NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT 09/06/04 Today's focus: Flaws in WinZip
Dear [EMAIL PROTECTED], In this issue: * An assortment of advisories for Gentoo Linux * Beware Bagle and Rbot variants * Someone to watch over the 'Net, and other interesting reading * Links related to Virus and Bug Patch Alert * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Intel A NW Special Report: The State of Wireless LANs Wireless has becomes more integrated and accepted as a way of doing business. However, several questions are raised about its current state; what are the trends and best practices for deploying wireless LANs? What are the leading applications? What are the tradeoffs in current wireless standards? What are the best options for wireless infrastructures and security mechanisms? Click here to download your copy, no registration required http://www.fattail.com/redir/redirect.asp?CID=79117 _______________________________________________________________ DOWNLOAD THE LATEST SPECIAL REPORTS FROM NETWORK WORLD Focused reports on compelling industry topics, Network World Special Reports are available online at Network World Fusion. Network World Special Reports on IP Telephony Security, the State of Wireless LANs, trends in the networked world and more are currently available. Download any or all of our Special Reports at: http://www.fattail.com/redir/redirect.asp?CID=79650 _______________________________________________________________ Today's focus: Flaws in WinZip By Jason Meserve Today's bug patches and security alerts: Flaws in WinZip A number of buffer overflows have been found in WinZip, the popular compression software for Windows. One could exploit the flaws to run arbitrary code on the affected machine. Users can protect themselves by downloading WinZip Version 9.0 SR-1: <http://www.winzip.com/upgrade.htm> ********** NGSSoftware warns of flaws in IBM DB2 NGSSoftware released an alert saying they've found multiple flaws in IBM DB2, but have withheld the details until December 1st to give system administrators time install the available patches. Sounds like the clock is ticking. NGSSoftware advisory: <http://www.nextgenss.com/advisories/db2-01.txt> IBM patches: DB2 8.1: <http://www.nwfusion.com/go2/0906bug1a.html> DB2 v7.x: <http://www.nwfusion.com/go2/0906bug1b.html> ********** CERT issues advisory for MIT Kerberos 5 As we reported last week, a couple of vulnerabilities have been found in the MIT Kerberos 5 code. One flaw could be exploited to run code on an affected system, the other in a denial-of-service attack. CERT has issued a warning and more vendors have released related updates: CERT advisory: <http://www.us-cert.gov/cas/techalerts/TA04-245A.html> Gentoo: <http://forums.gentoo.org/viewtopic.php?t=219216> Mandrake Linux: <http://www.nwfusion.com/go2/0906bug1c.html> Trustix: <http://www.trustix.org/errata/2004/0045> ********** Gentoo fixes We've collected an assortment of advisories for Gentoo Linux and we present them here in condensed format: Multi-gnome-terminal - An active keystroke logger could allow a local user to view password information: <http://forums.gentoo.org/viewtopic.php?t=219377> Ruby - When Ruby is used for CGI scripting it may create certain temporary files in a non-secure manner: <http://forums.gentoo.org/viewtopic.php?t=218293> XV - A buffer overflow has been found in the image handler: <http://forums.gentoo.org/viewtopic.php?t=218172> Mozilla, Firefox, Thunderbird, Galeon, Epiphany - New versions of these Mozilla-based browsers fix a buffer overflow that was found in previous releases: <http://forums.gentoo.org/viewtopic.php?t=218119> Squid - A denial-of-service vulnerability has been found and patched: <http://forums.gentoo.org/viewtopic.php?t=217932> Gallery - The image upload handling code does not properly deal with temporary files and could be exploited to run arbitrary code: <http://forums.gentoo.org/viewtopic.php?t=217933> eGroupWare - Multiple cross-scripting vulnerabilities have been found: <http://forums.gentoo.org/viewtopic.php?t=217934> Python 2.2 - A buffer overflow has been found in the getaddrinfo() function (only affects those running IPv6): <http://forums.gentoo.org/viewtopic.php?t=217931> vpopmail - A number of vulnerabilities have been found, including one that could allow for SQL injection: <http://forums.gentoo.org/viewtopic.php?t=217329> MySQL - The mysqlhotcopy utility creates poorly protected temporary files that could be exploited in a symlink attack: <http://forums.gentoo.org/viewtopic.php?t=217330> MoinMoin - An anonymous user could bypass the Access Control List: <http://forums.gentoo.org/viewtopic.php?t=214842> kdelibs - The cookie manager component is vulnerable to data injection: <http://forums.gentoo.org/viewtopic.php?t=213969> Cacti - There's a potential for an attacker to be able to change passwords via a SQL injection: <http://forums.gentoo.org/viewtopic.php?t=213737> courier-imap - A format string vulnerability has been discovered: <http://forums.gentoo.org/viewtopic.php?t=212279> xine-lib - "xine-lib contains an exploitable buffer overflow in the VCD handling code," according to Gentoo: <http://forums.gentoo.org/viewtopic.php?t=211481> glibc - An information leak vulnerability has been uncovered: <http://forums.gentoo.org/viewtopic.php?t=211363> Tomcat - "Improper file ownership may allow a member of the tomcat group to execute scripts as root," according to Gentoo: <http://forums.gentoo.org/viewtopic.php?t=210518> GV - A buffer overflow could be exploited by an attack to run any code on the affected machine: <http://forums.gentoo.org/viewtopic.php?t=209419> Horde-IMP - An input validation vulnerability has been found: <http://forums.gentoo.org/viewtopic.php?t=208628> Nessus - A race condition could be exploited to gain elevated privileges: <http://forums.gentoo.org/viewtopic.php?t=209491> ********** Today's roundup of virus alerts: W32/Bagle-AT - Typical of many Bagle variants, this version spreads via e-mail (subject line of "foto" and attachment called "foto.zip") and shared folders using a number of file names. It also drops a Trojan Horse application on the infected machine. (Sophos) W32/Rbot-HT - This Rbot variant spreads via network shares, using random filenames as its infection point. It allows backdoor access via IRC. (Sophos) W32/Rbot-MG - Very similar to Rbot-HT, except it uses the file name "WINu32.EXE" when it infects a system. (Sophos) W32/Rbot-HU - Another run-of-the-mill Rbot variant. This one uses "servicz.exe" when it infects a machine. (Sophos) W32/Rbot-KO - Same as the above listed Rbot variants with the only exception being the infected file: slserv32.exe. (Sophos) W32/Rbot-IA - Of the Rbot variants we've covered so far, this is the most malicious. While it spreads via network shares (infecting "winxp43.exe") and uses IRC for backdoor access, it can also be used a proxy, spam relay, FTP server and more. (Sophos) W32/Forbot-M - This worm spreads via network shares, attempting to exploit the Windows LSASS vulnerability. It installs itself as "winusb32.exe" in the Windows System folder and tries to terminate security-related applications on the infected machine. (Sophos) ********** >From the interesting reading department: Someone to watch over the 'Net A behind-the-scenes look as the Internet Storm Center's Johannes Ullrich battles the MyDoom-O virus. Network World, 09/06/04. <http://www.nwfusion.com/research/2004/090604sans.html?nl> Research center plugs physical security into its network Keeping its huge data center humming is vital at NASA Ames Research Center, where 4,000 scientists are working on aeronautics and biotechnology projects. When a new custom-built air conditioning system couldn't keep the research outfit's network equipment at the right temperature, it was the IT department's equivalent of a space mission gone wrong. Network World, 09/06/04. <http://www.nwfusion.com/news/2004/090604nasaames.html?nl> Celestix improves all-in-one security packages Celestix Networks this week is introducing a security appliance built on Microsoft's Internet Security and Acceleration Server 2004 that is designed to give users firewall, VPN and Web caching capabilities in one box. Network World, 09/06/04. <http://www.nwfusion.com/news/2004/090604celestix.html?nl> Infonet VPN service to exploit the 'Net Infonet Services next week will announce a low-cost, managed VPN service that uses the popular Multi-protocol Label Switching protocol and rides over the Internet. Network World, 09/06/04. <http://www.nwfusion.com/news/2004/090604infonet.html?nl> New York presents wireless security challenge for RNC Transportation Security Administration security checkpoints, hundreds of Secret Service agents, thousands of police on foot, horses and motorcycles, city blocks barricaded by dump trucks filled with tons of sand and an invisible wireless back door that is virtually impossible to monitor and control. That was a snapshot of the security situation at this week's Republican National Convention (RNC) at New York's Madison Square Garden. Computerworld, 09/02/04. <http://www.nwfusion.com/news/2004/0902rncwir.html?nl> _______________________________________________________________ To contact: Jason Meserve Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at <mailto:[EMAIL PROTECTED]>. Check out his Multimedia Exchange weblog at: <http://www.nwfusion.com/weblogs/multimedia/> _______________________________________________________________ This newsletter is sponsored by Intel A NW Special Report: The State of Wireless LANs Wireless has becomes more integrated and accepted as a way of doing business. However, several questions are raised about its current state; what are the trends and best practices for deploying wireless LANs? What are the leading applications? What are the tradeoffs in current wireless standards? What are the best options for wireless infrastructures and security mechanisms? Click here to download your copy, no registration required http://www.fattail.com/redir/redirect.asp?CID=79116 _______________________________________________________________ ARCHIVE LINKS Virus and Bug Patch Alert archive: http://www.nwfusion.com/newsletters/bug/index.html Breaking security news, updated daily http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE CHECK OUT NW FUSION'S NEW WHITE PAPER LIBRARY NW Fusion's White Paper Library was recently re-launched with new features and improved capabilities! Sort NW Fusion's library of white papers by Date and Vendor, view white papers by TECHNCIAL CATEGORY, mouse over white paper descriptions and take advantage of our IMPROVED white paper search engine. CLICK HERE: <http://www.nwfusion.com/vendorview/whitepapers.html> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED] ------------------------ Yahoo! Groups Sponsor --------------------~--> $9.95 domain names from Yahoo!. Register anything. http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/BCfwlB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/kumpulan/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
