Microsoft

Exterminator: Treat Windows 2000 for new bugs

This week, the Exterminator recommends you treat Windows 2000 for new bugs, among other fixes. You'll also find news on Windows NT, Solaris 7.0, Linux, and FreeBSD vulnerabilities.


Got bugs?
The Exterminator brings you insight on bug fixes, virus recovery, service release announcements, and security notices for Windows, Sun, Linux, and other systems.

Microsoft Security Bulletin (MS00-028)
Regarding: FrontPage 97 and 98 Server Extensions
Posted: April 21, 2000
FAQ URL:Click here for the frequently asked questions
Information URL:Click here for more information.

Microsoft recently announced a security vulnerability within the FrontPage 97 and 98 Server Extensions. The vulnerability could allow visitors to a Web site to perform actions that the system permissions authorize them to perform, but which they previously may have had no means of carrying out. For more information on how to remove the problem, click the Information URL above.

Microsoft Security Bulletin (MS00-027)
Regarding: Windows NT 4.0 and Windows 2000
Posted: April 20, 2000
Patch URL:Click here for the Windows NT patch.
Patch URL:Click here for the Windows 2000 patch.
Information URL:Click here for more information.

Microsoft recently released a patch that eliminates a security vulnerability in Windows NT 4.0 and Windows 2000. The vulnerability could allow a user to make some or all of the memory on the server unavailable, possibly slowing or stopping the affected server’s response time. For more information, click the Information URL above.

Microsoft Security Bulletin (MS00-026)
Regarding: Windows 2000 Server and Advanced Server
Posted: April 20, 2000
Patch URL: Temporarily removed by Microsoft.
Information URL:Click here for more information.

Microsoft recently released a patch that eliminates a security vulnerability in Windows 2000 Server and Advanced Server. The vulnerability could allow a user, under specific conditions, to change information in Active Directory that the user should not be allowed to change. For more information and the latest patch, click the Information URL above.

Linux Issues: Red Hat Linux
Regarding: Red Hat 6.2
Posted: April 24, 2000
Patch URL:Click here for the Red Hat 6.2 patch.
Information URL:Click here for more information.

SecurityFocus.com recently reported a security flaw within Red Hat 6.2. According to SecurityFocus, a default user name and password has been detected within the Piranha virtual server and load-balancing package. For more information, click the Information URL above.

Linux Issues: SuSE Linux
Regarding: SuSE Linux 6.0 through 6.3
Posted: April 21, 2000
Patch URL: No known patch at this time.
Information URL:Click here for more information.

SecurityFocus.com recently reported a security flaw within SuSE Linux 6.0 through version 6.3. According to SecurityFocus, a vulnerability exists that can allow users to delete any file on the system. If the MAX_DAYS_IN_TMP variable is set to anything larger than zero, then any local user can remove any file on the system. For more information, click the Information URL above.

UNIX Issues: FreeBSD
Regarding: FreeBSD 3.4
Posted: April 24, 2000
Patch URL: No known patch at this time.
Information URL:Click here for more information.

SecurityFocus.com recently reported a security flaw within FreeBSD version 3.4. According to SecurityFocus, the port of ncurses for FreeBSD is vulnerable to a buffer overflow attack. At this time, version 1.8.6 of ncurses is known to be vulnerable. For more information, click the Information URL above.

Sun Microsystems Issues
Regarding: Solaris 7.0 x86
Posted: April 24, 2000
Patch URL: No known patch at this time.
Information URL:Click here for more information.

SecurityFocus.com recently reported a security flaw within Sun’s Solaris 7.0. According to SecurityFocus, a buffer overrun has been discovered in the Ip program, which is included in Solaris 7.0. It appears this bug only effects the x86 version of Solaris. For more information, click the Information URL above.

Sun Microsystems Issues
Regarding: Solaris 7.0
Posted: April 24, 2000
Patch URL: No known patch at this time.
Information URL:Click here for more information.

SecurityFocus.com recently reported a security flaw within Sun’s Solaris 7.0. According to SecurityFocus, a buffer overrun vulnerability has been discovered within the Xsun X11 server, shipped as part of Solaris 7.0. For more information, click the Information URL above.

Sun Microsystems Issues
Regarding: Solaris 7.0
Posted: April 24, 2000
Patch URL: No known patch at this time.
Information URL:Click here for more information.

SecurityFocus.com recently reported a security flaw within Sun’s Solaris 7.0. According to SecurityFocus, a vulnerability exists in the handling of the –r option to the Ipset program included in Solaris 7.0. When supplied a well-crafted buffer containing executable code, it is possible to execute arbitrary commands as root. For more information, click the Information URL above.

Virus Alerts from Trend Micro
Posted: April 21, 2000 through April 25, 2000

The following virus updates have been posted on Trend Micro’s Security Info page. Click on the virus for more information.

Do you have a bug?
Have you found a new bug or discovered a nifty little software patch? We're interested in what you know! Post your findings below or feel free to send us a note.

 

Editor's Picks

Free Newsletters, In your Inbox