Computer Associates to acquire Netegrity for $430 million
Computer Associates International Inc. of Islandia, N.Y., is acquiring Waltham, Mass.-based security software firm Netegrity for about $430 million, executives from both companies confirmed Wednesday. The all-cash merger is expected to be completed in the next 90 days, subject to certain conditions that include approval by Netegrity stockholders and regulatory authorities, the companies said. Netegrity's operations will be merged with Computer Associates' eTrust Identity and Access Management group. The majority of Netegrity's 400 employees are expected to remain with Computer Associates.
Prat Moghe, president and founder of Maynard, Mass.-based security firm Tizor Systems, said it'll be interesting to see what kind of fallout the merger has on the rest of the information security industry. "Apart from the tactics of this deal, the implications for the technology cycle of the security industry are interesting," he said in an e-mailed statement. "Netegrity was the last big independent startup in identity and access management. This consolidation indicates the maturity phase of IAM, which is about letting people in. The next cycle of market value creation is around what happens once people are in -- problems such as auditing and identity theft are the new interesting areas to watch next."
HP fixes flaws in VirtualVault, Webproxy
Patches have been released to fix a format string vulnerability in Apache that affects Hewlett-Packard's VirtualVault and Webproxy. Attackers could use this flaw to compromise vulnerable systems, and Copenhagen, Denmark-based security firm Secunia called it a "highly critical" issue in its advisory."The vulnerabilities affect servers running HP-UX release B.11.04 with HP VirtualVault 4.5, 4.6, or 4.7 and HP Webproxy 2.0 or 2.1," Secunia said. Users are advised to install the patches.
Vulnerability in Mozilla Application Suite for Tru64 UNIX 1.x
An attacker could use multiple vulnerabilities in the Mozilla Application Suite for Tru64 UNIX 1.x to conduct cross-site scripting attacks, access and modify sensitive information and compromise a user's system, Copenhagen, Denmark-based security firm Secunia said in an advisory. The vulnerabilities affect versions prior to 1.7.3. The company called the problem "highly critical" and recommended users update to version 1.7.3.
Buffer overflow in netkit-telnetd
Gentoo Linux recommends users update to the latest version of netkit-telnetd to fix a possible buffer overflow vulnerability an attacker could exploit to run malicious code and gain root privileges. "A possible buffer overflow exists in the parsing of option strings by the telnet daemon, where proper bounds checking is not applied when writing to a buffer," Gentoo said. "Additionally, another possible buffer overflow has been found by [researcher] Josh Martin in the handling of the environment variable HOME. A remote attacker sending a specially-crafted options string to the telnet daemon would be able to run arbitrary code with the privileges of the user running the telnet daemon, usually root. Furthermore, an attacker could make use of an overlong HOME variable to cause a buffer overflow in the telnet client, potentially leading to the local execution of arbitrary code." There is no known workaround at this time. NetKit-telnetd users are advised to upgrade to the latest version.