NETWORK WORLD NEWSLETTER: JASON MESERVE on
SECURITY AND BUG PATCH ALERT
01/28/02
Today's focus: Rsync flaw fixed

Dear Wincenty Kaminski,

In this issue:

* Patches and alerts for Linux rsync, FreeBSD, Red Hat
  OpenLDAP, Sony Vaio, others
* Viruses, including one that spreads via IRC
* Behavior blocking repels new viruses, plus other interesting
  reading

_______________________________________________________________
TECHNOLOGY INSIDER: STREAMING MEDIA

Streaming media is taking off as a corporate communications and
training tool. We take you behind the scenes of the technology,
showing you best practices, case studies and a feature on the
individual streaming media champions leading the charge. Check
it out at http://nww1.com/go/ad237.html

_______________________________________________________________
Today's focus: Rsync flaw fixed

By Jason Meserve


Today's bug patches and security alerts:


* Linux vendors fix rsync vulnerability

A flaw in the way rsych, a synchronization tool for Linux, uses
signed and unsigned numbers could be exploited to run arbitrary
code on the affected machine. For Debian users, more
information and a link to the appropriate patch should be
posted shortly at:
http://www.debian.org/security/2002/

Red Hat:
https://www.redhat.com/support/errata/RHSA-2002-018.html

Conectiva:
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000458

EnGarde:
http://www.linuxsecurity.com/advisories/other_advisory-1853.html

SuSE:
http://lists2.suse.com/archive/suse-security-announce/2002-Jan/0003.html


* Problem found in FreeBSD kernel

A flaw in the FreeBSD kernel's exec system could lead to a race
condition. A malicious user could attach a debugger to the
process to exploit the flaw and potentially gain root access.
For more, go to:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:08.exec.asc



* Red Hat patches OpenLDAP

According to an alert from Red Hat, versions of OpenLDAP from
2.0.0 through 2.0.19 do not check permissions using access
control lists when a user attempts to remove an attribute from
an object in the directory by replacing its values with an
empty list. Because schema checking is still enforced, a user
can only remove attributes, which the schema does not require
the object to possess. For more, go to:
https://www.redhat.com/support/errata/RHSA-2002-014.html


* Update Red Hat Kernel 2.4 available

Red Hat has updated Version 2.4 of its Linux kernel to fix a
number of flaws that have been reported. For more, go to:
https://www.redhat.com/support/errata/RHSA-2002-007.html


* Caldera patches OpenServer setcontext and sysi86
  vulnerabilities

A host of vulnerabilities in SCO OpenServer 5.0.6 and previous
releases could break certain applications. This fix could cause
some problems with other applications, however. Stay tuned to
the Caldera support pages for updated information. For more, go
to:
ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.35.2/


* Caldera patches sort

The sort command in OpenUnix and UnixWare 7 creates insecure
temporary files that could be exploited to gain elevated user
privileges. Download the patch from:
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.2/


* Flaw found in Sony Vaio

A problem with pre-installed software on the Sony Vaio line of
computers could allow a malicious user to access the affected
machine via the Internet. The flaw is found in Versions 3.0 and
3.1 of Vaio Manual. The attacker could use a Web page or HTML-
formatted e-mail message to trigger the attack. For more
information and to download a patch:
http://vcl.vaio.sony.co.jp/Security/english/tecinfo.html


* Flaw in Plumtree corporate portal

A cross-scripting vulnerability exists in multiple versions of
the Plumtree corporate portal. A malicious user could use
JavaScript embedded in a Web page to exploit the flaw and cause
the server to expose sensitive information. A patch is
available from the Plumtree support site:
http://www.plumtree.com/company/technical_support.htm


* CERT issues warning on AOL ICQ

AOL's ICQ client has a similar problem to its sister product
AOL Instant Messenger. The Games and Video chat request feature
can be exploited to run arbitrary code on the affected user's
machine. For more, go to:
http://www.cert.org/advisories/CA-2002-02.html

Story:
http://www.nwfusion.com/news/2002/0125icq.html


Today's roundup of virus alerts:


* VBS/JeremyO - A VBS virus that spreads via IRC. Once
infected, a machine attempts to spread the virus to every other
user that connects to the same IRC channel. (Panda Software)

* W97M/Myak - A nasty Word macro virus that attempts to delete
certain files on the infected machine. If it doesn't find them,
it adds lines to the autoexec.bat to look for the files each
time the system is booted. On July 8, the virus attempts to
delete the hard drive. (Panda Software)

* WM97/Falcon-A - A Word macro virus that disables access to
the Visual Basic Editor. (Sophos)


>From the interesting reading department:


* Behavior blocking repels new viruses

The future of computer viruses seems clear enough: ever more
destructive "hybrid worms" that take advantage of software
vulnerabilities and destroy files, leave behind holes for
hackers to exploit, then scan for new victims at lightning
speed.
http://www.nwfusion.com/news/2002/0128antivirus.html
Network World, 01/28/02


* Hybrid worms are hard to hook

Hundreds of brand-new computer viruses appeared out of the
Internet ether last year, but the Code Red and Nimda "hybrid
worms" that struck last summer proved to be among the most
dangerous and hard to combat with traditional antivirus
methods.
http://www.nwfusion.com/news/2002/129553_01-28-2002.html
Network World, 01/28/02


* Archives online

It's not lunch, dinner or breakfast for that matter, but it is
free. Visit our newsletter archive at:
http://www.nwfusion.com/newsletters/bug/index.html

_______________________________________________________________
To contact Jason Meserve:

Jason Meserve is the Multimedia Editor of Network World
Fusion and writes about streaming media, search engines and
IP Multicast. Jason can be reached at mailto:jmeserve@nww.com.
_______________________________________________________________
NW Fusion's Buy IT provides the resources you need to make
better buying decisions.  Post your IT needs anonymously and
FREE!  Search our directory of qualified providers, review
company White Papers, and select the right provider.  Buy IT
helps get your projects done right.  Try it today!
http://nwfusion.newmediary.com/nww120601nwltrb
_______________________________________________________________
FEATURED READER RESOURCE

Network World Fusion's Net.Worker site

Whether your company is growing larger or scaling back,
corporate managers are looking for ways to cut costs while
retaining and recruiting star employees. One smart solution -
at least on paper - is to let some employees work from home.
Network World's Net.Worker Web site bridges the gap between the
telework concept and the hardware, software and services needed
to make it happen. We bring you news and reviews, sound advice
and keen insight into the technologies and solutions you need
to manage a remote and mobile workforce.

Visit http://www.nwfusion.com/net.worker/index.html
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.nwwsubscribe.com/nl
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp

To unsubscribe from promotional e-mail go to:
http://www.nwwsubscribe.com/ep

To change your e-mail address, go to:
http://www.nwwsubscribe.com/news/scripts/changeemail.asp

Subscription questions? Contact Customer Service by replying to
this message.

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: mailto:jcaruso@nww.com

For advertising information, write Jamie Kalbach, Director of
Online Sales, at: mailto:jkalbach@nww.com

Copyright Network World, Inc., 2002

------------------------
This message was sent to:  vkamins@enron.com