NETWORK WORLD NEWSLETTER: JASON MESERVE on
SECURITY AND BUG PATCH ALERT
01/22/02
Today's focus: New Red Hat patches available

Dear Wincenty Kaminski,

In this issue:

* Patches and alerts for Red Hat pine, uuxqt and enscript, plus
  others
* Viruses, including two that try to disable installed
  antivirus software
* Security worries are holding back Web services, plus other
  interesting reading

_______________________________________________________________
PRODUCT INFO IN ONE CONVENIENT LOCATION!

Heard about a new product launch? Curious to find out if the
features and benefits of this new product will meet your
critical business needs? Network World Fusion's Product Central
section includes all the info you need to make informed
decision about new products and also includes a product finder
function. Check it out at http://nww1.com/go/ad216.html

_______________________________________________________________
Today's focus: New Red Hat patches available

By Jason Meserve


Today's bug patches and security alerts:


* Red Hat patches pine

A problem with the way pine, a popular e-mail reader for
Unix/Linux, handles URLs embedded in a message could allow a
malicious user to execute arbitrary commands on the affected
system. Red Hat users can get more information and download the
appropriate patch from:
https://www.redhat.com/support/errata/RHSA-2002-009.html


* Patch available for uuxqt utility

Red Hat has patched the uuxqt utility that ships with the
Taylor UUCP package. A flaw in the code does not remove long
options, which could be exploited to allow local users to gain
uid and gid uucp privileges.  For more, go to:
https://www.redhat.com/support/errata/RHSA-2001-165.html


* Updated enscript package available

According to an alert from Red Hat, GNU enscript, a program for
converting ASCII files to PostScript, contains a vulnerability.
When it creates temporary files, it does so with predictable
filenames in a manner that would follow symbolic links. This
could allow a local user to overwrite files written by the user
running enscript or read the contents of the temporary files.
For more, go to:
https://www.redhat.com/support/errata/RHSA-2002-012.html


* FreeBSD fixes k5su

A fix is available for k5su, a Kerberos 5 version of su.
Previous releases could allow a nonprivileged user to gain
superuser privileges. FreeBSD users can get more information
and download the appropriate fix from:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc



* Linux-Mandrake patches stunnel

The stunnel package for Linux-Mandrake contains a string format
vulnerability. A malicious user could exploit this flaw to
execute code as the owner of the stunnel process. For more, go
to:
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-004.php


* Patch available for at package

A bug in the at package could lead to a heap corruption. A
malicious user could exploit this to gain the daemon's user
privileges. For more, go to:
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-007.php


* Conectiva patches MySQL

MySQL is a popular database shipped with many versions of
Linux. Conectiva has released a patch for the database to fix a
problem with the way MySQL sets world-readable permissions for
certain log files. The files record most commands sent to the
database, including change password commands. For more, go to:
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000455


Today's roundup of virus alerts:


* W32/Klez-E - A Windows virus that spreads via Outlook or
network-attached drives. The virus will attempt to delete
certain file types and disable any installed anti-virus
software. (Sophos, Computer Associates)

* W32/ElKern-B - This is a virus dropped by the W32/Klez-E
worm. It's an executable that runs on Windows 98, ME, 2000 and
XP. No word on the damage it may cause. (Sophos)

* W32/Klez-F - Much like W32/Klez-E, this virus spreads via
Outlook and network-attached drives. It disables anti-virus
software and drops another virus on the infected machine.
(Sophos, Panda Software)

* WM97/Marker-KC - A Word macro virus that FTPs summary
information to the codebreaker's Web site when the infected
document is closed. (Sophos)

* XM97/Laroux-OM - An Excel macro virus with no malicious
payload. It creates a file called Negs.xls in the XLSTART
directory. (Sophos)

* VBS/NetLog.B - A virus written in VBS that scans a range of
IP addresses looking for shared C: drives to infect. A
distributed denial of service attack could occur if a number of
infected machines reside on the same network and are actively
scanning for new hosts. (Panda Software)


>From the interesting reading department:


* Top Web services worry: Security

The absence of security and reliability is proving to be a
major stumbling block in convincing companies that Web services
can thrive outside of corporate firewalls.
http://www.nwfusion.com/news/2002/0121webservices.html
Network World, 01/21/02


* Vendors tout easier VPNs

A new breed of products is emerging to rival traditional
Internet-based VPN offerings that give remote users and
business partners secure access to corporate networks. The IP
Security VPN alternatives promise to save customers vast
amounts of administrative time by using easily configurable
hardware and requiring little or no software on remote
machines.
http://www.nwfusion.com/news/2002/0121ssl.html
Network World, 01/21/02


* Another IPSec VPN alternative

While some vendors are threatening IP Security VPN dominance on
the remote access front, newcomer Flatrock is trying to horn in
on the site-to-site connectivity side of the business.
http://www.nwfusion.com/news/2002/129353_01-21-2002.html
Network World, 01/21/02


* Cisco readying security initiatives

A Cisco official Tuesday hinted at several upcoming security
initiatives, including a gigabit-speed intrusion detection
appliance and an effort to enable service providers to offer
new classes of VPN and voice-over-IP services.
http://www.nwfusion.com/news/2002/0117cisco.html
Network World Fusion, 01/17/02


* Archives online

Read everything ever written in this newsletter for free:
http://www.nwfusion.com/newsletters/bug/index.html

_______________________________________________________________
To contact Jason Meserve:

Jason Meserve is the Multimedia Editor of Network World
Fusion and writes about streaming media, search engines and
IP Multicast. Jason can be reached at mailto:jmeserve@nww.com.
_______________________________________________________________
NW Fusion's Buy IT provides the resources you need to make
better buying decisions.  Post your IT needs anonymously and
FREE!  Search our directory of qualified providers, review
company White Papers, and select the right provider.  Buy IT
helps get your projects done right.  Try it today!
http://nwfusion.newmediary.com/nww120601nwltrb
_______________________________________________________________
FEATURED READER RESOURCE

Network World Fusion's Net.Worker site

Whether your company is growing larger or scaling back,
corporate managers are looking for ways to cut costs while
retaining and recruiting star employees. One smart solution -
at least on paper - is to let some employees work from home.
Network World's Net.Worker Web site bridges the gap between the
telework concept and the hardware, software and services needed
to make it happen. We bring you news and reviews, sound advice
and keen insight into the technologies and solutions you need
to manage a remote and mobile workforce.

Visit http://www.nwfusion.com/net.worker/index.html
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.nwwsubscribe.com/nl
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp

To unsubscribe from promotional e-mail go to:
http://www.nwwsubscribe.com/ep

To change your e-mail address, go to:
http://www.nwwsubscribe.com/news/scripts/changeemail.asp

Subscription questions? Contact Customer Service by replying to
this message.

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: mailto:jcaruso@nww.com

For advertising information, write Jamie Kalbach, Director of
Online Sales, at: mailto:jkalbach@nww.com

Copyright Network World, Inc., 2002

------------------------
This message was sent to:  vkamins@enron.com