FYI

Bug in Adobe software.


Vince Kaminski
---------------------- Forwarded by Vince J Kaminski/HOU/ECT on 08/09/2000 
05:54 PM ---------------------------


"NW Security and Bug Patch Alert" <Security-BugPatch@bdcimail.com> on 
08/09/2000 04:55:59 PM
Please respond to "Security and Bug Patch Alert Help" <NWReplies@bellevue.com>
To: <vkamins@enron.com>
cc:  
Subject: Adobe Acrobat PDF vulnerability


NETWORK WORLD FUSION FOCUS: JASON MESERVE on
SECURITY AND BUG PATCH ALERT
TODAY'S FOCUS: Adobe Acrobat PDF vulnerability
08/02/00

Dear Wincenty Kaminski,

11 FREE Newsletter Additions from Network 
World!
Sign up Today at http://www.nwwsubscribe.com/foc35
Wireless in the Enterprise, Servers, Optical Networking,
The Network Channel, The Edge, Net Worker, Convergence,
Free Stuff, Mobile Computing, The Network World 200, and
Technology Executive
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Today's Focus: Adobe Acrobat PDF vulnerability
---------------------------------------------------------------
By Jason Meserve


Problem with Adobe Acrobat PDF format

Panda Software reported last week that Adobe has issued a patch for
its Acrobat software that is used to read PDF document files. Used to
transmit high-quality reproductions of documents across the Internet,
the format was thought to be secure. But with all things Internet,
there must be a hole. It turns out code can be embedded in a PDF file,
which could be used to deliver a virus, Trojan or other nasty tidbit.
Adobe recommends users install the following patch for protection:
ftp://ftp.adobe.com/pub/adobe/acrobat/win/4.x/ac405up2.exe
**********


Microsoft releases patch for "Malformed IPX Ping Packet" vulnerability

This patch for Windows 95, 98 and 98 Second Edition, fixes a problem
that could allow an external user to flood a machine using the IPX Ping
command. If a network has a number of machines affected with the
problem, the exploit could be used to flood the network with excess
data packets. For more information and patches:
http://www.microsoft.com/technet/security/bulletin/fq00-054.asp
**********


Debian fixes mailman problem

Debian announced that it has fixed a problem in the mailman Version 2.0
application. The flaw could be used by a local user to gain group
mailman permissions. For source downloads:
ftp://ftp.debian.org/debian/dists/woody/main/source/mail/mailman_2.0beta5-1.di
ff.gz
ftp://ftp.debian.org/debian/dists/woody/main/source/mail/mailman_2.0beta5-1.ds
c
ftp://ftp.debian.org/debian/dists/woody/main/source/mail/mailman_2.0beta5.orig
.tar.gz
**********


Red Hat fixes mailman problem

Like Debian and others, Red Hat has fixed its version of the mailman
list server software for Linux. For source downloads:
ftp://updates.redhat.com/secureweb/3.2/SRPMS/mailman-2.0beta5-1.src.rpm
**********


SuSE in process of fixing multiple vulnerabilities

SuSE put out a general alert saying it is working on fixes for a number
of problems in its Linux implementation and third-party applications.
The problems being fixed deal with Netscape, knfsd, system user account
nobody, pam, gpm, openldap, mailman, cvsweb.cgi and knon2. Look for
more here when the actual patches become available. For more on SuSE:
http://www.suse.com/
**********


Today's virus alerts:

Kak.Worm.B -- Kak.B is a direct descendant of the original Kak virus,
the only difference being the name of the Trojan file that infects the
computer. This virus exploits a hole in Microsoft Outlook. (Panda
Software)

Backdoor/Doly.17 -- This Trojan installs a "server" on the target
machine, while the perpatrator used a client to execute damaging
attacks on the infected computer. (Panda Software)

Beah -- A boot-sector virus that disables virus detection of most
system BIOS by making changes to the CMOS. (Panda Software)
**********


From the interesting reading category:

Reviews of software-based personal firewalls switches and
hardware-based personal firewalls

Keep the bad guys away from your remote outposts, Network World,
08/07/00.
http://www.nwfusion.com/reviews/2000/0807rev.html

Five midrange appliances that let your remote workers set it and forget
it, Network World, 08/07/00.
http://www.nwfusion.com/reviews/2000/0807rev2.html
**********


Miss an issue of bug alert? It's understandable that you may miss an
issue, but you can catch up on all your Security and Bug Patch Alert
newsletters at:
http://www.nwfusion.com/newsletters/bug/


To contact Jason Meserve:
-------------------------
Jason Meserve is a staff writer with Network World, covering search
engines, portals, videoconferencing, IP Multicast and document
management. He also oversees the "Security Alerts" page on Fusion
(http://www2.nwfusion.com/security/bulletins.html). Jason can be
reached at mailto:jmeserve@nww.com.
-------------------------

Got a security alert or bug patch question related to your
corporate network? Post it at Experts Exchange on Fusion at
http://nwfusion.experts-exchange.com/. Another network
professional may have the solution to your problem.

May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered at your
fingertips each day. Now, extend your knowledge by receiving 51 FREE
issues to our print publication. Apply today at
http://www.nwwsubscribe.com/nl

*********************************************************
Subscription Services

To subscribe or unsubscribe to any Network World e-mail newsletters,
go to:
http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp

To change your email address, go to:
http://www.nwwsubscribe.com/news/scripts/changeemail.asp

Subscription questions? Contact Customer Service by replying to this
message.

Other Questions/Comments

Have editorial comments? Write Jeff Caruso, Newsletter Editor, at:
mailto:jcaruso@nww.com

For advertising information, write Jamie Kalbach, Account Executive,
at: mailto:jkalbach@nww.com

Network World Fusion is part of IDG.net, the IDG Online Network.
IT All Starts Here:
http://www.idg.com

Copyright Network World, Inc., 2000