NETWORK WORLD NEWSLETTER: JASON MESERVE
on SECURITY AND BUG PATCH ALERT
10/29/01 - Today's focus: Hanging Cisco firewalls

Dear Wincenty Kaminski,

In this issue:

* Hardware flaws reported in Cisco firewalls
* Patches and alerts for Linux-Mandrake and SuSE kernel, Red
  Hat print spooler, others
* The infamous Ethan Frome virus
* Tivoli aims to plug security holes, plus other interesting
  reading

_______________________________________________________________
This newsletter sponsored by Microsoft

GET AND STAY SECURE WITH MICROSOFT.

At Microsoft, our highest priority is the safety and security
of the Internet and your data. Our commitment to you is that we
will not rest until your business is secure.  Period. Call 1-
866-PC SAFETY for FREE Virus-Related IT Support.

Click here to learn more: http://nww1.com/go/3504898a.html
_______________________________________________________________
TIME IS MONEY
The adage is as true for teleworkers as it is for anyone else.
Check out our "Telework Top 10" series where we provide you
with a clear picture of the interrelated capabilities of
today's critical, must-have technologies, and how your adoption
of those technologies can help or hurt your bottom line.
http://nww1.com/go/ad168.html

_______________________________________________________________
Today's focus: Hanging Cisco firewalls

By Jason Meserve


Today's bug patches and security alerts:


* Hardware flaws hang some Cisco firewalls

Hardware flaws in some Cisco firewalls for corporate central
and branch offices have caused the systems to hang or shut
themselves down and forced Cisco to replace the affected boxes.
Some Cisco Pix 515, 515-DC and 506 Firewalls have suffered
system hangs when traffic on the network becomes too heavy,
requiring IS staff to manually restart the firewall, Cisco
reported in an Oct. 18 field notice on its Web site.
http://www.nwfusion.com/news/2001/1029cisfire.html
IDG News Service, 10/29/01


* Linux-Mandrake releases new version of kernel 2.2

A flaw in the ptrace module of the Linux kernel version 2.2
could lead to a local user gaining root privileges. The kernel
is also vulnerable to a symlink attack that could lead to a
denial of service. Linux-Mandrake users should download this
kernel update:
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3


* SuSE patches kernel

SuSE's kernel suffers from the same ptrace root privileges and
symlink denial-of-service attack vulnerabilities as other Linux
flavors. Kernel versions 2.2 and 2.4 have been updated:
http://lists2.suse.com/archive/suse-security-announce/2001-Oct/0003.html


* New RWhois patch available

ARIN Engineering has released an updated version of its RWhois
code to fix a recently discovered vulnerability. The patch can
be downloaded from:
ftp://ftp.arin.net/pub/rwhois/rwhoisd-1.5.7-1.tar.gz


* Red Hat patches print spool

According to a Red Hat alert, when used in a spooling
environment, it is inappropriate to allow programs to read
arbitrary files as a result of print requests. Ghostscript, a
postscript interpreter, can read arbitrary system files with
the same permissions as the print spooler, potentially exposing
the system to an information compromise. For more and links to
the appropriate patch, go to:
http://www.redhat.com/support/errata/RHSA-2001-112.html


Today's roundup of virus alerts:


* W32/Antset - This Windows virus comes as an attachment called
"ants3set.exe" in a message titled "ANTS Version 3.0." It
spreads by sending itself to everyone listed in an Outlook
address book as well as by searching Web-related files for e-
mail addresses. The virus uses the infected user's SMTP server
as well as a number of hard-coded servers. (Panda Software,
Computer Associates, Sophos)

Troj/Septer - This is the Trojan Horse program that pretends to
be a Red Cross donation system. It steals credit card data and
other personal information. (Sophos)

I-Worm/Redesi.A - A worm that displays a dialog box on the
infected machine's screen and e-mails itself out to everyone in
the computer's address book. Its cousin, Redesi-B, also
modifies the autoexec.bat system to reformat the C: drive on
Nov. 11, 2001. (Panda Software)

W32/Toal@MM - An e-mail worm that spreads via an attachment
called "BINLADEN_BRASIL.EXE." It creates several files in the
Windows directory of the infected machine. No word on what
other damage it causes. (Panda Software)

Win32/Krn132 or Win32/Klez - A Windows virus that comes in a
randomly named e-mail with random attachment names from a list
of specific addresses. The worm spreads via e-mail and open
network shares. (Computer Associates, Sophos)

W98/Elkern - This virus is dropped by Win32/Klez (see above).
It only infects Windows 98 and ME machines. (Sophos)

WM97/Thus-FB - A Word macro virus that displays the following
message on the 12th of any month: "It's TOO much violence in
this world! Have MOT to stop it!" (Sophos)

WM97/Marker-JT - Another Word macro virus that has a 1-in-3
chance of changing a document's summary information so that the
title will read "Ethan Frome," the author will be listed as
"EW/KN/CB" and the keywords field will show up as "Ethan."
(Sophos)


>From the interesting reading department:


* Tivoli aims to plug security holes

IBM software subsidiary Tivoli Systems last week unveiled
products to automate user approval and authorization, and help
network managers find and plug security holes.
http://www.nwfusion.com/archive/2001/126817_10-29-2001.html
Network World, 10/29/01


* McAfee horns in on Norton antivirus turf

Network Associates' McAfee division next week will unveil an
updated version of its antivirus management console that now
exerts policy control over its main competitor, Symantec's
Norton AntiVirus.
http://www.nwfusion.com/archive/2001/126815_10-29-2001.html
Network World, 10/29/01


* President Bush signs antiterrorism bill

President George W. Bush Friday signed into law an
antiterrorism measure designed to heighten national security
and to temporarily give U.S. law enforcement officials and
investigators more provisions for tracking down and detaining
suspected terrorists.
http://www.nwfusion.com/news/2001/1026bushbill.html
IDG News Service, 10/26/01


* Archives online

Find out which virus changes a Word document's author
information to "Ethan Frome" in our online archives:
http://www.nwfusion.com/newsletters/bug/index.html

_______________________________________________________________
To contact Jason Meserve:

Jason Meserve is the Multimedia Editor of Network World
Fusion and writes about streaming media, search engines and
IP Multicast. Jason can be reached at mailto:jmeserve@nww.com.
_______________________________________________________________
Outsource your next IT project with Buy IT!  Thousands of
qualified vendors are listed in the directory and you choose
the one you want to work with.  Post a project, review
proposals, and get your project done right.  It's that easy!
http://www.nwfusion.newmediary.com/091201nwwbuyernwltr2
_______________________________________________________________
FEATURED READER RESOURCE

Network World Fusion's The Edge site

Network World Fusion's The Edge is a resource devoted to the
advances in service-provider networks that are shaking up the
old telecom order. In classic Network World fashion, we focus
on the hardware, software and services coming to market - but
this time from the vendors targeting legacy carriers, new
alternative local carriers, ISPs and application service
providers. http://www.nwfusion.com/edge/index.html
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.nwwsubscribe.com/nl
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp

To unsubscribe from promotional e-mail go to:
http://www.nwwsubscribe.com/ep

To change your e-mail address, go to:
http://www.nwwsubscribe.com/news/scripts/changeemail.asp

Subscription questions? Contact Customer Service by replying to
this message.

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: mailto:jcaruso@nww.com

For advertising information, write Jamie Kalbach, Fusion Sales
Manager, at: mailto:jkalbach@nww.com

Copyright Network World, Inc., 2001

------------------------
This message was sent to:  vkamins@enron.com