Updates

A compilation of the latest information about viruses and worms, security issues and patches to rectify the same

Vulnerabilities in open source databases

Vulnerabilities have been reported in MaxDB, the open source database certified for SAP applications. Hackers can cause a denial of service attack by exploiting these vulnerabilities. These vulnerabilities can be exploited by passing specially-crafted user inputs in HTTP requests, and they have been reported in version 7.5.00 for Windows. The bugs have been fixed in version 7.5.00.24.

Updates are available at:

dev.mysql.com/downloads/maxdb/7.5.00.html

A vulnerability in the MySQL database can be exploited by attackers to cause a denial of service attack. The vulnerability is caused due to an error in the handling of reserved MS-DOS device names such as LPT1 and PRN. This vulnerability can be exploited to cause a crash by changing to a database with a specially-crafted name. For example, the command use ‘LPT1’ will cause the database to crash. This vulnerability has been reported in versions 4.0.x and 4.1.x for Windows.

For more details, please check out the following URL:

bugs.mysql.com/bug.php?id=9148

DoS vulnerability in Tomcat

The Hitachi Incident Response team has reported a vulnerability in the Tomcat application server which can be exploited by attackers to cause a denial of service attack. Tomcat uses the AJP12 protocol for Servlet or JSP communication. A flaw in Tomcat’s handling of the protocol can cause Tomcat to stop processing requests. A hacker can successfully exploit this vulnerability by sending a specially-crafted request. This vulnerability reported in version 3 has been fixed in the 5.x releases.

Capside-C worm deletes files

A new virus christened ‘Capside-C’ deletes files on infected computers. The virus spreads via network shares and chat applications. It then proceeds to delete files, downloads code from specific Web sites, and installs itself in the registry. It modifies the system files, namely autoexec.bat and win.ini in order to start automatically when a user logs on.

SUSE Linux fixes OpenSLP vulnerability

SUSE Linux has issued an update for OpenSLP, an open source implementation of the service location protocol (SLP). SLP is used by desktops to locate services such as printers, and by servers to announce their availability. A vulnerability in SLP allows attackers to send specially-created SLP packets that cause a buffer overflow. This exploitation could be subsequently used by remote attackers to compromise a system. SUSE Linux has issued an update for OpenSLP.

More details are available at the following URL:

www.novell.com/linux/security/advisories/2005_15_openslp.html