NETWORK WORLD NEWSLETTER: JASON MESERVE
on SECURITY AND BUG PATCH ALERT
10/22/01 - Today's focus: Linux kernel vulnerability

Dear Wincenty Kaminski,

In this issue:

* Patches and alerts for Linux ptrace, Microsoft, Apache,
  others
* Viruses, including a Red Cross-disguised Trojan horse that
  steals credit card data
* Users put early anti-DDoS tools to the test, plus other
  interesting reading

_______________________________________________________________
This newsletter sponsored by Sygate

Intruders can erase VPN cost savings in minutes. Firewalls,
encryption, intrusion defense tools and VPNs are insufficient
protection for remote and mobile users of corporate data. Learn
more on how other companies secure their mobile workers and
protect their investments with Sygate.
http://nww1.com/go/3473900a.html
_______________________________________________________________
TIME IS MONEY
The adage is as true for teleworkers as it is for anyone else.
Check out our "Telework Top 10" series where we provide you
with a clear picture of the interrelated capabilities of
today's critical, must-have technologies, and how your adoption
of those technologies can help or hurt your bottom line.
http://nww1.com/go/ad168.html

_______________________________________________________________
Today's focus: Linux kernel vulnerability

By Jason Meserve


Today's bug patches and security alerts:


* Ptrace flaw in Linux kernel

A flaw in the ptrace command, which allows Linux users to debug
code, could be used by a malicious local user to gain root
privileges. Download the proper fix from:

Red Hat (Kernel 2.4):
http://www.redhat.com/support/errata/RHSA-2001-129.html

Red Hat (Kernel 2.2):
http://www.redhat.com/support/errata/RHSA-2001-130.html

Caldera:
http://www.caldera.com/support/security/advisories/CSSA-2001-036.0.txt

Engarde:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
http://ftp.engardelinux.org/pub/engarde/stable/updates/

Immunix:
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-035-01

Trustix:
http://www.trustix.net/pub/Trustix/updates/
ftp://ftp.trustix.net/pub/Trustix/updates/


* Microsoft withdraws faulty server patch

A patch released by Microsoft Thursday to protect Windows 2000
and Windows NT servers against a denial-of-service
vulnerability has been withdrawn after users who installed it
complained that it caused their systems to malfunction.
http://www.nwfusion.com/news/2001/1019microsoftpatch.html
Computerworld, 10/19/01

Microsoft alert:
http://www.microsoft.com/technet/security/bulletin/ms01-052.asp


* IE screen spoofing possible

Georgi Guninski has discovered a flaw in the way Internet
Explorer uses JavaScript that could be used to trick an
unsuspecting user into executing malicious code. Using
JavaScript, it is possible to have IE take over the whole
screen. A user box could be popped up with an innocuous message
that can be redirected to a malicious site. For more on this,
go to:
http://www.guninski.com/popspoof.html


* Conectiva, Engarde update Apache

Two vulnerabilities have been discovered in Apache, the open
source Web server software. The flaws could be exploited to
view information that is normally not accessible to general Web
users. Download the appropriate update from:

Engarde:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
http://ftp.engardelinux.org/pub/engarde/stable/updates/

Conectiva:
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000430


* DoS vulnerability in Oracle Web Cache

DefCom Labs is reporting a denial-of-service vulnerability in
Oracle9iAS Web Cache Version 2.0.0.1.0. Attackers can exploit a
buffer overflow that occurs when long URL requests are sent to
the affected server. Patches can be downloaded from Oracle's
site at:
http://metalink.oracle.com


* New openssh packages available

A couple of security flaws have been discovered in the openssh
packages for Linux. These flaws could be exploited to bypass
openssh's key-based security system. Download the appropriate
update from:

Red Hat:
http://www.redhat.com/support/errata/RHSA-2001-114.html

Immunix:
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01

Trustix:
http://www.trustix.net/pub/Trustix/updates/
ftp://ftp.trustix.net/pub/Trustix/updates/


* Red Hat releases new util-linux packages

According to a Red Hat alert, new util-linux packages are
available that fix a problem with /bin/login's
PAM implementation. This could, in some non-default setups,
cause users to receive credentials of other users. It is
recommended that all users update to the fixed packages.
http://www.redhat.com/support/errata/RHSA-2001-132.html


* New Red Hat squid packages available

A denial-of-service vulnerability has been discovered in
squid's FTP handling code. Red Hat users can download an
updated version from:
http://www.redhat.com/support/errata/RHSA-2001-113.html


* Red Hat: Updated diffutils packages available

Diffutils sdiff command creates insecure temporary files.
Download the appropriate update from:

Red Hat Linux 5.2:
alpha:
ftp://updates.redhat.com/5.2/en/os/alpha/diffutils-2.7-22.5x.alpha.rpm
i386:
ftp://updates.redhat.com/5.2/en/os/i386/diffutils-2.7-22.5x.i386.rpm
sparc:
ftp://updates.redhat.com/5.2/en/os/sparc/diffutils-2.7-22.5x.sparc.rpm

Red Hat Linux 6.2:
alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/diffutils-2.7-22.6x.alpha.rpm
i386:
ftp://updates.redhat.com/6.2/en/os/i386/diffutils-2.7-22.6x.i386.rpm
sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/diffutils-2.7-22.6x.sparc.rpm

Red Hat Linux 7.0:
alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/diffutils-2.7-22.70.alpha.rpm
i386:
ftp://updates.redhat.com/7.0/en/os/i386/diffutils-2.7-22.70.i386.rpm

Red Hat Linux 7.1:
alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/diffutils-2.7-23.alpha.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/diffutils-2.7-23.i386.rpm
ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/diffutils-2.7-23.ia64.rpm


* Vulnerability found in nvi and nvi-m17n

According to an alert from Caldera, a "very stupid" format
string vulnerability has been found in nvi and nvi-m17n. Debian
users can get more information from:
http://www.debian.org/security/2001/dsa-085


* Engarde patches xinetd

An audit of the xinetd code turned up a number of potential
security weaknesses. Engarde users can get updated versions of
the package from:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
http://ftp.engardelinux.org/pub/engarde/stable/updates/


* Debian patches w3m

A problem with the way certain MIME headers are returned to the
Web server could result in a buffer overflow. This flaw could
be exploited to execute arbitrary commands on the affected
system. For more information and links to the appropriate
patch, go to:
http://www.debian.org/security/2001/dsa-081


* Htdig flaw patched

A problem in htdig, an indexing and search program for Linux,
contains a vulnerability in its configuration file. This could
be exploited by a malicious user to put the server in an
endless loop or retrieve and read any file on the affected
system. For more information, go to:
http://www.debian.org/security/2001/dsa-080


* New procmail packages available

A flaw in procmail could be exploited to crash the affected
system. In some cases, malicious users could obtain
unauthorized privileges. Download the appropriate patch from:
http://www.debian.org/security/2001/dsa-083


* Root vulnerability in XVT

Debian is reporting a possible root vulnerability in XVT. A
buffer overflow exists in the program's argument handling code.
It could be exploited by a user to gain root privileges. For
more and links to patches, go to:
http://www.debian.org/security/2001/dsa-082


Today's roundup of virus alerts:


* Red Cross warns of Trojan horse that steals credit card data

The American Red Cross is warning people of a credit card-
stealing Trojan horse program sent via e-mail that looks like
it comes from the disaster-relief organization.
http://www.nwfusion.com/news/2001/1019redcross.html
Computerworld, 10/19/01

* W32/Redesi-A - A Windows virus that comes with different
subject lines and one of the following attachments: redo.exe,
si.exe, common.exe, userconf.exe or disk.exe. It spreads via
Outlook and displays an error message when it executes.
(Sophos)

* W32/Redesi-B - Similar to its cousin noted above, this
Outlook-borne message spreads via e-mails with different
subjects but a body that looks like a Microsoft security alert
forwarded by friends. On Nov. 11, the virus adds a line to the
autoexec.bat file that attempts to format the hard drive when
the infected machine is rebooted. (Sophos)

* WM97/Myna-AY - A Word macro virus with no malicious payload.
(Sophos)

* WM97/Myna-BA - Another Word macro virus with no malicious
payload. (Sophos)

* W32/Hai - This network-aware virus spreads to any attached
drive and places itself in the \Windows directory with a random
name. It then sets itself to run in the win.ini file each time
the infected machine is started. (Sophos)

* Worm/Dnet_Winit - A virus that spreads by searching random
TCP/IP addresses looking for a potential host. When it finds
one, it places a file called WININIT.EXE in the Windows\System
directory. (Panda Software)

* Backdoor/SecretService - A type of Trojan horse program that
comes in two pieces, a client and server. The infected machine
can be shutdown or rebooted remotely, used to send messages and
passwords can be stolen. (Panda Software)

* Keyboard_Bug Family - An MS-DOS virus that infects keyboard
buffer, adding junk characters to text. (Panda Software)


>From the interesting reading department:


* Users put early anti-DDoS tools to test

Mazu Networks, one of several young companies with products
designed to combat distributed denial-of-service attacks, this
week will make its new traffic-filtering appliance generally
available. Even more impressive, the company is touting the
first two enterprise network customers to publicly declare
their willingness to spend money on such a product.
http://www.nwfusion.com/archive/2001/126594_10-22-2001.html
Network World, 10/22/01


* Certicom VPN software bolsters 802.11b security

Certicom announced Tuesday that it has upgraded its VPN
software for handheld devices to make it compatible with
802.11b wireless LANs.
http://www.nwfusion.com/news/2001/1018certicom.html
Network World Fusion, 10/18/01


* Archives online

Every newsletter I've written is stored online in HTML format.
Visit this body of work at:
http://www.nwfusion.com/newsletters/bug/index.html

_______________________________________________________________
To contact Jason Meserve:

Jason Meserve is the Multimedia Editor of Network World
Fusion and writes about streaming media, search engines and
IP Multicast. Jason can be reached at mailto:jmeserve@nww.com.
_______________________________________________________________
FEATURED READER RESOURCE

Network World Fusion's Net.Worker site

Whether your company is growing larger or scaling back,
corporate managers are looking for ways to cut costs while
retaining and recruiting star employees. One smart solution -
at least on paper - is to let some employees work from home.
Network World's Net.Worker Web site bridges the gap between the
telework concept and the hardware, software and services needed
to make it happen. We bring you news and reviews, sound advice
and keen insight into the technologies and solutions you need
to manage a remote and mobile workforce.

Visit http://www.nwfusion.com/net.worker/index.html
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.nwwsubscribe.com/nl
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp

To unsubscribe from promotional e-mail go to:
http://www.nwwsubscribe.com/ep

To change your e-mail address, go to:
http://www.nwwsubscribe.com/news/scripts/changeemail.asp

Subscription questions? Contact Customer Service by replying to
this message.

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: mailto:jcaruso@nww.com

For advertising information, write Jamie Kalbach, Fusion Sales
Manager, at: mailto:jkalbach@nww.com

Copyright Network World, Inc., 2001

------------------------
This message was sent to:  vkamins@enron.com