 |
|
|
|
 |
 |
|
|
 |
|
||
 |
|
||
 |
|
||
 |
 |
|
|
 |
|
||
BugBlog Plus Archives
Current month
Nov 06 by company
Nov 06 by date
Oct 06 by company
Oct 06 by date
Sep 06 by company
Sep 06 by date
Aug 06 by company
Aug 06 by date
July 06 by date
June 06 by date
May 06 by date
Apr 06 by date
Mar 06 by date
Feb 06 by date
Jan 06 by date
Jan 06 by company
Dec 05 by date
Dec 05 by company
Nov 05 by date
Oct 05 by date
Sept 05 by date
Aug 05 by date
July 05 by date
June 05 by date
June 05 by company
May 05 by date
May 05 by company
Apr 05 by date
Apr 05 by company
Mar 05 by date
Mar 05 by company
Feb 05 by date
Feb 05 by company
Jan 05 by date
Jan 05 by company
Dec 04
Dec 04 by company
Nov 04
Oct 04
Sept 04 by date
XP SP 2
Aug 04 by company
Aug 04 by date
Jul 04 by company
Jul 04 by date
June 04 by company
June 04 by date
May 04 by company
May 04 by date
Apr 04 by company
Apr 04 by date
Mar 04 by company
Mar 04 by date
Feb 04 by company
Feb 04 by date
Jan 04 by company
Jan 04 by date
Dec 03 by company
Dec 03 by date
Nov 03 by date
Nov 03 by company
Jump to the BugBlog archives (October 03 and earlier are public archives)
Dec 06Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
XP SP2
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02
*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.
Adobe | Apple | ATI | Cisco | General | IBM | Macromedia | Mandrake | Microsoft | Mozilla | MySql | Nokia | Novell | NVIDIA | Opera | PHP | Red Hat | Sun Microsystems | Symantec |
Adobe
The Adobe Acrobat 6.0.2 Reader (and possibly earlier versions and the full Adobe Acrobat, too) has a security bug that may allow an attacker to run their own code on your system. The attack would be mounted via an .etd file, which is a file that Acrobat uses in eBook transactions. Filling certain fields in that file with a certain string of characters may trigger the attack. The security researchers at iDefense found this bug. They have a workaround, which is to delete \Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\eBook.api. Doing that also means Acrobat won't be able to read iBooks. For a fix, upgrade the free Adobe reader to version 6.0.3. The Windows version is at http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679.
Adobe says that in Adobe Encore DVD 1.5, sometimes the DVD burn speed that is displayed for DVD burners is wrong. This has been fixed in the Encore DVD 1.5.1 update. Get it at http://www.adobe.com/support/downloads/detail.jsp?ftpID=2663.
Apple
According to a story at C Net, Apple has "quietly updated" their iPod software so that RealNetworks online music store is no longer compatible. When RealNetworks had announced their store was now compatible with the iPod, Apple had referred to that as "tactics of a hacker."
Apple says that if you try to run Final Cut Pro HD 4.5 on a Mac OS X 10.3.5 or 10.3.6 computer with NVIDIA graphics cards, video on the canvas may appear blurry. This doesn't affect the final output, which will appear fine. As a workaround, they suggest viewing the video on an external broadcast monitor or TV rather than a canvas.
Apple says that in Logic Pro 7 and Logic Express 7 some dialogs might be missing. These may include the Bounce dialog or the Key Commands window. The problem may actually be in the Pro Applications Support framework. For fix information, see http://docs.info.apple.com/article.html?artnum=300389.
Most people are used to phishing attacks that target your online banking information. There is now evidence that the phishers will now try to steal your personal data by masquerading as your ISP. Right now, people are getting emails that look like they are coming from EarthLink, asking for things like names, passwords, and Social Security numbers.
Apple says there is an incompatibility between iTunes 4.7 for Windows and some Packard Bell computers. Some of the Packard Bell computers come from the factory with virtual drives that conflict with iTunes. It may cause a problem where iTunes won't recognize an audio CD. (If you have a Packard Bell computer, you probably have more problems than this, but that's another story.) See http://docs.info.apple.com/article.html?artnum=300448 for some diagnostics information and possible workarounds.
Apple has a rather extensive list of all the Audio Unit plug-ins that have passed the Apple Audio Units Validation Tool to be shown compatible with Apple Logic Pro 7. You can check the list at http://docs.info.apple.com/article.html?artnum=300170.
Apple says that if you have Mac OS X 10.3.5 or 10.3.6 installed, along with the Apple 2004-09-30 Security Update, you may have some sporadic connection issues with Safari, Mail or any other networking applications. The problems are with the DNS lookups. This has been fixed with the Mac OS X 10.3.7 update.
Apple says that if you have a QuickTime movie that uses the Photo JPEG codec, and you import it into Final Cut Express 1.0.1, you will lose the video tracks and only get the audio imported. As a workaround, a program like QuickTime Pro may let you open the movie and then export it with a different video codec.
Apple has a firmware update for AirPort Extreme. The 5.5.1 update fixes configuration problems with PPPoE, with inbound passive FTP, and with WDS networks when using WPA security. The Mac OS X version is at http://www.apple.com/support/downloads/airportextremefirmware551formacosx.html, and the Windows version is at http://www.apple.com/support/downloads/airportextremefirmware551forwindows.html.
Apple says that if you have a third-party FireWire hard drive connected to your computer, you should turn it off and disconnect it before you upgrade from Mac OS X 10.3.6 to 10.3.7. After you have upgraded the OS, reconnect the drive and power it back up after you have restarted your computer.
The Apple Mac OS X 10.3.7 upgrade fixes a number of graphics problems with the game Blizzard World of Warcraft. This includes incompatibilities that cause graphics problems with both nVidia graphics cards and ATI Radeon 9600 graphics cards.
If you have an Apple Mac OS X 10.3.6 computer with an ATI Radeon 8500, 9000, 9200, 9600, or M9 graphics chip, you may see lines flash briefly across the screen when you wake your computer up from sleep. This has been fixed in the Mac OS X 10.3.7 update.
The DVD Player may not open on some Apple Power Mac G4 computers running Mac OS X 10.3.6 with ATI Radeon 9800 AGP graphics cards. Apple says this has been fixed in the Mac OS X 10.3.7 update.
Apple says that Energy Saver preferences in Mac OS X 10.3 have a handy feature that lets you lock the settings, so that changes can't be made inadvertently (or by unauthorized users.) However, if you set the lock right after making changes to the preferences, the changes may not be saved. Apple shows how to get around this bug at http://docs.info.apple.com/article.html?artnum=300353.
If you are using Mac OS X 10.3.6 and are having problems printing to some Windows-based print servers, it's time for an upgrade. Apple says they've fixed this bug in the Mac OS X 10.3.7 update.
Apple has released updated Ethernet drivers for Mac OS X 10.2.8 and 10.3.3. These drivers are supposed to give more reliable communications on high-latency networks, and are recommended by Apple for Xserve, Xserve G5, and PowerMac systems. The drivers are available at http://www.apple.com/support/downloads/ethernetdriverformacosx1028.html and http://www.apple.com/support/downloads/ethernetdriverformacosx1033.html.
If you are using Apple File Sharing in Mac OS X 10.3.6 or earlier, and you save a file with a name longer than 31 characters, that name gets shortened. This has been fixed in Mac OS X 10.3.7.
Apple says that on Mac OS X 10.3.6 and 10.3.6 Server, if you are using Postfix with CRAM-MD5 you are vulnerable to a replay attack. This means that credentials used successfully for authentication may be re-used for a small time period. This has been fixed in the Apple 2004-12-02 Security Update. Apple credits Victor Duchovni of Morgan Stanley for finding this.
Apple says that their Mac OS X 10.2.8 Server and 10.3.6 are vulnerable to replay attacks in Apache mod_digest_apple authentication. Apple has taken the fix distributed in Apache 1.3.32 and added it to the Apple 2004-12-02 Security Update.
Apple's 2004-12-02 Security Update for the Mac OS 10.3.6 and 10.3.6 Server fixes a bug in the PSNormalizer. This bug allows a buffer overflow in the PostScript to PDF conversion. This might be exploited by an attacker that would then allow hostile code to be run on the computer. This bug does not affect Mac OS X 10.2.8.
There is a security update for the Apple Mac OS X Server 10.2.8 and 10.3.6 to fix a bug in the Quicktime Streaming Server. This bug may let an attacker launch a denial of service attack trhough a DESCRIBE request. This fix is included in the Apple 2004-12-02 Security Update.
The Apple 2004-12-02 Security Update includes a Kerberos fix for Mac OS X 10.2.8, 10.2.8 Server, 10.3.6, and 10.3.6 Server. This fix incorporates the update from MIT for Kerberos that plugs a potential denial of service attack, plus double free errors. Apple points out that Mac OS X already includes protection against the double free errors.
Apple's 2004-12-02 Security Update includes a fix for the Mac OS X 10.3.6 Server and Client Terminal. According to Apple, without this fix Terminal.App may show that the Secure Keyboard Entry setting is turned on when it actually is turned off. Apple credits Jonathan 'Wolf' Rentzsch of Red Shed Software for finding this.
Apple's 2004-12-02 Security Update fixes two bugs in the Safari web browser for Mac OS X 10.2.8 and 10.3.6, for both the client and server versions. In one bug, a specially designed HTML page can cause a spoofed URI in the Safari status bar. In the second, a web site could spoof the origin of a particular pop-up window, if there are multiple Safari windows already open.
ATI
ATI says that if you are using their Catalyst 4.12 software with multiple monitors, and you move a Microsoft Windows Media Player window from the primary monitor to a secondary monitor, and then back again, the overlay sliders will become disabled. As a workaround, restarting the Media Player should restore the sliders.
If you are playing Ubisoft's Pacific Fighters on a Windows XP computer with an ATI Radeon X800 XT Platinum Edition graphics card and the ATI Catalyst 4.12 drivers, you may see clouds that don't look right. If you press F2 for the external view, ATI says the clouds will appear blocky. (Whether the clouds look that way from both sides now, they don't say.) For now, there is no fix.
ATI says that their updated Catalyst Display Driver 4.12 fixes a number of incompatibilities when using WinDVD on a Windows XP computer. Cloning mode should no longer cause a crash when dragging the WinDVD window, and subtitles should no longer cause display corruption.
If you are playing LucasArts Star Wars: Knights of the Old Republic on a Windows XP computer with an ATI Radeon X800 graphics card, using triple buffering may cause errors and failure if you turn it on in the ATI Catalyst Control Center. This has been fixed in the Catalyst 4.12 update.
Cisco
Cisco says their Cisco Unity 2.x, 3.x and 4.x communications product, when integrated with Microsoft Exchange, ships with a number of default username and password combinations. One of these is an administrative account with high privileges. Needless to say, these combinations may become known and unauthorized users may be able to snoop into accounts and to change settings on the Unity systems. The workaround is simple -- change these default passwords to something much stronger. Get the list of these accounts, and more details, at http://www.cisco.com/en/US/products/products_security_advisory09186a008037cd59.shtml.
Cisco says that when you install the Cisco Guard and Cisco Traffic Anomaly Detector software, it will install a default password for an administrative account. This will happen without any choice by the user, and may be a password that can be exploited by attackers. Cisco says that you can eliminate the problem by changing the default password for the administrative root account to a strong password.
Cisco says that their CNS Network Registrar Domain Name Service /Dynamic Host Configuration Protocol (DNS/DHCP) server 6.0 through 6.1.1.3 for Windows NT and Windows 2000 can be targeted for a denial of service attack. One attack can happen after a remote user sends a specific sequence of packets and then closes the connection. A second attack can be triggered by receiving an unexpected series of packets. For details, and links to free patches, see http://www.cisco.com/warp/public/707/cisco-sa-20041202-cnr.shtml.
EA
EA Games says that there is an update for both Battlefield 1942 and Battlefield Vietnam. This fixes a bug in the game servers that may allow for attacks against the computers (rather than attacks against the opposing armies.) The game and server updates are available at http://www.eagames.com/official/battlefield/1942/us/editorial/community_message_51.jsp.
General
The SANS Internet Storm Center says that if you put an unpatched an unprotected (no firewall) Windows PC on the Internet, on average it will only take twenty minutes before it catches some sort of virus, Trojan or other malware. Via ZD Net, you can hear an audiocast about how this relates to patch management at http://itpapers.zdnet.com/abstract.aspx?docid=108140&promo=200008.
The researchers at Secunia have posted a series of alerts that affects multiple browsers on multiple operating systems. A malicious website may be able to hijack a named browser window, even if that window was initially created by some other website. They say that this affects Microsoft Internet Explorer, Mozilla and Mozilla Firefox, Apple Safari, Opera, and Konqueror. This spans Windows, Mac OS X, and Linux/Unix. They have set up a test page to see if your browser is vulnerable at http://secunia.com/multiple_browsers_window_injection_vulnerability_test/, if you care to test it. There are no fixes or confirmations from the companies yet.
Netcraft has developed an anti-phishing toolbar that may help to cut down against online fraud. This toolbar will display the location of a hosting company (is your bank really in Russia?), helps guard against cross-site scripting, and will help to form what the term a "neighborhood watch" that will collect and disseminate information about phishing attacks. For now, there is only a version for Microsoft Internet Explorer, but they are working on one for Mozilla. You can get it at http://news.netcraft.com/archives/2004/12/28/netcraft_antiphishing_toolbar_available_for_download.htm.
There is a bug in the Google Desktop Search that may enable a hostile web site to see some of the search result summaries that you generate. This may give attackers clues to enable further attacks. To be vulnerable, you would need to visit a website that has a certain Java applet embedded in the page. Google has a fix, which is being supplied through auto-updates. To see if you have the update, click the About icon on the Google Desktop Search task bar. If your version number is 121004 with a date of 12/10/2004 or greater, you have the update. The bug was found by computer sciences professor Dan Wallach and two graduate students at Rice University's Computer Security Lab.
Google has closed a hole in their search engine that was letting the Santy.A worm to target vulnerable websites. This has been confirmed by the F-Secure security researchers. A posting on the Neowin web site sasys that AOL now claims that their search engine will also block the worm, while Yahoo has said No Comment.
A new worm may attack websites through a discussion-board application, phpBB. According to Kaspersky Labs, the Net-Worm.Perl.Santy.a, can gain control of a site and overwrite .htm, .php, .asp, .shtm, .jsp and phtm pages with text that says "This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation". However, visitors to the website cannot catch the infection, so only webmasters need to worry about upgrading to phpBB 2.0.11.
The Security Focus website has a story called "WEP: Dead Again" at http://securityfocus.com/infocus/1814 that points out a new set of WEP (Wireless Equivalency Privacy) cracking tools. This means that using WEP to protect wireless networks is useless. A workaround may be to move to WPA (WiFi Protected Access). For further reading, check out Jeff Duntemann's Wi-Fi Guide, 2nd Edition, with my review at http://www.bjkresearch.com/tips/t040705.cfm.
If you get an email offering a look at nude glamour pinups, be on guard and don't click. (Not that BugBlog readers would do something like that.) You may end up with the Maslan worm, which opens a back door on your computer, steals passwords, and tries to mount denial of service attacks against Web sites run by supporters of the Chechen separatist movement in Russia.
The British anti-virus firm Sophos announced that the amount of new viruses they discovered in 2004 is up fifty percent over 2003. They say they found more than 10,700 new viruses, worms, and Trojan horses. Their #1 virus of the year was Netsky.
PC World did some testing of commercial spyware products. Their conclusion was that none of them were as good as the free product Spybot Search & Destroy. They also said that some of them installed new spyware (although there is some debate about what actually qualifies as spyware.) Read the whole thing at http://www.pcworld.com/news/article/0,aid,118362,00.asp.
An article in ComputerWorld says that a number of universities have been hit with a type of spyware that can be used to snoop on encrypted Secure Socket Layer (SSL) connections. The software is called Marketscore, which comes bundledwith the iMesh peer-to-peer software. You can read the article at http://www.computerworld.com/securitytopics/security/story/0,10801,97936,00.html?source=x73
IBM
IBM says that if you are using the Lotus Notes 6.x client, you can select the Rolling Calendar Style, and you are able to give any date as the starting date. However, when you print the calendar, the calendar will always start at the first day of the week you gave as the starting date, rather than the exact date that you gave. IBM says this is how the option has been designed. The Rolling Calendar style will always default to the beginning of that week, and will always give the whole week, no matter what dates you set in the date range.
When using the Lotus Notes 6.5.3 client with the Lotus Domino Catalog, if you create a new memo and pick a Last Name from the Domino Catalog that has more than one first name choices (all those Smiths or all those Joneses) then you will see the Ambiguous Names dialog, and no suggestions on what first names to use. In the earlier 6.5.2 client, the type ahead option would have given you expected names from the choices in the catalog. Until IBM can fix this so that the 6.5.3 client works like the old client, you can add a Directory Catalog that is sorted by Distinguished Name (First Name) to the local configuration (e.g., names=names, lndircat, fndircat). This will give you First and Last Name addressing.
IBM says that the online documentation for Lotus Notes 6.x says that if you create a local archive from your mail database, if you set the User Security option to "Locally encrypt using.." with one of the encryption options, you should get a encrypted database. In reality, some of the local archives won't be encrypted. IBM says that the User Security Encryption is only meant for new replicas, but not new databases. Lotus Notes considers an archive to be a new database, and thus they aren't encrypted unless the original database from which they were created was already encrypted.
Macromedia
If you are running Macromedia Breeze on Windows XP configured as a server (a configuration that Macromedia doesn't support) and you upgrade to Windows XP Service Pack 2, the new SP2 firewall may block port 1935, which is needed for inbound traffic in Breeze. You will need to unblock that port.
If you are running Macromedia Breeze on a Windows XP Service
Pack 2 computer, and you try to install the Presenter Add-In for Breeze, FlashPaper,
or the Breeze PowerPoint plugin, you will see this security warning:
Open File - Security Warning. The publisher could
not be verified. Are you sure you want to run this software?
Macromedia says it is safe to click Run and install their software.
Macromedia says that if you are using Dreamweaver MX or
MX 2004 on a Windows XP computer with Service Pack 2, when you try to use
Dreamweaver to connect to an FTP server you may see this warning message
Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of
this program.
Workaround instructions for this are at http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_19489.
Macromedia says that if you are running Dreamweaver MX or MX 2004 on a Windows XP Service Pack 2 computer, you may have problems with database connectivity on ASP.NET pages. If you are trying to test pages using a local ASP.NET test server, you will get a message saying that the connection was made to the database. However, if you try to browse the data tables using one of the Dreamweaver tools, you won't be ableto see your data. Macromedia has published a Dreamweaver extension that will fix this. You can get it at http://download.macromedia.com/pub/dreamweaver/extensions/SP2DBFix1.0.2.mxp.
If you are using Macromedia Dreamweaver MX or MX 2004 on a Windows XP computer that has been upgraded to Service Pack 2, you may have problems with the ASP.NET OLE database connection dialog. According to Macromedia, the Build button won't work in that dialog. Click the button and nothing happens. As a workaround, they say to click the Templates button in the OLE DB Connection to create the connection instead. Else, create a new text fileon the hard drive; change the file extension from .txt to .udl; open that file and it should open the Data Link Properties dialog.
If you install Macromedia Dreamweaver MX 2004 on a Microsoft
Windows XP Service Pack 2 computer, you may see this security warning from
Microsoft:
Open File - Security Warning.
The publisher could not be verified. Are you sure you want to run this software?
Macromedia says that it is safe to click the Run button and install Dreamweaver.
If you are running Macromedia Dreamweaver MX or MX 2004
on a Microsoft Windows XP computer upgraded to Service Pack 2, you may see
security warnings if you preview a file on your hard drive that has JavaScript.
The message would be
To help protect your security, Internet Explorer
has restricted this file from showing active content that could access
your computer. Click here for options ..."
If you are sure of your content (because you designed the page yourself) you
can always click the "Allowed Blocked Content" button. This message
will also not occur if you view the files via the local web server.
Mandrake
Mandrakesofrt has an updated samba package for Mandrake Linux 9.2, 10.x, and the Corporate Server 2.1. This fixes a bug that may allow a remote attacker to trigger an integer overflow in the smbd daemon that could let them run their own code on the computer. This remote attacker does need to have credentials that gives them access to a share on the Samba server.
Mandrakesoft has an updated package for PHP in Mandrake Corporate Server 2.1, to fix bugs found in PHP 4 and 5 by Stefan Esser. (Also listed in the PHP section of the BugBlog.) You can get the updates from Mandrake at http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:151.
Mandrakesoft has an updated openssl package for Mandrake Linux 9.2, 10.0, 10.1 and Corporate Server 2.1. There is a script,der_chop, included in the package that may allow local users to overwrite files using a symlink attack. The update fixes this bug.
Microsoft
Microsoft says that if you are using Access 2003, and you click a hyperlink to move into a Microsoft Word 2003 document, you may lose control of your mouse in the dialog that enables or disables macros. You will, however, be able to use the keyboard (tabs and the Enter key) to work in this dialog. They have issued a hotfix for this, called the Access 2003 post-Service Pack 1 hotfix package of 11/12/2004. You can either wait for the next service pack to get it, or contact Microsoft Technical Support and ask for the hotfix discussed in Knowledge Base article 889186. Note that you may get charged for this call.
Microsoft says that if you install Office 2003 Service Pack 1, it may introduce a bug into Access 2003. If a form has a subreport, all pages of the subreport that come after page 1 may be blank. They have issued a hotfix for this, called the Access 2003 post-Service Pack 1 hotfix package of 11/12/2004. You can either wait for the next service pack to get it, or contact Microsoft Technical Support and ask for the hotfix discussed in Knowledge Base article 889186. Note that you may get charged for this call.
Microsoft says that if you want to install the Office 2003
Alternative User Input update KB870774 on a Windows 2000 computer, it should
only be done from the Microsoft Office Update Web site or the Microsoft Download
Center. If you try to install it onto some other version of Windows, you will
see this error message:
This update cannot be applied to this Operating System.
Microsoft says that in Office 2003, if you have the Alternative User Input installed and you go to the Language bar to change the default Input Method Editor settings, the new defaults may not be saved. This is fixed in the Alternative User Input Update KB870774.
When using the Office 2003 Alternative User Input, you may find that you can't type double-byte character set characters in Windows SharePoints Services site Properties dialog box. According to Microsoft, the IME (Input Method Editor) button won't be available. This has been fixed in the Alternative User Input KB870774 update.
Details of a new way to assault Microsoft Internet Explorer have been posted to the Full Disclosure mailing list. This attack can be done even against computers upgraded to Windows XP Service Pack 2, and can be done without user intervention (Edit 12/28: to be attacked, you will need to visit a malicious web page, although you won't have to click or do anything on that page.) It would appear that the attack makes use of known problems with Microsoft's Active X technology, and can be used to place a file in a computer's Startup folder. You can read a news account at eWeek at http://www.eweek.com/article2/0,1759,1745693,00.asp. Nothing official from Microsoft yet. One workaround is to use Mozilla or Firefox.
Secunia has added Internet Explorer 5.x for the Macintosh to the list of browsers that are vulnerable to a malicious website injecting their content into another browser window. This is in addition to all the browsers listed in the BugBlog on December 8. For now, there is no fix.
If you try to insert a picture into a Microsoft Office 2003 document directly from a scanner, you may end up with an upside-down image. (Even if you put the picture right-side up in the scanner.) Microsoft says that there may be some additional distortion in the image, too. They have a post-Service Pack 1 hotfix for this, which they released on 1124/2004, and will be included in a future service pack. If you get lots of flipped images, and can't wait for the fix, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 890064. Note that you may be charged for this call.
The Security researchers at Secunia have posted details on another bug in Microsoft Internet Explorer. In this case, a bug in the DHTML Edit ActiveX control may allow a cross-site scripting attack, which may allow a malicious website to put script into another browser session. They say this affects fully patched systems with Windows XP Service Pack 1 and Service Pack 2. Secunia credits this find to Paul from greyhats, and has also posted a test at http://secunia.com/advisories/13482/, to see if you are vulnerable.
Microsoft says that sometimes you may end up with a second installation of Windows on a partition. Your actual version of Windows will be in one directory, and there will be a second version of the Windows directory, with a slightly different folder name, that includes a second version of Windows. At the very least, that takes up a lot of hard drive space, but it may also cause some confusion down the road among applications. To see how to get out of this situation, see http://support.microsoft.com/?kbid=888023.
Microsoft has re-issued their MS04-028 security bulletin, first released on 9/14/2004. This is the security bulletin that alerted us to buffer overruns in JPEG file processing. The update is to take note of additional security updates that have been issued by Microsoft since the original bulletin. Some of the updates that affect this include: Microsoft .NET Framework version 1.0 Service Pack 2; Microsoft .NET Framework version 1.1; Security updates for Microsoft Visual FoxPro 8.0 andMicrosoft Visual FoxPro 8.0 runtime; Windows Messenger 5.1. You can see all the updated details at http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx.
When Microsoft released five security bulletins on 12/14/2004, none of them were labeled Critical, even though many of them allowed for a remote attacker to take over a computer. Microsoft's explanation is that they will use Critical only for those flaws that can be exploited and spread via a worm. In fact, they use the new word "wormable" to describe that. They also say that components that aren't installed by default may not make the critical list, either. You can read an explanation from a spokesman from the Microsoft Sescurity Response Center at http://www.eweek.com/article2/0,1759,1741024,00.asp.
Microsoft says that a bug in Http.sys may cause either Windows
XP Service Pack 2, Windows XP Tablet PC Edition 2005 or Windows Server 2003
to crash. You may get this error message
Stop 0x05 (INVALID_PROCESS_ATTACH_ATTEMPT)
This will happen if you have TDI filter drivers installed (these typically come
with antivirus or firewall programs) and these drivers respond with STATUS_PENDING
to particular TDI input/output requests. Microsoft has a hotfix available for
download for Windows XP Service Pack 2. Get it at http://support.microsoft.com/?kbid=887742.
Microsoft wants you to use Windows update. However, Windows Server 2003 computers may have problems using the Windows Update Services to download large updates. If the Update file is greater than 700 MB, the download won't work because the WinVerifyTrust function can't verify the certificate for the update. Microsoft has a hotfix for this, which will be in a future Windows Server 2003 service pack. If you can't wait for the fix, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 888303. Note that you may get charged for this call.
Microsoft has a Windows 2000 Post-Service Pack 4 COM + 1.0 Hotfix Rollup Package available. This is package number 31, and one of the bugs it fixes is one that may prevent you from using Windows Backup on a Windows 2000 SP3 or SP4 computer. This bug was itself introduced in the Cumulative Update for Microsoft RPC/DCOM, and is only triggered if you do a clean install of Windows 2000. The COM + Rollup is only available for now by contacting Microsoft Technical Support, which means that you may get charged for this fix. See http://support.microsoft.com/?kbid=888000 for details.
Microsoft says that a USB mouse may sometimes cause problems when it's used on a Windows Server 2003 computer. This includes the mouse sucking up 100 percent of CPU time when you move it, problems when coming back from standby or hibernation, or problems recognizing it as a USB 2.0 device. For now, Microsoft does not have a fix. Similar problems with USB mice on Windows 2000 and XP were ultimately fixed in service packs for each OS.
Microsoft says that if you use the Windows Server 2003 Disk Management tool to change the amount of usable space on a hard drive, the changes may not show up in the Disk Management user interface, even if you give the Rescan Disks command. Microsoft says the partition table layout is cached in memory, and may not get updated when you make changes. Restarting the computer will refresh that information. Microsoft also has a permanent fix, which will get included in a future Windows Server 2003 service pack. If you can't wait for this fix, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 888104. Note that you may get charged for this call.
Microsoft says that there is an incompatibility between
Computer Associates eTrust antivirus program and the installation routine
of Windows XP Service Pack 2 and Windows XP Tablet PC Edition 2005. If the
AV program is running, you may see this error message when you install the
Windows update
Control ID not found
If you look at the Svcpack.log file, you may see lines similar to
1131.076: MyFCIFlushCabinet() failed: code 4 [Could not create
a temporary file]
1132.057: Cabinet build used 28711 ticks
1132.057: Cabinet build failed, GLE=0x0000058D
1132.057: CabinetBuild: BuildCabinet Function failed
According to Microsoft, get the latest update of eTrust, which should fix this
problem.
Microsoft has released a critical update for Windows XP Service Pack 2. They have found that if you are using the Windows Firewall included in SP2 and you make a dial-up connection to the Internet, you may be inadvertantly allowing file and print sharing with the entire Internet. If you have Windows XP Service Pack 2 installed, you will need to get the KB886185 update from http://windowsupdate.microsoft.com/
A story in PC World says that programs from Symantec and McAfee can both fool Windows XP Service Pack 2's Windows Security Center (WSC). The WSC reports on whether antivirus and firewall software is both installed and up-to-date. However, both Symantec Norton Internet Security 2005 and McAfee Internet Security Suite 2005 can trick the WSC into reporting that they are up-to-date. The PC World story, at http://www.pcworld.com/news/article/0,aid,118979,pg,1,RSS,RSS,00.asp, says that both companies confirm this. If these applications can trick WSC, then I guess you can assume that a virus could, too.
In the Control Panel of Windows XP Service Pack 2 computers, you can select "Show only specified control panel applets" and then select which ones to show. However, any applets that use a dynamic icon won't be shown. Those applets are Bluetooth, Windows Firewall, WirelessLink, Wireless Network Setup Wizard, Client Service for Netware, NVIDIAnView, Systems Management, Program Download Monitor, and Run Advertised Programs. Microsoft has a hotfix for this, which will be included in a future service pack. If you can't wait for the fix, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 889085. Note that you may get charged for this call.
Installing Windows XP Service Pack 2 may reduce the speed of any 1394a or 1394b FireWire devices that are connected to a 1394b port. This happens because Service Pack 2 changes the speed of 1394b ports to S100 speed. Microsoft has released an update, the KB88522 package, and an accompanying Registry edit to fix this. Get details of both at http://support.microsoft.com/?kbid=885222.
Microsoft says that bugs in the WordPad applet in Windows NT 4.0, Windows 2000, Windows XP (including Service Pack 2) and Windows Server 2003. If a user is logged on with administrative privileges, an attacker may be able to take complete control of a system. Links to the patches are available at http://www.microsoft.com/technet/security/bulletin/MS04-041.mspx. Microsoft credits Greg Jones of KPMG UK and Lord Yup with iDefense for reporting these bugs.
Microsoft says that there is a bug in the DHCP Service of Windows NT 4.0 Server and Windows NT 4.0 Terminal Server Edition. A remote attacker may be able to exploit these bugs to take control of a system; however, Microsoft says an attack may be more likely to trigger a denial of service attack. Go to http://www.microsoft.com/technet/security/bulletin/MS04-042.mspx for the patches. Microsoft credits Kostya Kortchinsky from CERT RENATER for reporting this bug.
Microsoft says there is a bug in the HyperTerminal applet in Windows NT, Windows 2000, Windows XP (including Service Pack 2) and Windows Server 2003. A remote attacker may be able to exploit this bug to take complete control of a system, if they attacked while someone with administrative privileges is using HyperTerminal. Go to http://www.microsoft.com/technet/security/bulletin/MS04-043.mspx for links to the patches. Microsoft credits Brett Moore of Security-Assessment.com for reporting this problem.
Microsoft says that bugs in the Windows Kernel and in LSASS may allow an attacker to gain elevated privileges on Windows NT, Windows 2000, Windows XP (including Service Pack 2) and Windows Server 2003 systems. These elevated privileges may let someone install programs and create new user accounts that they otherwise wouldn't be allowed to do. Go to http://www.microsoft.com/technet/security/bulletin/MS04-044.mspx for links to the patches for each version of Windows. Microsoft credits Cesar Cerrudo of Application Security Inc. for reporting these bugs.
Microsoft has patched a security bug in the Windows Internet Naming Service (WINS) server for Windows NT, Windows 2000 Server, and Windows Server 2003. The unpatched bug may allow a remote attacker to take complete control of the affected computer. There are downloads to the patches at http://www.microsoft.com/technet/security/bulletin/MS04-045.mspx. Microsoft credits Kostya Kortchinsky from CERT RENATER for reporting this bug.
Microsoft says there is an incompatibility between Windows XP Service Pack 2 and Adobe Premiere Pro. When you use use Premiere Pro to transcode a video as an MPEG-2 file, the .mp2 file will not be created successfully, and the computer itself may hang. Microsoft has a hotfix for this, which will be in a future Windows XP service pack. If you use Adobe Premiere a lot, you may not want to wait for this fix. Contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 886716. Note that you may get charged for this call.
Microsoft says that Windows XP Service Pack 2 computers may have problems with networked computers in a high-speed network environment (gigabyte NICs, hubs, etc) and the network card and drive support Large Send Offload (LSO). Microsoft says this may cause a significant slowing of network performance. Microsoft's suggested workaround is to disable the Windows Firewall/Internet connection Sharing Service. Note that this is more than just turning off the firewall -- see http://support.microsoft.com/?kbid=842264 for details.
If you are using the rich edit control in Windows 2000/XP/Server 2003, and the rich edit control only has right-aligned text, you may be missing the horizontal scroll bar. Microosft says this will happen if you use the EM_SETTARGETDEVICE message to set the target device, and you set the line width wider than the visible area in the rich edit control. Microsoft has a hot fix for this, which will be in a future Windows service pack. If you need the fix right away, contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 871006. Note that you may get charged for this call.
Microsoft says that the Visual Basic Documentation Help is not installed in Microsoft Office Professional 2003 if you do not install Access 2003. If you want that Help topic installed, you must install Access. If you've got strong objections to keeping Access on your hard drive, Microsoft says that if you do a complete installation of Office 2003, and then later remove Access 2003.
If you have a Windows Server 2003 computer running as a
file server, and you are running Samba to service some Linux clients, Microsoft
says there may be problems if you copy and delete many files from a Linux
client to a mounted file share on the Windows Server 2003. You may get this
error in the system log, and the server may lock up
Type: Error
Event Source: Srv
Event ID: 2020
Description:
The server was unable to allocate from the system paged pool because the pool
was empty.
Microsoft has a hotfix for this, which will be in a future Windows Server 2003
service pack. If you need the fix right away, contact Microsoft Technical Support
and ask for the hot fix described in Knowledge Base article 886670. Note that
you may get charged for this call (and Microsoft Tech Support may ask why you
are bothering to run Linux clients.)
Microsoft has released a critical security update for Windows NT, Windows 2000, and Windows XP Service Pack 1. The fix in Microsoft Security Bulletin MS04-040 is a cumulative update for Internet Explorer, and replaces the cumulative update that was in MS04-038. This update fixes a bug that may allow a remote attacker to take complete control of your system. It's marked critical by Microsoft, and was released earlier than their once a month second Tuesday schedule. Find the links to the fixes for your version of Windows at http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx. However, you should not install this if you have installed hotfixes received from Microsoft since MS04-004 or MS04-038. You should deploy update 889669 instead.
Microsoft says that if you have a laptop computer that you try to put on standby during a power outage, or when power levels are fluctuating, it may lock up instead of going on standby. This affects both Windows XP Service Pack 1 and Service Pack 2 computers. They have a hotfix for this, which they will include in a future service pack. If you live in an area with a shaky power supply, you may want to get this fix right away. Contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 887823. Note that you may be charged for this call.
The security researchers at ISS have documented a bug in Microsoft's Windows Internet Naming Service (WINS) server. There is a buffer overflow that may allow a remote attacker to run their own code on the WINS server. Note that the WINS server is not installed by default by any Windows servers or clients. There are no fixes yet, but Microsoft acknowledges that they are working on this at http://support.microsoft.com/kb/890710. ISS suggests as a workaround that you block 42/TCP port and 42/UDP port on your network perimeter.
Microsoft says that the Windows Firewall in Windows XP Service Pack 2 may interfere with Universal Plug and Play ( UPnP). In some cases it may prevent you from discovering networked UPnP devices, or it may prevent you from controlling them. Microsoft has an article at http://support.microsoft.com/?kbid=886257 that gives some idea of what the problems are. The article is intended for advanced users and manufacturers of UPnP devices.
Microsoft says on a Windows 2000 computer, if there is an
access violation in the Local Security Authority Subsystem (Lsass.exe), it
may trigger this error in the System Log:
Event Type: Error
Event Source: LsaSrv
Event Category: Devices
Event ID: 5000
At the same time, NTLM authentication may stop on the computer. Microsoft has
a hotfix for this, which will be in a future Windows 2000 service pack or rollup
package. If you can't wait for the fix, contact Microsoft Technical Support and
ask for the hotfix described in Knowledge Base article 841037. Note that you
may get charged for this call.
According to a posting on the Bugtraq mailing list, there are a couple of bugs in a utility that is distributed with the Window 2000 Resource kit. The utility is W3Who, an Internet Server Application Programming Interface (ISAPI) utility which works within a web page to display information about the calling context of the client browser and the configuration of the host server. It has a cross site scripting flaw and a buffer overflow. The discoverer of the bugs, Nicolas Gregoire of exaprobe.com, contacted Microsoft. According to him, Microsoft pulled the utility rather than going to the trouble of fixing it. You can read the report at http://www.exaprobe.com/labs/advisories/esa-2004-1206.html.
Here's another way that Digital Rights Management may bite
you. If Microsoft Windows Media Services is enforcing a Play Once or a Play
X Times policy, and a client switches between full-screen mode and windowed
mode, it may trigger a re-connection to the server. The server treats this
as a new connectin, which may then trigger an error message like
Cannot play video
because you have used up your limited rights. See http://support.microsoft.com/?kbid=885168 for
some workarounds.
Mozilla
The security researcher Maurycy Prodeus at isec.pl has issued a security alert about a bug in Mozilla 1.7.3 and earlier. There is a bug in the part of the code that handles news severs (NNTP protocol) that may trigger a heap overflow that will allow a remote attack. This has been fixed in Mozilla 1.7.5. The author's report is at http://isec.pl/vulnerabilities/isec-0020-mozilla.txt, he seems to have differences with Mozilla.org over the severity.
Mozilla adds support for NPRuntime in Mozilla 1.7.5. This is a Netscape Plugin API that has been developed by a group including Apple, Opera, and others, that should provide more compatibility with various third party plug-ins. You can read more about it at http://www.mozilla.org/projects/plugins/npruntime.html.
Mozilla 1.7.5 should have increased compatibility with sites developed only with Microsoft Internet Explorer in mind. That's because this update supports undetectable document.all support, and also supports exposing elements by their ID in the global scope. This will help render pages that don't request standards-compliant behavior.
Here might be the ultimate workaround to all the bugs, security problems and sluggish performance in Microsoft Outlook. According to a story in C Net, the Mozilla Foundation may integrate their Sunbird calendar application (which is still under development and has not been officially released) with their Thunderbird email applicaton. The combination would then be an official competitor to the integrated Outlook.
The Mozilla Organization has released Thunderbird 1.0, the official release of their email-only program, and companion to Firefox, the stand-alone browser. If you upgrade to it over a pre-release (beta) version of Thunderbird, it will disable all your extensions and themes. It will then automatically check whether they are compatible with the new version, or whether there are updates available. You can get the new release at http://www.mozilla.org/products/thunderbird/releases/.
The Mozilla Organization says that when Thunderbird 1.0 is installed on a multi-user system in any platform (Windows, Linux, Mac OS) where there are restricted access privleges, then any user who runs it must have access to the installation location. If they don't, then the initial start up files that each user needs will not be generated.
The Mozilla Organization says that if you are running Thunderbird
1.0 on a Mac OS X computer, you should not try to run it from the Disk Image.
If you do, you will end up with an infinite restart loop, which will run for
a long, long time and cause the Thunderbird icon to appear in the dock, bounce,
disappear, etc.. If its too late, and you've fallen into the loop, open Terminal
and give this command:
killall thunderbird-bin
and then press Enter.
The Mozilla Organization says that if you want to run Thunderbird
on a Linux system, GNOME integration won't work with Fedora Core 3. If you
want to run Thunderbird from that, you will need to get and install linc-1.0.3-3.1.i386.rpm.
After you install that RPM, give this command in the Thunderbird directory:
touch .autoreg
Novell
Novell says that some network security/port scanners could lock up some NetWare 5.1 and NetWare 6.0 servers if those servers were running CIFS.NLM. Novell has an updated CIFS (Common Internet File System) that should fix this. Get the update in the file cifspt6.exe at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970488.htm.
Novell says that if you want to run the rescue system for
SuSE Linux 8, you may be told that it can't be done if your system has less
than 256 MB of RAM. However, you bypass this and set a smaller memory amount.
According to Novell, at the boot prompt of the installation CD's bootloader,
you can give this command
MinMemory=128
This will let you run the rescue system on a server that only has that much RAM.
Novell has an updated software dictionary for ZENworks 6.5. This is the second update for the dictionary, which you can get at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970216.htm.
Novell says that SuSE Linux 8.1 and SuSE Linux Enterprise Server 8 have been patched to fix a buffer overlow in the glibc 2.2 resolver libraries. The updates are available on the SuSE FTP servers.
Novell says that when you install IMS/NIMS/NetMail, it is installed with a default NMAP authentication credential. If this isn't changed at authentication, a remote attacker may be able to use it to gain read/write access to the mail store via port 689. For workaround and fix information, see http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970344.htm.
Novell says that there is a problem installing SuSE Linux 9.2 on some computers, most notably Fujitsu Siemens Scenic computers. When you launch the installation from a CD or DVD and then choose one of the installation options, you will end up with a black screen. The problem is when the computer have problems dealing with multiple EDD (Enhanced Disk Drive) calls. Ultimately, these computers need a BIOS update. As a workaround, when you install the computer, keep the SHIFT key pressed when booting from the disk. Novell says this supresses the EDD calls of the boot loader. For more details, see http://support.novell.com/cgi-bin/search/searchtid.cgi?/en/2004/12/dstark_edd-error.html.
Novell has a DNS update for NetWare 6.5. This update fixes a number of problems with named.nlm that may cause abends when there is no DNS server object configured, or if e-Dir is down. It also fixes a bug that was keeping named.nlm from loading all records from e-Dir into memory. The update is in dns603f.exe, and the modules can be used on any NetWare 6.5 server. Get it at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970469.htm.
Novell SuSE first posted a notice that the new 9.2 kernels were available. However, if you went to download them, you might not have found them. SuSE says they found that in some cases the Yast Online Update was causing boot failures. The problem was actually in a couple scripts. They are working on the fix, and will reload the package when it's ready.
Novell says there is a bug in NetMail/NIMS that may give
a remote attacker read/write access to the mail store, via Network Messaging
Application Protocol (NMAP) port 689. Novell has an update, at
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970343.htm,
that will close off this means of attack.
Novell has a patch for their Client 4.90 with Support Pack 2. This fixes a bug that exists in the Client with SP2, where queue based printing may stop and hang the client. You can get this update at http://support.novell.com/servlet/tidfinder/2969974.
A number of small bugs have been patched in the Novell SuSE kernels for Linux 2.4 and 2.6. These include bugs in the ELF loader routines, overflows in the smbfs handlers, a bug in memory management, and a potential denial of service attack. The updates are already at the SuSE FTP server.
NVIDIA
If you have an older operating system, but still want an updated graphics card, there is good news from nVidia. They have released an updated ForceWare driver 66.94 for Windows 95/98/ME. This will add support for GeForce 6600, GeForce 6600 GT, and GeForce 6200 cards, supports HDTV over DVI connectors, and other upgrades. Get the update at http://www.nvidia.com/object/win9x_66.94.
Opera
It appears that Opera Software is first with a fix for the cross-browser problem of named frames or windows being hijacked. (Reported in the 12/8 BugBlog.) The 7.54u1 security update for the Opera browser fixes this, plus clears up some bugs in Liveconnect and the save/open dialog. The web security firm Secunia, who announced the hijacking bug, says that this update only fixes some of the attack vectors, but not the underlying vulnerability, which may still be exploited.
Palm
There are compatibility problems between PalmOne's Treo 650 Bluetooth-enabled smart phones and the Bluetooth kits that are installed by automakers, for hands-free use in the cars. At least according to a story in eWeek, the problem is that the car makers aren't using the latest Bluetooth standard. If you are picking a car to match your phone (or a phone to match your car) you should check for compatibility
PHP
Stefan Esser at Hardened-php.net has posted notice of a number of bugs, including buffer overflows, in PHP 4.3.9 and earlier, and PHP 5.0.2 and earlier. The bugs may let an attacker run their own code on a server running PHP, or to gain access to data that should be off limits. You can read the advisory at http://www.hardened-php.net/advisories/012004.txt and you can get updates from the vendor at http://www.php.net/.
Red Hat
Everyone dreams of many packages under the tree at Christmas. Red Hat made sure of that, big time, as they released over eighty package updates on 12/20 and 12/21. The most significant update is probably the kernel -- where they have released the fourth regular update for Red Hat Enterprise Linux 3. This release includes many bug fixes that should deliver "a marked improvement in the reliability and scalability". The kernel package is at https://rhn.redhat.com/errata/RHBA-2004-550.html. The BugBlog Plus will cover some of the other significant upgrades.
Red Hat has a new RPM package manager for Red Hat Enterprise Linux 3. The new version fixes a bug that sometimes locked up a computer if there was concurrent rpm access. You can find the upgraded package at https://rhn.redhat.com/errata/RHBA-2004-501.html.
Red Hat has a new PHP package for Red Hat Enterprise Linux 3. This new package takes care of some bugs in PHP, noted in the BugBlog on 12/20. Red Hat users can get their update at https://rhn.redhat.com/errata/RHSA-2004-687.html.
Red Hat has an updated Samba package for Red Hat Enterprise Linux 3. There is an integer overflow bug in versions of Samba earlier that 3.0.10. This may let an authenticated remote user run their own code on the Samba server. Red Hat credits Greg MacManus of iDEFENSE Labs of finding this bug. You can get the updated package at https://rhn.redhat.com/errata/RHSA-2004-670.html.
Red Hat says there are multiple buffer overflows in libxml, a library package for manipulating XML files in Red Hat Enterprise Linux 2.1 and 3. If an attacker can trick a Red Hat user into passing a carefully designed FTP URL or FTP proxy URL to something that uses libxml, they may be able to run hostile code on the system. Red Hat credits Yuuichi Teranishi with discovering this bugs. You can get the updated packages at https://rhn.redhat.com/errata/RHSA-2004-650.html.
Red Hat has an updated kernel package for Red Hat Enterprise Linux 2.1. This update fixes a number of bugs. Bugs in the ELF binary discovered by Paul Starzetz of iSEC have been fixed. A missing serialization flaw in unix_dgram_recvmsg has been found. Stefan Esser found bugs in the smbfs driver, and Connectiva found bugs in USB drivers. They have all been fixed in the new package that you can get at http://rhn.redhat.com/errata/RHSA-2004-505.html.
Red Hat says there are a bunch of buffer and integer overflows
in the imlib package for Red Hat Enterprise Linux 2.1, 3, and the Red Hat
Desktop. Imlib is an image loading and rendering library, and these bugs may
allow an attacker to send hostile code to your computer through a cleverly
devised image file. You can get an updated package that fixes the bugs at
http://rhn.redhat.com/errata/RHSA-2004-651.html.
Red Hat has patched a buffer overflow in the ImageMagick package for Red Hat Enterprise Linux 2 and 3. This bug may allow an attacker to make an image file with bad EXIF information. When this image is then processed in the X Window system, it could run the attacker's code. This new update also fixes a previous patch for this package for a heap overflow bug. The earlier fix still left a hole that could be exploited by an attacker. Red Hat credits David Eisenstein for finding this. You can get the update at https://rhn.redhat.com/errata/RHSA-2004-636.html.
Red Hat has a kernel update for Red Hat Enterprise Linux 3 and Red Hat Desktop 3. This update fixes a number of security bugs, all of which could be exploited by local users to gain privileges or otherwise do things they shouldn't do: a race condition that may allow a local user to gain privileges; bugs in the ELF binary loader; an integer overflow bug in the ubsec_keysetup function; buffer overflows in the smbfs driver; and bugs in some USB drivers in kernels earlier than 2.4.27. You can get the updated package at https://rhn.redhat.com/errata/RHSA-2004-549.html.
Sun Microsystems
Sun Microsystems says that Solaris 7,8, and 9 on both SPARC and x86 platforms and the Sun Java Desktop System 2 and 2003 are all vulnerable to a bug in the X Pixmap (libXpm) library and the Motif library (libXm). This bug may allow a remote unprivileged user to mount an attack that will run code on a system, if they can get a local user to load an X Pixmap file (.xpm). Get links to Sun's patches at http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1.
Sun Microsystems says that there is a bug in the Sun Java
System Web Server 6.1 and System Application Server 7 Update 4 that may let
either a remote user or a local unprivileged user to get the session ID of
another user. As long as a session is active, this flaw may give access that
an attacker shouldn't have. Get patch information at
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57699-1.
Sun Microsystems says there is a security bug in the in.rwhod(1M) daemon of Solaris 7, 8, and 9. Luckily, this daemon is not enabled by default in any version of Solaris. If you do use this daemon, you can find patch information at http://sunsolve.sun.com/search/document.do?assetkey=1-26-57659-1.
Sun Microsystems says that Solaris 7,8, and 9 on both SPARC and Ix86 platforms has a bug in ping(1M) which could cause a buffer overflow. A local user might be able to take advantage of this to gain higher privileges. For workaround information, or to download a patch for your version of Solaris, see http://sunsolve.sun.com/search/document.do?assetkey=1-26-57675-1.
Sun Microsystems released a security bulletin on 11/30/2004 about security vulnerabilities in Netscape 7 that is released with Solaris. The bulletin pointed out that Netscape 7 is exposed to problems with PNG files. Most other vendors worked out those problems back in August 2004, as seen by numerous items in the BugBlog Plus. Keep an eye on revisions from Sun at http://sunsolve.sun.com/search/document.do?assetkey=1-26-57683-1.
Symbian
Here's even more information on worms that target smart mobile phones. The anti-virus company F-Secure says that the Cabir.H and Cabir.I worms will target mobile phones that use the Symbian operating system. An infected phone may try to make connections, via Bluetooth, to other phones as a way of spreading. The worm won't destroy data, but will block other Bluetooth connections, even legitimate ones, and it will suck down battery power. See more in PC World at http://www.pcworld.com/news/article/0,aid,119060,pg,1,RSS,RSS,00.asp.
Symantec
Symantec has upgraded the warning for the W32.Erkez.D mass-mailing worm. They say it will appear as some sort of Christmas greeting in an email. Once it is running, it will try to harvest email addresses on your computer, open a back door, and also try to shut down security software.
Older versions of Symantec LiveUpdate may have a security bug that may allow for some local attacks. The problem occurs in: Windows LiveUpdate prior to v2.5; Norton SystemWorks 2001-2004; Norton AntiVirus and Pro 2001-2004; Norton Internet Security and Pro 2001-2004; Symantec AntiVirus for Handhelds Retail and Corporate Edition v3.0. If these products are installed on a multi-user computer where some users have restricted privileges, the users with lower privileges may be able to exploit a bug in the LiveUpdate GUI to gain higher privileges. This bug cannot be exploited by a remote attacker. See http://www.sarc.com/avcenter/security/Content/2004.12.13a.html for update information. Symantec credits Secure Network Operations for finding this bug.
Veritas
Security researchers at iDefense found a buffer overflow in Veritas Backup Exec Agent in versions earlier than 8.60.3878 Hotfix 68, and 9.1.4691 Hotfix 40. This bug can be used by an outside attacker to run their own code on a computer. Veritas has verified the bug and provided updates at http://seer.support.veritas.com/docs/273422.htm and http://seer.support.veritas.com/docs/273420.htm. As a workaround, blocking the TCP port used by benetns.exe at your network perimeter.
Winamp
NullSoft has released Winamp 5.07. This version of the music player fixes a critical security bug in the .m3u handler and in in_cdda.dll. It also fixes some problems with the proxy settings and the installer. Also, the version number should get reported correctly. You can get either the free or pro ($) version at http://www.winamp.com/player/.