NETWORK WORLD NEWSLETTER: JASON MESERVE
on SECURITY AND BUG PATCH ALERT
05/31/01 - Today's focus: Jennifer Lopez naked?

Dear Wincenty Kaminski,

In this issue:

* Patches and alerts for NetBSD, FreeBSD, Linux-Mandrake,
  Immunix, others
* Viruses, including a backdoor virus left by the sadmind/IIS
  worm
* A new version of SuSE Linux, plus other interesting reading

_______________________________________________________________
NEWS ALERTS NOW AVAILABLE FROM NETWORK WORLD!

You have very specific information needs about a technology or
technology vendor and you  subscribe to a newsletter or go on-
line to find out about the strategic developments in this
specific area. But how do you stay up with the late-breaking
news? Network World now offers six very focused News Alerts to
keep you abreast of the most significant developments of the
week on LANs, Storage, Network/Systems Management, The Edge,
Cisco and Microsoft. As an added service, if there's impactful,
late-breaking news about one of these specific technologies or
vendors, by subscribing to our News Alerts, we'll let you know
what it is within hours. Subscribe today at
http://nww1.com/go/ad082.html
_______________________________________________________________
Today's focus: Jennifer Lopez naked?

By Jason Meserve (write me at jmeserve@nww.com)

Oh boy, this one has the potential to be a big virus: A new
version of the LoveLetter virus is "in the wild" that comes
with an attachment claiming to be a naked picture of
movie/music star Jennifer Lopez. The recent Anna Kournikova
virus proved that sex sells, even if it is a virus.

The particulars on this one include a subject line of "Where
are you?", body text of "This is my pic in the beach!" and an
attachment called "JENNIFERLOPEZ_NAKED.JPG.vbs".  If you really
want to see Jennifer Lopez sans clothing, just watch the next
major awards show - she's bound to show up without clothes
eventually.

In other virus news, a hoax is going around that could convince
Windows 95 and 98 users to delete an innocuous file off their
systems. According to a story published by the IDG News
Service, "The warning tells users to delete the sulfnbk.exe
file, a utility used to restore long file names. The file isn't
usually infected, and running a virus check on it will prove
fruitless, which just adds to the hoax's credibility. The
message warns people that it's a virus undetectable by
antivirus software. Diligent users who search for the file and
find it may presume the warning was accurate and delete it."

For more on the hoax:
http://www.nwfusion.com/news/2001/0530virus.html


Today's bug patches and security alerts:


* NetBSD warns of denial of service vulnerability

NetBSD says it is possible to stop a NetBSD node from
communicating by bombarding it with fragmented IPv4 packets.
The NetBSD advisory says that for the attack to be effective,
the attacker needs to have good network connectivity to the
victim node (such as being logged onto the victim machine
itself or connected by a fat LAN). For more information:
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-006.txt.as

c


* IP filter bypass possible

According to a NetBSD alert, "IP Filter (ipf) - the IP packet
filtering software in NetBSD - has a bug where the checks on a
fragmented packet are incomplete and it may be possible to
abuse this to bypass filter rules." For more information on
this:
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-007.txt.as

c


* NetBSD patches sh3

According to NetBSD, "Missing validation of user-supplied
arguments to a system call can allow user applications on the
sh3 platform to execute code with supervisor privileges,
bypassing normal system protections. This problem is only
present on the sh3 platform, which includes the dreamcast,
evbsh3, hpcsh and mmeye ports." For more:
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-008.txt.as

c


* FreeBSD warns of security holes in icecast

FreeBSD is urging users to upgrade to the latest version of
icecast, an application for serving up MP3 audio files.
Previous releases contained number format string
vulnerabilities that could allow a malicious user to run
arbitrary code on the affected system. Intel processor users
can download new icecast packages from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/audio/icecast

-1.3.10.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/audio/icecas

t-1.3.10.tgz


* Samba fix available for FreeBSD

Samba, the service message block protocol used in Linux
operating systems, contains a temporary file race condition.
This flaw could be exploited to overwrite arbitrary files on
the affected system. Intel processor users can download new
Samba packages from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/samba-2.0

.9.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/samba-2.

0.9.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/samba-dev

el-2.2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/samba-de

vel-2.2.0.tgz


* Linux-Mandrake, Immunix release gnupg patches

A patch is available to Linux-Mandrake and ImmunixOS users that
fixes a format string vulnerability in gnupg, an open source
version of PGP for Linux. The flaw could be exploited to invoke
shell commands with the privileges of the logged in user. For
more information and to download a patch, Linux-Mandrake users
can point to:
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3

Immunix users can get more information and links to patches at:
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01

General information can be found at:
http://www.gnupg.org/download.html


* SuSE, Immunix patch man packages

A couple of bugs in man (a tool for looking up online manual
pages on Linux and Unix systems) could allow a malicious user
to gain root access to the affected machine. More information
will be available shortly for SuSE users, including links to
patches, at:
http://www.suse.com/us/support/security/index.html

ImmunixOS users can get more information and patches from:
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-021-01


* Immunix updates Kerberos package

According to an Immunix alert, there is "a possible buffer
overflow in the kerberos gssapi-aware ftpd in the krb5-
workstation package that is included in all versions of Immunix
OS." Immunix believes StackGuard will protect against this
flaw, but is urging users to upgrade anyway. For more
information and download links:
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-022-01


Today's round up of virus alerts:


* Vigilante warns of improperly cleaned backdoor virus

Security software vendor Vigilante is warning that system
administrators may not be properly removing the sadmind/IIS
worm from their systems. The worm can be used as a backdoor for
hackers to enter an infected machine and deface Web pages as
well as cause other damage. It turns out that some people have
cleaned the initial virus, but did not remove the backdoor
program the virus drops, leaving the system vulnerable. For
more information on this:
http://www.cert.org/advisories/CA-2001-11.html


* WM97/Marker-HL -- A Word macro virus that infects documents
and creates a non-viral file called "version.dat". (Sophos)


>From the interesting reading department:


* SuSE enhances multimedia, security of Linux OS

Linux vendor SuSE Linux Tuesday announced it would release an
upgrade to the SuSE Linux 7.1 operating system. SuSE Linux 7.2
will be available directly from the company and software
retailers starting June 15, the company said.
http://www.nwfusion.com/news/2001/0530suslin.html


* Microsoft says upgrade now or pay big later

IT executives could face millions of dollars in extra costs to
upgrade to the newest version of Microsoft Office, which ships
this week, if they don't buy upgrade packages before the
software giant's new license and maintenance program begins in
four months.
http://www.nwfusion.com/news/2001/0528office.html


* Free archives

All our newsletters are archived on Fusion, where you can
access them for free. Yes, free! So come on down:
http://www.nwfusion.com/newsletters/bug/index.html

_______________________________________________________________
To contact Jason Meserve:

Jason Meserve is the Multimedia Editor of Network World
Fusion and writes about streaming media, search engines and
IP Multicast. Jason can be reached at mailto:jmeserve@nww.com.
______________________________________________________________
FEATURED READER RESOURCE

User Excellence Award

If you've completed an interesting network project in the last
12 to 18 months, here's your chance to gain industry
recognition for it. Network World is currently accepting
nominations for its annual User Excellence Award. For more
information and an online nomination form, go to
http://www.nwfusion.com/nw/awards.html#excellence
Deadline for submission is June 11.
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp

To unsubscribe from promotional e-mail go to:
http://www.nwwsubscribe.com/ep

To change your e-mail address, go to:
http://www.nwwsubscribe.com/news/scripts/changeemail.asp

Subscription questions? Contact Customer Service by replying to
this message.

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: mailto:jcaruso@nww.com

For advertising information, write Jamie Kalbach, Fusion Sales
Manager, at: mailto:jkalbach@nww.com

Copyright Network World, Inc., 2001

------------------------
This message was sent to:  vkamins@enron.com