NETWORK WORLD NEWSLETTER: JASON MESERVE on
SECURITY AND BUG PATCH ALERT
01/17/02
Today's focus: Panda: Non-tech security pays off

Dear Wincenty Kaminski,

In this issue:

* A non-technical virus warning system
* Patches and alerts for Linux sudo, Solaris, IRIX nsd, others
* Viruses, including one set for the 15th and 30th of every
  month
* Gates calls for 'trustworthy computing,' plus other
  interesting reading

_______________________________________________________________
This newsletter sponsored by
Akaba

NEW!  Network Security Validation System

Check your Firewalls, Servers and Applications. The people who
designed Firewalls and VPN devices for Novell, Avaya (VPNet)
and Alcatel (Internet Devices) have developed a powerful
network scanning system.  See how the next generation in
Security technology will ensure confidence in your network.

Get the "Network Security Validation:2002"  White Paper.
http://nww1.com/go/3820954a.html
_______________________________________________________________
PRODUCT INFO IN ONE CONVENIENT LOCATION!

Heard about a new product launch? Curious to find out if the
features and benefits of this new product will meet your
critical business needs? Network World Fusion's Product Central
section includes all the info you need to make informed
decision about new products and also includes a product finder
function. Check it out at http://nww1.com/go/ad216.html

_______________________________________________________________
Today's focus: Non-tech security pays off

By Jason Meserve

I had an interesting experience walking into Network World's
headquarters yesterday. There were signs posted all over the
place warning us that a virus could be in our e-mail inbox and
not to open any .vbs extensions. Why the signs?

When the Goner worm spread across our organization last month,
it moved quickly before IS could warn all of our users.
Yesterday's virus was old code but infiltrated a system with
old virus definition files. Instead of warning people via e-
mail, which people may read after opening the infected message,
the IS staff posted helpful signs that were hard to miss. It
worked.

Of course, if all users knew better than to open a .vbs file,
then there would be no need for the signs in the first place.


Today's bug patches and security alerts:


* Linux vendors patch sudo

A flaw in sudo, a program that gives limited root privileges to
users, could allow a malicious user to obtain full superuser
privileges on the local machine. Users can download updates
from:
FreeBSD:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:06.sudo.asc


Debian:
http://www.debian.org/security/2002/dsa-101

Conectiva:
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451

Red Hat:
https://www.redhat.com/support/errata/RHSA-2002-011.html

Linux-Mandrake:
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-003.php

EnGarde:
http://ftp.engardelinux.org/pub/engarde/stable/updates/


* CERT: Exploit circulating for Solaris hole

Hackers are actively exploiting a known vulnerability in Sun's
Solaris version of the Unix operating system, security experts
said late Monday, urging administrators to check if their
system is vulnerable.
http://www.nwfusion.com/news/2002/0115solarishole.html
IDG News Service, 01/15/02

CERT advisory:
http://www.cert.org/advisories/CA-2002-01.html

Cisco Media Control Gateway is also affected because it sits on
Solaris:
http://www.cisco.com/warp/public/707/Solaris-for-MGC-pub.shtml


* SGI warns of IRIX nsd vulnerability

A flaw in the way IRIX name server daemon uses its cache could
lead to the entire hard drive being filled. SGI "highly
recommends" users download the fix for this problem. For more
information, go to:
ftp://patches.sgi.com/support/free/security/advisories/20020102-03-P


* Debian, SuSE patch at

A bug in the at package could lead to a heap corruption. A
malicious user could exploit this to gain the daemon's user
privileges. For more, go to:

Debian:
http://www.debian.org/security/2002/dsa-102

SuSE:
http://lists2.suse.com/archive/suse-security-announce/2002-
Jan/0002.html


* XChat patch available

A flaw in the XChat IRC client can be exploited by a malicious
user to take over a chat session. A malicious user could
exploit this to launch social engineering attacks and other
mischief. For more, go to:

Debian:
http://www.debian.org/security/2002/dsa-099

Red Hat:
https://www.redhat.com/support/errata/RHSA-2002-005.html


* Debian patches CIPE

A problem with the CIPE VPN package could cause an affected
system to crash. The package does not check to see if an
incoming packet is too short. If it is, the system crashes. For
more, go to:
http://www.debian.org/security/2002/dsa-104


* New version of gzip available

A potential flaw in gzip could be exploited to cause a buffer
overflow when files with long names are compressed. Debian
claims the chances of someone exploiting this are slim, but it
has released an update to be safe:
http://www.debian.org/security/2002/dsa-100


* Updated glibc package available

A buffer overflow has been discovered in the glob function of
the glibc library. The flaw can be exploited via programs that
use the function, including shells and FTP applications. For
more, go to:
http://www.debian.org/security/2002/dsa-100


* Red Hat patches groff

According to an alert from Red Hat, a vulnerability exists in
the groff document formatting system. The groff preprocessor
contains an exploitable buffer overflow. If groff can be
invoked within the LPRng printing system, an attacker can gain
rights as the "lp" user. For more, go to:
https://www.redhat.com/support/errata/RHSA-2002-004.html


* EnGarde patches pine

A vulnerability in pine, a popular e-mail client for
Linux/Unix, contains a vulnerability that could allow a
malicious user to execute arbitrary commands on the affected
system. The flaw is in the way URLs are handled by the program.
EnGarde users can find the appropriate patch at:
http://ftp.engardelinux.org/pub/engarde/stable/updates/


* Flaw in EnGarde LIDS

A vulnerability in LIDS, an access control system, could allow
an attacker to gain root access to the affected system and
possibly disable LIDS completely. To download a fix, go to:
http://ftp.engardelinux.org/pub/engarde/stable/updates/


* ICQ has same security hole as AIM

Users of the instant messaging application ICQ are urged to
upgrade to the latest version of the software because of a
potentially damaging bug in older versions, according to a
notice on the ICQ Web site.
http://www.nwfusion.com/news/2002/0115icq.html
IDG News Service, 01/15/02


Today's roundup of virus alerts:


* WM97/Fifteen-A - On the 15th or 30th of any month, this Word
macro virus will password-protect an infected file with the
password ">>xvx<<". It also displays a message on the infected
system. (Sophos)

* W32/Maldal-F - This Windows worm spreads via Outlook and
comes in a message titled "Happy New Year" with an attachment
called "Christmas.exe." (Sophos)


>From the interesting reading department:


* Gates calls for 'trustworthy computing'

Bill Gates is getting serious about security. Microsoft's
chairman and chief software architect is calling on the
software giant's 49,000 employees worldwide to make
'trustworthy computing' the company's highest priority.
http://www.nwfusion.com/news/2002/0117gates.html
IDG News Service, 01/17/02


* Server glitch prevents users from updating XP

Microsoft is working on a technical problem with its Web server
that has prevented users of Windows XP from downloading
software updates - including a new security hole patch - since
last Thursday, the company confirmed on Tuesday.
http://www.nwfusion.com/news/2002/0115xpglitch.html
IDG News Service, 01/15/02


* NetIQ adds directory security tools to lineup

NetIQ on Monday released two security tools for Microsoft's
Active Directory to help administrators manage access controls
and group policy settings.
http://www.nwfusion.com/news/2002/0115netiq.html
Network World Fusion, 01/15/02


* Archives online

It's winter here in the U.S. Stay inside, stay warm and read
the Security and Bug Patch newsletter archives:
http://www.nwfusion.com/newsletters/bug/index.html

_______________________________________________________________
To contact Jason Meserve:

Jason Meserve is the Multimedia Editor of Network World
Fusion and writes about streaming media, search engines and
IP Multicast. Jason can be reached at mailto:jmeserve@nww.com.
_______________________________________________________________
Get your wireless service from the carrier ranked #1 by Forbes
magazine.  Now get Unlimited Night & Weekend Minutes, plus up
to $165 in savings when you activate on select calling plans
and purchase a Nokia 3360 or 8260 from AT&T Wireless. To learn
more go to http://nww1.com/go/ad207.html
_______________________________________________________________
FEATURED READER RESOURCE

Network World Fusion's Net.Worker site

Whether your company is growing larger or scaling back,
corporate managers are looking for ways to cut costs while
retaining and recruiting star employees. One smart solution -
at least on paper - is to let some employees work from home.
Network World's Net.Worker Web site bridges the gap between the
telework concept and the hardware, software and services needed
to make it happen. We bring you news and reviews, sound advice
and keen insight into the technologies and solutions you need
to manage a remote and mobile workforce.

Visit http://www.nwfusion.com/net.worker/index.html
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.nwwsubscribe.com/nl
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp

To unsubscribe from promotional e-mail go to:
http://www.nwwsubscribe.com/ep

To change your e-mail address, go to:
http://www.nwwsubscribe.com/news/scripts/changeemail.asp

Subscription questions? Contact Customer Service by replying to
this message.

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: mailto:jcaruso@nww.com

For advertising information, write Jamie Kalbach, Director of
Online Sales, at: mailto:jkalbach@nww.com

Copyright Network World, Inc., 2002

------------------------
This message was sent to:  vkamins@enron.com