Security

Novell releases a flurry of patches for multiple products

With nine updates and patches from Novell, NetWare admins will be busy this week. An advisory from CERT and Trend Micro info on seven new viruses round out this week's Exterminator.


Exterminator brings you weekly updates on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.

CERT Advisory CA-2002-01
Regarding: Exploitation of Vulnerability in CDE Subprocess Control Service
Date posted: Jan. 14, 2001
Information URL: Click here for more information.

CERT has confirmed that the security vulnerability discussed in advisory CA-2001-31 is being exploited. The vulnerability involves a buffer overflow in the Common Desktop Environment Subprocess Control Service used with UNIX and Linux.

Novell issues
Regarding: ZENworks for Desktops
Date posted: Jan. 9, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

This download from Novell includes new versions of server inventory scanner files for ZENworks. The files allow "customization of four fields in the ASSET.INI file" and the scan for Intel's Pentium 4 and Celeron processors.

Regarding: ZENworks for Desktops
Date posted: Jan. 9, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

Here are the client-side files for the ZENworks issue listed above. The server files must be installed first.

Regarding: UNIX Connectivity, intraNetWare
Date posted: Jan. 9, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

With this patch, you can install the NFS 2.3 / UNIX Print Services 2.3 license from any drive. "This patch is not needed for UNIX Print Services 2.31 or 2.3J, nor for any version of NFS other than 2.3."

Regarding: ZENworks for Desktops
Date posted: Jan. 10, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

These server-side inventory scanner files "remove the dependency on NetBIOS for getting MAC address and IP address" information.

Regarding: eDirectory 8.6.1
Date posted: Jan. 11, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

If you are upgrading from eDirectory 8.5 to 8.6.1 and using the CD to do it, you'll need the nds-install script contained in this download.

Regarding: DirXML
Date posted: Jan. 11, 2002
Patch URL: Click here to download the patch for Netware.
Patch URL: Click here to download the patch for Windows NT and 2000.
Information URL: Click here for more information for Netware.
Information URL: Click here for more information for WinNT and Win2K.

This patch enables DirXML 1.0 to work with eDirectory 8.6.1. Download the patch appropriate for your system.

Regarding: iChain 2.0
Date posted: Jan. 14, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

This patch includes multiple fixes for iChain 2.0.

Regarding: Novell Internet Messaging System (NIMS)
Date posted: Jan. 14, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

Novell provides this download as an update to NIMS 2.6. It won't work for versions earlier than 2.6, evaluation versions, or beta versions.

Regarding: Novell Internet Messaging System (NIMS)
Date posted: Jan. 14, 2002
Patch URL: Click here to download the patch for NetWare.
Patch URL: Click here to download the patch for Linux.
Information URL: Click here for more information for NetWare.
Information URL: Click here for more information for Linux.

Update your NIMS 2.5 to 2.6 with this download, so you can then apply the update above.

Virus updates from Trend Micro
Virus/Worm: WORM_LOHACK.A
Posted: Jan. 9, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: PE_DONUT.A
Posted: Jan. 10, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: JS_GIGGER.A
Posted: Jan. 11, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: TROJ_LASTSCENE.A
Posted: Jan. 12, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: VBS_LASTSCENE.A
Posted: Jan. 12, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: ELF_RST.A
Posted: Jan. 14, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: VBS_FUNNY.D
Posted: Jan. 14, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Stay current on virus information
Have you been keeping up with the latest virus information and patches from Microsoft and Novell? If not, visit the Exterminator archive for past columns with information on bugs and patches you may have missed.

 

Exterminator brings you weekly updates on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.

CERT Advisory CA-2002-01
Regarding: Exploitation of Vulnerability in CDE Subprocess Control Service
Date posted: Jan. 14, 2001
Information URL: Click here for more information.

CERT has confirmed that the security vulnerability discussed in advisory CA-2001-31 is being exploited. The vulnerability involves a buffer overflow in the Common Desktop Environment Subprocess Control Service used with UNIX and Linux.

Novell issues
Regarding: ZENworks for Desktops
Date posted: Jan. 9, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

This download from Novell includes new versions of server inventory scanner files for ZENworks. The files allow "customization of four fields in the ASSET.INI file" and the scan for Intel's Pentium 4 and Celeron processors.

Regarding: ZENworks for Desktops
Date posted: Jan. 9, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

Here are the client-side files for the ZENworks issue listed above. The server files must be installed first.

Regarding: UNIX Connectivity, intraNetWare
Date posted: Jan. 9, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

With this patch, you can install the NFS 2.3 / UNIX Print Services 2.3 license from any drive. "This patch is not needed for UNIX Print Services 2.31 or 2.3J, nor for any version of NFS other than 2.3."

Regarding: ZENworks for Desktops
Date posted: Jan. 10, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

These server-side inventory scanner files "remove the dependency on NetBIOS for getting MAC address and IP address" information.

Regarding: eDirectory 8.6.1
Date posted: Jan. 11, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

If you are upgrading from eDirectory 8.5 to 8.6.1 and using the CD to do it, you'll need the nds-install script contained in this download.

Regarding: DirXML
Date posted: Jan. 11, 2002
Patch URL: Click here to download the patch for Netware.
Patch URL: Click here to download the patch for Windows NT and 2000.
Information URL: Click here for more information for Netware.
Information URL: Click here for more information for WinNT and Win2K.

This patch enables DirXML 1.0 to work with eDirectory 8.6.1. Download the patch appropriate for your system.

Regarding: iChain 2.0
Date posted: Jan. 14, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

This patch includes multiple fixes for iChain 2.0.

Regarding: Novell Internet Messaging System (NIMS)
Date posted: Jan. 14, 2002
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

Novell provides this download as an update to NIMS 2.6. It won't work for versions earlier than 2.6, evaluation versions, or beta versions.

Regarding: Novell Internet Messaging System (NIMS)
Date posted: Jan. 14, 2002
Patch URL: Click here to download the patch for NetWare.
Patch URL: Click here to download the patch for Linux.
Information URL: Click here for more information for NetWare.
Information URL: Click here for more information for Linux.

Update your NIMS 2.5 to 2.6 with this download, so you can then apply the update above.

Virus updates from Trend Micro
Virus/Worm: WORM_LOHACK.A
Posted: Jan. 9, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: PE_DONUT.A
Posted: Jan. 10, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: JS_GIGGER.A
Posted: Jan. 11, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: TROJ_LASTSCENE.A
Posted: Jan. 12, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: VBS_LASTSCENE.A
Posted: Jan. 12, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: ELF_RST.A
Posted: Jan. 14, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: VBS_FUNNY.D
Posted: Jan. 14, 2002
Risk: Low
Information URL: Click here for more information on this virus.

Stay current on virus information
Have you been keeping up with the latest virus information and patches from Microsoft and Novell? If not, visit the Exterminator archive for past columns with information on bugs and patches you may have missed.

 

Editor's Picks