The BugBlog -- December 2002

BugBlog

	Rather than chopping the BugBlog up into weekly archives, I'm going to try monthly archives instead. So all the December bugs will remain on this page, and you can use the Archives menu on the left to go to past months. The BugBlog is free- but if you want to help support its existence, feel free to make a donation via PayPal using the button at left. Better yet, subscribe to the BugBlog Plus. A three month subscription is only $5.
12/19	The latest Microsoft buffer overrun is in the Windows Shell in Windows XP Home, Professional, Tablet PC, and Media Center. An attacker may be able to send a poisoned .MP3 or .WMA file that could either crash Windows or run the attackers own program on the system. If you have installed Windows XP Service Pack 1, the attack won't be successful through Outlook 98 and 2000 (after installing the Outlook Email Security Update), Outlook 2002, and Outlook Express 6. The patch for both the 32 and 64 bit editions of Windows XP can be found at http://www.microsoft.com/security/security_bulletins/ms02-072.asp.
12/18	Microsoft says that installing Office XP Service Pack 2 may cause transparent graphics to become opaque. This may affect Word 2002, PowerPoint 2002, or Publisher. Microsoft only has a workaround right now -- you will need to insert the images as GIF or JPEG files. For details, see http://support.microsoft.com/?kbid=810384 . Red Hat has a new Fetchmail package for RedHat Linux 7.x and 8.0. The new package patches a security hole that may let a remote user crash Fetchmail for a denial of service attack. Get the updates at https://rhn.redhat.com/errata/RHSA-2002-293.html. Red Hat Linux has updated the Net-SNMP package for Red Hat Linux 8.0. It fixes a bug that may allow a remote user to launch a denial of service attack. Red Hat says there are also a number of minor fixes in this package, too. Get it at https://rhn.redhat.com/errata/RHSA-2002-228.html.
12/17	Macromedia says that some Flash (SWF) movie headers can get deformed if they are hand edited with a binary editor. As a result, an attacker may be able to launch some hostile code on the client that could run on a client. Macromedia has fixed this in the Flash player (the client). New versions are available at their Download Center at http://www.macromedia.com/go/getflashplayer/. Novell has released an update for NetMail. The new version 3.1d is available for NetWare, Windows, Solaris and Linux. The Linux one is probably representative of them all, and fixes: OpenSSL security bugs; display problems with the Latin 1 character set; crashes in MWCal and MWMail. The full explanation is at http://support.novell.com/servlet/tidfinder/2964520. Novell has a new NWPA.NLM for NetWare 5.1 Support Pack 5 and Netware 6.0 Support Pack 2. This newest version of the module takes care of some bugs that may cause the file server to hang when the software is installed. Read the details at http://support.novell.com/servlet/tidfinder/2964507. The latest firmware update for the Apple AirPort is 4.0.7. If you are going to use a Rendevouz-enabled application with Mac OS X 10.2, you will need this firmware update. It also fixes some compatibility problems with Verizon DSL. You can get it at http://docs.info.apple.com/article.html?artnum=120140. Some complaints are surfacing in the computer press about people having problems with the latest cumulative patch for Microsoft Internet Explorer. That patch was bug-blogged on 12/5/02. You can read one such story in eWeek at http://www.eweek.com/article2/0,3959,767339,00.asp. Is it really wide-spread? Who knows -- and it is safe to say that, given the almost unlimited combination of OS platforms, apps, and drivers out there, that just about any piece of software released is going to screw up somebody. Good beta-testing will ensure that there are only a few "somebodys" and not a lot.
12/13	Cisco says their Optical Service Module line cards, when running in a Catalyst 6500 or Cisco 7600 chassis and using IOS 12.1(8)E, may be susceptible to a denial of service attack if they are hit with a specially constructed packet on a local network. This has been fixed in IOS 12.1(13.5)E. Symantec says that if their Enterprise Firewall is scanned by the third-party Qualys managed vulnerability assessment tool, it will cause the RealAudio and statsd services to shut down. These errors will register in the Dr. Watson log. Symantec has fixed versions available at http://www.symantec.com/downloads/. They also credit Gerhard Eschelbeck and Tasawar Jalali from Qualys for finding the problem.
12/12	To paraphrase Shakespeare, when bugs come they come not as spies but as battalions. Microsoft has to battle a whole handful, as they release three Security Bulletins, one of which has a comprehensive patch to fix eight bugs in the Microsoft Virtual Machine: Microsoft has come out with another patch for their Virtual Machine (their implementation of Java) that fixes eight new bugs, as well as containing fixes for all the past bugs in their virtual machine. The new bugs would allow someone to attack either by hosting hostile Java code on a web page, or by including it in e-mail. Get the fix available at http://www.microsoft.com/technet/security/bulletin/ms02-069.asp. One of the underlying procedures in Windows NT 4.0, Windows 2000 and Windows XP is the WM_TIMER message handling procedure. Microsoft has found out that there is a way for an attacker could insert themselves into the WM_TIMER message and commandeer a computer. However, this attacker needs to be able to log on to the system with valid credentials, so it would be an inside job where the attacker would try to elevate their privileges, such as from User to Administrator. Microsoft has a fix available at http://www.microsoft.com/technet/security/bulletin/MS02-071.asp. A bug in the Server Message Block (SMB) feature of Windows 2000 and Windows XP may allow an attacker to silently downgrade the security settings on SMB Signings on a computer. This may allow the attacker to then send unsigned data to a computer, which could then wreck further havoc. Users of Windows 2000 and XP should get the fix at http://www.microsoft.com/technet/security/bulletin/MS02-070.asp. This has already been fixed in Windows XP Service Pack 1.
12/11	The BugBlog had its own bug, as web pages got copied under the wrong file names, causing an apparant lack of updates for a couple of days. Sorry
12/10	There is a new version of Diagnostics for Windows, 4.03A, for most versions of Compaq Armada computers. This version fixes bugs that sometimes caused the diagnostics to: mis-read keyboard information; not re-install using Add/Remove programs; fail on certain hard drive tests; not recognize the number of processors; and other tests. See the complete list of models covered, and the bugs, at http://h18007.www1.hp.com/support/files/armada/us/download/15933.html. Novell says their Client 4.83 for Windows NT/2000/XP has a problem that only shows up on Windows XP. If you highlight multiple files, right-click, and then select Open, the files will not open. As a workaround, press the Enter key after selecting the multiple files. As a fix, download 291562.exe from http://support.novell.com/servlet/tidfinder/2963384. Novell has updated their TCP module for NetWare 6. TCP 6.05o fixes a conflict between Trapsparent Proxy and Reverse Proxy. It also fixes a bug in the icmp fragmentation needed packet. The new version is at http://support.novell.com/servlet/tidfinder/2964249. There is a firmware update for the Apple PowerMac SuperDrive for Mac OS 9. The update squashes some bugs that were preventing copy-protected audio CDs from being ejected. Look for the update at http://docs.info.apple.com/article.html?artnum=120172.
12/6	Originally, Windows XP Video for Windows was not compatible with a Sony DVMC-DA2 DV converter. However, Microsoft has come up with a compatibility fix, which they say will be in a future Windows XP service pack. In the meantime, you could get the fix from Microsoft by contacting Technical Support and asking for the hot-fix described in Knowledge Base article 327897. However, you may get charged for this call. Mozilla 1.2.1 was released soon on the heels of Mozilla 1.2. The only difference between the two- 1.2.1 has a fix for a DHTML bug that was in 1.2. Next week we will look a little more at the fixes that were in 1.2.
12/5	Two more security bulletins from Microsoft, cleaning up Outlook 2002 and Internet Explorer (again!) There is yet another cumulative patch for Microsoft Internet Explorer 5.5 and 6.0. This one fixes all the previous faults, plus one newly discovered since the last cumulative update on 11/20. This new one is a cross-scripting fault that may allow one web site to get access to information meant for another. Get this patch at http://www.microsoft.com/security/security_bulletins/MS02-068.asp. Microsoft credits Richard Lawley for help on this one. Microsoft has issued a patch for Outlook 2002, after they were told of a vulnerability in the way it processes e-mail headers. An attacker could send e-mail, with a specially designed header, that would cause the Outlook client to fail every time it tried to process the message. Since Outlook doesn't get the chance to process the bad message, it will remain in place causing future failures. It can be removed by an administrator, or by using a non-vulnerable e-mail client. For patch information, go to http://www.microsoft.com/technet/security/bulletin/ms02-067.asp.
12/3	If you are trying to use a Windows XP client to dial up to a Cisco router as a remote access server, there may be problems if you are using certain static IP address pools. The problem ones are 145.x.x.x or 147.x.x.x. They may result in getting a time out error, seen as Error 718 Microsoft is testing a fix that will be in a future service pack. You can get the hot-fix right away if you call up Microsoft Technical Support and ask for the hot-fix described in Knowledge Base article 329798. Note that Microsoft may charge you for this call. Novell says that the downloadable ConsoleOne snap-ins from their web site was missing a few pieces. In particular, the snap-ins for ZENworks for Desktops 3.2 SP1 weren't there. Need them? Go to http://support.novell.com/servlet/tidfinder/2964255 to download them as zfd32sp1snapins.exe.
12/2	If Windows XP Professional or Home, either with or without Service Pack 1, is running with the Microsoft Bluetooth Supplement, there may be problems with InstallShield 5.5. Microsoft says that if no Bluetooth devices are on the system, and you try to install software using InstallShield 5.5 within about five minutes of starting Windows, the installation may go very slowly. There are two obvious workarounds -- don't do an installation right away, or get rid of the Bluetooth Supplement if you never need it. Otherwise, you may want to get a hot-fix from Microsoft that fixes this. Contact Microsoft Technical Support and ask for the hot-fix that is discussed in Knowledge Base article 810019. Note that you might get charged for this call. Sun Microsystems has released Sun ONE Web Server 6.0 Service Pack 5. This fixes an number of problems: an incompatibility with Java plugins that support JRE 1.3 or higher, that would sometimes cause the Windows version of Netscape Navigator 6.x to crash when it encounters some applets; a bug with iws classloader, where not all resources were being released; a bug that affected WML files with Server Side Includes (SSI).