---------------------- Forwarded by Vince J Kaminski/HOU/ECT on 11/07/2000 
05:12 PM ---------------------------


"NW Security and Bug Patch Alert" <Security-BugPatch@bdcimail.com> on 
11/07/2000 12:01:16 PM
Please respond to "Security and Bug Patch Alert Help" <NWReplies@bellevue.com>
To: <vkamins@enron.com>
cc:  
Subject: Top 10 viruses


NETWORK WORLD FUSION FOCUS: JASON MESERVE on
SECURITY AND BUG PATCH ALERT
10/30/00 - TODAY'S FOCUS: Top 10 viruses

Dear Wincenty Kaminski,

In this 
issue:

* Patches and alerts, including three from Microsoft
* New viruses, including a Sonic variant
* A Carnivore debate, and other interesting reading


~~~~~~ This newsletter sponsored by LUCENT TECHNOLOGIES ~~~~~~~

Voted "Best in Test" and a "Good Buy" for carrier/ISP
applications, Lucent Technologies' Secure VPN Solutions
garnered top ratings by Mier Communications' recent Independent
Lab Test Report.  The products, which included Lucent's VPN
Firewall Brick, Lucent Security Management Server, and the
Lucent IPSec Client, were lab-tested using a methodology and
test bed for evaluating VPNs in carrier-class applications. To
obtain a copy of the report and for more information on Lucent
Secure VPN Solutions, visit http://nww1.com/go/2029014a.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Did you know that Network World now has 36 newsletters?
Get the latest network news in NetFlash Daily. Keep up to date
with newsletters focused on your key technologies. Get bug
alerts, financial news, product reviews, seminar alerts and
much more - all in your inbox! Sign up today at:
http://www.nwwsubscribe.com/foc35/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Today's Focus: Top 10 viruses
---------------------------------------------------------------
By Jason Meserve (write me at jmeserve@nww.com)


To start off the month of November, here is a list of the Top
10 reported viruses for October, courtesy of Sophos:

1. W32/Apology-B.
2. VBS/LoveLet-AS.
3. VBS/Kakworm.
4. W32/Qaz.
5. XM97/Jini-B.
6. VBS/LoveLet-G.
7. WM97/Marker-C.
8. W32/Pretty.
9. (tie) W32/Flcss.
9. (tie) WM97/Thus-T.


Today's bug patches and security alerts:


Microsoft releases patch for "Indexing Services Cross Site
Scripting" vulnerability

We reported this vulnerability in the last edition of the
newsletter - it was another Georgi Guninski find. Microsoft
Internet Information Server contains a security hole that could
allow a malicious user to inject code into a Web page that can
be used to access a remote computer. A similar problem was
discovered a few months ago in a previous version of the
software. For more information:
http://www.microsoft.com/technet/security/bulletin/fq00-084.asp


Patch available for "Netmon Protocol Parsing" vulnerability

The Network Monitoring tool that ships with Windows NT, 2000
and Microsoft System Management Server contains a flaw that
could allow a malicious user to gain access to the affected
system. The problem resides in Netmon's parsers, which have
several unchecked buffers that can be exploited by sending a
malformed frame to the server. For more information:
http://www.microsoft.com/technet/security/bulletin/fq00-083.asp


Patch available for "Malformed MIME Header" vulnerability

By passing specially formed MIME headers to Microsoft Exchange
Server 5.5, an external user can crash the server. The system
will need to be rebooted before it will work again. For more
information:
http://www.microsoft.com/technet/security/bulletin/fq00-082.asp
**********


Red Hat releases patch for kpackage

The kpackage module that comes with Red Hat Linux 7.0 crashes
when files are installed or uninstalled. Patches can be
downloaded from:
ftp://updates.redhat.com/7.0/i386/kpackage-1.3.10-7.i386.rpm
ftp://updates.redhat.com/7.0/i386/kpackage-1.3.10-7j1.i386.rpm


Updated svgalib package available

The svgalib that ships with Red Hat Linux Powertools contains a
bug that causes it to crash when the library is compiled into
other applications. Updates can be downloaded from:
ftp://updates.redhat.com/powertools/7.0/i386/svgalib-1.4.1-12.i386.rpm
ftp://updates.redhat.com/powertools/7.0/i386/svgalib-devel-1.4.1-12.i386.rpm

**********


HP reports vulnerability in dtterm

Hewlett-Packard has released a patch for the dtterm module
after it was discovered the module could be exploited to gain
root access. The alert does not mention how this could be
accomplished. Patches and workarounds can be found at the HP IT
Resource page:
http://itrc.hp.com
**********


Allaire issues patch for JRun DoS vulnerability

After a slew of patches last week for JRun, Allaire has
returned again this week with another patch. This one protects
against possible denial-of-service attacks. By sending
malformed URLs, the Java servlet handler leaks memory and could
consume all system resources. For more information and a patch:
http://www.allaire.com/handlers/index.cfm?ID=18085&Method=Full
**********


FreeBSD reports DoS vulnerability in getnameinfo() function

FreeBSD has issued a patch for the KAME project that fixes a
problem in the getnameinfo() function, a protocol-independent
name resolver library. By sending a malformed request to the
function, it is possible under certain circumstances to crash
the affected server. Patches can be downloaded from:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:63/getnameinfo.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:63/getnameinfo.patch.asc


Top allows reading of kernel memory

The top module, which displays system resource usage, contains
a format string vulnerability that could allow unprivileged
users to execute arbitrary code on the affected FreeBSD
machine. For patches:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:62/top.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:62/top.patch.asc
**********


USSR reports flaw in Ultraseek search engine

USSR Labs is reporting a denial-of-service vulnerability in the
Ultraseek search engine. By sending malformed URLs to port 8765
(Ultraseek's default port) it is possible to crash the search
engine. For more information and links to patches:
http://www.ussrback.com/labs56.html
**********


Today's virus alerts:
XM97/Divi-Y - A variant of the XM97/Divi-A Excel macro virus.
No other information was given in the alert. (Sophos)

XM97/Divi-W - Another variant of XM97/Divi-A. Puts the file
ODR.XLS in the XLSTART subdirectory. (Sophos)

XM97/Barisada-G - This Excel macro virus variant activates on
April 24, 2001 between 2 p.m. and 3 p.m. It leads the user
through a series of dialog boxes before attempting to delete
the content of the infected spreadsheet. (Sophos)

WM97/Class-FB - This Word macro virus is a morph of two
previous viruses, WM97/Class-B and WM97/Panther. No other
information was provided in the alert. (Sophos)

Win32/Sonic.B.Worm - A variant of the first Sonic virus, this
one spreads via e-mail and comes with the subject line of "I'm
your poison" and an attachment called "lovers.exe." (Computer
Associates, Sophos)

WM97/Bablas-AS - This Word macro virus infects the Tool/Macro
and Tools/Template menus. When they're accessed, a message will
appear. (Sophos)

WM97/Marker-FQ - Virus attempts to change the author
information in Word to "Ethan Frome." (Sophos)
**********


Fusion Face-off: Does Carnivore go to far?
James Dempsey of the Center for Democracy and Technology and
John Collingwood, of the FBI, debate the merits of Carnivore.
Read what they have to say and weigh in with your own opinion.
http://www.nwfusion.com/cgi-bin/WebX.cgi?230@@.ee6f90e


AOL 6.0 wreaks havoc with some PCs

AOL 5.0 was an unmitigated disaster for the online giant. Soon
after its release, users began complaining about network
settings getting blown away, key Windows files being rewritten,
and in some cases, PCs becoming utterly inoperable. Some of the
exact same problems are beginning to crop up with AOL 6.0,
launched last week. Network World, 10/31/00.
http://www.nwfusion.com/news/2000/1031aol.html
**********


Archives available

For those of you who love this newsletter so much that you want
to read it again and again, we keep all of them on Fusion in
HTML format. Click on over to: http://www.nwfusion.com/newsletters/bug/

To contact Jason Meserve:
-------------------------
Jason Meserve is a staff writer with Network World, covering
search engines, portals, videoconferencing, IP Multicast and
document management. He also oversees the "Security Alerts"
page on Fusion http://www2.nwfusion.com/security/bulletins.html.
Jason can be reached at mailto:jmeserve@nww.com.
-------------------------

Got a security alert or bug patch question related to your
corporate network? Post it at Experts Exchange on Fusion at
http://nwfusion.experts-exchange.com/. Another network
professional may have the solution to your problem.


~~~~~~~~~~~~~ This newsletter sponsored by Genuity ~~~~~~~~~~~~

Feeling insecure? Genuity's(TM) Site Patrol(TM) for FireWall-1
is a cost-effective managed firewall service based on industry-
leading Check Point software. Turnkey, custom, standard, or
complex high-availability solutions with Service Level
Agreements provide perimeter security for organizations of all
sizes and types. Security experts at Genuity's state-of-the-art
Network Operations Center safeguard your network 24x365.
http://www.genuity.com/security/e5.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.nwwsubscribe.com/nl

*********************************************************
Subscription Services

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp

To change your email address, go to:
http://www.nwwsubscribe.com/news/scripts/changeemail.asp

Subscription questions? Contact Customer Service by replying to
this message.

Other Questions/Comments

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: mailto:jcaruso@nww.com

For advertising information, write Jamie Kalbach, Account
Executive, at: mailto:jkalbach@nww.com

Network World Fusion is part of IDG.net, the IDG Online
Network. IT All Starts Here:
http://www.idg.com

Copyright , 2000 Network World, Inc.