also oversees the "Security Alerts" page on Fusion http://www2.nwfusion.com/security/bulletins.html. Jason can be reached at mailto:jmeserve@nww.com. ------------------------- Got a security alert or bug patch question related to your corporate network? Post it at Experts Exchange on Fusion at http://nwfusion.experts-exchange.com/. Another network professional may have the solution to your problem. ~~~~~~~~~~~~~ This newsletter sponsored by Genuity ~~~~~~~~~~~~ Feeling insecure? Genuity's(TM) Site Patrol(TM) for FireWall-1 is a cost-effective managed firewall service based on industry- leading Check Point software. Turnkey, custom, standard, or complex high-availability solutions with Service Level Agreements provide perimeter security for organizations of all sizes and types. Security experts at Genuity's state-of-the-art Network Operations Center safeguard your network 24x365. http://www.genuity.com/security/e5.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.nwwsubscribe.com/nl ********************************************************* Subscription Services To subscribe or unsubscribe to any Network World e-mail newsletters, go to: http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp To change your email address, go to: http://www.nwwsubscribe.com/news/scripts/changeemail.asp Subscription questions? Contact Customer Service by replying to this message. Other Questions/Comments Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: mailto:jcaruso@nww.com For advertising information, write Jamie Kalbach, Account Executive, at: mailto:jkalbach@nww.com Network World Fusion is part of IDG.net, the IDG Online Network. IT All Starts Here: http://www.idg.com Copyright , 2000 Network World, Inc.