NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT 12/02/04 Today's focus: Microsoft plugs new IE hole
Dear [EMAIL PROTECTED], In this issue: * Patches from Microsoft, Gentoo, Conectiva, others * Beware new strain of Skulls Trojan hitting smart phones * Universities struggling with SSL-busting spyware, and other ��interesting reading * Links related to Virus and Bug Patch Alert * Featured reader resource _______________________________________________________________ This newsletter is sponsored by SBC Dialing for Dollars CRATE & BARREL'S VOIP MOVE NETS SAVINGS AND FLEXIBILITY An apples-to-apples comparison showed that a centralized, software-based, IP-based platform could provide significant cost savings and productivity benefits over a comparable, traditional PBX system. Download whitepaper now, click here http://www.fattail.com/redir/redirect.asp?CID=88831 _______________________________________________________________ COMPREHENSIVE APPLICATIONS RESOURCE Go to NW Fusion's Research Center for detailed information on applications. Find the latest breaking news, case studies, white papers, commentary, reviews and more. Topics on how to rebuild Jboss from source code, how to build advanced forms, compartmentalizing the internet and more are all found in the Research Center. Click here: http://www.fattail.com/redir/redirect.asp?CID=89345 _______________________________________________________________ Today's focus: Microsoft plugs new IE hole By Jason Meserve Today's bug patches and security alerts: Microsoft plugs IE hole with special patch Microsoft Wednesday released an update to Internet Explorer to fix a security flaw that was discovered a month ago and has since been exploited to attack users. IDG News Service, 12/01/04. <http://www.nwfusion.com/news/2004/1201microplugs.html?nl> Microsoft advisory: http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx CERT advisory: <http://www.us-cert.gov/cas/techalerts/TA04-336A.html> Microsoft investigates Windows Server flaw Microsoft said it is investigating a security flaw in Windows server software that could allow an attacker to gain complete control over systems running the software. IDG News Service, 12/01/04. <http://www.nwfusion.com/news/2004/1201microinves.html?nl> Related ISS advisory: <http://xforce.iss.net/xforce/alerts/id/184> ********** Linux vendors patch XPM library, related applications A number of vulnerabilities have been found in the XPM library used by several GUI applications. A local attacker could exploit these to gain elevated privileges on the affected machine. For more, go to: Gentoo: <http://security.gentoo.org/glsa/glsa-200411-28.xml> Mandrake Linux: <http://www.nwfusion.com/go2/1129bug2a.html> SuSE/Novell: <http://www.nwfusion.com/go2/1129bug2b.html> ********** Gentoo releases patch for GIMPS, [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>, ChessBrain The installation process for GIMPS, [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>, and ChessBrain may allow user-owned files to be run with root privileges. For more, go to: <http://security.gentoo.org/glsa/glsa-200411-26.xml> Gentoo patches unarj Unarj, a ARJ archive decompress utility, is vulnerable to long filenames. If encountered, such a filename could cause a buffer overflow, which could be used overwrite files on the affected system. For more, go to: <http://security.gentoo.org/glsa/glsa-200411-29.xml> Gentoo updates pdftohtml According to an alert from Gentoo, "pdftohtml includes vulnerable Xpdf code to handle PDF files, making it vulnerable to execution of arbitrary code upon converting a malicious PDF file." For more, go to: <http://security.gentoo.org/glsa/glsa-200411-30.xml> Gentoo issues fix for ProZilla ProZilla, a download acceleration tool, is vulnerable to multiple buffer overflows. These could be exploited to run any code on the affected machine. For more, go to: <http://security.gentoo.org/glsa/glsa-200411-31.xml> ********** Conectiva, OpenPKG add cyrus-imapd patches A flaw in the Cyrus IMAP daemon (cyrus-imapd) commands parser could be exploited to access memory beyond the allocated limit. This could be used to run an attacker's code of choice on the affected machine. For more, go to: Conectiva: <http://www.nwfusion.com/go2/1129bug2c.html> OpenPKG: <http://www.openpkg.org/security/OpenPKG-SA-2004.051-imapd.txt> ********** Two new "multi" packages from Trustix Trustix has rolled out two new updates that encompass a range of applications. The first fixes flaws in apache, the kernel, and sudo. The second flaws in amavisd-new, anaconda, courier-imap, cyrus-imapd, cyrus-sasl, file, kernel, mkbootdisk, mysql, rpm, samba, setup, and swup. For more, go to: Multi #1: <http://www.trustix.org/errata/2004/0061/> Multi #2: <http://www.trustix.org/errata/2004/0063/> ********** Conectiva issues MySQL fix A new update for Conectiva's implementation of MySQL fixes a number of vulnerabilities found in previous releases. The flaws could be used to crash a machine or gain elevated privileges. For more, go to: <http://www.nwfusion.com/go2/1129bug2d.html> Conectiva patches shadow-utils A local attacker could bypass certain authorization restrictions and change the standard shell of other users on the affected system. For more, go to: <http://www.nwfusion.com/go2/1129bug2e.html> Conectiva releases update for bugzilla A flaw in Bugzilla, the bug tracking system, could be exploited by users to remove keywords from trouble tickets without the proper permissions. For more, go to: <http://www.nwfusion.com/go2/1129bug2f.html> ********** Flaw in ZoneAlarm ad-blocking feature The ad-blocking feature in Zone Labs' ZoneAlarm firewall product is vulnerable to certain Web pages with JavaScript in them. A malicious user could exploit this to crash the affected system. Version 5.5.062 of ZoneAlarm fixes the problem. For more, go to: <http://download.zonelabs.com/bin/free/securityAlert/18.html> ********** SecureCRT security update available A flaw in the way SecureCRT Version 4.1 and 4.0 handle the '/F' command line option could be exploited to run VBScript commands on targeted machines that use the application. Upgrade to Version 4.1.9 to fix the issue. For more, go to: <http://www.vandyke.com/download/securecrt/index.html> ********** Today's roundup of virus alerts: New strain of Skulls Trojan hits smart phones Mobile phones running Symbian's Series 60 operating system are the target of a new strain of the Skulls Trojan horse program. The new Trojan comes with the Cabir.B worm, which, unlike the first version of the virus, can spread to other phones within reach of Bluetooth broadcasting range. IDG News Service, 11/30/04. <http://www.nwfusion.com/news/2004/1130newstrai.html?nl> W32/Sality-H - This is a keystroke logger that drops the file "SYSLIB32.DLL" in the Windows System or Temp folder. At certain times on the 10-12th of any month, the virus will display a message on the infected machine. (Sophos) W32/Netsky-AE - A new Netsky variant that uses its own SMTP engine to spread via e-mail. This variant drops the file "Jammer2nd.exe" in the Windows System folder. (Sophos) Troj/Bancban-AH - A worm that targets Web sites of certain banks in Brazil. The worm, which installs "LOGIN.EXE" in the Windows directory, tries to log keystroke data of anything entered into particular banking sites. (Sophos) Troj/Banker-AN - Similar to Banban above, this worm targets banking sites (not necessarily limited to Brazil) and downloads pieces of code remotely. (Sophos) W32/Forbot-CW - A new bot variant that installs the file "scman.exe" in the Windows System directory. The worm can be accessed through an IRC backdoor and be used to steal information and participate in distributed denial-of-service attacks. (Sophos) Troj/Dloader-EP - A Trojan that attempts to download additional malicious code from a remote Web site. The virus may also report the infected machine's Windows ID to the same remote site. (Sophos) W32/Wurmark-A - This Trojan is programmed in Visual Basic and drops the file "msshed32.exe" in the Windows System directory. (Sophos) W32/Agobot-NZ - An Agobot variant that turns off anti-virus and security related applications after initially installing itself as "gmsvc32.exe" in the Windows System directory. It can also receive remote commands via IRC. (Sophos) ********** >From the interesting reading department: Universities struggling with SSL-busting spyware U.S. universities are struggling with a flare-up of dangerous spyware that can snoop on information encrypted using SSL. Experts are warning that the stealthy software, called Marketscore, could be used to intercept a wide range of sensitive information, including passwords and health and financial data. IDG News Service, 11/30/04. <http://www.nwfusion.com/news/2004/1130univestrug.html?nl> HP to release Virus Throttler for Windows in 2005 HP is planning to build virus throttling technology into ProLiant servers and ProCurve switches starting in early 2005, an HP executive said Tuesday. IDG News Service, 11/30/04. <http://www.nwfusion.com/news/2004/1130hptore.html?nl> Cisco rolls out LAN tsunami Cisco this week unveiled more than 20 LAN switching products designed to improve security, availability, performance and investment protection. Network World Fusion, 11/30/04. <http://www.nwfusion.com/news/2004/1130ciscolan.html?nl> Radware sells intrusion system to KT, Chunghwa Radware hopes that recent success in two of the world's leading broadband Internet markets will lead to greater recognition and further sales for its intrusion detection systems in Asia, Europe and U.S. markets. IDG News Service, 11/30/04. <http://www.nwfusion.com/news/2004/1130radwasells.html?nl> SCO Web site hack mocks company's legal claims Malicious hackers have compromised The SCO Group's Web page twice in as many days, posting messages that appear to mock the company's claims to own parts of the Linux operating system. IDG News Service, 11/29/04. <http://www.nwfusion.com/news/2004/1129scowebs.html?nl> 'Net Insider: Quality of threats rather than quality of software Microsoft seems to have switched to a protection-racket approach. The company has warned users that the intellectual property rights picture with open source software is fuzzy. Now it has moved past merely issuing warnings to issuing implied threats. Network World, 11/29/04. <http://www.nwfusion.com/columnists/2004/112904bradner.html?nl> _______________________________________________________________ To contact: Jason Meserve Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at <mailto:[EMAIL PROTECTED]>. Check out his Multimedia Exchange weblog at: <http://www.nwfusion.com/weblogs/multimedia/> _______________________________________________________________ This newsletter is sponsored by SBC Dialing for Dollars CRATE & BARREL'S VOIP MOVE NETS SAVINGS AND FLEXIBILITY An apples-to-apples comparison showed that a centralized, software-based, IP-based platform could provide significant cost savings and productivity benefits over a comparable, traditional PBX system. Download whitepaper now, click here http://www.fattail.com/redir/redirect.asp?CID=88830 _______________________________________________________________ ARCHIVE LINKS Virus and Bug Patch Alert archive: http://www.nwfusion.com/newsletters/bug/index.html Breaking security news, updated daily http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE COMPREHENSIVE ENTERPRISE STORAGE INFORMATION Go to NW Fusion's Research Center for detailed information on enterprise storage. Find the latest breaking news, case studies, white papers, commentary, reviews and more. Topics on how ILM impacts your storage strategy, how to migrate to a new tape drive, how to link SAN islands and more are all found in the Research Center. Click here: <http://www.nwfusion.com/topics/storage.html> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
