[virusinfo] Panda Weekly summary - 05/22/04

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Sat, 22 May 2004 14:06:28 -0700

From;  Oxygen3 24h-365d:

"Examine what is said, not him who speaks."
                         Arab proverb. 

                       - Weekly summary -
   Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, May 22 2004 - Over the last week, Oxygen3 24h-365d has covered the
following issues, summarized below and which can be read at:
http://www.pandasoftware.com/about/press/oxygen3/oxygen.asp

- Denial of service in wireless devices (05/17/04).
A vulnerability in the WLAN 802.11 protocol could allow network traffic to
be disrupted using a low powered Wi-Fi device. This security flaw, which
exists in all hardware implementations of the wireless network protocol
IEEE802.11, allows an attack against the availability of wireless local area
network devices.

- Buffer overflow in Microsoft Visual Basic (05/18/04).
A buffer overflow vulnerability exists in Microsoft Visual Basic, which may
allow an attacker to create applications that could elevate privileges. One
of the normal consequences of the buffer overflow is a denial of service,
which although it hasn't been confirmed, could also be used to run arbitrary
code.

- Authentication flaw affecting Sun Java Secure Socket Extension (JSSE)
(05/19/04).
There is an authentication vulnerability which affects Sun JSSE extensions
and can cause the programs that use it to incorrectly validate digital SSL
server certificates. The versions affected are JSSE 1.0.3, 1.0.3_01 and
1.0.3_02 for Windows, Solaris and Linux. To avoid the problem, the company
has released version JSSE 1.0.3_03 in which the security hole has been
fixed.

- Critical security patch for CVS (05/20/04).
A critical vulnerability has been discovered in CVS (Concurrent Versions
Systems), the widely used software for developing and controlling open
source projects. The vulnerability detected stems from a buffer overrun
which could -potentially- allow an attacker to run arbitrary code on the
affected CVS servers.

- Intrusions in financial companies (05/21/04).
According to the "Global Security Survey" carried out by Deloitte, many of
the intrusions on financial institutions caused financial losses. However,
although attacks are on the increase, one in four companies said that their
IT security budgets were frozen. Eighty-three percent of respondents
admitted that their systems had been compromised during the last year, a
much higher figure than that of the previous year(39%). 

NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Panda Weekly summary - 05/22/04

1. Home
2. virusinfo
3. Archive
4. 05-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---