NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT 10/07/04 Today's focus: IBM releases 'critical' DB2 update
Dear [EMAIL PROTECTED], In this issue: * Patches from FreeBSD, Mandrake Linux, Gentoo, others * Beware Excel virus that spreads via open workbooks * Super-connected users could aid IM worms, and other ��interesting reading * Links related to Virus and Bug Patch Alert * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Altiris In this era of online self-service, system availability is mission critical. Access to CRM, ERP and SFA systems are constant demands of the workforce. Ensure true 24/7 availability and world-class customer satisfaction by learning about the Best Practices of automated Patch Management and Software updates. See the Network World Special Report - Patch Management: Just one piece of the puzzle. http://www.fattail.com/redir/redirect.asp?CID=83661 _______________________________________________________________ ARE YOU UP TO DATE ON THE EVOLVING STANDARDS AND REGULATIONS? Sign up for Network World's Standards and Regulations News Alert. This weekly alert covers what new standards are emerging, how they are progressing through various standards bodies and how you can take advantage of those standards. Plus, readers are kept up to date on actions by government regulatory bodies that may affect their service providers. Click here to subscribe: http://www.fattail.com/redir/redirect.asp?CID=83538 _______________________________________________________________ Today's focus: IBM releases 'critical' DB2 update By Jason Meserve Today's bug patches and security alerts: IBM releases "critical" DB2 update According to NGSSoftware, IBM has released a "critical" update for its DB2 database engine. The flaws were discovered by NGSSoftware but not released to the public pending the release and installation of the patch. "IBM has updated Fixpak 6 and 7 to 6a and 7a to include fixes for these flaw," according to the NGSSoftware advisory. Patches can be downloaded from: <http://www.nwfusion.com/go2/1004bug2a.html> NGSSoftware: <http://www.nextgenss.com/advisories/db2-01.txt> ********** New security update for Mac OS X Apple has released a new update the fixes issues in CUPS, AFP Server, NetInfo Manager, postfix, QuickTime and ServerAdmin. The QuickTime vulnerability involves specially crafted BMP files and could be exploited to run code on the affected machine. For more, go to: <http://docs.info.apple.com/article.html?artnum=61798> ********** FreeBSD patches syscon A boundary checking error in syscon for FreeBSD could be exploited by an attacker to view kernel memory. This information could be used to gain elevated privileges. For more, go to: <http://www.nwfusion.com/go2/1004bug2b.html> ********** Mandrake Linux patches xine-lib Mandrake Linux's xine-lib, a library used in building multimedia interfaces, contains a number of vulnerabilities that could be used to execute malicious code on a system. For more, go to: <http://www.nwfusion.com/go2/1004bug2c.html> Mandrake Linux releases fix for OpenOffice A flaw in OpenOffice could allow a user to read any other users' documents and files. A fix is available. For more, go to: <http://www.nwfusion.com/go2/1004bug2d.html> ********** Gentoo, Mandrake Linux issue patches for netpbm According to an alert from Mandrake Linux, "A number of temporary file bugs have been found in versions of NetPBM. These could allow a local user the ability to overwrite or create files as a different user who happens to run one of the the vulnerable utilities." For more, go to: Gentoo: <http://security.gentoo.org/glsa/glsa-200410-02.xml> Mandrake Linux: <http://www.nwfusion.com/go2/1004bug2e.html> ********** Gentoo releases patch for jabberd A flaw in Jabber, a presence tool set, could be exploited in a denial-of-service attack against the Jabber daemon. For more, go to: <http://security.gentoo.org/glsa/glsa-200409-31.xml> ********** Debian issues sendmail patch When sendmail is installed on Debian in conjunction with "sasl-bin", the sendmail script will use a fixed username and password. Spammers could exploit this to use the sendmail implementation as a Spam relay. For more, go to: <http://www.debian.org/security/2004/dsa-554> ********** iDefense warns of IBM AIX vulnerability A flaw in the ctstrtcasd application that is installed with root privileges as part of newer AIX systems could be exploited by an attack to overwrite files on the affected system. For more, go to: <http://www.nwfusion.com/go2/1004bug2f.html> ********** Today's roundup of virus alerts: W32/Snoop-A - Not much detail given on this worm other than it spreads via e-mail and copies itself into the folders of popular file-sharing applications. (Sophos) W32/Forbot-AR - This Forbot variant installs itself as "securitychk.exe" after infiltrating through weakly protected network shares. It allows backdoor access via IRC. (Sophos) XM97/Crex-C - An Excel virus that spreads via open workbooks. It seems to look for a VB project named "universelle". (Sophos) W32/Korgo-Q - This virus exploits the Windows LSASS vulnerability and waits for a specially crafted packet coming over port 445. The virus can be used in a DoS attack and potentially download executables from a remote site. (Sophos) HardFull.A - A virus that spreads via removable media and tries to fill the infected machine's hard drive by increasing the size of a related data file. (Panda Software) W32/Rbot-LD - An Rbot variant that installs itself as "spools.exe" in the Windows System directory and allows backdoor access via IRC. (Sophos) W32/Sdbot-PV - This bot spreads via network shares, installing itself as "wuamngr1.exe". Backdoor access is provided via IRC. The virus can be used as a proxy, to download files and launch DoS attacks against third parties. (Sophos) ********** >From the interesting reading department: Super-connected users could aid IM worms Just a few users connected to popular instant messaging networks can cause the spread of worms, while choking off communications from "highly connected" users with many IM correspondents can slow the spread of worms, computer researchers say. IDG News Service, 10/04/04. <http://www.nwfusion.com/news/2004/1004superusers.html?nl> Future Windows component could spur old-school viruses A planned component for Microsoft's next version of Windows is causing consternation among anti-virus experts, who say that the new module, a scripting platform called Microsoft Shell, could give birth to a whole new generation of viruses and remotely exploitable attacks. IDG News Service, 10/04/04. <http://www.nwfusion.com/news/2004/1004futurwindo.html?nl> Getting patching right: A debate There is no silver bullet for patch management and solutions are emerging from multiple industry areas, making it hard to figure out the best course of action. To help put it in perspective, we're challenging a batch of vendors to participate in an online Network World Virtual Showdown "How best to patch" the week of Nov. 15. Network World, 10/04/04. <http://www.nwfusion.com/columnists/2004/100404edit.html?nl> Decru unveils storage security software Start-up Decru Monday announced a software module for its DataFort storage security product that prevents unauthorized users, IT managers and viruses from accessing network data. Network World Fusion, 10/04/04. <http://www.nwfusion.com/news/2004/1004decru.html?nl> Symantec releases data recovery tools Security company Symantec Tuesday announced the availability of new versions of its LiveState data recovery software. IDG News Service, 10/05/04. <http://www.nwfusion.com/news/2004/1005symanrelea.html?nl> Adobe does document security Electronic document giant Adobe said that it was partnering with digital certificate company GeoTrust to provide technology that will allow documents that use Adobe's popular PDF to be digitally certified. IDG News Service, 10/06/04. <http://www.nwfusion.com/news/2004/1005adobedoes.html?nl> CA snags Netegrity for security In a conference call Wednesday, Computer Associates executives detailed how the company plans to incorporate Netegrity's Web access control, identity and provisioning products into CA's own eTrust Identity and Access Management Group. Network World Fusion, 10/06/04. <http://www.nwfusion.com/news/2004/1006canet2.html?nl> Security concerns put MSN Messenger beta on hold Microsoft has suspended the beta testing of the next version of its MSN Messenger client because of a potential security problem, a company spokeswoman said Wednesday. IDG News Service, 10/06/04. <http://www.nwfusion.com/news/2004/1006securconce.html?nl> _______________________________________________________________ To contact: Jason Meserve Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at <mailto:[EMAIL PROTECTED]>. Check out his Multimedia Exchange weblog at: <http://www.nwfusion.com/weblogs/multimedia/> _______________________________________________________________ This newsletter is sponsored by Altiris In this era of online self-service, system availability is mission critical. Access to CRM, ERP and SFA systems are constant demands of the workforce. Ensure true 24/7 availability and world-class customer satisfaction by learning about the Best Practices of automated Patch Management and Software updates. See the Network World Special Report - Patch Management: Just one piece of the puzzle. http://www.fattail.com/redir/redirect.asp?CID=83660 _______________________________________________________________ ARCHIVE LINKS Virus and Bug Patch Alert archive: http://www.nwfusion.com/newsletters/bug/index.html Breaking security news, updated daily http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE THE NEW DATA CENTER Today's top companies are accelerating toward Web-based computing. That means building the new data center -- where grids, virtualization, autonomic computing and other big changes shatter the traditional boundaries on applications and information, and bring the extended enterprise to life. Learn about The New Data Center on NW Fusion's Research Center at: <http://www.nwfusion.com/topics/datacenter.html> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
