NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT 11/01/04 Today's focus: Linux patch potpourri
Dear [EMAIL PROTECTED], In this issue: * Patches from OpenPKG, Gentoo, Conectiva others * New Bagle variants on the loose * E-mail at a crossroads, and other interesting reading * Links related to Virus and Bug Patch Alert * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Nokia NW Special Report: Preparing an Infrastructure for Mobile Applications. Mobility, properly done, increases productivity and decreases operating costs. So get up to date information about building a mobile infrastructure, dealing with security issues, the latest networking options, connectivity alternatives and operational support enhancements. http://www.fattail.com/redir/redirect.asp?CID=85966 _______________________________________________________________ BUSH VS. KERRY: TIME TO VOTE Do you know where each candidate stands on technology issues? We decided to get the candidates' position on key tech issues, but it wasn't easy. Find out where Bush and Kerry stand on such issues such as outsourcing, national broadband policy, wireless spectrum and more. Click here: http://www.fattail.com/redir/redirect.asp?CID=86074 _______________________________________________________________ Today's focus: Linux patch potpourri By Jason Meserve Today's bug patches and security alerts: Debian, OpenPKG patch postgresql A symlink attack is possible by exploiting temporary files created by a function in the postgresql database. A new version is available to fix the problem. For more, go to: Debian: <http://www.debian.org/security/2004/dsa-577> OpenPKG: <http://www.nwfusion.com/go2/1101bug1a.html> ********** Debian, Mandrake Linux, OpenPKG patch Squid A denial-of-service vulnerability has been found in Squid's ASN1 parser. It could be exploited to crash the system. For more, go to: Debian: <http://www.debian.org/security/2004/dsa-576> Mandrake Linux: <http://www.nwfusion.com/go2/1101bug1b.html> OpenPKG: <http://www.openpkg.org/security/OpenPKG-SA-2004.048-squid.html> ********** Gentoo patches xpdf A flaw in various implementations of a PDF viewer application could be exploited to crash the affected application or potentially run arbitrary code on the affected machine. For more, go to: <http://security.gentoo.org/glsa/glsa-200410-30.xml> ********** Conectiva patches kernel According to Conectiva, there's "A vulnerability in the Linux kernel, which could allow a local attacker to obtain sensitive information due to an issue when handling 64-bit file offset pointers. A local attacker could exploit this vulnerability to read portions of the kernel's memory." For more, go to: <http://www.nwfusion.com/go2/1101bug1c.html> Conectiva updates foomatic-filters The foomatic-filters command-line rip application does not properly check parameters added to the command. This could be exploited to run arbitrary commands. For more, go to: <http://www.nwfusion.com/go2/1101bug1d.html> Conectiva releases patch for gtk+ A flaw in the gtk+ BMP image handler could be exploited to send the application in an infinite loop, leading to a denial of service. For more, go to: <http://www.nwfusion.com/go2/1101bug1e.html> ********** OpenPKG patches apache A flaw in the "get_tag" function for the Apache Web server has been discovered. According to OpenPKG, "It allows local users who can create SSI documents to execute arbitrary code as the Apache run-time user via SSI documents that trigger a content length calculation error." For more, go to: <http://www.openpkg.org/security/OpenPKG-SA-2004.047-apache.html> ********** Today's roundup of virus alerts: Anti-virus companies warn of new Bagle variants New versions of the Bagle worm rolled onto the Internet Friday, prompting anti-virus companies to warn customers about the threat and to push out software updates to spot the new worms. IDG News Service, 10/29/04. <http://www.nwfusion.com/news/2004/1029antivcompa.html?nl> W32/Forbot-BW -- A bot variant that spreads via network shares by exploiting the Windows LSASS vulnerability. The virus allows backdoor access via IRC, and the machine can be used for a number of malicious tasks. (Sophos) W32/Forbot-BU -- Another Forbot variant that exploits the LSASS vulnerability. This one installs itself as "SndMon32.exe" in the Windows System directory. One upside to it: It tries to disable malware installed by other viruses. (Sophos) SH/Renepo-A -- Macintosh users who thought they were above the virus fray are now in it. This is a shell script that could open backdoors to the infected machine. It may also start a VNC process that allows a remote machine to take control on the infected system. (Sophos) W32/Rbot-NK -- This Rbot variant installs itself as "realplay.exe" in the Windows System directory. It can be used for a number of purposes, including accessing Web cams, capturing screen activity, stealing CD keys and sending e-mail. (Sophos) W32/Rbot-NS -- Another Rbot variant that uses network shares to spread. It installs in the Windows System directory as "MSNDP.EXE" and can be used to delete network shares and logs keystrokes. (Sophos) Famus.B -- An e-mail worm that plays on the Iraq war with a subject line of "Iraq and the crime" and an attachment called "iraq.scr". It seems to just spread and not cause any permanent damage to the infected machine. (Sophos) ********** >From the interesting reading department: Security Summit CIOs gather at Dartmouth College to share ideas on enterprise security. Network World, 11/01/04. <http://www.nwfusion.com/research/2004/110104summit.html?nl> E-mail at a crossroads Spam and phishing have hit epidemic proportions and are threatening to undermine user confidence in the Internet. The protection and preservation of e-mail rests on technology, legislation and international involvement. Network World, 11/01/04. <http://www.nwfusion.com/research/2004/110104email.html?nl> Roadblocks for shared IDs: Trust, immature standards Speaking at last week's Digital ID World conference, American Express, Fidelity Investments, Boeing, Fifth Third Bank, Premier and a host of other companies shared their hopes, early successes and concerns as they try to integrate their identity management services with business partners and customers. Network World, 11/01/04. <http://www.nwfusion.com/news/2004/110104federate.html?nl> Microsoft readying simpler ID management Microsoft is developing a portal-like interface for its identity management platform that will let users self-manage their identity information and provision network services. Network World, 11/01/04. <http://www.nwfusion.com/news/2004/1029msid.html?nl> Vendors tout WLAN security products New software from two vendors is intended to boost security for wireless LANs, one targeting the network, the other wireless clients. Network World, 11/01/04. <http://www.nwfusion.com/news/2004/110104-airespace.html?nl> New software checks configurations St. Bernard Software this week will unveil SecurityExpert, a scanning tool that will let customers check Windows 2000, XP, Internet Explorer and Microsoft Internet Information Server to make sure the desktop and server software is properly configured. Network World, 11/01/04. <http://www.nwfusion.com/news/2004/110104stbernard.html?nl> CipherTrust takes 'control' of spam Updated IronMail appliance rejects spammers' connection requests. Network World, 11/01/04. <http://www.nwfusion.com/news/2004/110104ciphertrust.html?nl> _______________________________________________________________ To contact: Jason Meserve Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at <mailto:[EMAIL PROTECTED]>. Check out his Multimedia Exchange weblog at: <http://www.nwfusion.com/weblogs/multimedia/> _______________________________________________________________ This newsletter is sponsored by Nokia NW Special Report: Preparing an Infrastructure for Mobile Applications. Mobility, properly done, increases productivity and decreases operating costs. So get up to date information about building a mobile infrastructure, dealing with security issues, the latest networking options, connectivity alternatives and operational support enhancements. http://www.fattail.com/redir/redirect.asp?CID=85966 _______________________________________________________________ ARCHIVE LINKS Virus and Bug Patch Alert archive: http://www.nwfusion.com/newsletters/bug/index.html Breaking security news, updated daily http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE NW CLEAR CHOICE TESTS The Network World Lab Alliance is a coalition of industry experts, network integration consultants, independent test labs and universities who conduct single-product reviews and head-to-head comparative tests in real enterprise network settings. Find out which products get the "thumbs-up" in categories such as web front-end devices, WLAN security, anti-spam and more at: <http://www.nwfusion.com/reviews/> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
