Message-ID: <22248989.1075840759672.JavaMail.evans@thyme> Date: Thu, 17 Jan 2002 17:30:00 -0800 (PST) From: security-bugpatch@bdcimail.com To: vkamins@enron.com Subject: Non-tech security pays off Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-From: NW Security and Bug Patch Alert @ENRON X-To: vkamins@enron.com X-cc: X-bcc: X-Folder: \vkamins\Deleted Items X-Origin: KAMINSKI-V X-FileName: vincent kaminski 1-30-02.pst NETWORK WORLD NEWSLETTER: JASON MESERVE on SECURITY AND BUG PATCH ALERT 01/17/02 Today's focus: Panda: Non-tech security pays off Dear Wincenty Kaminski, In this issue: * A non-technical virus warning system * Patches and alerts for Linux sudo, Solaris, IRIX nsd, others * Viruses, including one set for the 15th and 30th of every month * Gates calls for 'trustworthy computing,' plus other interesting reading _______________________________________________________________ This newsletter sponsored by Akaba NEW! Network Security Validation System Check your Firewalls, Servers and Applications. The people who designed Firewalls and VPN devices for Novell, Avaya (VPNet) and Alcatel (Internet Devices) have developed a powerful network scanning system. See how the next generation in Security technology will ensure confidence in your network. Get the "Network Security Validation:2002" White Paper. http://nww1.com/go/3820954a.html _______________________________________________________________ PRODUCT INFO IN ONE CONVENIENT LOCATION! Heard about a new product launch? Curious to find out if the features and benefits of this new product will meet your critical business needs? Network World Fusion's Product Central section includes all the info you need to make informed decision about new products and also includes a product finder function. Check it out at http://nww1.com/go/ad216.html _______________________________________________________________ Today's focus: Non-tech security pays off By Jason Meserve I had an interesting experience walking into Network World's headquarters yesterday. There were signs posted all over the place warning us that a virus could be in our e-mail inbox and not to open any .vbs extensions. Why the signs? When the Goner worm spread across our organization last month, it moved quickly before IS could warn all of our users. Yesterday's virus was old code but infiltrated a system with old virus definition files. Instead of warning people via e- mail, which people may read after opening the infected message, the IS staff posted helpful signs that were hard to miss. It worked. Of course, if all users knew better than to open a .vbs file, then there would be no need for the signs in the first place. Today's bug patches and security alerts: * Linux vendors patch sudo A flaw in sudo, a program that gives limited root privileges to users, could allow a malicious user to obtain full superuser privileges on the local machine. Users can download updates from: FreeBSD: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:06.sudo.asc Debian: http://www.debian.org/security/2002/dsa-101 Conectiva: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451 Red Hat: https://www.redhat.com/support/errata/RHSA-2002-011.html Linux-Mandrake: http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-003.php EnGarde: http://ftp.engardelinux.org/pub/engarde/stable/updates/ * CERT: Exploit circulating for Solaris hole Hackers are actively exploiting a known vulnerability in Sun's Solaris version of the Unix operating system, security experts said late Monday, urging administrators to check if their system is vulnerable. http://www.nwfusion.com/news/2002/0115solarishole.html IDG News Service, 01/15/02 CERT advisory: http://www.cert.org/advisories/CA-2002-01.html Cisco Media Control Gateway is also affected because it sits on Solaris: http://www.cisco.com/warp/public/707/Solaris-for-MGC-pub.shtml * SGI warns of IRIX nsd vulnerability A flaw in the way IRIX name server daemon uses its cache could lead to the entire hard drive being filled. SGI "highly recommends" users download the fix for this problem. For more information, go to: ftp://patches.sgi.com/support/free/security/advisories/20020102-03-P * Debian, SuSE patch at A bug in the at package could lead to a heap corruption. A malicious user could exploit this to gain the daemon's user privileges. For more, go to: Debian: http://www.debian.org/security/2002/dsa-102 SuSE: http://lists2.suse.com/archive/suse-security-announce/2002- Jan/0002.html * XChat patch available A flaw in the XChat IRC client can be exploited by a malicious user to take over a chat session. A malicious user could exploit this to launch social engineering attacks and other mischief. For more, go to: Debian: http://www.debian.org/security/2002/dsa-099 Red Hat: https://www.redhat.com/support/errata/RHSA-2002-005.html * Debian patches CIPE A problem with the CIPE VPN package could cause an affected system to crash. The package does not check to see if an incoming packet is too short. If it is, the system crashes. For more, go to: http://www.debian.org/security/2002/dsa-104 * New version of gzip available A potential flaw in gzip could be exploited to cause a buffer overflow when files with long names are compressed. Debian claims the chances of someone exploiting this are slim, but it has released an update to be safe: http://www.debian.org/security/2002/dsa-100 * Updated glibc package available A buffer overflow has been discovered in the glob function of the glibc library. The flaw can be exploited via programs that use the function, including shells and FTP applications. For more, go to: http://www.debian.org/security/2002/dsa-100 * Red Hat patches groff According to an alert from Red Hat, a vulnerability exists in the groff document formatting system. The groff preprocessor contains an exploitable buffer overflow. If groff can be invoked within the LPRng printing system, an attacker can gain rights as the "lp" user. For more, go to: https://www.redhat.com/support/errata/RHSA-2002-004.html * EnGarde patches pine A vulnerability in pine, a popular e-mail client for Linux/Unix, contains a vulnerability that could allow a malicious user to execute arbitrary commands on the affected system. The flaw is in the way URLs are handled by the program. EnGarde users can find the appropriate patch at: http://ftp.engardelinux.org/pub/engarde/stable/updates/ * Flaw in EnGarde LIDS A vulnerability in LIDS, an access control system, could allow an attacker to gain root access to the affected system and possibly disable LIDS completely. To download a fix, go to: http://ftp.engardelinux.org/pub/engarde/stable/updates/ * ICQ has same security hole as AIM Users of the instant messaging application ICQ are urged to upgrade to the latest version of the software because of a potentially damaging bug in older versions, according to a notice on the ICQ Web site. http://www.nwfusion.com/news/2002/0115icq.html IDG News Service, 01/15/02 Today's roundup of virus alerts: * WM97/Fifteen-A - On the 15th or 30th of any month, this Word macro virus will password-protect an infected file with the password ">>xvx<<". It also displays a message on the infected system. (Sophos) * W32/Maldal-F - This Windows worm spreads via Outlook and comes in a message titled "Happy New Year" with an attachment called "Christmas.exe." (Sophos) >From the interesting reading department: * Gates calls for 'trustworthy computing' Bill Gates is getting serious about security. Microsoft's chairman and chief software architect is calling on the software giant's 49,000 employees worldwide to make 'trustworthy computing' the company's highest priority. http://www.nwfusion.com/news/2002/0117gates.html IDG News Service, 01/17/02 * Server glitch prevents users from updating XP Microsoft is working on a technical problem with its Web server that has prevented users of Windows XP from downloading software updates - including a new security hole patch - since last Thursday, the company confirmed on Tuesday. http://www.nwfusion.com/news/2002/0115xpglitch.html IDG News Service, 01/15/02 * NetIQ adds directory security tools to lineup NetIQ on Monday released two security tools for Microsoft's Active Directory to help administrators manage access controls and group policy settings. http://www.nwfusion.com/news/2002/0115netiq.html Network World Fusion, 01/15/02 * Archives online It's winter here in the U.S. Stay inside, stay warm and read the Security and Bug Patch newsletter archives: http://www.nwfusion.com/newsletters/bug/index.html _______________________________________________________________ To contact Jason Meserve: Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at mailto:jmeserve@nww.com. _______________________________________________________________ Get your wireless service from the carrier ranked #1 by Forbes magazine. Now get Unlimited Night & Weekend Minutes, plus up to $165 in savings when you activate on select calling plans and purchase a Nokia 3360 or 8260 from AT&T Wireless. To learn more go to http://nww1.com/go/ad207.html _______________________________________________________________ FEATURED READER RESOURCE Network World Fusion's Net.Worker site Whether your company is growing larger or scaling back, corporate managers are looking for ways to cut costs while retaining and recruiting star employees. One smart solution - at least on paper - is to let some employees work from home. Network World's Net.Worker Web site bridges the gap between the telework concept and the hardware, software and services needed to make it happen. We bring you news and reviews, sound advice and keen insight into the technologies and solutions you need to manage a remote and mobile workforce. Visit http://www.nwfusion.com/net.worker/index.html _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.nwwsubscribe.com/nl _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp To unsubscribe from promotional e-mail go to: http://www.nwwsubscribe.com/ep To change your e-mail address, go to: http://www.nwwsubscribe.com/news/scripts/changeemail.asp Subscription questions? Contact Customer Service by replying to this message. Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: mailto:jcaruso@nww.com For advertising information, write Jamie Kalbach, Director of Online Sales, at: mailto:jkalbach@nww.com Copyright Network World, Inc., 2002 ------------------------ This message was sent to: vkamins@enron.com