|
|
Enron Mail |
---------------------- Forwarded by Vince J Kaminski/HOU/ECT on 09/06/2000
08:24 AM --------------------------- "NW Security and Bug Patch Alert" <Security-BugPatch@bdcimail.com< on 09/06/2000 12:21:41 AM Please respond to "Security and Bug Patch Alert Help" <NWReplies@bellevue.com< To: <vkamins@enron.com< cc: Subject: Palm virus reported NETWORK WORLD FUSION FOCUS: JASON MESERVE on SECURITY AND BUG PATCH ALERT TODAY'S FOCUS: Palm virus reported 09/04/00 Dear Wincenty Kaminski, ~~~~~~~ This newsletter sponsored by LUCENT TECHNOLOGIES ~~~~~~ Voted "Best in Test" and a "Good Buy" for carrier/ISP applications, Lucent Technologies' Secure VPN Solutions garnered top ratings by Mier Communications' recent Independent Lab Test Report. The products, which included Lucent's VPN Firewall Brick, Lucent Security Management Server, and the Lucent IPSec Client, were lab-tested using a methodology and test bed for evaluating VPNs in carrier-class applications. To obtain a copy of the report and for more information on Lucent Secure VPN Solutions, visit http://nww1.com/go/1715947a.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 11 FREE Newsletter Additions from Network World! Sign up Today at http://www.nwwsubscribe.com/foc35 Wireless in the Enterprise, Servers, Optical Networking, The Network Channel, The Edge, Net Worker, Convergence, Free Stuff, Mobile Computing, The Network World 200, and Technology Executive ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Today's Focus: Palm virus reported --------------------------------------------------------------- By Jason Meserve (write me at jmeserve@nww.com) Before I get into the more serious topics of the day, I thought I'd share a funny "virus alert" that one of my friends forwarded to me. The e-mail, entitled "Virus Alert!!!!!!" contained the following message: Alert I'm too lazy to program a real virus, so this virus works on the honor system- Please delete all the files on your hard drive... Now, please forward this message to everyone you know... Thank you for your cooperation...... Okay, now on with the serious stuff. A number of the antivirus vendors have issued alerts about the Liberty virus that allegedly infects PalmOS machines. The Trojan is said to come disguised as an update to a legitimate Palm application, Gambit Studios LLC's Liberty GameBoy emulation software. However, when executed, the program attempts to delete all applications on the Palm. Computer Associates, Symantec and Trend Micro all say they're the first to release protection for the virus. For more information on the Palm Liberty virus, see: http://www.nwfusion.com/news/2000/0829palmvirus.html One last thing on the PGP issue we wrote about last week before we get to the alerts. Phil Zimmerman, the man behind PGP, has issued a response to the problem. Some are claiming the issue is the result of a backdoor. Zimmerman explains that this is not the case. Read his response at: http://www.nwfusion.com/news/2000/0904pgpzimm.html Today's alerts and patches: Allaire issues two security bulletins: Workaround available for administrative interface security issue The Allaire Spectra 1.01 product comes with a utility for configuring the Spectra applications and was accidentally included in some commercial releases of the product. The tool could be used by a malicious user to view sensitive data files used for configuring and administering the Spectra system. For a workaround: http://www.allaire.com/handlers/index.cfm?ID=17372&;Method=Full Patch available for Spectra Container Editor preview-object security issue The Spectra Contain Editor runs objects with no security under preview mode. This means an object can invoke any method without proper permissions. For more information and to download a patch: http://www.allaire.com/handlers/index.cfm?ID=15411&;Method=Full ********** Caldera warns of /tmp file race in faxrunq According to a Caldera alert, the mgetty package contains a number of tools for sending and receiving facsimiles. One of the tools, faxrunq, uses a marker file in a world-writable directory in an unsecured fashion. This bug allows malicious users to clobber files on the system owned by the user invoking faxrunq. For new packages: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/ ********** Conectiva warns of symlink attack possibility in mgetty Conectiva is warning its user of a condition in the mgetty utility that could allow any files on the system to be overwritten. Versions prior to 1.1.22 are affected. For source downloads: ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/mgetty-1.1.22-1cl.src.rpm ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/mgetty-1.1.22-1cl.src.rpm ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/mgetty-1.1.22-1cl.src.rpm ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/mgetty-1.1.22-1cl.src.rpm ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/mgetty-1.1.22-1cl.src.rpm ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/mgetty-1.1.22-1cl.src.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/mgetty-1.1.22- 1cl.src.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/mgetty-1.1.22-1 cl.src.rpm ********** Microsoft releases patch for "Local Security Policy Corruption" vulnerability A problem in Windows 2000 could allow a user to disrupt operation of the server and possibly the entire network on which the server sits. Windows 2000 Service Pack 1 fixed the problem. This is a patch for those that have not applied the service pack. For more: http://www.microsoft.com/technet/security/bulletin/fq00-062.asp ********** Ipswitch releases fix for Imail 6.0 Ipswitch's Imail e-mail server product for Windows NT contains a vulnerability that could allow an external user to attach a file that runs on the server. Download the latest version of 6.0 to fix the problem: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/Imail/imailwebpatch604c.exe ********** Debian upgrades Xchat, ntop to fix bugs Debian has released a new version of its Xchat packages to fix a problem with URL handling. For source downloads: http://security.debian.org/dists/stable/updates/main/source/xchat_1.4.3-0.1.di ff.gz http://security.debian.org/dists/stable/updates/main/source/xchat_1.4.3-0.1.ds c http://security.debian.org/dists/stable/updates/main/source/xchat_1.4.3.orig.t ar.gz Debian has reissued a patch for ntop after the original patch released August 5 was deemed ineffective. The patch fixes a problem in ntop that could allow a malicious user to run arbitrary code on the affected system. For source downloads: http://security.debian.org/dists/stable/updates/main/source/ntop_1.2a7-11.diff .gz http://security.debian.org/dists/stable/updates/main/source/ntop_1.2a7-11.dsc http://security.debian.org/dists/stable/updates/main/source/ntop_1.2a7.orig.ta r.gz ********** TurboLinux upgrades Netscape/Java packages New Netscape packages are available to TurboLinux users. Netscape 7.47 and prior were susceptible to attack from Brown Orifice, a data-stealing Java applet. TurboLinux has also added a fix for Netscape's handling of certain JPEG files, which could cause a buffer overflow. To download the new package: ftp://ftp.turbolinux.com/pub/updates/6.0/security/netscape-communicator-4.75-1 .i386.rpm ********** Patch available for GoodTech FTP Server The GoodTech FTP server is vulnerable to denial-of-service attacks. Certain commands will stop the listening threads from operating correctly. If enough commands are sent, all available sockets will be closed. For a patch: http://www.goodtechsys.com/predownload.asp ********** Linux-Mandrake releases patch for xpdf, Xchat and glibc According to the Linux-Mandrake alert, there is a potential race condition when using tmpnam() and fopen() in xpdf versions prior to 0.91. This exploit can be only used as root to overwrite arbitrary files if a symlink is created between the calls to tmpname() and fopen(). For updates: ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates The Xchat patch fixes a problem with the way the IRC program handles URLs. A malicious URL could be used to run arbitrary commands on the affected system. For more information: ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates The glibc program contains a vulnerability in the ld.so module that could allow a local user to obtain root access. For patches: ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates ********** Red Hat updates usermode packages Usermode allows the local user to execute reboot and other system commands without root privileges. One of those commands was to shut the system down. This patch removes that functionality. Sources for 6.0 and 6.1: ftp://updates.redhat.com/6.2/SRPMS/usermode-1.35-1.src.rpm ftp://updates.redhat.com/6.2/SRPMS/SysVinit-2.78-5.src.rpm Source for 6.2: ftp://updates.redhat.com/6.2/SRPMS/usermode-1.35-1.src.rpm ********** FreeBSD issues a batch of alerts: Netscape - The company has fixed the Brown Orifice and JPEG vulnerabilities. New packages can be downloaded from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/ ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/ ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/ ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/ ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/ Mopd - The mopd module is used for rebooting older DEC machines. A vulnerability in the package could allow a user to execute arbitrary commands as root. For upgrades: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/mopd-1.2b.t gz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/mopd-1.2b.t gz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/mopd-1.2b. tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/mopd-1.2b. tgz ftp://ftp.FreeBSD.org/pub/FrreeBSD/ports/alpha/packages-5current/net/mopd-1.2b .tgz Linux binary problem - FreeBSD is Linux compatible through a set of "shadow" binaries. These binaries contain a vulnerability that could allow a local user to gain root access under certain specific conditions. To download the patch: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:42/linux.patch Brouted - According to FreeBSD, The brouted port is incorrectly installed setgid kmem, and contains several exploitable buffer overflows in command-line arguments. An attacker exploiting these to gain kmem privilege can easily upgrade to full root access by manipulating kernel memory. For updates: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/brouted-1.2 b.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/brouted-1.2 b.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/brouted-1. 2b.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/brouted-1. 2b.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/brouted-1 .2b.tgz Xlockmore - The system is used to lock access to X terminal. A problem could allow an attacker to steal the hashed password information from memory. For fixes: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/x11/xlockmore-4 .17.1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11/xlockmore-4 .17.1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/x11/xlockmore- 4.17.1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11/xlockmore- 4.17.1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/x11/xlockmore -4.17.1.tgz ********** Today's round up of virus alerts: Win32/MTX.A.Worm - This Trojan virus infects the Windows directory and attempts to download files from a Web site. It then sends itself out as randomly named attachments. (Computer Associates) WM97/Verlor-I - Makes changes to the WINl.INI file and global Word template. (Sophos) WM97/Piper-A - This virus animates the Office Assistant when documents are opened, closed, created and saved in Word. (Sophos) WM97/Footer-O - This Word macro virus does nothing but replicate itself. (Sophos) W32/Apology - Sends an attachment of itself to anyone that an infected user e-mails. (Sophos) VBS/Lovelet-BF - Another Love Letter variant. This one comes with the subject "True Story...." and contains an attachment called MYLINONG.TXT.SHS. (Sophos) ********** From the interesting reading category: The Encyclopaedia of Computer Security I got an e-mail from the publisher of this British-born site. The editor claims there are some 6,000 pages of information on the site and it's growing daily. Check it out at: http://www.itsecurity.com Sun admits to memory problem Problems with a memory component that Sun has been quietly trying to fix for the past several months are continuing to plague some large users of Sun's Ultra Enterprise Unix servers. And Sun has gone to extraordinary lengths to keep its customers quiet about the issue. Computerworld, 08/28/00. http://www.nwfusion.com/news/2000/0828sun.html Microsoft Word documents can be tracked on Web Creators of Microsoft Word documents can use the application's ability to include Web hyperlinks to remotely track who is reading a document, according to a study by the Denver Privacy Foundation published Wednesday. Network World, 08/31/00. http://www.nwfusion.com/news/2000/0831wordtrack.html ********** Miss an issue? We keep all of our newsletters in an archive (thanks to Marlo and Chris) back on NW Fusion. Check out: http://www.nwfusion.com/newsletters/bug/ To contact Jason Meserve: ------------------------- Jason Meserve is a staff writer with Network World, covering search engines, portals, videoconferencing, IP Multicast and document management. He also oversees the "Security Alerts" page on Fusion http://www2.nwfusion.com/security/bulletins.html. Jason can be reached at mailto:jmeserve@nww.com. ------------------------- Got a security alert or bug patch question related to your corporate network? Post it at Experts Exchange on Fusion at http://nwfusion.experts-exchange.com/. Another network professional may have the solution to your problem. May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.nwwsubscribe.com/nl ********************************************************* Subscription Services To subscribe or unsubscribe to any Network World e-mail newsletters, go to: http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp To change your email address, go to: http://www.nwwsubscribe.com/news/scripts/changeemail.asp Subscription questions? Contact Customer Service by replying to this message. Other Questions/Comments Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: mailto:jcaruso@nww.com For advertising information, write Jamie Kalbach, Account Executive, at: mailto:jkalbach@nww.com Network World Fusion is part of IDG.net, the IDG Online Network. IT All Starts Here: http://www.idg.com Copyright Network World, Inc., 2000
|