NETWORK WORLD NEWSLETTER: JASON MESERVE on
SECURITY AND BUG PATCH ALERT
01/07/02
Today's focus: FreeBSD releases slew of updates

Dear Wincenty Kaminski,

In this issue:

* Patches and alerts for FreeBSD, Red Hat, Debian, others
* Viruses, including one that tries to steal ICQ and e-mail
  passwords
* Popular file-swap programs came with a Trojan horse, plus
  other interesting reading

_______________________________________________________________
FREE WEBCAST: HOW SECURE IS YOUR NETWORK?

Are you 100% sure your network is seamlessly secure?  Join
Enterasys as they present Connectivity without Compromise:
Meeting the Challenge of Enterprise Network Security.

This webcast is available for your viewing 24x7. VIEW NOW!
http://nww1.com/go/0107enter_02.html

_______________________________________________________________
Today's focus: FreeBSD releases slew of updates

By Jason Meserve


Today's bug patches and security alerts:


* FreeBSD patches mutt

A problem with the way mutt, a text editor for Linux, handles
e-mail address headers could be used to execute arbitrary
commands on the affected machine. Using specially crafted
message headers, a malicious user could exploit a buffer
overflow in the application to execute the code with the
privileges of the logged-in user. For more, go to:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc



* Pine fix available

Versions of the popular pine e-mail reader prior to 4.40
contain a vulnerability in the way URLs in messages are
handled. A malicious user could embed commands in a URL that
will be executed on the affected machine when the embedded URL
is launched. FreeBSD users can get more information and
download pine updates from:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:05.pine.asc



* FreeBSD fixes mod_auth_pgsql

According to an alert from FreeBSD, versions prior to
mod_auth_pgsql-0.9.9 contain a vulnerability that may allow a
remote user to cause arbitrary SQL code to be executed. A
hacker may be able to exploit this vulnerability to use a known
password hash and gain unauthorized access to Web server data.

For more, go to:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:03.mod_auth_

pgsql.asc


* Patch available for pw

Pw, the utility used for administering user groups, creates an
insecure temporary version of the master password file that is
readable by any user. Normally, such a file is only viewable
via root access. For more, go to:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:02.pw.asc


* Directory permission vulnerability in pkg_add

The pkg_add utility that ships with FreeBSD creates insecure
temporary files when installing new applications. A malicious
user could exploit this flaw to modify an application
installation and/or gain elevated privileges. For more, go to:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:01.pkg_add.a

sc


* Red Hat releases new version of teTeX

A new version of teTeX containing updates for pdfTeX and pTeX
is now available from Red Hat. Previous versions contained a
number of bugs that are now fixed. The source code for the new
package can be found at:
ftp://updates.redhat.com/7.2/en/os/SRPMS/tetex-1.0.7-38.2.src.rpm


* Debian patches Exim

A bug in versions of Exim prior to Exim 3.34 and Exim 3.952
could lead to uncontrolled program execution. The flaw exists
in the way the program directs or routes an address without
checking the local part of the address in any way. Debian users
can get more information and patches from:
http://www.debian.org/security/2002/dsa-097


* Conectiva patches glibc

A problem with the glob function that ships with the glibc code
library could allow a malicious user to execute arbitrary code
on the affected system. For more, go to:
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000447


* Conectiva fixes LibGTop

Two vulnerabilities discovered in LibGTop, a utility for
fetching system information, could be exploited to gain
elevated privileges on the affected system. Conectiva users can
get patch information from:
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000448


* Flaw discovered in Geeklog

Geeklog is a Weblog application that allows users to create
their own Web community. A problem with the way the first new
user is created could give that user full administration rights
to the site. Geeklog has posted a fix for the problem:
http://www.geeklog.org


Today's roundup of virus alerts:


* W32/Shatrix-A - An e-mail worm that spreads via a message
titled "FW:Shake a little" with an attachment called
"shake.exe." The virus causes windows to move randomly around
the screen and attempts to overwrite certain Web-related files
in the directory \inetpub\wwwroot, if it exists. (Sophos)

* Bck/NetSpy.10.E - A Trojan Horse that allows a malicious user
complete access to the affected system. The application listens
for requests via port 7306. (Panda Software)

* W32/GOP-A - A worm that attempts to steal ICQ and e-mail
passwords. Infected computers will contain the files
IMEKernel32.sys and kernelsys32.exe in the Windows system
directory. (Sophos)

* W32/Hybris-C - A new version of the Hybris worm that is
capable of updating itself via the Internet. The virus'
properties depend on the components downloaded. Hybris is
delivered via an e-mail titled "Snowhite and the Seven Dwarfs -
The REAL story!". (Sophos)

* VBS/Haptime-Fam - A virus that infects VBS, HTML, HTM, HTT
and ASP and attempts to delete certain other files when the
month and day are equal. (Sophos)


>From the interesting reading department:


* Popular file-swap programs had Trojan horse

Three popular file-swap programs for some time came with third-
party "spyware" software that was installed even if the user
opted not to, the software makers admitted this week.
http://www.nwfusion.com/news/2002/0103trojan.html
IDG News Service, 01/03/02


* AOL fixes security hole in AIM

Two days after the announcement of a serious security hole in
its popular Instant Messenger program, America Online said
Thursday it has fixed the problem. The flaw could have allowed
attackers to use the shared game-invitation feature of AOL
Instant Messenger (AIM) to attack and run code on target
systems running AIM.  The problem was fixed when AOL made
changes to its servers early Thursday, said Andrew Weinstein, a
spokesman with AOL.
http://www.nwfusion.com/news/2002/0103aolfixes.html
IDG News Service, 01/03/02


* Windows XP security alert revised by FBI agency

The FBI's National Infrastructure Protection Center (NIPC) has
revised its recent security bulletin regarding Windows XP's
universal plug-and-play (UPnP) service. Now, in an updated
security bulletin, the NIPC has dropped the recommendation to
disable UPnP. Instead, the Washington-based agency recommends
that the Microsoft patch be installed to correct the security
vulnerability.
http://www.nwfusion.com/news/2002/0103xpup.html
Computerworld, 01/03/02


* Web site defacement reports jump in 2001

The number of vandalized Web sites recorded by defacement
archive Alldas.de jumped in 2001 to 22,379, over five times
more than the 4,393 defacements logged in 2000.
http://www.nwfusion.com/news/2002/0104vandals.html
IDG News Service, 01/04/02


* Archives online

Did you take an extended holiday vacation last week? Catch up
on all the latest alerts, bugs and viruses at:
http://www.nwfusion.com/newsletters/bug/index.html

_______________________________________________________________
To contact Jason Meserve:

Jason Meserve is the Multimedia Editor of Network World
Fusion and writes about streaming media, search engines and
IP Multicast. Jason can be reached at mailto:jmeserve@nww.com.
_______________________________________________________________
Register your company on Buy IT, NW Fusion's Vendor Directory
and RFP Center and generate new business quick and easy!
Promote your brand across our network and access millions of
dollars in RFPs.  It's the most efficient way to connect with
buyers of IT services.  Get listed now!
http://www.nwfusion.newmediary.com/091201nwwprovnwltr2
_______________________________________________________________
FEATURED READER RESOURCE

Network World Fusion's Net.Worker site

Whether your company is growing larger or scaling back,
corporate managers are looking for ways to cut costs while
retaining and recruiting star employees. One smart solution -
at least on paper - is to let some employees work from home.
Network World's Net.Worker Web site bridges the gap between the
telework concept and the hardware, software and services needed
to make it happen. We bring you news and reviews, sound advice
and keen insight into the technologies and solutions you need
to manage a remote and mobile workforce.

Visit http://www.nwfusion.com/net.worker/index.html
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.nwwsubscribe.com/nl
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp

To unsubscribe from promotional e-mail go to:
http://www.nwwsubscribe.com/ep

To change your e-mail address, go to:
http://www.nwwsubscribe.com/news/scripts/changeemail.asp

Subscription questions? Contact Customer Service by replying to
this message.

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: mailto:jcaruso@nww.com

For advertising information, write Jamie Kalbach, Director of
Online Sales, at: mailto:jkalbach@nww.com

Copyright Network World, Inc., 2002

------------------------
This message was sent to:  vkamins@enron.com