Security

Don't miss fixes for ICQ client and Novell apps

This week, Exterminator looks at a CERT advisory for the ICQ instant messaging service and offers the lowdown on Novell's newest patches. You can also catch Trend Micro reports on the MyParty worm and several other recent viruses.


Exterminator brings you weekly updates on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.

CERT Advisory CA-2002-02
Regarding: Buffer Overflow in AOL ICQ
Date posted: Jan. 24, 2002
Information URL: Click here for more information.

You'll want to alert users of the ICQ instant messaging service to this vulnerability. By taking advantage of a buffer overflow, an attacker could execute code with the user's privileges. AOL, which owns ICQ, recommends upgrading to the most recent beta version.

Novell issues
Regarding: ManageWise
Date posted: Jan. 25, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

According to Novell, "These MIBs are for use on the HP OpenView Network Node Manager 5.x, 6.x, NT, or UNIX platforms. These will compile on the HP OpenView product."

Regarding: NDS 8, NetWare, Novell Small Business Suite
Date posted: Jan. 25, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

Novell has released an update for NetWare 5.x servers with the eDirectory 8.x database. Your servers must have Support Pack 2 installed, and SP3 is recommended.

Regarding: Novell Native File Access Pack
Date posted: Jan. 28, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

AFP and abend problems are resolved with this patch. Other issues include allowing a PDF file to be opened and additional performance enhancements.

Regarding: Novell Clients
Date posted: Jan. 28, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

This patch is intended to resolve the problem of slow DNS lookups. It forces the .dll to not wait for all threads from previous lookups to be released. PcAnywhere users may experience problems if this patch is applied.

Regarding: Novell Clients
Date posted: Jan. 28, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

If your users connect via a Nortel VPN, or if the device updates the Domain value in the registry, the client won't recognize when the DNS domain is changed. This download from Novell is designed to fix that problem and includes a variety of other fixes, as well.

Virus updates from Trend Micro
Virus/Worm: WORM_MYPARTY.A
Posted: Jan. 28, 2002
Risk: Medium
Information URL: Click here for more information on this virus.

Virus/Worm: WORM_MYPARTY.B
Posted: Jan. 28, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: BKDR_SUB723B
Posted: Jan. 26, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: WORM_COUPLE.A
Posted: Jan. 27, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: TROJ_CYN12.B
Posted: Jan. 24, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: WORM_FRAGLED.A
Posted: Jan. 24, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Exterminator brings you weekly updates on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.

CERT Advisory CA-2002-02
Regarding: Buffer Overflow in AOL ICQ
Date posted: Jan. 24, 2002
Information URL: Click here for more information.

You'll want to alert users of the ICQ instant messaging service to this vulnerability. By taking advantage of a buffer overflow, an attacker could execute code with the user's privileges. AOL, which owns ICQ, recommends upgrading to the most recent beta version.

Novell issues
Regarding: ManageWise
Date posted: Jan. 25, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

According to Novell, "These MIBs are for use on the HP OpenView Network Node Manager 5.x, 6.x, NT, or UNIX platforms. These will compile on the HP OpenView product."

Regarding: NDS 8, NetWare, Novell Small Business Suite
Date posted: Jan. 25, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

Novell has released an update for NetWare 5.x servers with the eDirectory 8.x database. Your servers must have Support Pack 2 installed, and SP3 is recommended.

Regarding: Novell Native File Access Pack
Date posted: Jan. 28, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

AFP and abend problems are resolved with this patch. Other issues include allowing a PDF file to be opened and additional performance enhancements.

Regarding: Novell Clients
Date posted: Jan. 28, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

This patch is intended to resolve the problem of slow DNS lookups. It forces the .dll to not wait for all threads from previous lookups to be released. PcAnywhere users may experience problems if this patch is applied.

Regarding: Novell Clients
Date posted: Jan. 28, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

If your users connect via a Nortel VPN, or if the device updates the Domain value in the registry, the client won't recognize when the DNS domain is changed. This download from Novell is designed to fix that problem and includes a variety of other fixes, as well.

Virus updates from Trend Micro
Virus/Worm: WORM_MYPARTY.A
Posted: Jan. 28, 2002
Risk: Medium
Information URL: Click here for more information on this virus.

Virus/Worm: WORM_MYPARTY.B
Posted: Jan. 28, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: BKDR_SUB723B
Posted: Jan. 26, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: WORM_COUPLE.A
Posted: Jan. 27, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: TROJ_CYN12.B
Posted: Jan. 24, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: WORM_FRAGLED.A
Posted: Jan. 24, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Editor's Picks