Microsoft

Exterminator: Microsoft back door causes problems

This week, the Exterminator fixes doors...specifically back doors; a potential security threat in several Microsoft Web server products. Find out how to fix this potential threat, and check out updated information on Novell and Red Hat holes.


Exterminator puts the squeeze on bugs!
The Exterminator brings you insight on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.

Microsoft Security Bulletin (MS00-025)
Regarding: Windows NT 4.0 Option Pack, Personal Web Server 4.0, FrontPage 98 Server Extensions
Date Posted: April 17, 2000
FAQ URL:Click here for the FAQ from Microsoft
Information URL:Click here for information from Microsoft
Information URL:Click here for information from MSNBC

Microsoft recently announced a security hole that affects several of its Web server products. The hole, sometimes referred to as a “back door,” could allow a user to cause a Web server to crash, or to run arbitrary code on the server if certain permissions had been changed from the default settings. Microsoft suggests deleting the file dvwssr.dll to close the security hole. For more information, click the FAQ URL or Information URLs above.

Microsoft Security Bulletin (MS00-024)
Regarding: Microsoft Windows NT 4.0
Date Posted: April 12, 2000
Patch URL:Click here for the x86 patch
Patch URL:Click here for the Alpha patch
Information URL:Click here for more information

Microsoft recently released a patch for Windows NT 4.0 that installs tighter permissions within the Windows NT 4.0 registry. The default permissions could allow any user that is able to interactively log on to a Windows NT 4.0 machine to compromise the cryptographic keys of other users who log in to the same machine. For more information, click the Information URL above.

Microsoft Security Bulletin (MS00-023)
Regarding: Microsoft IIS 4.0 and 5.0
Date Posted: April 12, 2000
Patch URL:Click here for the 4.0 patch
Patch URL:Click here for the 5.0 patch
Information URL:Click here for more information

Microsoft recently released a patch for its Internet Information Server. The patch eliminates a vulnerability that can allow a user to slow a Web server’s response, or prevent the server from providing service altogether for a period of time. For more information, click the Information URL above.

Novell Issues
Regarding: NetWare 5 Version 7.45
Date Posted: April 17, 2000
Patch URL:Click here for the patch
Information URL:Click here for more information

Novell recently released a patch that updates its NetWare 5 software. The patch is an NDS update for NetWare 5 servers running Recman (7.x) database. For more information, click the Information URL above.

Novell Issues
Regarding: Host Publisher
Date Posted: April 17, 2000
Patch URL:Click here for the patch
Information URL:Click here for more information

Novell recently released a patch to update its Host Publisher. Novell suggests updating the currently shipping Host Publisher 1.1 “red box”, as it contains the same code as Support Pack 3. This update contains fixes and enhancements that are more recent than the “red box.” For more information, click the Information URL above.

Novell Issues
Regarding: Solaris Corporate Edition SP1
Date Posted: April 17, 2000
Patch URL:Click here for the patch
Information URL:Click here for more information

Novell recently released a patch to update Solaris Corporate Edition. Customers should only use the patch with a valid NDS for Solaris Corporate Edition license. This patch is not meant for Solaris Servers running NDS for Solaris 2.0, NDS for Solaris E-Directory, or any trial version of NDS for Solaris. For more information, click the Information URL above.

Red Hat Linux Issues
Regarding: Red Hat Linux 6.0-6.2 for Alpha, i386, and Sparc
Date Posted: April 16, 2000
Information URL:Click here for more information

SecurityFocus.com recently reported vulnerability in Red Hat Linux 6.x. According to SecurityFocus, it is possible for a user to cause a denial of service with the X11 Font Server. Due to improper input validation, there is potential for a user to crash the X Font Server, preventing the X Server from operating properly. For more information, click the Information URL above.

Sun Microsystems Issues
Regarding: StarOffice 5.1
Date Posted: April 16, 2000
Information URL:Click here for more information

SecurityFocus.com recently reported vulnerabilities in Sun’s StarOffice 5.1. According to SecurityFocus, a number of buffer overflow vulnerabilities exist within StarOffice 5.1. By supplying either HTML or a native StarOffice document with a long URL, it is possible to cause a buffer overflow. For more information, click the Information URL above.

Help us squash bugs!
Have you found a new bug or discovered a nifty little software patch? We’re interested in what you know! Post your findings below or feel free to send us a note.

 

Editor's Picks

Free Newsletters, In your Inbox