NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT 08/19/04 Today's focus: Surprise! Holes in XP SP2
Dear [EMAIL PROTECTED], In this issue: * Patches from Gentoo, SGI, others * Beware new Trojans * Symantec releases patching tool, and other interesting reading * Links related to Virus and Bug Patch Alert * Featured reader resource _______________________________________________________________ This newsletter is sponsored by McAfee Visit the Enterprise Security Center, sponsored by McAfee(r), for an exclusive collection of news, whitepapers, information, analysis and strategy for securing your networks and systems. Learn new strategies for securing your servers and protecting your desktops from viruses. Get the latest information on how to stay on top of the latest threats to your network and bolster your skills in synergizing your IT staff as a critical business asset. http://www.fattail.com/redir/redirect.asp?CID=72596 _______________________________________________________________ CHECK OUT NW FUSION'S NEW WHITE PAPER LIBRARY Just launched: NW Fusion's White Paper Library with new features and improved capabilities! Sort NW Fusion's library of white papers by Date and Vendor, view white papers by TECHNICAL CATEGORY, mouse over white paper descriptions and take advantage of our IMPROVED white paper search engine. CLICK HERE: http://www.fattail.com/redir/redirect.asp?CID=72570 _______________________________________________________________ Today's focus: Surprise! Holes in XP SP2 By Jason Meserve Today's bug patches and security alerts: Researchers find holes in XP SP2 Security researchers inspecting an update to Microsoft's Windows XP found two software flaws that could allow virus writers and malicious hackers to sidestep new security features in the operating system. You just knew this was coming. IDG News Service, 08/18/04. <http://www.nwfusion.com/news/2004/0818reseafind.html?nl> ********** Cisco IOS: Malformed OSPF packet causes reload According to a Cisco advisory, "A Cisco device running Internetwork Operating System (IOS) and enabled for the Open Shortest Path First (OSPF) protocol is vulnerable to a Denial of Service (DoS) attack from a malformed OSPF packet. The OSPF protocol is not enabled by default. The vulnerability is only present in Cisco IOS release trains based on 12.0S, 12.2, and 12.3. Releases based on 12.0, 12.1 mainlines, and all Cisco IOS images prior to 12.0 are not affected." For more, go to: http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml> ********** Two vulnerabilities in KDE Two flaws have been found in KDE, a graphical user environment for Linux. Both flaws have to do with the way temporary files are created by different processes. These files are not created in a secure manner and could be exploited to gain elevated privileges on the affected machine. For more, go to: <http://www.kde.org/info/security/advisory-20040811-1.txt> <http://www.kde.org/info/security/advisory-20040811-2.txt> Related fixes: Debian: <http://www.debian.org/security/2004/dsa-539> Gentoo: <http://forums.gentoo.org/viewtopic.php?t=209643> ********** Flaw in Acrobat ActiveX control A flaw in the pdf.ocx Acrobt control could be exploited by an attacker in a denial-of-service attack or to take control of the affected machine. The iDefense advisory says Version 5.0.5.452 is impacted the most, with Version 6.0.2 less affected. For more, go to: <http://www.nwfusion.com/go2/0816bug2a.html> Related: Gentoo patch for Acroread: <http://forums.gentoo.org/viewtopic.php?t=210517> ********** Vendors patch rsync A vulnerability in rsync could be exploited to read and write files outside the intended path. For more, go to: Debian: <http://www.debian.org/security/2004/dsa-538> Gentoo: <http://forums.gentoo.org/viewtopic.php?t=211480> Mandrake Linux: <http://www.nwfusion.com/go2/0816bug2b.html> SuSE: <http://www.suse.com/de/security/2004_26_rsync.html> Trustix: <http://www.trustix.org/errata/2004/0042> ********** Mandrake Linux patches Mozilla A Mozilla update for Mandrake Linux 10 includes a number of security fixes for problems found in previous releases. For more, go to: <http://www.nwfusion.com/go2/0816bug2c.html> ********** SGI updates Advanced Linux Environment 2.4 A comprehensive patch for SGI's Advanced Linux Environment 2.4 fixes flaws in Ethereal, VFS, glibc, libpng and mozilla. The update is available from: <http://www.nwfusion.com/go2/0816bug2d.html> SGI releases update for Advanced Linux Environment 3 This update includes fixes for Ethereal, VFS, libpng, mozilla, ipsec-tools and sox. For more, go to: <http://www.nwfusion.com/go2/0816bug2e.html> ********** Today's roundup of virus alerts: W32/MyDoom-S -- Another MyDoom variant that uses e-mail as its primary vehicle to spread. The infected e-mail comes with an attachment named "photos_arc.exe", (Sophos) W32/Apribot-C -- A bot that spreads via network shares and can be used as spam relay or launching point for other attacks. The virus uses random file names for its infection point and allows backdoor access via IRC. It also tries to limit access to anti-virus sites by modifying the Windows HOST file. (Sophos) Troj/Padodo-Fam -- A family of worms that are used for stealing passwords and providing backdoor access to infected machines. The worm can provide proxy access via random ports as well. (Sophos) Troj/Bdoor-CHR -- This Trojan installs itself as "dx32hhlp.exe" in the Windows System folder and can accept commands via IRC. It also attempts to limit access to anti-virus Web sites. (Sophos) Troj/Daemoni-G -- This malicious piece of code "is a proxy Trojan that allows a remote intruder to route internet traffic through the infected computer," according to Sophos. (Sophos) Troj/ProxDrop-A -- Further proof that the majority of new worms are designed to make some money (illegally): This is another Trojan that acts as a proxy to help direct and obfuscate Web illegal Web traffic. It installs itself in the Windows System folder as "SUCHOSTP.EXE" and "SUCHOSTS.EXE". (Sophos) W32/Rbot-GF -- Yet another Rbot variant that spreads via network shares and allows backdoor access via IRC. It installs itself as "wuagrd.exe" in the Windows System directory and can be used to record keystrokes and steal CD activation keys for popular games. (Sophos) Troj/Winflux-B -- Another Trojan that can turn the infected machine in to a relay for any number of activities. The virus uses random file names to infect the machine and allows backdoor access via IRC. (Sophos) ********** >From the interesting reading department: Symantec releases patching tool Security company Symantec Monday plans to announce the release of a patch management product that it says will enable small and midsized businesses to stay on top of software vulnerabilities. IDG News Service, 08/16/04. <http://www.nwfusion.com/news/2004/0816symanrelea.html?nl> McAfee to buy Foundstone for $86 million Anti-virus software company McAfee Monday said it is buying Foundstone, which makes software for detecting and managing software vulnerabilities, for $86 million in cash. IDG News Service, 08/16/04. <http://www.nwfusion.com/news/2004/0816mcafetobu.html?nl> Opinion: A matter of life and death We need vendors to step up, the FDA to apply more pressure to get this resolved, and the finger-pointing to be replaced by collaborative effort. Network World, 08/16/04. <http://www.nwfusion.com/columnists/2004/081604edit.html?nl> Opinion: Security today means playing 'defense-in-depth' Network managers should reassess their security architectures in the overall context of "information stewardship" - and enabling defense-in-depth is a great first step. Network World, 08/16/04. <http://www.nwfusion.com/columnists/2004/081604johnson.html?nl> Opinion: Problem with old e-mail server We're having difficulty with an open relay on the e-mail server and mail is being rejected by several recipients to avoid spamming. I'm unable to find a setting on the server that might close the relay. Network World, 08/16/04. <http://www.nwfusion.com/columnists/2004/0816nutter.html?nl> Opinion: USB wireless and security adapters As more opportunities come up for mobile workers to access corporate networks without actually having to carry a laptop, so will the opportunities for people to take advantage of that access. Internet kiosks and other computers being made convenient for workers are great, but Web browsing and e-mail checking have a way of leaving leftover data that the bad guys can exploit. A KeyPoint device solves these issues, and can help ease IT fears about having unprotected data being in the mobile computing wilderness. Network World, 08/16/04. <http://www.nwfusion.com/columnists/2004/081604cooltools.html?nl> _______________________________________________________________ To contact: Jason Meserve Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at <mailto:[EMAIL PROTECTED]>. Check out his Multimedia Exchange weblog at: <http://www.nwfusion.com/weblogs/multimedia/> _______________________________________________________________ This newsletter is sponsored by McAfee Visit the Enterprise Security Center, sponsored by McAfee(r), for an exclusive collection of news, whitepapers, information, analysis and strategy for securing your networks and systems. Learn new strategies for securing your servers and protecting your desktops from viruses. Get the latest information on how to stay on top of the latest threats to your network and bolster your skills in synergizing your IT staff as a critical business asset. http://www.fattail.com/redir/redirect.asp?CID=72596 _______________________________________________________________ ARCHIVE LINKS Virus and Bug Patch Alert archive: http://www.nwfusion.com/newsletters/bug/index.html Breaking security news, updated daily http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE WONDERING IF YOUR PAY IS UP TO SNUFF? Check out Network World's 2004 Salary Calculator to see if you're getting paid what you're worth. Using data collected in the 2004 Network World Salary Survey, we've programmed this calculator with several categories that could affect your pay. Answer the questions and find out what the average salary is for your job category. Click here: <http://www.nwfusion.com/salary/2004/calculator.html> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED] ------------------------ Yahoo! Groups Sponsor --------------------~--> $9.95 domain names from Yahoo!. Register anything. http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/BCfwlB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/kumpulan/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
