The BugBlog -- February 2003

BugBlog

	Rather than chopping the BugBlog up into weekly archives, I'm going to try monthly archives instead. So all the February bugs will remain on this page, and I'll slowly go back and combine the past blog pages into monthly entries as well. The BugBlog is free- but if you want to help support its existence, feel free to make a donation via PayPal using the button at left. Better yet, subscribe to the BugBlog Plus. A three month subscription is only $5.
2/28	Microsoft has a new security patch for Windows ME. A bug may let a web site run by bad guys to snoop and read files on your computer when you visit that web site. The flaw may also allow them access to run their own programs on your computer. Windows ME users should use the Windows Update button on their Start menu to get the fix. Microsoft credits Warning and Fozzy of the Hackademy for finding this bug for them. Red Hat has new VNC packages for their Linux 7.x and 8.0. These packages fix bugs that allow threats via challenge replay and via weak cookies. Links to the relevant updates are at https://rhn.redhat.com/errata/RHSA-2003-041.html. There is a bug n the vte package, which is a terminal emulator, for Red Hat Linux 8.0. The bug may disclose the window title and provide it to an attacker, who may be able to use the information while mounting an attack. Users should get the updated package at https://rhn.redhat.com/errata/RHSA-2003-053.html. Novel has released the Central Office Server Support Pack 1. The support pack fixes some bugs in RSYNC.NLM that may hang the server. Get the update in cosp1.exe from http://support.novell.com/servlet/tidfinder/2965027.
2/26	Red Hat has updated packages for shadow-utils in Red Hat Linux 7.2, 7.3, and 8.0. The old version of shadow-utils created mailbox files that had the group ownership set incorrectly. You can get the update for your version of Red Hat Linux from https://rhn.redhat.com/errata/RHSA-2003-057.html. Apple has upgraded the Mac OS X Server to 10.2.4. Among the bug fixes in this version are some that eliminate security holes in the QuickTime Streaming Server. You can get the update at http://docs.info.apple.com/article.html?artnum=7017.
2/24	Cisco says that the University of Oulu Secure Programming Group "PROTOS" Test Suite for SIP has turned up security problems in Cisco IP Phone Model 7940/7960 running SIP images prior to 4.2, Cisco Routers running Cisco IOS 12.2T and 12.2 'X' trains, and Cisco PIX Firewall running software versions with SIP support, beginning with version 5.2(1) and up to, but not including versions 6.2(2), 6.1(4), 6.0(4) and 5.2(9). An outside attacker may be able to get the IP phones to reset or hang, an effective denial of service attack. The IOS and PIX software could also be forced into a device reset. The products have all been upgraded to fix these problems. Get the upgrade information at http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml. If you are running Keynote 1.0 on a Mac OS X computer, and you connect a second display to the computer while Keynote is running, you may see this error message: "Your computer does not have enough video random-access memory (VRAM) to play the slideshow at the current screen resolution." The fast workaround, according to Apple, is just to shut down Keynote before connecting the second display. Another fix is to upgrade to Mac OS X 10.2.4 or later. If you try to install Microsoft Money 2002, or if you try to start the program, you may get this error message: Unable to initialize a required Money component. One possible cause of this problem is a conflict between Money 2002 and DirecPC satellite Internet connection software. The solution, according to Microsoft, is a lengthy one. You need to uninstall DirecPC, clean up all its Registry entries, uninstall Money, delete its folder, and clean up its Registry keys. Then reinstall Money and then reinstall DirecPC. For detailed explanations of the steps involved, see http://support.microsoft.com/?kbid=310765.
2/21	This isn't a bug, it's more like a rant. I've used Intuit TurboTax for a long, long time -- in fact, it was still on 5 1/4" floppies the first time I bought it. This year, I switched to H&R Block's Tax Cut. The reason? The sneaky, backhanded way that Intuit tried to sneak digital rights management into the release. Many others have talked about it -- the most in-depth look at it is this story over on the Extreme Technology site. This is almost enough to make me drop the rest of the Intuit product line, too. Unfortunately, the only real competition in the personal finance line is Microsoft Money -- amd Microsoft gets too much of my money as it is. Here is one that go me personally. If the Mozilla 1.x browser has been working fine, but suddenly won't start on the Windows XP/2000 platform, check the Windows Task Manager. If the CPU usage is spiking to 100 percent, and the Mozilla process is consuming increasing amounts of memory, you may have a file corruption problem. Go to your profile directory and delete the file XUL.mfl. This should allow Mozilla to start again. Looking through the Bugzilla bug database, it looks like this file gets corrupted on other platforms as well. It contains pre-compiled UI information for faster loading. Microsoft released Service Pack 2 for SharePoint Portal Server on 1/13/2003. However, the service pack had a bug that interfered with indexing. There is a corrected service pack available at the Microsoft Downloads site.
2/20	There is a conflict between Microsoft Word 2002 and any Accessibility client, when running on a Windows 98 or Windows ME computer. The incompatibility may cause characters typed at the keyboard to disappear. Microsoft has a fix, which will be in a future service pack. If you need the fix right away, contact Microsoft and ask for the hot-fox in Knowledge Base article 331325. Note however, that you may be charged for this call. Microsoft also points out that this doesn't happen under Windows 2000 or Windows XP, so they probably really want you to upgrade instead. If you insert more than one RTF (rich text format) files into a Microsoft Word 2002 document, and each of those RTF documents contains a table, you might have problems later. If you save, close and re-open the Word document, the rows and columns in the tables may be out of alignment. Microsoft is testing a fix, which will be in a future service pack. If you need the fix right away, contact Microsoft Technical Support and ask for the hot-fix described in Knowledge Base article 328092. However, you may get charged for this call. The PHP Group says that PHP 4.3.0 has a major security bug in the CGI SAPI. The bug may allow outsiders to read any file on a webserver, as long as the file is readable by the user who is running the webserver. This has been fixed in PHP 4.3.1. You can get more information from the PHP Group at http://www.php.net/release_4_3_1.php.
2/19	Lotus Notes 6.01 has 591 fixes in it. If you want to see the full list of fixes, go to http://www-10.lotus.com/ldd/r5fixlist.nsf/Public?OpenView. Dipping into just about any category will bring you to some interesting bug fixes, including: about six things that would cause a server crash; memory leak fixes; 48 separate fixes for Calendar and Scheduling problems; and so on. Novell has a new RNS files for DirXML 1.1a in Novell Directory Services. The update fixes two bugs. In the first, it was impossible to configure a Microsoft Exchange 2000 server as the target SMTP server. The second bug triggered an abend in slldap.nlm when DirXML was loaded. Get the update in dxrnsfp1.exe from http://support.novell.com/servlet/tidfinder/2964958.
2/18	Oracle says that their Oracle9i Application Server Release 9.0.2 has two separate security vulnerabilities that could result in denial of service attacks. They have been patched in Release 9.0.3. Oracle credits Next Generation Security Software Ltd. for finding these bugs for them. There is also a buffer overflow in Oracle9i Database Release 2, Oracle9i Database Release 1, Oracle8i Database v 8.1.7, and Oracle8 Database v 8.0.6. This has been patched in the latest release for all these products, which you can get from http://metalink.oracle.com. Next Generation Security Software Ltd. found this bug, too. After installing Windows XP Service Pack 1, it may suddenly take about 35 seconds to delete a file in a client-server situation. Microsoft says this will happen sporadically, about ten to fifteen percent of the time. Running into the delay? Microsoft has a fix, which will be in a future service pack. Not willing to waste your life 35 seconds at a time? You can contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 811492. However, you might be charged for this call. Find out the details at http://support.microsoft.com/?kbid=811492.
2/14	Maybe you had already seen this - but it was news to me. Red Hat says that they will not be guaranteeing errata-fix support for any of their releases for more than twelve months after the initial release. For now, that schedule means these releases face the following cut-off dates: Red Hat Linux 6.2 (Zoot) on 3/31/2003; Linux 7.0 (Guinness) on 3/31/2003; Linux 7.1 (Seawolf) on 12/31/2003; Linux 7.2 (Enigma) on 12/31/2003; Linux 7.3 (Valhalla) on 12/31/2003; Linux 8.0 (Psyche) on 12/31/2003. While they are still fresh, you may want to stop by Red Hat to get the following fixes: Red Hat has an updated lynx package for Red Hat Linux 7.x and 8.0. For you youngsters -- Lynx is a character-based web browser that we had to use in the dark days before Mosaic was invented. You still need it if you need to browse the web from a dumb terminal. This update fixes a vulnerability in the way Lynx constructs its HTTP queries, that may allow fake headers to be sent. The update is at https://rhn.redhat.com/errata/RHSA-2003-029.html. There is a bug in the PAM package that is included in Red Hat Linux 7.1, 7.2, 7.3, and 8.0. This bug, discovered by Andreas beck, might forward authorization information from the root account to unprivileged users. This may then be an aid to later attacks against this computer. Get the update at https://rhn.redhat.com/errata/RHSA-2003-035.html. There is a bug in the ext3 file system in the Red Hat Linux 7.1, 7.1K, 7.2, 7.3, and 8.0 kernel. This bug may cause data loss on a system if the file system is not being used in the default way. If you are in "full data journaling" mode, with this option mount -o data=journal you may be at risk. For more details, and links to the upgraded packages, see https://rhn.redhat.com/errata/RHBA-2002-292.html.
2/13	Novell has come up with a collection of post- Client 4.83 Support Pack 1 fixes for NetWare. It fixes a bug that may sometimes cause a blue screen of death while browsing NetWare volumes, and a number of other bugs and quirks in the software. You can read the whole list of fixes, and download them, from http://support.novell.com/servlet/tidfinder/2964927. Public Fix #1 for Lotus Sametime 2.5 is now available from the Lotus, err IBM, website at http://www15.software.ibm.com/fulfill/support/c43ehml.exe. This fix is only used on iSeries 400 platforms, and fixes many problems with the Sametime Connect Client making connections, and various bugs that may cause the program to hang. Microsoft says that there may be a problem when using the Windows Media Player 9 plug-in along with Netscape 4.75. Depending on the way the website has been set up, Media Player may stop responding. According to Microsoft KB article 813343, there isn't much that the end user can do to work around the Microsoft bug. It is up to the website creator, using Windows Media Series 9, to make sure to set the DefaultFrame property inside the <Embed> tag to specify which frame it is going to flip. If not, you risk the presentation freezing.
2/12	Microsoft says that Internet Explorer 6 uses may find themselves cut off from the Internet after installing one of these IE 6 updates: IE 6 Service Pack 1, Windows XP Service Pack 1, the hotfix from KB article 312176, or the hotfix from KB 325662. The problem, says Microsoft, is that there is a third-pary product being used that only supports basic authentication. Microsoft says there are two things to do. First, install the February, 2003 Cumulative Patch for Internet Explorer (hopefully, you've got another computer that can connect to the Internet to get the patch) and then contact Microsoft Technical Support and ask for the hotfix in KB 331906. Note that you may get charged for the call. If you have a Compaq iPAQ H3950/H3955 and it seems to have slowed down, there is a SoftPaq update from Compaq. If you have ROM version 1.10, this update will restore the clock speed to 400 MHz. Check out information on this update at ftp://ftp.compaq.com/pub/softpaq/sp15501-16000/sp15540.txt. The Apache 2.0.44 HTTP Server is out. It has a number of bug fixes, and the Apache Foundation points out three of them that affect Apache on a Windows computer -- two of which are denial of service attacks, and the third lets an attacker run their own code on a Windows 9x/ME computer. Get the update at http://httpd.apache.org/download.cgi
2/11	It's nice to see a company admit its mistakes, but then again, Microsoft gets a lot of practice at it. They issued a Security Bulletin and fix on December 11, 2002 for a bug in the Windows WM_TIMER that affected Windows NT 4.0, Windows 2000 and Windows XP. The fix issued then introduced some other problems into Windows NT 4.0 (but not the other two versions of Windows), so Microsoft has revised the fix for NT. Get it at http://www.microsoft.com/technet/security/bulletin/MS02-071.asp. If you are creating Stickies Notes in Apple Mac OS X, and then change the screen resolution, some of the stickies may end up off the screen. The title bar may be out of reach, so you can't drag the notes back. To grab them, go to the Dock and click the Stickies icon. Then click Windows, Arrange in Front. Apple says that Mac OS X and Mac OS X Server don't seem to be able to resolve an alias file created in the Finder. As a workaround, use a symlink instead of an alias. How do you do that? Find out at http://docs.info.apple.com/article.html?artnum=107424. (This alias, BTW, has nothing to do with Jennifer Garner.) Apple says that their AirPort Extreme Base Station is having some problems with some third-party 802.11b wireless cards. This happens when the base station is in compatibility mode. Some of the problem cards are: Asante FriendlyNET AeroLAN Wireless PCMCIA Adapter model AL1011; Cisco Aironet 340 card; Cisco Aironet 350 card; Compaq WL100 11 Mbps Wireless LAN PC Card; Epson Stylus C80WN (wireless printer); Farallon SkyLINE 11mb PC Card; Hewlett Packard WP100 print server. Some troubleshooting procedures and workarounds are listed at http://docs.info.apple.com/article.html?artnum=107427. The web security firm GreyMagic had issued a number of security alerts about the web browser Opera 7, pointing out a number of security bugs. A recent bulletin from them said that Opera has not confirmed the bugs, but they are fixed in Opera 7.1. You can read the original bulletins at http://security.greymagic.com/adv/ and you can get the updated Opera at http://www.opera.com/.
2/7	The flow of bugs and fixes from Microsoft never ceases, as two new security bulletins were released this week. It's time to update that browser again! Microsoft has another important update for Windows XP users. This fixes a bug in the Windows Redirector that may allow someone to gain extra privileges on the computer. There are links for the 32 and 64-bit versions of Windows XP available from http://www.microsoft.com/technet/security/bulletin/ms03-005.asp. Microsoft credits NSFocus for finding this bug for them. There is a new cumulative patch for Microsoft Internet Explorer 5.01, 5.5, and 6.0. This patch contains all the previously released patches for IE, plus fixes for two new cross-domain security problems. As a workaround, you can always switch to Mozilla, but if you want to stay on the upgrade train, go to http://www.microsoft.com/technet/security/bulletin/ms03-004.asp to get your update. If you are getting corrupted print documents using Novell iPrint, then Novell has an update that's supposed to fix this. Get nipp106.exe from http://support.novell.com/servlet/tidfinder/2964777.
2/5	There is a new Service Pack 2 for the Sun Microsystems Sun ONE Web Proxy Server 3.6. A number of fixes actually clear up mistakes in documentation. For instance, the original Administrator's Guide for the product says that 404 and 500 error messages can be customized. However, the guide is wrong, because those messages don't come from the proxy server. For the full list of document clarifications, see the Release Notes at http://docs.sun.com/source/817-0538-10/index.html. Red Hat has updated kernel packages for their Red Hat Linux 7.1, 7.2, 7.3, and 8.0. These plug up information leaks from a number of Ethernet network interface cards, and also fix a security problem in the file system. Links to the relevant versions can all be found at https://rhn.redhat.com/errata/RHSA-2003-025.html.
2/4	Windows XP Service Pack 1 may cause compatibility problems with InterVideo DVD software. It may allow audio without video, video without audio, or it may just hang. This fix is available by following the link at http://support.microsoft.com/?kbid=329623. Microsoft says that Windows XP Service Pack 1 does not include the Indeo video codec. Because of this, some games with an introductory video clip, that rely on this codec, may crash or hang. They may also have this error message: Video not available - cannot find 'VIDS:IV50' decompressor To fix this, you need to get the Indeo codec. Microsoft has it available at the Windows Update web site. It's called "327979: Recommended Update".
2/3	Red Hat has a new krb5 package to fix a security hole in the Kerberos ftp client, This package is distributed with Red Hat Linux 6.2, 7.x, and 8.0. A bug in the ftp client may let an attacker write files outside of the current directory or possibly to execute commands. Get the fix for your particular Red Hat Linux version at https://rhn.redhat.com/errata/RHSA-2003-020.html. If you are still looking for vulnerabilities for the Microsoft SQL Server Slammer Worm, here are a few from Cisco. They say that Cisco CallManager 3.3(x), Cisco Unity 3.x, 4.x, and Cisco Building Broadband Service Manager 5.0, 5.1 are all vulnerable. However, they don't think any of their other products are affected. For more on how to fix this, see http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml. Novell has released Support Pack 3 (SP3) for Novell eDirectory 8.6.2. There are a number of bug fixes in DS.NLM and DSREPAIR.NLM. You can find the full list of bug fixes, installation instructions, and the link to edir862sp3.exe all at http://support.novell.com/servlet/tidfinder/2963981.