If any one faculty of our nature may be called
more wonderful than the rest, I do think it is memory.
Jane Austen (1775-1817); English novelist.

- Weekly summary -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, March 20 2004 - Over the last five days, Oxygen3 24h-365d has dealt
with the issues summarized below. Full details are available at:
http://www.pandasoftware.com/about/press/oxygen3/oxygen.asp



- Vulnerability in HP Web Based Management (03/15/04).
HP has announced the availability of an update for HP Web Based Management,
which resolves a security problem that could allow someone without
privileges to gain remote access to system administrator functions. The flaw
stems from the HP Web Based Management validation system and occurs when the
Anonymous Access option is enabled.

- Cross-Site Scripting in Yahoo WebMail! (03/16/04).
SecuriTeam has reported the existence of a Cross-Site Scripting (CSS)
vulnerability in Yahoo WebMail. This security problem lies in the 'order'
and 'sort' parameters of the URL that is created once a user is
authenticated in the system. This Cross-Site Scripting vulnerability could
allow an attacker to steal or take control of existing e-mail accounts.

- Important update for ColdFusion MX and JRun 4.0 (03/17/04).
Macromedia has published an update to correct a vulnerability which could
allow denial of service(DoS) attacks on ColdFusion MX and JRun 4.0 web
services. This problem lies in the treatment of malformed SOAP requests and
could lead to web services being paralyzed. The chances of an attack
increase if ColdFusion MX or JRun 4.0 web services are public and accessible
indiscriminately from the Internet.

- Denial of service in OpenSSL (03/18/04).
Versions 0.9.7d and 0.9.6m of OpenSSL have been released to correct two
vulnerabilities which could lead to Denial of Service(DoS) attacks. Most
Unix systems and Linux distributions are also publishing their corresponding
patches. The first of these security problems lies in the
do_change_cipher_spec() function and affects OpenSSL versions 0.9.6.c to
0.9.61 and versions 0.9.7a to 0.9.7c. The second vulnerability affects
0.9.7a, 0.9.7b and 0.9.7c, and is related to the Kerberos functions.

- Viruses and newsgroups (03/19/04).
Newsgroups are Internet forums that enable users to discuss a wide range of
issues by posting their questions, problems or replies, which can then be
read by the rest of the members of the newsgroup. Despite the enormous
utility of newsgroups, they do entail a certain danger as, in theory, any
virus could be hidden in a message, as happened with Sobig.F. This worm
first emerged in the summer of 2003 and was one of the fastest spreading
viruses ever. It was included in messages posted in several newsgroups
disguised as an erotic image.

NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.