From; Panda Oxygen3: "It is folly for an eminent person to think of escaping censure, and a weakness to be affected by it." Joseph Addison (1672 - 1719) English essayist, poet, & politician. - Remote denial of service in Novell Nsure Audit - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com) Madrid, April 26, 2005 - Security Tracker has announced the existence of a vulnerability in the processing of Novell Nsure Audit ASN.1 messages. This problem could be employed by a remote user to cause denial of service conditions. A remote user could construct a brute force attack against 'webadmin.exe' in TCP port 449 to cause the system under attack not to respond. The problem lies in the fact that Novell Nsure Audit does not adequately handle ASN.1 messages sent via SSL. A remote user could run a tool to carry out brute force ASN.1 attacks over OpenSSL and in this way cause the system to crash. Novell advises updating to version 1.0.3, although version 1.0.2 is also unaffected by the problem. More information about this problem is available on Novell's web site, at http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097379.htm NOTE: The address above may not show up on your screen as a single line. This would prevent you from using the link to access the web page. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. ------------------------------------------------------------ The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's free online scanner: 1)Downloader.BOG; 2)Netsky.P; 3)Mhtredir.gen; 4)Qhost.AF; 5)Agent.PF. ------------------------------------------------------------ To contact with Panda Software, please visit: http://www.pandasoftware.com/about/contact/ ------------------------------------------------------------ *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member