|
|
Enron Mail |
FYI
Bug in Adobe software. Vince Kaminski ---------------------- Forwarded by Vince J Kaminski/HOU/ECT on 08/09/2000 05:54 PM --------------------------- "NW Security and Bug Patch Alert" <Security-BugPatch@bdcimail.com< on 08/09/2000 04:55:59 PM Please respond to "Security and Bug Patch Alert Help" <NWReplies@bellevue.com< To: <vkamins@enron.com< cc: Subject: Adobe Acrobat PDF vulnerability NETWORK WORLD FUSION FOCUS: JASON MESERVE on SECURITY AND BUG PATCH ALERT TODAY'S FOCUS: Adobe Acrobat PDF vulnerability 08/02/00 Dear Wincenty Kaminski, 11 FREE Newsletter Additions from Network World! Sign up Today at http://www.nwwsubscribe.com/foc35 Wireless in the Enterprise, Servers, Optical Networking, The Network Channel, The Edge, Net Worker, Convergence, Free Stuff, Mobile Computing, The Network World 200, and Technology Executive ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Today's Focus: Adobe Acrobat PDF vulnerability --------------------------------------------------------------- By Jason Meserve Problem with Adobe Acrobat PDF format Panda Software reported last week that Adobe has issued a patch for its Acrobat software that is used to read PDF document files. Used to transmit high-quality reproductions of documents across the Internet, the format was thought to be secure. But with all things Internet, there must be a hole. It turns out code can be embedded in a PDF file, which could be used to deliver a virus, Trojan or other nasty tidbit. Adobe recommends users install the following patch for protection: ftp://ftp.adobe.com/pub/adobe/acrobat/win/4.x/ac405up2.exe ********** Microsoft releases patch for "Malformed IPX Ping Packet" vulnerability This patch for Windows 95, 98 and 98 Second Edition, fixes a problem that could allow an external user to flood a machine using the IPX Ping command. If a network has a number of machines affected with the problem, the exploit could be used to flood the network with excess data packets. For more information and patches: http://www.microsoft.com/technet/security/bulletin/fq00-054.asp ********** Debian fixes mailman problem Debian announced that it has fixed a problem in the mailman Version 2.0 application. The flaw could be used by a local user to gain group mailman permissions. For source downloads: ftp://ftp.debian.org/debian/dists/woody/main/source/mail/mailman_2.0beta5-1.di ff.gz ftp://ftp.debian.org/debian/dists/woody/main/source/mail/mailman_2.0beta5-1.ds c ftp://ftp.debian.org/debian/dists/woody/main/source/mail/mailman_2.0beta5.orig .tar.gz ********** Red Hat fixes mailman problem Like Debian and others, Red Hat has fixed its version of the mailman list server software for Linux. For source downloads: ftp://updates.redhat.com/secureweb/3.2/SRPMS/mailman-2.0beta5-1.src.rpm ********** SuSE in process of fixing multiple vulnerabilities SuSE put out a general alert saying it is working on fixes for a number of problems in its Linux implementation and third-party applications. The problems being fixed deal with Netscape, knfsd, system user account nobody, pam, gpm, openldap, mailman, cvsweb.cgi and knon2. Look for more here when the actual patches become available. For more on SuSE: http://www.suse.com/ ********** Today's virus alerts: Kak.Worm.B -- Kak.B is a direct descendant of the original Kak virus, the only difference being the name of the Trojan file that infects the computer. This virus exploits a hole in Microsoft Outlook. (Panda Software) Backdoor/Doly.17 -- This Trojan installs a "server" on the target machine, while the perpatrator used a client to execute damaging attacks on the infected computer. (Panda Software) Beah -- A boot-sector virus that disables virus detection of most system BIOS by making changes to the CMOS. (Panda Software) ********** From the interesting reading category: Reviews of software-based personal firewalls switches and hardware-based personal firewalls Keep the bad guys away from your remote outposts, Network World, 08/07/00. http://www.nwfusion.com/reviews/2000/0807rev.html Five midrange appliances that let your remote workers set it and forget it, Network World, 08/07/00. http://www.nwfusion.com/reviews/2000/0807rev2.html ********** Miss an issue of bug alert? It's understandable that you may miss an issue, but you can catch up on all your Security and Bug Patch Alert newsletters at: http://www.nwfusion.com/newsletters/bug/ To contact Jason Meserve: ------------------------- Jason Meserve is a staff writer with Network World, covering search engines, portals, videoconferencing, IP Multicast and document management. He also oversees the "Security Alerts" page on Fusion (http://www2.nwfusion.com/security/bulletins.html). Jason can be reached at mailto:jmeserve@nww.com. ------------------------- Got a security alert or bug patch question related to your corporate network? Post it at Experts Exchange on Fusion at http://nwfusion.experts-exchange.com/. Another network professional may have the solution to your problem. May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.nwwsubscribe.com/nl ********************************************************* Subscription Services To subscribe or unsubscribe to any Network World e-mail newsletters, go to: http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp To change your email address, go to: http://www.nwwsubscribe.com/news/scripts/changeemail.asp Subscription questions? Contact Customer Service by replying to this message. Other Questions/Comments Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: mailto:jcaruso@nww.com For advertising information, write Jamie Kalbach, Account Executive, at: mailto:jkalbach@nww.com Network World Fusion is part of IDG.net, the IDG Online Network. IT All Starts Here: http://www.idg.com Copyright Network World, Inc., 2000
|