NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
07/28/05
Today's focus: 3Com patches wireless access point
Dear security.world@gmail.com,
In this issue:
* Patches from 3Com, FreeBSD, OpenPKG, others
* Beware latest Sdbot and Mytob variants
* Threat alert highlights vulnerabilities in backup software
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Tacit Networks
Network World Executive Guide: Staying Focused on the Moving
Target that is Storage
Keeping pace with evolving storage strategies, architectures,
and trends is not unlike keeping pace with your organizations
underlying capacity needs. From ILM strategies to SAN management
to the threat of those USB memory sticks, this Network World
Executive Guide will help you stay focused on the moving target
that is Storage. Register now and get a free copy of Network
World's Storage Executive Guide.
http://www.fattail.com/redir/redirect.asp?CID=108907
_______________________________________________________________
CYBERSLACKING - IT COSTS
To the tune of $178 billion annually, according to a recent
study. Employees, at work, are reading the news, checking
personal e-mail, conducting online banking, travel and shopping
more than you might realize. How much time? Click here for more:
http://www.fattail.com/redir/redirect.asp?CID=108714
_______________________________________________________________
Today's focus: 3Com patches wireless access point
By Jason Meserve
There's some wild goings on at this week's Black Hat gathering
in Las Vegas. Lawsuits are flying over what has been disclosed
in one of the conference sessions:
Furor over Cisco IOS router exploit erupts at Black Hat
Although Cisco and Internet Security Systems had abruptly
cancelled a planned technical talk and demo at the Black Hat
Conference to reveal how unpatched Cisco routers can be remotely
compromised, the researcher who had originally uncovered the
problem went ahead with the talk anyway, igniting a spate of
lawsuits against himself and the Black Hat Conference. Network
World, 07/28/05.
<http://www.networkworld.com/nlvirusbug4047>
We're hoping to have more on this legal tussle with Test
Alliance member Rodney Thayer in Monday's Network World Radio
program.
Today's bug patches and security alerts:
3Com patches wireless access point
3Com has released an update for its Office Connect Wireless 11g
Access Point that fixes a flaw in the Web-based administrative
interface. An attacker could exploit the flaw to gather device
configuration information. For more, go to:
<http://webprd1.3com.com/swd/jsp/user/index.jsp?id=OCWAP15>
**********
FreeBSD, OpenPKG patch zlib
A flaw in the way zlib, a file compression/decompression
utility, handles compressed files could be exploited to crash
the application. For more, go to:
FreeBSD:
<http://www.networkworld.com/go2/0725bug2a.html>
OpenPKG:
<http://www.openpkg.org/security/OpenPKG-SA-2005.014-zlib.html>
**********
Linux vendors patch ClamAV
A number of integer overflows have been found in the ClamAV
anti-virus application. An attacker could exploit these flaws
using specially crafted files. The exploit could be used to run
malicious code on the affected machine. For more, go to:
Gentoo:
<http://security.gentoo.org/glsa/glsa-200507-25.xml>
Mandriva:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:125>
**********
More Mozilla Suite, Firefox fixes available
A number of Linux vendors have released update for the Mozilla
Suite and Firefox browser based on multiple flaws found in the
underlying code for both applications. Attackers could gain
elevated privileges by exploiting the flaws. For more, go to:
Gentoo (Mozilla Suite):
<http://security.gentoo.org/glsa/glsa-200507-24.xml>
Ubuntu (Firefox):
<https://www.ubuntulinux.org/support/documentation/usn/usn-149-3>
Ubuntu (Mozilla Suite):
<https://www.ubuntulinux.org/support/documentation/usn/usn-155-1>
**********
Gentoo, Mandriva release Shorewall packages
According to the Gentoo advisory, "A vulnerability in Shorewall
allows clients authenticated by MAC address filtering to bypass
all other security rules." For more, go to:
Gentoo:
<http://security.gentoo.org/glsa/glsa-200507-20.xml>
Mandriva:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:123>
**********
Debian patches heartbeat
Heartbeat, a sub-system for High-Availability Linux, does not
create temporary files in a secure fashion. An attacker could
exploit this using a symlink attack. For more, go to:
<http://www.debian.org/security/2005/dsa-761>
Debian releases fix for affix
According to an alert from Debian, "Kevin Finisterre discovered
two problems in the Bluetooth FTP client from affix, user space
utilities for the Affix Bluetooth protocol stack." For more, go
to:
<http://www.debian.org/security/2005/dsa-762>
**********
Fedora issues krb5 patch
Two flaws in the MIT Kerberos 5 system (krb5) could be exploited
to run arbitrary code on the affected machine. For more, go to:
<http://www.securityfocus.com/archive/1/406384/30/30/threaded>
**********
Gentoo, Ubuntu release fetchmail fixes
A buffer overflow in the popular fetchmail e-mail client could
be exploited in a denial-of-service attack or to potentially
execute arbitrary code. For more, go to:
Gentoo:
<http://security.gentoo.org/glsa/glsa-200507-21.xml>
Ubuntu:
<https://www.ubuntulinux.org/support/documentation/usn/usn-153-1>
**********
Today's roundup of virus alerts:
W32/Sdbot-AAY -- A new Sdbot variant that spreads through
network shares and allows backdoor access via IRC. It drops
"edit.exe" and "RDRIV.SYS" on the infected host. (Sophos)
W32/Sdbot-ZO -- Our second Sdbot worm of the day drops
"burndl32.exe" in the infected machine's Windows System folder.
It too allows backdoor access via IRC. (Sophos)
W32/Sdbot-ABI -- Sdbot number three for today has similar
capabilities to its predecessors. Its main differentiating
characteristic is the file it drops: "clipserv.exe". (Sophos)
W32/Mytob-HM -- This new Mytob e-mail worm can allow backdoor
access through IRC. It drops "yahooicons.exe" on the target host
when a recipient opens the infected attachment, which is usually
a double extension file. (Sophos)
W32/Mytob-DW -- Another Mytob e-mail worm variant. This one
tries to exploit the Windows LSASS vulnerability in its attempt
to penetrate a host. It installs itself as "taskgmr.exe" in the
Windows System directory. (Sophos)
W32/Mytob-BV -- Yet another Mytob variant. This one spreads
through e-mails that look like some sort of account warning from
a system administrator. The attached file usually has a double
extension to fool users. When executed, Mytob-BV drops
"TimeManager.exe" in the Windows System folder. (Sophos)
W32/Mytob-DX -- The fourth Mytob variant of the day drops two
files in the Windows System folder: "taskgmr32.exe" and
"winnet32.exe". It too allows backdoor access through IRC and
limits access to security Web sites by modifying the Windows
HOSTS file. (Sophos)
Troj/Mdrop-F -- A Trojan that drops "veja_fotos.exe" in a
temporary folder. No word on how it spreads. (Sophos)
Troj/Myftu-H -- A password-stealing Trojan that sends its bounty
via HTTP. The key file that it drops on the infected host is
"cMovie.exe" in the Program Files folder. (Sophos)
W32/Rbot-AJA -- An Rbot variant designed to steal information
from the infected host and participate in Internet-based
denial-of-service attacks. It spreads through network shares by
exploiting a number of known Windows vulnerabilities, all of
which have patches available. (Sophos)
Riot Immort-51 -- An old-school DOS virus that infects COM
files. It may display the message "iMMoRTaL.510 Encrypted!!}"
(Sophos)
W32/Randon-AO -- A Trojant that tries to exploit the Windows
LSASS vulnerability as it spreads through network shares. It
drops a number of files on its host and can provide backdoor
access via IRC channels. (Sophos)
Troj/Bancban-DY -- Another worm that targets the username and
password data for Brazilian banking sites. It sends the
collected data to a predefined Web site. (Sophos)
**********
From the interesting reading department:
Threat alert highlights vulnerabilities in backup software
The SANS Institute Monday reported 422 new Internet security
vulnerabilities discovered during the second quarter, up nearly
11% from the first quarter, with weaknesses in popular backup
software highlighting the report. NetworkWorld.com, 07/25/05.
<http://www.networkworld.com/news/2005/072505-backup.html?nl>
The top 5: Today's most-read stories
1. 2005 Salary Survey
<http://www.networkworld.com/nlvirusbug4048>
2. Cisco nixes conference session on hacking IOS router code
<http://www.networkworld.com/nlvirusbug4049>
3. Verizon joins managed security game
<http://www.networkworld.com/nlvirusbug4050>
4. Schools battle personal data hacks
<http://www.networkworld.com/nlvirusbug4051>
5. VoIP security threats: Fact or fiction?
<http://www.networkworld.com/nlvirusbug4052>
Today's most forwarded story:
The ROI of VoIP
<http://www.networkworld.com/research/2005/071105-voip.html>
_______________________________________________________________
To contact: Jason Meserve
Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>
Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Tacit Networks
Network World Executive Guide: Staying Focused on the Moving
Target that is Storage
Keeping pace with evolving storage strategies, architectures,
and trends is not unlike keeping pace with your organizations
underlying capacity needs. From ILM strategies to SAN management
to the threat of those USB memory sticks, this Network World
Executive Guide will help you stay focused on the moving target
that is Storage. Register now and get a free copy of Network
World's Storage Executive Guide.
http://www.fattail.com/redir/redirect.asp?CID=108906
_______________________________________________________________
ARCHIVE LINKS
Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html
Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
SIX TIPS FOR GETTING WHAT YOU DESERVE
Before you go in for your next annual review or promotion
interview, you would be wise to consider these tips for ensuring
you've got the right stuff to move ahead. Network executives
offer advice to help you gun for that next promotion and fatten
up your paycheck. Click here:
<http://www.networkworld.com/you/2005/072505-salary-side2.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2
International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
1 comment:
valium without prescriptions valium and pregnancy - valium 5mg pill
Post a Comment