NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT 11/11/04 Today's focus: Cisco IOS and Microsoft patches
Dear [EMAIL PROTECTED], In this issue: * Patches from Microsoft, Mandrake Linux, others * Beware new MyDoom variant * Spyware stoppers target biz networks, and other interesting ��reading * Links related to Virus and Bug Patch Alert * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Shavlik HFNetChkPro(TM) Security Patch Management: Deploy Windows XP SP2 with Shavlik HFNetChkPro(TM) today! Our free, fully functional, no time-out, trial version helps automate patch delivery and testing with swift scanning and a complete GUI. Start patching in just 30 minutes to ensure that your systems are fully protected against viruses, worms & hackers. Click here to download the trial version today: http://www.fattail.com/redir/redirect.asp?CID=87806 _______________________________________________________________ WHAT DO YOU KNOW ABOUT THE NEW DATA CENTER? Sign up for Network World's Data Center Newsletter in which Johna Till Johnson and the team at Nemertes Research will provide an ongoing assessment of current data center business drivers and future trends; concrete advice and guidance for IT executives seeking to consolidate data centers, improve disaster recovery, and deploy virtualization techniques. Click here to subscribe: http://www.fattail.com/redir/redirect.asp?CID=87907 _______________________________________________________________ Today's focus: Cisco IOS and Microsoft patches By Jason Meserve Today's bug patches and security alerts: IOS glitch leaves some Cisco gear open to attack A software vulnerability in some Cisco routers and switches could allow an attacker to cause the devices to hang, the vendor warned this week. Network World Fusion, 11/10/04. <http://www.nwfusion.com/news/2004/1110cisvuln.html?nl> Cisco advisory: http://www.cisco.com/warp/public/707/cisco-sa-20041110-dhcp.shtml> ********** Microsoft patches ISA Server 2000 and Proxy Server 2.0 As part of its monthly Windows security update, Microsoft released an update for its ISA Server 2000 and Proxy Server 2.0. Flaws in the system could be exploited to spoof Internet content, which could make a phisher's job easier. Fore more, go to: http://www.microsoft.com/technet/security/Bulletin/MS04-039.mspx ********** Nortel Contivity VPN Client flaw According to an advisory from Network Intelligence India, "The Nortel Networks Contivity VPN Client authentication error message provides more information than is necessary, thus allowing an attacker to discover existing users on the system." For more, go to: CERT advisory: <http://www.kb.cert.org/vuls/id/830214> Network Intelligence India advisory: <http://www.nii.co.in/vuln/contivity.html> ********** Catching up with Mandrake Linux Earlier this week we cleared the queue of Gentoo Linux announcements/updates. Today we tackle the pile of Mandrake Linux updates: wxGTK2 - This is a libtiff tool for image handling. A number of flaws have been found that could be exploited to run code on an affected system: <http://www.nwfusion.com/go2/1108bug2a.html> kdegraphics - The KDEgraphics package is vulnerable to flaws in the various PDF view applications. Arbitrary code could be run on the affected machine: <http://www.nwfusion.com/go2/1108bug2b.html> perl-Archive-Zip - Anti-virus programs can miss viruses stored in ZIP files. Older versions of Archive-Zip can compound the problem by setting file sizes to 0: <http://www.nwfusion.com/go2/1108bug2c.html> MySQL - The MySQL server creates insecure temporary files that could be exploited in a symlink attack: <http://www.nwfusion.com/go2/1108bug2d.html> mpg123 - Two buffer overflows in this media player could be exploited to run code on the affected machine: <http://www.nwfusion.com/go2/1108bug2e.html> netatalk - Temporary files are created with predictable names, which could be exploited a symlink attack: <http://www.nwfusion.com/go2/1108bug2f.html> mod_ssl/apache2-mod_ssl - Mod_SSL fails to check if a cipher suite is properly authenticated: <http://www.nwfusion.com/go2/1108bug2g.html> perl-MIME-tools - A problem with the way certain attributes are parsed could be exploited to allow viruses through: <http://www.nwfusion.com/go2/1108bug2h.html> xorg-x11 - A stack overflow vulnerability has been patched: <http://www.nwfusion.com/go2/1108bug2i.html> iptables - Not all the required modules are loaded on system start, including the firewall: <http://www.nwfusion.com/go2/1108bug2j.html> shadow-utils - Local users can bypass certain security restrictions: <http://www.nwfusion.com/go2/1108bug2k.html> libxml/libxml2 - Multiple buffer overflows have been found in these image handling libraries: <http://www.nwfusion.com/go2/1108bug2l.html> ruby - Poorly secured temporary files are created by the application: <http://www.nwfusion.com/go2/1108bug2m.html> ********** Conectiva patches rsync A flaw in the way rsync sanitizes paths could be exploited by a user to write files outside the rsync daemon's specified directory. For more, go to: <http://www.nwfusion.com/go2/1108bug2n.html> ********** Today's roundup of virus alerts: New MyDoom variant exploits IE flaw A new variant of the MyDoom worm that exploits an unpatched flaw in Microsoft's Internet Explorer browser is in the wild and posing particular risk to home and small business users, security experts warned this week. IDG News Service, 11/09/04. <http://www.nwfusion.com/news/2004/1109newmydoo.html?nl> W32/Rbot-OX - A backdoor worm that spreads via network shares and allows access via IRC. It can be used for a number of malicious applications. This variant installs itself as "NetConfs.exe" in the Windows System directory. (Sophos) W32/Rbot-OY - Another Rbot variant that attempts to exploit the Windows DCOM and LSASS vulnerabilities as it spreads via network shares. It installs itself as "winlogg.exe" and can be used for a number of malicious activities. (Sophos) W32/Rbot-PA - Very similar to Rbot-OY above, except this variant installs itself as "sdsa.exe". (Sophos) W32/Rbot-PC - Another Rbot variant that exploits the Windows LSASS vulnerability. It installs itself as "csrse.exe" and can be used to log keystrokes, turn on a Webcam and steal information. (Sophos) W32/Rbot-PE - With this Rbot variant, it attempts to exploit the WebDav and RPC-DCOM vulnerabilities as well as the LSASS flaw. It installs itself as "vpc32.exe" in the Windows System directory. (Sophos) W32/Famus-F - A virus that spreads via e-mail with varying characteristics. All of them have the "Password: "cnn"" in the body text. (Sophos) Citifraud.A - This is more of a URL spoofing tool that can be used with Web sites or Spam and can be used to fake a banking Web site. (Panda Software) W32/Sdbot-QX - An Sdbot variant that installs itself in the Windows System folder as "BBSBW.EXE". It can be used to download and execute code on the affected system. (Sophos) W32/Forbot-CD - A bot that spreads via network shares by exploiting the LSASS vulnerability in Windows. It installs itself in the Windows System directory as "svchosting.exe". It can be used to run code, launch denial-of-service attacks and steal information from the infected machine. (Sophos) W32/Forbot-CF - Another Forbot variant that is similar to Forbot-CD above. (Sophos) W32/Bofra-A - A new mass mailing worm that uses a semi-random filename to carry the infection. The file always ends in "32.EXE". The code contains its own SMTP engine for spreading to other targets. (Sophos) W32/Bofra-B - A second Bofra variant. This one injects itself into Internet Explorer to make removal more difficult. (Sophos) ********** >From the interesting reading department: Spyware stoppers target biz networks Until recently there were no anti-spyware products designed with large networks in mind - only stand-alone consumer software or freeware. But consumer-oriented anti-spyware products from Computer Associates, Tenebril and Webroot are getting beefed up for enterprise networks. Network World, 11/08/04. <http://www.nwfusion.com/news/2004/110804spyware.html?nl> Debating what is spyware, Network World, 11/08/04. <http://www.nwfusion.com/news/2004/110804spywareside.html> The evolution of IDS Security advances push intrusion detection deeper into the network, relegating its role to forensics investigation and internal monitoring. Network World, 11/08/04. <http://www.nwfusion.com/research/2004/110804ids.html?nl> Test: Network vulnerability assessment management Eight network scanning tools offer beefed-up management and remediation. Network World, 11/08/04. <http://www.nwfusion.com/reviews/2004/110804rev.html?nl> IPLocks reinforces security tool Looking to help users protect corporate assets from theft, fraud and other abuse, database-security software vendor IPLocks this week announced a new version of its database monitoring, assessment and analysis tool. Network World, 11/08/04. <http://www.nwfusion.com/news/2004/110804iplocks.html?nl> SonicWall improves virus protection SonicWall is introducing software for its VPN appliances that lets businesses screen Internet traffic for viruses as it enters their networks. Network World, 11/08/04. <http://www.nwfusion.com/news/2004/110804sonicwall.html?nl> AT&T adding tool to help thwart attacks AT&T last week announced its newest Internet Protect security service, which is designed to help business customers mitigate worm and virus attacks on their networks. Network World, 11/08/04. <http://www.nwfusion.com/news/2004/110804att.html?nl> BigFix mixes systems and patch mgmt. Patch management vendor BigFix this week is unveiling software that will let customers forward application and software upgrades to distributed systems and maintain an inventory of desktops, laptops and servers and the software running on them. Network World, 11/08/04. <http://www.nwfusion.com/news/2004/110804bigfix.html?nl> AirDefense counterattacks WLAN threats AirDefense this week is set to release the latest version of its wireless LAN protection software, with features that will let users mount counterattacks against threats to wireless clients and networks. Network World, 11/08/04. <http://www.nwfusion.com/news/2004/110804airdefense.html?nl> Companies target IM, peer-to-peer threats Real-time communications vendors Akonix and FaceTime this week are expected to beef up their security gateways to lock down the avenues that viruses and malware travel using instant messaging and peer-to-peer programs. Network World Fusion, 11/09/04. <http://www.nwfusion.com/news/2004/1109akonix.html?nl> Study: Information security field to grow steadily The number of cybersecurity professionals is projected to grow at an annual compound rate of nearly 14% from now until 2008,according to a study released this week during the Computer Security Institute (CSI) trade show in Washington, D.C. IDG News Service, 11/09/04. <http://www.nwfusion.com/news/2004/1109studyinfor.html?nl> Phishers adopt scam tricks from virus writers You know all about phishing scams, right? You know better than to click on a Web link embedded in an e-mail that purports to be from your bank, or to reply to messages requesting your user name and password. But if you think that's enough to protect yourself, think again. PC World, 11/05/04. <http://www.nwfusion.com/news/2004/1105phishadopt.html?nl> Update: Some WLANs open to dictionary attack A dictionary attack tool designed to exploit a weakness the Wi-Fi Protected Access security for wireless LANs has been published on the Web. Network World Fusion, 11/08/04. <http://www.nwfusion.com/news/2004/1108wlandictionary.html?nl> CA integrates PestPatrol anti-spyware Computer Associates Monday will announce that it has integrated an anti-spyware product from its purchase of PestPatrol with its own eTrust Security Management portfolio. InfoWorld, 11/08/04. <http://www.nwfusion.com/news/2004/1108cainteg.html?nl> Security group sets baseline standard for firewalls Four security software rivals are have teamed up to set a baseline standard for application security firewalls, challenging others in the industry to join them. InfoWorld, 11/09/04. <http://www.nwfusion.com/news/2004/1109securgroup.html> Google gives Gmail POP3 support, plans anti-virus Google will roll out POP3 support gradually over the coming weeks to Gmail users, who will be able to use the feature to download mail messages from Gmail servers to e-mail applications on devices such as PCs and wireless devices. IDG News Service, 11/10/04. <http://www.nwfusion.com/news/2004/1110gmail.html?nl> _______________________________________________________________ To contact: Jason Meserve Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at <mailto:[EMAIL PROTECTED]>. Check out his Multimedia Exchange weblog at: <http://www.nwfusion.com/weblogs/multimedia/> _______________________________________________________________ This newsletter is sponsored by Shavlik HFNetChkPro(TM) Security Patch Management: Deploy Windows XP SP2 with Shavlik HFNetChkPro(TM) today! Our free, fully functional, no time-out, trial version helps automate patch delivery and testing with swift scanning and a complete GUI. Start patching in just 30 minutes to ensure that your systems are fully protected against viruses, worms & hackers. Click here to download the trial version today: http://www.fattail.com/redir/redirect.asp?CID=87805 _______________________________________________________________ ARCHIVE LINKS Virus and Bug Patch Alert archive: http://www.nwfusion.com/newsletters/bug/index.html Breaking security news, updated daily http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE NEW! Website dedicated to Networking for Small Business now available The editors of NW Fusion and PC World have combined all their expert advice, authority, and know-how into a powerful new tool for small businesses, the new Networking for Small Business website. Get news, how-to's, product reviews, and expert advice specifically tailored to your small business needs. Find help with Security, Broadband, Networking, Hardware, Software, and Wireless & Mobile technology at: <http://www.networkingsmallbusiness.com/> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
