Network Security

Welcome to our security bulletin for March 2003;

Security news 7th March 2003 Internet Security Systems report the following vunerabilites and are currently maintaining an "alert con 2" security status.

ISS X-Force has discovered a buffer overflow vulnerability in the Sendmail Mail Transfer Agent (MTA). Sendmail is the most common MTA and has been documented to handle between 50% and 75% of all Internet email traffic.

Recommendations for Sendmail Dynamic Threat Protection, Internet Security Systems recommends applying a Virtual Patch for the Sendmail vulnerability. Employ the following protection techniques through ISS’ Dynamic Threat Protection platform. For further details, please review their advisory. https://gtoc.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950

A flaw discovered in the OpenBSD lprm utility. (used to remove print jobs in the spooling queue for Unix platforms). OpenBSD versions 3.2 and earlier could allow local attacker to gain elevated privileges on the system. A local attacker could exploit the lprm utility and execute code on the system with elevated privileges. However, in OpenBSDversion 3.2, the effect of the lprm utility vulnerability is lessened because lprm is setuid daemon, not setuid root.

Reccomendations for OpenBSD 3.2 and earlier: Apply the patch for this vulnerability, as listed in OpenBSD 3.2 errata 010: SECURITY FIX: March 5, 2003. http://www.openbsd.org/errata.html#lprm

Old security bulletins are stored in our archive

If you have a security issue or are looking for Internet security services, contact us to see what we can do for you.