NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT 11/18/04 Today's focus: Samba buffer overflow patched
Dear [EMAIL PROTECTED], In this issue: * Patches from Mandrake Linux, Conectiva, Debian, others * Beware latest Bofra (formerly MyDoom variant) going around * AOL upgrade packs security tools, and other interesting ��reading * Links related to Virus and Bug Patch Alert * Featured reader resource _______________________________________________________________ This newsletter is sponsored By BMC Software Linking IT Priorities to Business Objectives, an IDC whitepaper. Get insights from IDC on aligning business goals and IT priorities. IDC offers practical, actionable information on how Business Service Management can help you reduce operating costs, improve service levels, respond faster to business needs and protect delivery of business-critical. Click here to download this whitepaper now. http://www.fattail.com/redir/redirect.asp?CID=88345 _______________________________________________________________ DOWNLOAD INDUSTRY WHITE PAPERS NOW NW Fusion's White Paper Library is your source for the latest industry white papers. Recent additions to the library include white papers on WLAN Security; IT Documentation; protecting the internal network from worms, Trojan horses, and other malware threats; measuring employee productivity and more. Click here to download: http://www.fattail.com/redir/redirect.asp?CID=88322 _______________________________________________________________ Today's focus: Samba buffer overflow patched By Jason Meserve Virtual Showdown: How best to patch Shavlik, BigFix, Altiris, Configuresoft, Citadel Security Software and Symantec reps are in our showdown waiting to take your questions on patch management. Get your questions answered and watch them field those on patch testing, agent vs. agent-less approach, building secure code and more. <http://www.nwfusion.com/cgi-bin/forum/gforum.cgi?post=1964> Today's bug patches and security alerts: Samba buffer overflow patched A buffer overflow vulnerability in Samba, an open source file/print server application, could be exploited by an attacker to run any code they wished on the affected machine. Version 3.08 of Samba is said to fix the problem. For more, go to: e-Matters advisory: <http://security.e-matters.de/advisories/132004.html> Samba download page: <http://us1.samba.org/samba/download/> Gentoo: <http://security.gentoo.org/glsa/glsa-200411-21.xml> Mandrake Linux: <http://www.nwfusion.com/go2/1115bug2a.html> SuSE: <http://www.suse.com/de/security/2004_40_samba.html> Trustix (update also fixes flaws in sudo, gd and sqlgrey): <http://www.trustix.org/errata/2004/0058/> ********** Updated Apache packages available Problems with the get_tag() function of mod_include module for Apache have been fixed by a number of vendors. The flaw could be used to "run arbitrary code with the rights of an httpd child process." For more, go to: Conectiva: <http://www.nwfusion.com/go2/1115bug2b.html> Debian: <http://www.debian.org/security/2004/dsa-594> Gentoo: <http://security.gentoo.org/glsa/glsa-200411-18.xml> Mandrake Linux (apache): <http://www.nwfusion.com/go2/1115bug2c.html> Mandrake Linux (apache2): <http://www.nwfusion.com/go2/1115bug2d.html> ********** Mandrake Linux, OpenPKG patch gd A buffer overflow in the gd graphics library could be exploited in a denial-of-service attack against the affected machine or to potentially run any code. For more, go to: Mandrake Linux: <http://www.nwfusion.com/go2/1115bug2e.html> OpenPKG: <http://www.openpkg.org/security/OpenPKG-SA-2004.049-gd.txt> ********** Mandrake Linux patches sudo A new sudo update fixes a flaw in the way "bash" functions are exported to other applications. A user could exploit the flaw to run arbitrary commands on the affected machine. For more, go to: <http://www.nwfusion.com/go2/1115bug2f.html> ********** Conectiva, OpenPKG release patch for libxml Multiple buffer overflows have been found in the various libxml image handling libraries. These could be exploited in a denial-of-service attack or to potentially run an attacker's code of choice on the affected machine. For more, go to: Conectiva: <http://www.nwfusion.com/go2/1115bug2g.html> OpenPKG: <http://www.openpkg.org/security/OpenPKG-SA-2004.050-libxml.txt> ********** Debian patches ImageMagick A flaw in the ImageMagick graphics package could be exploited to execute arbitrary code on the affected machine, according to a Debian advisory. For more, go to: <http://www.debian.org/security/2004/dsa-593> ********** OpenPKG patches mysql Several flaws in the MySQL application for OpenPKG could be exploited to gain elevated privileges or any application/malicious code on the affected machine. For more, go to: <http://www.openpkg.org/security/OpenPKG-SA-2004.045-mysql.txt> ********** Skype update fixes two flaws Skype, which makes an IP softphone application, is urging users to upgrade to Version 1.0.0.100 to fix two vulnerabilities in the initial 1.0 release. One flaw revolves around internal data handling and the other is a buffer overflow. No word on how these could be exploited. Download page: <http://www.skype.com/products/skype/windows/> Change log: <http://www.skype.com/products/skype/windows/changelog.html> ********** Today's roundup of virus alerts: IFRAME.BoF - This exploits an iFrame vulnerability in Internet Explorer 6.0. Users are directed to a malicious Web page where this code is hidden. It causes a buffer overflow, which can be used to take control of the affected machine. Unfortunately, no patch is available yet. (Panda Software) W32/Bofra-G - Yet another Bofra (formerly MyDoom variant) going around. It too spreads via e-mail using a couple different messages, but all with attachments ending in 32.exe. It also opens a backdoor on port 6667 and will stop working on December 15th.(Sophos) W32/Forbot-CJ - This bot spreads via network shares and installs itself as "regexpress.exe". It allows backdoor access via IRC and can be used for denial-of-service attacks, as a proxy server, to steal passwords and more. (Sophos) W32/Rbot-PU - An Rbot variant that infects the file "wuamgrd32.exe" in the Windows System directory. It allows backdoor access via IRC, but no word on other damage it can inflict. (Sophos) W32/Rbot-NK - This Rbot variant tries to hide itself as the RealOne Player executable, "realplay.exe". The worm can be controlled via IRC and used for a number of malicious purposes. (Sophos) W32/Ssik-A - Hey, a new name! This worm uses a random filename to infect a Windows machine and displays the message "LoRz reborn!!". It also tries to move the Task Manager application to make the worm harder to stop. (Sophos) W32/Agobot-NX - A new Agobot variant that uses the file "bmsvc32.exe" as its infection point in the Windows System folder. The virus modifies the HOSTS file in an attempt to block access to popular anti-virus and security sites. (Sophos) Troj/Mirchack-D - This is a hacked version of the mIRC chat application. It can be used in a denial of service attack or to install a backdoor on the infected machine. (Sophos) W32/Protoride-W - A backdoor Trojan that listens for commands via IRC. It spreads via network shares using the file "msupdate.exe". (Sophos) W32/Mofei-E - A backdoor application that spreads via network shares. It installs itself as "ALERTER.EXE" and runs as the service "Net Login Helper". It also copies itself in a number of popular applications. (Sophos) ********** >From the interesting reading department: AOL upgrade packs security tools AOL subscribers Thursday will receive a raft of new and enhanced security services as part of their standard package with the launch of AOL 9.0 Security Edition, the latest upgrade of the company's fee-based, consumer-focused online service. IDG News Service, 11/18/04. <http://www.nwfusion.com/news/2004/1118aolupgra.html?nl> Newsletter: Linux is 'most breached' OS on the 'Net, security research firm says. According to London security analysis and consulting firm mi2g, Linux is the most commonly breached operating system on computers connected to the Internet 24/7. Network World Linux Newsletter, 11/10/04. http://www.nwfusion.com/newsletters/linux/2004/1108linux2.html?nl> Internet Security Intelligence Briefing The VeriSign Internet Security Intelligence Briefing reports current trends for Internet growth, usage, security, and online fraud. This briefing includes data and intelligence drawn from VeriSign's Internet infrastructure services, including DNS services, digital certificates (SSL and PKI), Managed Security Services (MSS), Payments, and Fraud Protection Service. VeriSign, November 2004. <http://www.verisign.com/static/017574.pdf> Microsoft releases management tools, expands on DSI model Microsoft Tuesday released a handful of software products that are key elements in its drive to develop a comprehensive management platform for Windows. The company also released the first beta of its newest corporate patch server. Network World Fusion, 11/16/04. <http://www.nwfusion.com/news/2004/1116msdsi.html?nl> AMD readies security, virtualization features for 2006 Advanced Micro Devices plans to build security and virtualization features into its server processors by 2006, the company said Friday during its annual analyst event. IDG News Service, 11/15/04. <http://www.nwfusion.com/news/2004/1115amdreadi.html?nl> Panel: Gov't can't mandate security Now is not the time for the U.S. government to mandate cybersecurity standards to private industry, despite significant threats and a lack of understanding by many company executives. So concluded a panel of government officials that met to discuss the issue in September. IDG News Service, 11/15/04. <http://www.nwfusion.com/news/2004/1115panelgovt.html?nl> _______________________________________________________________ To contact: Jason Meserve Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at <mailto:[EMAIL PROTECTED]>. Check out his Multimedia Exchange weblog at: <http://www.nwfusion.com/weblogs/multimedia/> _______________________________________________________________ This newsletter is sponsored By BMC Software Linking IT Priorities to Business Objectives, an IDC whitepaper. Get insights from IDC on aligning business goals and IT priorities. IDC offers practical, actionable information on how Business Service Management can help you reduce operating costs, improve service levels, respond faster to business needs and protect delivery of business-critical. Click here to download this whitepaper now. http://www.fattail.com/redir/redirect.asp?CID=88344 _______________________________________________________________ ARCHIVE LINKS Virus and Bug Patch Alert archive: http://www.nwfusion.com/newsletters/bug/index.html Breaking security news, updated daily http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE NW FUSION PARTNERS' SITES NOW AVAILABLE Network World Fusion Partners is a collaborative effort between Network World and sponsoring Partner companies. Each microsite contains best-of-breed information as well as custom content not found anywhere else, including a custom email newsletter and special offers. It is current, top-of-mind information that is readily accessible and bundled into one comprehensive package. Visit the NWFusion Partner sites to learn about storage solutions, network access solutions, optical networking and more. Visit NWFusion Partners at: <http://www.nwfusion.com/go/nwprr> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
