NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT 11/04/04 Today's focus: Cisco ACS Server EAP-TLS authentication flaw
Dear [EMAIL PROTECTED], In this issue: * Patches from Sun, Debian, Conectiva, others * Beware ever more Rbot variants * Symantec pushing into mobile space, and other interesting ��reading * Links related to Virus and Bug Patch Alert * Featured reader resource _______________________________________________________________ This newsletter is sponsored by SBC Gimme Shelter! Converged Services Spell Relief For Beleaguered Network Managers Switched IP networks are rapidly becoming the corporate communications architecture of choice. By converging voice, data and video onto IP telephony platforms and Virtual Private Networks, enterprises can supply bandwidth when and where end users need it, while significantly lowering administrative and equipment costs. Click here to download this Whitepaper now http://www.fattail.com/redir/redirect.asp?CID=85995 _______________________________________________________________ WHAT ARE YOU DOING TO GET AHEAD? An IT recruiter outlines the actions you should take to advance your career. Learn how you can gather the enduring respect of colleagues, clients and business associates without coming off as pompous or self-serving. Click here to find out what you need to do to get ahead: http://www.fattail.com/redir/redirect.asp?CID=86118 _______________________________________________________________ Today's focus: Cisco ACS Server EAP-TLS authentication flaw By Jason Meserve Today's bug patches and security alerts: Cisco reports flaw in Secure Access Control Server EAP-TLS Authentication A flaw in Version 3.3.1 of the Cisco Secure ACS for Windows and Cisco Secure ACS Solution Engine could provide authentication to any "cryptographically correct" certificate. This means any certificate with the right fields in place, regardless of the fact that it's expired or comes from an untrusted certificate authority, could be used to gain access to a network protected by this Cisco system. For more, go to: <http://www.nwfusion.com/go2/1101bug2a.html> ********** Sun patches Java System Web Proxy Server 3.6 Sun reports that its Java System Web Proxy Server 3.6 does not properly handled "connect" requests and has a number of buffer overflow issues. A remote attacker could exploit these vulnerabilities to crash the affected system or potentially run their code of choice on it. For more, go to: <http://wwws.sun.com/software/download/products/4149bc42.html> ********** Debian patches xpdf A flaw in various implementations of a PDF viewer application could be exploited to crash the affected application or potentially run arbitrary code on the affected machine. For more, go to: <http://www.debian.org/security/2004/dsa-581> ********** Conectiva patches squid A denial-of-service vulnerability has been found in Squid's ASN1 parser. It could be exploited to crash the system. For more, go to: <http://www.nwfusion.com/go2/1101bug2b.html> ********** Conectiva, Mandrake Linux update gaim A buffer overflow in Gaim, an open source instant messaging client, could be exploited in a denial-of-service attack against the application or to potentially run any code on the affected machine. For more, go to: Conectiva: <http://www.nwfusion.com/go2/1101bug2c.html> Mandrake Linux: <http://www.nwfusion.com/go2/1101bug2d.html> ********** Debian, Gentoo patch libxml A number of buffer overflows have been found in the libxml and libxml2 code, the XML C parser and toolkits for GNOME. These flaws could be exploited to run an attacker's code of choice on the affected machine. For more, go to: Debian: <http://www.debian.org/security/2004/dsa-582> Gentoo: <http://security.gentoo.org/glsa/glsa-200411-05.xml> ********** Security update for TiVo Desktop This may not be an "enterprise" issue, but I am guessing a number of our readers have TiVo running at home. If you do and you're running TiVo Desktop (for picture/music sharing), there's a new version available that fixes a security vulnerability found in previous releases. Users should upgrade to Version 1.3. For more, go to: <http://www.tivo.com/4.9.4.1.asp> ********** Today's roundup of virus alerts: W32/Rbot-NT - What would a newsletter be without an Rbot variant? This one installs itself as "winvc32.exe" in the Windows System directory after infiltrating the machine via network shares. It opens a backdoor through an IRC channel. (Sophos) W32/Rbot-NU - Another Rbot variant. This one tries to exploit the WebDav, LSASS or RPC-DCOM vulnerabilities in Windows (all of which have long had patches available.) It installs itself as "winservice.exe". (Sophos) W32/Rbot-NY - The trifecta for Rbot. This variant uses the filename "crsss64.exe" and can be used for keystroke logging, DDoS attacks and video capture. (Sophos) W32/Rbot-NZ - Grand Slam! Our fourth Rbot variant copies itself into the file "sysmsvc.exe" and can be used to send e-mail, start an FTP session, download/execute files, capture keystrokes and start a port scan. (Sophos) W32/Rbot-NV - This Rbot variant can be used for a number of malicious purposes. It tries to exploit what looks like every known Windows vulnerability as it spreads between network shares using the filename "BLING.EXE". When it infects a system, it installs itself in the system directory as "svchcst.exe". (Sophos) W32/Rbot-OB - Similar to the other variants of Rbot already mentioned. This one installs itself as "winxpini.exe", though it's a hidden/read-only file. (Sophos) W32/MyDoom-AG - A new MyDoom variant that spreads via e-mail with varying attributes. One common theme in the infected message is the word "WORLDXXXPASS.COM" and the attached file will have an extension of zip, exe, scr, pif, bat, or cmd. (Sophos) W32/Agobot-NS - A bot that tries to block access to popular security related Web sites. It spreads via network shares, installing itself as "SVCHOSTT.EXE" in the Windows System directory. (Sophos) ********** >From the interesting reading department: Symantec pushing into mobile space Symantec is making a major push to get its security products into more mobile phones as 3G services and smart phone use spreads internationally, company executives said in Tokyo on Thursday. IDG News Service, 11/04/04. <http://www.nwfusion.com/news/2004/1104symanpushi.html?nl> Hackers reopen stolen code store with Cisco wares An anonymous group of malicious hackers reopened an online store that sells the stolen source code of prominent software products and is offering the code for Cisco's PIX firewall software to interested parties for $24,000, according to messages posted in online discussion groups. IDG News Service, 11/03/04. <http://www.nwfusion.com/news/2004/1103hackers.html?nl> AOL joins industry anti-spam, anti-virus group Internet service provider America Online Monday said it has joined the Messaging Anti-Abuse Working Group, which was formed last December by a group of communications and technology companies to fight spam, viruses and other online attacks and nuisances. Computerworld, 11/01/04. <http://www.nwfusion.com/news/2004/1101aoljoins.html?nl> _______________________________________________________________ To contact: Jason Meserve Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at <mailto:[EMAIL PROTECTED]>. Check out his Multimedia Exchange weblog at: <http://www.nwfusion.com/weblogs/multimedia/> _______________________________________________________________ This newsletter is sponsored by SBC Gimme Shelter! Converged Services Spell Relief For Beleaguered Network Managers Switched IP networks are rapidly becoming the corporate communications architecture of choice. By converging voice, data and video onto IP telephony platforms and Virtual Private Networks, enterprises can supply bandwidth when and where end users need it, while significantly lowering administrative and equipment costs. Click here to download this Whitepaper now http://www.fattail.com/redir/redirect.asp?CID=85994 _______________________________________________________________ ARCHIVE LINKS Virus and Bug Patch Alert archive: http://www.nwfusion.com/newsletters/bug/index.html Breaking security news, updated daily http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE NEW! Website dedicated to Networking for Small Business now available The editors of NW Fusion and PC World have combined all their expert advice, authority, and know-how into a powerful new tool for small businesses, the new Networking for Small Business website. Get news, how-to's, product reviews, and expert advice specifically tailored to your small business needs. Find help with Security, Broadband, Networking, Hardware, Software, and Wireless & Mobile technology at: <http://www.networkingsmallbusiness.com/> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
