NETWORK WORLD NEWSLETTER: JASON MESERVE
on SECURITY AND BUG PATCH ALERT
10/04/01 - Today's focus: Novell to release security flaw
details

Dear Wincenty Kaminski,

In this issue:

* Patches and alerts for Novell GroupWise, Citrix MetaFrame,
  Zope, others
* Viruses, including one that preys on recent anthrax scares
* Microsoft's call to end information anarchy, plus other
  interesting reading

_______________________________________________________________
SO, WHAT DO YOU THINK?
Give us your opinion on 5 different banner advertisements
and enter to win $500! Take the Banner Concepts survey at
http://www.rresults.com/bannerconcept/index.cgi

_______________________________________________________________
Today's focus: Novell to release security flaw details

By Jason Meserve

Novell has sent out a warning to GroupWise users that it will
soon be unveiling details of the security flaw in its Padlock
product. Back in August, the company announced that it had
discovered a problem in the application and issued a patch.

The company says 85% of its customers have downloaded the patch
and is urging the rest to do so before Nov. 23, when it details
what the flaw entails. The remaining 15% of users can download
the appropriate patch from:
http://support.novell.com/padlock

Novell claims none of its customers have reported any security
breaches as a result of this flaw.

The announcement comes as Microsoft's Security Response Center
published a column about how vulnerability information is
shared and what should be done to change the current system.
It's an interesting read:
http://www.microsoft.com/technet/ttreeview/default.asp?url=/tecnet/columns/s

ecurity/noarch.asp


Today's bug patches and security alerts:


* ISS: Citrix MetaFrame has remote denial of service
  vulnerability

A vulnerability in Citrix MetaFrame, which works with Windows
Terminal Services, could allow a remote user to crash the
affected machine, requiring the machine to be restarted
manually. A hotfix for this problem is available via the Citrix
Support page at:
http://www.citrix.com/support


* GroupWise file viewing vulnerability

According to an alert from Foundstone, a flaw in Novell's
GroupWise server product could be exploited to view files
anywhere on the affected machine, including the root directory.
For more information on this vulnerability and ways to minimize
its impact, visit:
http://www.foundstone.com/cgi-bin/display.cgi?Content_ID=327


* Linux-Mandrake updates Zope

Zope, the open-source applications server, contains a security
check flaw that could allow a malicious user to force the
application to call methods to which it would not normally have
access. Linux-Mandrake has issued an update that fixes this
problem:
http://www.linux-mandrake.com/en/ftp.php3


* Openssh patches available

A flaw in the way multiple keys are handled in various openssh
implementations could allow key-based logins from unauthorized
hosts. For more on this problem and a link to patches, go to:

Linux-Mandrake:
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-081.php3

Red Hat source code:
7.0: ftp://updates.redhat.com/7.0/en/os/SRPMS/openssh-2.9p2-8.7.src.rpm
7.1: ftp://updates.redhat.com/7.1/en/os/SRPMS/openssh-2.9p2-8.7.src.rpm

Trustix:
http://www.trustix.org/pipermail/tsl-announce/2001-October/000031.html


* Red Hat, Trustix offer patches for /bin/login's PAM

A flaw in the /bin/login PAM code could allow a user to receive
another user's credentials when logging into a server. For more
information:

Red Hat:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=51646

Trustix:
http://www.trustix.org/pipermail/tsl-announce/2001-October/000030.html


* Caldera patches SCO Unix dtterm

A buffer overflow vulnerability in the SCO Unix dtterm module
could be exploited to gain elevated privileges. Download the
fix for this problem from:
ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.26/


* SCO FTP daemon updated

Caldera has fixed a vulnerability in the SCO FTP daemon that
could have been used to execute arbitrary commands on the
affected system. The fix can be downloaded from:
ftp://stage.caldera.com/pub/security/unixware/CSSA-2001-SCO.27/


* Vulnerability in snes9x

A buffer overflow vulnerability has been discovered in the
snes9x emulator for FreeBSD, NetBSD, OpenBSD and Linux. Anyone
exploiting the flaw could gain root privileges. It is
recommended that users upgrade their snes9x packages:
http://www.snes9x.com


* Cisco recalls 95,000 ADSL power adapters

Cisco is recalling about 95,000 power adapters it sold
worldwide because of overheating problems, a U.S. consumer
safety group said Tuesday.
http://www.nwfusion.com/news/2001/1017cisco.html
IDG News Service, 10/17/01


Today's roundup of virus alerts:


* Flawed Anthrax worm hits 'Net

A new mass mailer worm, purporting to provide information about
the disease anthrax, has appeared on the Internet but is being
hampered because of a flaw in its design, antivirus companies
said Wednesday.
http://www.nwfusion.com/news/2001/1017anthrax.html
IDG News Service, 10/17/01

* WM97/Myna-AZ - This is one of those Word macro viruses with
no malicious payload. (Sophos)

* Dark Machine - A self-propagating worm that spreads via e-
mail. It comes in a message with varying subject lines and body
text that reads, "heh.  I tell ya this is nuts!  You gotta
check it out!" Attachment names include Si.exe, UserConf.exe,
Disk.exe, Rede.exe and Common.exe. (SecureWorks)


>From the interesting reading department:


* It's time to end information anarchy

It's high time the security community stopped providing
blueprints for building these weapons. And it's high time
computer users insisted that the security community live up to
its obligation to protect them. We can and should discuss
security vulnerabilities, but we should be smart, prudent and
responsible in the way we do it.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/s

ecurity/noarch.asp
Microsoft, October 2001


* Wireless nets could allow attacks of fixed networks

A security study Monday sounded another call to arms for
network administrators to secure wireless networks, showing how
hackers can use traditional methods to attack otherwise secure
fixed networks from a wireless entry point.
http://www.nwfusion.com/news/2001/1015wireless.html
IDG News Service, 10/15/01


* Opinion: Don't be lulled by firewalls

The recent Nimda virus caused untold damage to companies
throughout the world. IT administrators spent days disinfecting
and patching infected systems, as well as belatedly applying
current security patches to systems running Microsoft's
Internet Information Server software. Nimda did an incredibly
thorough job of finding systems running IIS, even if those
systems weren't really Web servers.
http://www.nwfusion.com/columnists/2001/1015works.html
Network World, 10/15/01


* Court reinstates guilty verdict on computer saboteur

The Third Circuit Court of Appeals in Philadelphia Friday
reinstated the guilty verdict in the case of a former network
administrator who had been convicted in May 2000 in the first
prosecution of computer sabotage.
http://www.nwfusion.com/news/2001/1015guilty.html
Network World Fusion, 10/15/01


* WatchGuard upgrades Firebox security software

Looking to expand the range of services offered and protected
by its Firebox line of security appliances, WatchGuard
Technologies Monday announced an upgrade to the software that
runs its Firebox security hardware, adding DNS security,
expanded VPN support and integration with intrusion detection
systems.
http://www.nwfusion.com/news/2001/1015watchguard.html
IDG News Service, 10/15/01


* ISS aids management with RealSecure SiteProtector

Looking to offer its customers a single console from which to
manage their desktop, server and network security products, not
to mention improve their effectiveness, Internet Security
Systems Monday announced its RealSecure SiteProtector software.
http://www.nwfusion.com/news/2001/1015realsecure.html
IDG News Service, 10/15/01


* Microsoft to prioritize security bugs

In an effort to help customers better respond to security
threats, Microsoft said it will begin adding severity ratings
to its security bulletins. Under the new severity rating
system, vulnerabilities in Microsoft's products will henceforth
be classified as either "critical," "moderate" or "low,"
according to a document released by the company's Security
Response Center.
http://www.newsbytes.com/news/01/171111.html
Newsbytes, 10/15/01


* CERT/CC Statistics 1988-2001

CERT has just released updated numbers showing an increase in
the number of reported security problems for the first nine
months of 2001. Get all the numbers at:
http://www.cert.org/stats/cert_stats.html


* Free archives

Take a vacation recently and need to catch up on your
newsletter reading? Check out our archives at:
http://www.nwfusion.com/newsletters/bug/index.html

_______________________________________________________________
To contact Jason Meserve:

Jason Meserve is the Multimedia Editor of Network World
Fusion and writes about streaming media, search engines and
IP Multicast. Jason can be reached at mailto:jmeserve@nww.com.
_______________________________________________________________
FEATURED READER RESOURCE

Audio Primers

Are you behind on the basics of technologies such as ATM, IP
Multicast and VPNs? Check out our library of audio primers -
quick explanations of networking topics and technologies,
including IPv6, SANs and DSL vs. cable. These less-than-10-
minute primers will not only explain how these technologies
work, but they'll also show you through slides and diagrams.
http://www.nwfusion.com/primers/index.html
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.nwwsubscribe.com/nl
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp

To unsubscribe from promotional e-mail go to:
http://www.nwwsubscribe.com/ep

To change your e-mail address, go to:
http://www.nwwsubscribe.com/news/scripts/changeemail.asp

Subscription questions? Contact Customer Service by replying to
this message.

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: mailto:jcaruso@nww.com

For advertising information, write Jamie Kalbach, Fusion Sales
Manager, at: mailto:jkalbach@nww.com

Copyright Network World, Inc., 2001

------------------------
This message was sent to:  vkamins@enron.com