NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT 11/08/04 Today's focus: New IE hole?
Dear [EMAIL PROTECTED], In this issue: * Patches from SCO, Trustix, others * Beware backdoor Trojan, more Rbot variants * Symantec adds threat data to managed security services, and ��other interesting reading * Links related to Virus and Bug Patch Alert * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Shavlik HFNetChkPro(TM) Security Patch Management: Deploy Windows XP SP2 with Shavlik HFNetChkPro(TM) today! Our free, fully functional, no time-out, trial version helps automate patch delivery and testing with swift scanning and a complete GUI. Start patching in just 30 minutes to ensure that your systems are fully protected against viruses, worms & hackers. Click here to download the trial version today: http://www.fattail.com/redir/redirect.asp?CID=87804 _______________________________________________________________ SECURTIY SUMMIT: CAN SECURITY BE A COMPETITIVE EDGE? Recently 23 prominent IT executives and academics gathered at Dartmouth College in Hanover, NH for a daylong roundtable to address such questions. CIOs and VPs from some of the largest and most well-known companies in the US shared with peers their security fears, goals, frustrations and challenges. Find out more: http://www.fattail.com/redir/redirect.asp?CID=87873 _______________________________________________________________ Today's focus: New IE hole? By Jason Meserve Today's bug patches and security alerts: Microsoft investigating reports of new IE hole Microsoft is investigating reports of a serious security flaw in Internet Explorer, but has not yet seen malicious code that exploits the reported flaw, the company said Thursday. IDG News Service, 11/04/04. <http://www.nwfusion.com/news/2004/1104microinves.html?nl> ********** Catching up with Gentoo We've got a slew of alerts from Gentoo Linux in our buffer, so here is a round up: LessTif - Vulnerable to the flaws found in LibXpm. Could be used to run code remotely: <http://security.gentoo.org/glsa/glsa-200410-09.xml> gettext - Temporary files not created in secure manner, could be exploited in a symlink attack: <http://security.gentoo.org/glsa/glsa-200410-10.xml> WordPress - HTTP response splitting and cross-site scripting vulnerabilities, according to Gentoo: <http://security.gentoo.org/glsa/glsa-200410-12.xml> BNC - A buffer overflow could be exploited to run IRC commands remotely: <http://security.gentoo.org/glsa/glsa-200410-13.xml> phpMyAdmin - Remote command execution is possible if php "safe mode" is disabled: <http://security.gentoo.org/glsa/glsa-200410-14.xml> Apache 2, mod_ssl - There's a potential to bypass restrictions set by "SSLCipherSuite": <http://security.gentoo.org/glsa/glsa-200410-21.xml> MySQL - DoS and potential arbitrary code execution possible by exploiting several vulnerabilities: <http://security.gentoo.org/glsa/glsa-200410-22.xml> MIT krb5 - The send-pr.sh script creates non-secure temporary files that are vulnerable to a symlink attack: <http://security.gentoo.org/glsa/glsa-200410-24.xml> Netatalk - Files created by the etc2ps.sh script is vulnerable to symlink attacks: <http://security.gentoo.org/glsa/glsa-200410-25.xml> socat - A format string vulnerability could be exploited to run code: <http://security.gentoo.org/glsa/glsa-200410-26.xml> rssh - A format string flaw could be used to bypass restrictions and run code: <http://security.gentoo.org/glsa/glsa-200410-28.xml> Archive::Zip - Zip files could be used to hide viruses: <http://security.gentoo.org/glsa/glsa-200410-31.xml> ppp - A flaw could be exploited to crash the ppp server: <http://security.gentoo.org/glsa/glsa-200411-01.xml> Cherokee - A format string vulnerability could be used to run code on the system: <http://security.gentoo.org/glsa/glsa-200411-02.xml> Apache 1.3 - Buffer overflow could be used to gain elevated privileges: <http://security.gentoo.org/glsa/glsa-200411-03.xml> Speedtouch USB driver - Local users could exploit a vulnerability to gain elevated privileges: <http://security.gentoo.org/glsa/glsa-200411-04.xml> MIME-tools - The utility does not properly bounds check MIME data and virual code could bypass checks: <http://security.gentoo.org/glsa/glsa-200411-06.xml> GD - An integer overflow could be used to run the code of choice: <http://security.gentoo.org/glsa/glsa-200411-08.xml> shadow - User accounts could be modified without the proper privileges: <http://security.gentoo.org/glsa/glsa-200411-09.xml> Gallery - Is vulnerable to cross scripting attacks: <http://security.gentoo.org/glsa/glsa-200411-10.xml> ImageMagick - An EXIF data handling flaw could be exploited to run arbitrary code: <http://security.gentoo.org/glsa/glsa-200411-11.xml> ********** Trustix releases "multi" An update for Trustix that fixes flaws in libxml2 and postgreSQL. A buffer overflow was found in libxml2 and a data loss bug in postgreSQL. For more, go to: <http://www.trustix.org/errata/2004/0055/> Trustix releases update for Apache A buffer overflow may occur in the SSI tag string when escaped characters are encountered. This could be exploited in a denial-of-service attack. For more, go to: <http://www.trustix.org/errata/2004/0056/> ********** SCO patches zlib A flaw in the zlib compression library could be exploited in a denial-of-service attack against the affected system. For more, go to: <ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.17> ********** Today's roundup of virus alerts: W32/Swash.A - An e-mail virus that spreads via messages with an infected attachment type of ZIP, EXE or SCR. It attempts to stop all security-related application running on the infected machine. (Panda Software) W32/Forbot-BZ - This backdoor Trojan spreads via network shares and allows remote access via IRC. It installs itself as "mplayer.exe" in the Windows System directory and can be used for a number of malicious purposes. (Sophos) W32/Shodi-F - A virus that attempts to infect .exe files on the target machine, with the exception of some Windows System files. The virus installs itself as "VIRT.exe" and "USR_Shohdi_Photo_USR.exe". (Sophos) W32/Leebad-A - This virus copies itself into the root directory of any functional drive (real or virtual) attached to the infected system. No word on what sort of permanent damage can be caused by this particular rodent. (Sophos) W32/Rbot-OP - An Rbot variant that drops the file "afilterplatform.exe" in the Windows System folder. It uses IRC to receive commands and can be directed to perform a number of malicious tasks. (Sophos) W32/Rbot-OR - This Rbot variant installs itself as "atiphexx.exe" in the Windows System folder after spreading via network shares. It can download and execute code from remote sites. (Sophos) W32/Rbot-OV - Another Rbot variant that spreads via network shares by exploiting the LSASS or RPC DCOM vulnerabilities. It installs itself as "wint.exe" and can used for a number of malicious applications. (Sophos) W32/Bagz-F - A virus that spreads via e-mail with varying message attributes. The attached message will be a .zip or .exe file. The virus runs as the service "Xuy v palto ". It prevents access to anti-virus vendor sites. (Sophos) JS/QHosts21-A - A virus that can be used to redirect banking users to bogus sites. It comes in an e-mail message that looks like the Google Web site. It downloads Windows Script code while the message is being opened. (Sophos) ********** >From the interesting reading department: Symantec adds threat data to managed security services In a bid to expand its services business, Symantec next week plans to start selling security intelligence data as an add-on to its Managed Security Services. IDG News Service, 11/05/04. <http://www.nwfusion.com/news/2004/1105symanadds.html?nl> Resilient hardware unveiled for Check Point software Resilience is introducing two hardware platforms for Check Point VPN-1 Pro software that feature high availability. The two platforms are the Ndurant made by Resilience and the MX based on IBM xSeries servers. Network World Fusion, 11/05/04. <http://www.nwfusion.com/news/2004/1105resilience.html?nl> _______________________________________________________________ To contact: Jason Meserve Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at <mailto:[EMAIL PROTECTED]>. Check out his Multimedia Exchange weblog at: <http://www.nwfusion.com/weblogs/multimedia/> _______________________________________________________________ This newsletter is sponsored by Shavlik HFNetChkPro(TM) Security Patch Management: Deploy Windows XP SP2 with Shavlik HFNetChkPro(TM) today! Our free, fully functional, no time-out, trial version helps automate patch delivery and testing with swift scanning and a complete GUI. Start patching in just 30 minutes to ensure that your systems are fully protected against viruses, worms & hackers. Click here to download the trial version today: http://www.fattail.com/redir/redirect.asp?CID=87803 _______________________________________________________________ ARCHIVE LINKS Virus and Bug Patch Alert archive: http://www.nwfusion.com/newsletters/bug/index.html Breaking security news, updated daily http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE NEW! Website dedicated to Networking for Small Business now available The editors of NW Fusion and PC World have combined all their expert advice, authority, and know-how into a powerful new tool for small businesses, the new Networking for Small Business website. Get news, how-to's, product reviews, and expert advice specifically tailored to your small business needs. Find help with Security, Broadband, Networking, Hardware, Software, and Wireless & Mobile technology at: <http://www.networkingsmallbusiness.com/> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
