BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02


View vintage BugNet coverage here

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily


Working with Words


Sardonic Views

Filtering Craig

Hotel Bruce


Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.





Here is the daily bug, incompatibility or other computer problem from the BugBlog

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. XML The BugBlog uses monthly archives. All the current June bug are here. Use the links on the left or below to jump back to past months.

6/30/2005 Dell PowerEdge Problem with Windows Server 2003

If you are running Windows Server 2003 on some Dell PowerEdge servers, you may be having Registry problems. Even if you aren't having problems now, Microsoft suggests that the problems are lurking in the background. The problem situation is a Dell PowerEdge with Windows Server 2003 factory-installed, and with one of these disk-drive controllers: Mraid35x.sys; Perc2.sys; A320raid.sys; Aac.sys; Symmpi.sys; Cercsr6.sys; Aarich.sys; Fasttx2k.sys. You can get a hot-fix for this, along with more details, at http://support.microsoft.com/kb/898792.

6/29/2005 Stranger in a Strange Land

Did some recreational reading during the blog break -- here is a review of Stranger in a Strange Land by Robert Heinlein.

6/29/2005 No Service Pack, Just a Rollup, for Windows 2000

While other versions of Windows get a service pack, Microsoft seems to empahsize that Windows 2000 is coming to the end of its life cycle by releasing Update Rollup 1 for Windows 2000 Service Pack 4, rather than releasing Service Pack 5. You can get it from Windows Update or from http://support.microsoft.com/kb/891861; the latter also shows which previously released security bulletins are included in the rollup.

Today's BugBlog Plus has twelve more bugs and fixes for Adobe, Apple, IBM, Mandriva, Microsoft, Novell and Veritas.

6/28/2005 Outlook Express Threat

If you use Microsoft Outlook Express (OE) and haven't applied the MS05-030 Cumulative Security Update, you better do it soon. Examples of how to exploit the vulnerabilities in OE are circulating on underground hacking sites. At this time, you can only fall victim if you visit a newsgroup controlled by the hackers with the OE newsreader. Read about the details of this problem at http://news.zdnet.com/2100-1009_22-5761537.html. Get the patch from Microsoft at http://www.microsoft.com/technet/security/Bulletin/MS05-030.mspx.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Microsoft, Red Hat, Sun Microsystems and Veritas.

6/27/2005 Apple Has Problem With Fractions

A particular font on an Apple Mac OS X computer, the Helvetica Fractions font, may cause problems for a number of key applications on the computer. These include Address Book, iChat, Safari and Mail. It may cause overlapping numbers and symbols to appear. If this happens on a Mac OS X 10.3 or later computer, turn off the font in the Font Book. In Mac OS X 10.2.8 or earlier, look for the font in the /Library/Fonts/ or ~/Library/Fonts/ folders, where it may show up as HelveFra or HelveFraBold. Apple says to remove it from these folders, but make sure you leave the regular Helvetica font, which is important.

Today's BugBlog Plus has twelve more bugs and fixes for Adobe, Apple, Cisco, Microsoft, Red Hat and Sun Microsystems.

6/26/2005 RealNetworks Fixes Four Bugs

RealNetworks has updated most of their software, to take care of four bugs that may allow attackers to take over your computer. One bug allowed an attack via an MP3 file, another via a RealMedia file, a third via an AVI file, and a fourth which could be used in combination with some versions of Internet Explorer which could allow an attack via an HTML page which could trigger a RealMedia file to play automatically. If you use RealPlayer, RealOne Player, RealPlayer Enterprise, Rhapsody 3 on Windows, Mac or Linux, check out the chart at http://service.real.com/help/faq/security/050623_player/EN/ to see if you are vulnerable. (There are more problems on the Windows platform.)

6/26/2005 The BugBlog is Back

The BugBlog is back from the hot, humid Southeastern US. I saw some very impressive bugs on this trip, but they were the kind that crawled. There are cockroaches so big out on some of the barrier islands along the coast, we felt obliged to give them names.

6/17/2005 BugBlog Going On the Road

The BugBlog will be on the road this week, and posting of new bugs will be sporadic until 6/26.

6/17/2005 Content Advisor May Crash Internet Explorer

The Microsoft Internet Explorer 6 Content Advisor feature might cause the browser to crash with this error message
Exception Information
Code: 0xc0000005

This may happen if the Content Advisor is turned on, you go to the Content Advisor General tab and select the option Users can see sites that have no rating check box, and then you click a hyperlink to open a form. Microsoft has a hotfix for this, which will be in a future service pack. If you can't wait for the fix, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 897166. Note that you may be charged for this call.

6/16/2005 Adobe Acrobat and Reader Gives Attackers a Peek

Adobe Reader 7.0 and 7.0.1, as well as Acrobat 7.0 and 7.0.1, for both Windows and the Mac, have a bug that may allow an XML script, embedded in Javascript, may allow an attacker to discover whether some local files exist or not. That itself is not a threat. However, knowing where a file may be could then be used in some further attack. There's a rather big mitigation involved -- the attacker can only verify whether a file exists if they already know the full path and filename. Adobe already has updates for the Windows version of Reader and Acrobat, at http://www.adobe.com/support/techdocs/331710.html. They say patches for the Mac version are on the way.

6/15/2005 Apple Says an NFS Export May Go to Everybody

Apple says that if you are doing an NFS export in Mac OS X 10.4.1 or Mac OS X Server 10.4.1, and you use a -network or -mask flag to restrict the export, it won't get restricted. Instead, the filesystem will be exported to "everyone". This has been fixed in the Apple Security Update 2005-006. Earlier versions of Mac OS X aren't susceptible to this bug.

Today's BugBlog Plus has ten more bugs and fixes for Apple, ATI, Microsoft, and Red Hat.

6/14/2005 Microsoft Issues Ten Security Bulletins

Microsoft has released 10 security bulletins this month; the most critical one is a Cumulative Security Update for Internet Explorer. Most versions of IE are affected, and there are fixes for all the currently supported systems, including Windows 2000, XP, and Windows Server 2003. In addition to containing all the previous fixes, the fix that is described in MS05-025 has two new fixes. One is for a bug in the PNG Image Rendering function. A remote attacker may be able to exploit this to run their own code on your system. A bug in the XML redirect operation may lead to information disclosure. Get the update for your version of IE at http://www.microsoft.com/technet/security/Bulletin/MS05-025.mspx. Microsoft credits Mark Dowd of ISS X-Force, Mark Litchfield of Next Generation Security Software Ltd., Thor Larholm of PivX Solutions, Inc, and the UK National Infrastructure Security Co-ordination Centre (NISCC) for finding these bugs.

Today's BugBlog Plus has nine more Microsoft security bugs.

6/14/2005 Backspace Key Quits in MS Word

If the backspace key suddenly stops deleting text in Microsoft Word 2002 or 2003, it may be because a number of separate factors interact badly. If the Tools, Track Changes option is turned on, and on the Reviewing toolbar the Display for Review list is set for either Final view or Original view, the Backspace key may get disabled. As a workaround, you need to reverse one or more of these choices. See http://support.microsoft.com/kb/901124 for details.

6/13/2005 Apple Secures Two Crucial Folders

The Apple Security Update 2005-006 for Mac OS X 10.4.1 tightens up security in two crucial folders. Now both the system cache folder and the Dashboard system widgets folder have secure folder permissions. This takes care of a potential problem where world-writeable permissions were placed on the two folders. This bug does not affect any versions before OS X 10.4. Apple credits Michael Haller for finding this bug.

Today's BugBlog Plus has ten more bugs and fixes for Apple, ATI, IBM, Microsoft, Symantec and Zone Alarm.

6/11/2005 Adobe Licensing Software Opens A Hole

Adobe says that there is a bug within the Adobe License Management Service that may affect users of Adobe Photoshop CS, Adobe Creative Suite 1.0, and Adobe Premiere Pro 1.5 running on the Windows platform. This may allow unauthorized persons to run programs with administrator privileges. Adobe does not explicitly mention whether this can be exploited by a remote user or not. However, a similar bug has also been announced by Macromedia (it appears they have used the same third-party vendor for this "feature") and they say it can only be exploited locally in multi-user environments. Get the software update at http://www.adobe.com/support/techdocs/331688.html.

Today's BugBlog Plus has twelve more bugs and fixes for Adobe, Apple, ATI, Macromedia, Mandriva, Microsoft, and Red Hat.

6/10/2005 IE Has Problems With DHTML Forms

Microsoft says that Internet Explorer 6 with Service Pack 1 or 2, running on a Windows XP computer, may have problems dealing with a page that has an HTML dialog box that has been modified using Dynamic HTML. Click inside this box, and Internet Explorer may crash. Microsoft has a hotfix for this, which will be in a future service pack. If you run into this situation often and can't wait for the fix, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 898050. Note that you may get charged for this call.

6/9/2005 How to Make a Patch

As we come up to the second Tuesday of the month, better known as Microsoft Patch Tuesday, eWeek has published a story that shows how Microsoft develops their security patches. A Microsoft spokesman points out that they do a full audit of the software code, rather than rushing out a patch, because they feel it is better to do a complete job. Read the whole thing at http://www.eweek.com/article2/0,1759,1825805,00.asp.

6/8/2005 I Love Messenger Bugs

If you had trouble getting to your Hotmail account over the past weekend, it may have been because Microsoft took part of the MSN website offline to fix some bugs. The problem was at http://ilovemessenger.msn.com/. There was a cross-site scripting bug that may allow someone to steal Hotmail-related cookies, which would give the attacker access to the account. This is the second problem with part of the MSN site in about a week; earlier, there had been a hacking attack against the South Korean portion of MSN. See
http://news.zdnet.com/2100-1009_22-5734448.html for more.

Today's BugBlog Plus has eleven more bugs and fixes for Apple, McAfee, Microsoft, Novell and Sun Microsystems.

6/7/2005 Apple iDVD Erases the Wrong Disk

This one may be rare but nasty: if you are going to burn a project in Apple iDVD, and you also happen to have an Iomega REV drive hooked up to your computer, the erase-before-burn function in iDVD may get confused between the REV drive and your DVD-RW drive. As a result, it will erase the contents of your REV disk, and attempt to write the project there. (Hope that wasn't your backup.) Apple says to make sure to eject any REV disk before using iDVD to burn.

Today's BugBlog Plus has five more bugs and fixes for Adobe,Macromedia, Microsoft, and Sun Microsystems.

6/6/2005 Mozilla Vulnerable to Frame Injection Bug

Researchers at Secunia say that Mozilla 1.7.x and Firefox 1.x are vulnerable to a seven year old bug that would allow cross-site frame injection. This may let a malicious website spoof the contents of a trusted site. There is no fix yet; one obvious solution is not to mix up the browsing of a trusted site along with untrusted ones. In other words, don't browse a whole bunch of porn sites and then jump over and do your online banking. See the details at http://secunia.com/advisories/15601/.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, IBM, Microsoft, and Red Hat.

6/3/2005 Bug of the Month Goes to Netscape

The botched roll-out of Netscape 8 takes the prize.

6/2/2005 Nortel Networks VPN Bug

Security researchers at NTA report that Nortel Networks VPN (virtual private networks) routers have a bug that may allow attackers to launch a denial of service attack. Apparently, it would only take a maliciously-designed packet of only 300 bytes to crash a router -- so it won't take much bandwidth to cause serious problems. Nortel has a fix; you can read the NTA report at http://www.nta-monitor.com/news/vpn-flaws/nortel/vpn-router-dos/index.htm and then follow the link for the patch.

6/1/2005 More Bagle Variations on the Loose

A number of new variations of the Bagle worm have started to travel the Internet. The chief purpose of the worm now seems to be the harvesting of email addresses. While there seems to be a high volume of mail generated by these, it seems aimed at particularly naïve computer users. It comes with no subject line or body text, and the message has a zipped file attachment. (Almost reminds you of the cartoon where Bugs Bunny or other hero leaves the ticking time bomb, wrapped as a present, on the bad guy's doorstep.) If you persist in opening such highly suspicous material, at least make sure your virus signatures are up to date. Read more at ComputerWorld at http://www.computerworld.com/securitytopics/security/virus/story/0,10801,102143,00.html.

Today's BugBlog Plus has thirteen more bugs and fixes for Adobe, ATI, Mandriva, Microsoft, Novell, Red Hat and Symantec.




| June 05 | May 05 | Apr 05 | Mar 05 | Feb 05 | Jan 05 | Dec 04 | Nov 04 | Oct 04 | Sept 04 | Aug | July 04| June 04 | May 04 | April 04 | Mar 04 | Feb 04| Jan 04 | Dec 03 | Nov 03 | Oct 03 | Sept 03 | August 03 | July 03 | June 03 | May 03 | April 03 | March 03 | February 03 | January 03 | December 02 | November 02

Home | Contact | Writing | Online | News | Tips | CABE |

© 2005 BJK Research LLC