NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
06/09/05
Today's focus: Sun reports flaws in Solaris 10
Dear security.world@gmail.com,
In this issue:
* Patches from Sun, Apple, Gentoo, others
* Beware latest MyTob variants
* Bulletin board hoster loses postings in hacker attack, and
other interesting reading
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Avaya
Evaluating VoIP in the Enterprise
Got VoIP? More and more companies are answering yes...the
reasons vary from cost savings, network flexibility, and ease of
administration. Yet others are drawn to the promise of advanced
VoIP applications such as unified messaging and collaboration.
Register now and get a free copy of Network World's Got VoIP?
Executive Guide, which outlines the keys to successful VoIP
deployments.
http://www.fattail.com/redir/redirect.asp?CID=106327
_______________________________________________________________
NW'S RESEARCH CENTER ON SPAM
Go to NW's Research Center on spam and find our in-depth review
of 16 anti-spam products, our spam calculator to determine how
much spam is costing your enterprise each year, the latest spam
news, advice on how to fight spam and more. For the latest on
spam click here:
http://www.fattail.com/redir/redirect.asp?CID=106026
_______________________________________________________________
Today's focus: Sun reports flaws in Solaris 10
By Jason Meserve
Today's bug patches and security alerts:
Sun reports flaws in Solaris 10
Vulnerabilities in the libc and libproject code libraries that
come with Sun Solaris 10 could be exploited to gain root
privileges on the affected machine. Sun has released a fix. For
more, go to:
<http://www.networkworld.com/nlvirusbug2486>
**********
Spoofing flaw found in Mozilla-based browsers
Researchers at security firm Secunia are warning of an old
spoofing flaw that has found its way back into Mozilla-based
browsers, such as Firefox. Attackers could use this to spoof Web
sites. For more, go to:
<http://secunia.com/advisories/15601/>
**********
Apple releases security update for Mac OS X 10.4
A new update from Apple fixes flaws in AFP Server, Bluetooth,
CoreGraphics, Folder Permissions, launchd, LaunchServices, MCX
client, NFS, PHP and VPN. The most serious of the
vulnerabilities could be exploited to run malicious code on the
affected machine. For more, go to:
<http://docs.info.apple.com/article.html?artnum=301742>
**********
AppSec warns of vulnerability in IBM WebSphere
Security researchers at Application Security have found a
vulnerability in the Web-based admin console of IBM's WebSphere
application server. An attacker could exploit this to run
malicious code on the server. For more, go to:
<http://www.networkworld.com/go2/0606bug2a.html>
IBM advisory:
<http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24009775>
**********
Gentoo patches wordpress
The Wordpress content management system lacks input validation,
which could be exploited in a cross-scripting attack. The
attacker could compromise a victim's browser by exploiting this
flaw. For more, go to:
<http://security.gentoo.org/glsa/glsa-200506-04.xml>
Gentoo releases fix for dzip
A directory traversal vulnerability has been found in dzip, an
open source file compression utility for demo recording of
Quake. An attacker could use this to install files anywhere on
the system. For more, go to:
<http://security.gentoo.org/glsa/glsa-200506-03.xml>
Gentoo issues fix for SilverCity
A number of executables with non-secure file permissions could
be altered, allowing malicious code to be run on the affected
machine. For more, go to:
<http://security.gentoo.org/glsa/glsa-200506-05.xml>
**********
Mandriva patches openssl
An attacker could use a "cache timing attack" to grab pieces of
OpenSSL's cryptographic keys, according to a Mandriva alert. For
more, go to:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:096>
**********
Today's roundup of virus alerts:
Troj/Codebase-K - A virus that exploits the Internet Explorer
CODEBASE vulnerability to execute a malicious file on the
infected machine. It spreads through an HTML page/file with an
embedded object. (Sophos)
Win32.Small.axr - An e-mail virus that tells the user to turn on
their TV to see that Osama Bin Laden has been captured. An
attachment called pics.scr supposedly contains images of the
capture, but is really a virus. (F-Secure)
W32/Mytob-BE - A MyTob variant that exploits the Windows LSASS
vulnerability and allows backdoor access through IRC. It spreads
through an e-mail message that looks like an account or system
warning. The infected attachment will end with the extension
BAT, CMD, PIF, SCR, EXE or ZIP. (Sophos)
W32/Mytob-AJ - A basic MyTob variant that installs itself as
"taskgmr.exe" and limits access to security-related Web sites.
(Sophos)
W32/Mytob-CP - This MyTob variant drops "Lien Van de
Kelder.exe." on the infected machine. It too can limit access to
security sites and disable security applications running on the
host. (Sophos)
W32/Mytob-CV - A similar MyTob variant that drops "We Love Lien
Van de Kelder.exe". (Sophos)
W32/Mytob-BF - Yet another MyTob e-mail variant. This one too
looks like a system warning message and will have a file with a
final extension of PIF, SCR or EXE. It installs "Van de Kelder
Lien.exe" on the host machine. (Sophos)
Troj/Banker-HH - A Trojan that attempts to steal information
entered into banking Web sites. It drops "ieharv.exe" on the
infected machine. (Sophos)
W32/Kalel-B - A mass-mailer/P2P worm that spreads through a
message that looks like an e-mail account suspension message. It
claims the attachment is virus free. It can allow backdoor
access through IRC. (Sophos)
W32/Agobot-AAG - A network worm that spreads by exploiting a
number of known Windows vulnerabilities. It can be used to
download additional malicious code, participate in
denial-of-service attacks and disable anti-virus software. It
installs itself as "wmp9.exe". (Sophos)
**********
From the interesting reading department:
Bulletin board hoster loses postings in hacker attack
Ezboard, hosting service to hundreds of thousands of online
bulletin boards, suffered a hacker attack on Memorial Day that
permanently erased countless postings. Network World, 06/08/05.
<http://www.networkworld.com/nlvirusbug2487>
London man arrested for 2001 NASA hacking
Police in London arrested an unemployed computer systems
administrator, over two years after U.S. authorities said they
would request his extradition to answer charges of hacking U.S.
government computer systems. IDG News Service, 06/08/05.
<http://www.networkworld.com/news/2005/060805-nasa-hack.html?nl>
Supercomm: Securing service provider networks is a matter of
national security
Top executives of major telecom equipment makers say beefing up
security and reliability on service provider networks is
necessary to protect customers and is a matter of national
security. Network World, 06/08/05.
<http://www.networkworld.com/go2/0606bug2b.html>
_______________________________________________________________
To contact: Jason Meserve
Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>
_______________________________________________________________
This newsletter is sponsored by Avaya
Evaluating VoIP in the Enterprise
Got VoIP? More and more companies are answering yes...the
reasons vary from cost savings, network flexibility, and ease of
administration. Yet others are drawn to the promise of advanced
VoIP applications such as unified messaging and collaboration.
Register now and get a free copy of Network World's Got VoIP?
Executive Guide, which outlines the keys to successful VoIP
deployments.
http://www.fattail.com/redir/redirect.asp?CID=106326
_______________________________________________________________
ARCHIVE LINKS
Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html
Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
VoIP SECURITY
For the latest in VoIP security, check out NW's Research Center
on this very topic. Here you will find a collection of the
latest news, reviews, product testing results and more all
related to keeping VoIP networks secure. Click here for more:
<http://www.networkworld.com/topics/voip-security.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2
International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To unsubscribe from promotional e-mail go to:
<http://www.nwwsubscribe.com/Preferences.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment