NETWORK WORLD NEWSLETTER: JASON MESERVE
on SECURITY AND BUG PATCH ALERT
06/04/01 - Today's focus: Windows Terminal Server bug

Dear Wincenty Kaminski,

In this issue:

* Patches and alerts for Microsoft, Cisco, GuildFTPD, others
* Viruses, including Trojan Horses that take over infected PCs
* Apache.org gets hacked, plus other interesting reading

_______________________________________________________________
TECHNOLOGY & VENDOR NEWS ALERTS!
You have very specific information needs about a technology or
technology vendor and you  subscribe to a newsletter or go on-
line to find out about the strategic developments in this
specific area. But how do you stay up with the late-breaking
news? Network World now offers six very focused News Alerts to
keep you abreast of the most significant developments of the
week on LANs, Storage, Network/Systems Management, The Edge,
Cisco and Microsoft. As an added service, if there's impactful,
late-breaking news about one of these specific technologies or
vendors, by subscribing to our News Alerts, we'll let you know
what it is within hours. Subscribe today at
http://nww1.com/go/ad082.html
_______________________________________________________________
Today's focus: Windows Terminal Server bug

By Jason Meserve (write me at jmeserve@nww.com)


Today's bug patches and security alerts:


* Bug bites Windows Terminal Services

An independent tester says he has uncovered a bug that causes a
total collapse of Windows Terminal Services running on Windows
2000 at specific processor speeds, but Microsoft is trying to
debunk the claim that the problem is with Windows 2000. The bug
appears when Terminal Services runs on a dual-processor
computer with 933-MHz or 1-GHz clock speeds. Other clock speeds
do not trigger the bug. Terminal Services is built into Windows
2000 to support multiuser thin-client computing.
http://www.nwfusion.com/news/2001/0604infra.html


* Cisco Content Service Switch 11000 series flaw

A hole in the Cisco Content Service Switch 11000 series
authentication module could allow a user to gain unauthorized
access to the switch. The switch normally redirects users to a
management console URL after authentication. But unauthorized
users can bypass the security by directly connecting to the
management console URL. For more information:
http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml


* GuildFTPD server vulnerabilities found

A number of flaws have been discovered in GuildFTPD, a free FTP
server for the Windows platform. The vulnerabilities include
unencrypted password files, buffer overflow errors that could
lead to execution of arbitrary code, memory problems that could
cause a denial of service, and directory transversal problems.
No patch is available at the moment, so it is recommended that
the service be stopped until a patch is available. A new
version of the program should be posted at:
http://guildftpd.ztnet.com/index.html


* IMP Webmail temporary file flaw uncovered

The IMP Webmail program for Linux and Unix contains a flaw in
the way it stores attachments in temporary files. This flaw
could be used in a symlink attack to overwrite files on the
affected system. Download Version 2.2.5 to fix the problem:
http://www.horde.org/imp/


* Trustix releases new version of GnuPG

A flaw in GnuPG, the open-source version of PGP, could allow a
user's private key to be compromised. Trustix users can
download patches for this problem from:
http://www.trustix.net/pub/Trustix/updates/
ftp://ftp.trustix.net/pub/Trustix/updates/


* Caldera reports flaw in Webmin

A problem starting system daemons from the Webmin Web-based
tool could allow a malicious user to dump all of the system
variables to a file. This information could be exploited by a
hacker to gain access to the affected system. Download patches
from:

OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential
3.0:
ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS/

OpenLinux eDesktop 2.4:
ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS/


Today's round up of virus alerts:


* Trojan.Binghe.Srv - This backdoor virus can connect to
another computer, open a chat session, create screen captures
and manage e-mail. (Panda Software)

* Backdoor/Cafeini.09 - Like Trojan.Binghe.Srv, this Trojan
Horse has the added capability of copying, deleting and running
files, and can open the user's browser at a specific page.
(Panda Software)

* Trojan/Megabyte - An MS-DOS-based virus that attempts to
overwrite the infected machine's CMOS. (Panda Software)

* Trojan/Megachar - This MS-DOS-based virus overwrites the
master boot record on the infected machine's hard drive. (Panda
Software)

* Trojan/Megaword - A Trojan virus that overwrites the
"COMP.DLL" on MS-DOS-based machines. (Panda Software)

* WM/Alex.E:Tw - A Word macro virus that displays messages on
the screen and attempts to delete such files as autoexec.bat
and config.sys. (Panda Software)

* VBS/VBSWG.AC - This Visual Basic virus transmits via e-mail
and writes itself to a file called "alert.vbs" in the Windows
System directory. (Panda Software)


* June 1 virus hoax damage can be repaired

If you fell for the June 1 virus hoax and dutifully deleted the
SULFNBK.EXE file from your Windows 98 operating system, don't
panic. Chances are good that you won't notice that the file has
been removed. Its loss won't harm Windows 98, and the file can
be replaced easily.
http://www.nwfusion.com/news/2001/0601hoax.html


>From the interesting reading department:


* Apache.org hacked; source code not compromised

Earlier this month, a public server of the Apache Software
Foundation was illegally accessed by unknown crackers.  The
intrusion into this server, which handles the public mail
lists, web services and the source code repositories of all
Apache Software Foundation projects, was quickly discovered,
and the server immediately taken offline.  Security specialists
and administrators determined the extent of the intrusion,
repaired the damage, and brought the server back into public
service.
http://www.apache.org/info/hack-20010519.html


* Encrypted mobile phone hits market

A specially modified mobile phone that encrypts conversations
is now available worldwide, offering business executives,
government officials and law enforcement officers the ability
to talk via a secure connection even while on the move.
http://www.nwfusion.com/news/2001/0531encrypt.html


* Tech spending drops for sixth straight month

Technology spending growth declined for the sixth straight
month, according to a new poll of CIOs and other professionals
by CIO magazine and Yardeni.com.
http://www.nwfusion.com/news/2001/0601techspend.html


* Archives online

What was that Windows 2000 bug we wrote about a couple weeks
back? Look it up in our newsletter archives:
http://www.nwfusion.com/newsletters/bug/index.html

_______________________________________________________________
To contact Jason Meserve:

Jason Meserve is the Multimedia Editor of Network World
Fusion and writes about streaming media, search engines and
IP Multicast. Jason can be reached at mailto:jmeserve@nww.com.
_______________________________________________________________
FEATURED READER RESOURCE

User Excellence Award

If you've completed an interesting network project in the last
12 to 18 months, here's your chance to gain industry
recognition for it. Network World is currently accepting
nominations for its annual User Excellence Award. For more
information and an online nomination form, go to
http://www.nwfusion.com/nw/awards.html#excellence
Deadline for submission is June 11.
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp

To unsubscribe from promotional e-mail go to:
http://www.nwwsubscribe.com/ep

To change your e-mail address, go to:
http://www.nwwsubscribe.com/news/scripts/changeemail.asp

Subscription questions? Contact Customer Service by replying to
this message.

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: mailto:jcaruso@nww.com

For advertising information, write Jamie Kalbach, Fusion Sales
Manager, at: mailto:jkalbach@nww.com

Copyright Network World, Inc., 2001

------------------------
This message was sent to:  vkamins@enron.com