Search This Blog

Monday, July 18, 2005

iDefense warns of flaw in Sophos anti-virus


NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
07/18/05
Today's focus: iDefense warns of flaw in Sophos anti-virus

Dear security.world@gmail.com,

In this issue:

* Potpourri of Linux-related patches
* Beware new Mytob variant spreading via e-mail with message,
  "your password has been updated"
* Virus scanner bug cost Trend Micro $8 million, and other
  interesting reading
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Hewlett Packard
Special Report-Regulatory Compliance and the Role of Today's CIO

With a growing body of legislation dictating how enterprises may
create, use, share, and retain electronic records, CIOs must
develop data storage and management strategies that meet
regulatory compliance and support their organizations' overall
business goals. Fortunately, these objectives are not mutually
exclusive. Download this Special Report from Kahn Consulting,
click here
http://www.fattail.com/redir/redirect.asp?CID=108678
_______________________________________________________________
NETWORK MANAGEMENT GOES OPEN SOURCE

Despite vendors' best efforts, the perception of network and
systems management products is that many are high-priced,
require lengthy deployment cycles, entail multiple integration
efforts and necessitate time-consuming customization. Click here
to find out about a new breed of products that just might solve
the NSM woes:
http://www.fattail.com/redir/redirect.asp?CID=108419
_______________________________________________________________

Today's focus: iDefense warns of flaw in Sophos anti-virus

By Jason Meserve

We've got a potpourri of mainly Linux-related patches, so we're
going to go with abbreviated descriptions to get them all out
there. Happy patching!

Today's bug patches and security alerts:

iDefense warns of flaw in Sophos anti-virus

Security researchers at iDefense have found a flaw in the way
Sophos' anti-virus system handles ZIP files. An attacker could
exploit this in a denial-of-service attack. Sophos has released
an update that should download automatically for most users or
it can be grabbed manually from:
<http://www.sophos.com/support/updates>

iDenfense advisory:
<http://www.networkworld.com/go2/0718bug1a.html>
**********

SquirrelMail 1.4.5 released

This latest SquirrelMail release fixes a number of security
vulnerabilities found in previous releases. For more, go to:
<http://www.squirrelmail.org/security/issue/2005-07-13>
**********

Trustix releases "multi" patch

The latest update from Trustix fixes flaws in kerberos5, the
kernel and php4. The most serious of the flaws could be
exploited to run malicious code on the affected machine. For
more, go to:
<http://www.trustix.org/errata/2005/0036/>
**********

Latest Debian Linux updates:

ppxp (privilege release):
<http://www.debian.org/security/2005/dsa-725>

crip (insecure temporary files):
<http://www.debian.org/security/2005/dsa-733>

gaim (DoS):
<http://www.debian.org/security/2005/dsa-734>

cvs (buffer overflow):
<http://www.debian.org/security/2005/dsa-742>

ht (multiple overflows):
<http://www.debian.org/security/2005/dsa-743>

fuse (information disclosure):
<http://www.debian.org/security/2005/dsa-744>

drupal (arbitrary commands):
<http://www.debian.org/security/2005/dsa-745>

phpGroupWare (PHP script injection):
<http://www.debian.org/security/2005/dsa-746>

Ruby (XML-RPC script injection):
<http://www.debian.org/security/2005/dsa-748>

ettercap (malicious code execution):
<http://www.debian.org/security/2005/dsa-749>

dhcpcd (DoS flaw):
<http://www.debian.org/security/2005/dsa-750>

squid (IP spoofing):
<http://www.debian.org/security/2005/dsa-751>

gzip (multiple flaws):
<http://www.debian.org/security/2005/dsa-752>

gedit (format string flaw):
<http://www.debian.org/security/2005/dsa-753>

centericq (insecure temporary files):
<http://www.debian.org/security/2005/dsa-754>

tiff (buffer overflow):
<http://www.debian.org/security/2005/dsa-755>

squirrelmail (multiple vulnerabilities):
<http://www.debian.org/security/2005/dsa-756>
**********

The latest updates from Gentoo Linux:

dhcpcd (DoS flaw):
<http://security.gentoo.org/glsa/glsa-200507-16.xml>

PHP (XML-RPC script injection):
<http://security.gentoo.org/glsa/glsa-200507-15.xml>

Firefox (multiple flaws):
<http://security.gentoo.org/glsa/glsa-200507-14.xml>

pam_ldap and nss_ldap (authentication data leak):
<http://security.gentoo.org/glsa/glsa-200507-13.xml>

Bugzilla (unauthorized access):
<http://security.gentoo.org/glsa/glsa-200507-12.xml>

Ruby (XML-RPC script injection):
<http://security.gentoo.org/glsa/glsa-200507-10.xml>

Acrobat Reader (buffer overflow):
<http://security.gentoo.org/glsa/glsa-200507-09.xml>

phpGroupWare (PHP script injection):
<http://security.gentoo.org/glsa/glsa-200507-08.xml>

phpWebSite (multiple flaws):
<http://security.gentoo.org/glsa/glsa-200507-07.xml>
**********

Mandriva Linux updates:

ClamAV (DoS):
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:113>

leafnode (multiple vulnerabilities):
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:114>

mplayer (heap overflows):
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:115>

cpio (race condition):
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:116>

dhcpcd (DoS flaw):
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:117>

Ruby (XML-RPC script injection):
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:118>

Kerberos5 (multiple flaws):
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:119>

Firefox (multiple flaws):
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:120>
**********

Fedora Legacy recent upadtes:

openssh (insecure file creation):
<http://www.networkworld.com/go2/0718bug1b.html>

telnet (buffer overflows):
<http://www.networkworld.com/go2/0718bug1c.html>

ImageMagick (multiple flaws):
<http://www.networkworld.com/go2/0718bug1d.html>

dhcp (format string vulnerability):
<http://www.networkworld.com/go2/0718bug1e.html>

mailman (buffer overflow):
<http://www.networkworld.com/go2/0718bug1f.html>

gFTP (directory traversal):
<http://www.networkworld.com/go2/0718bug1g.html>

sharutils (symlink attack vulnerability):
<http://www.networkworld.com/go2/0718bug1h.html>

php (XML-RPC script injection):
<http://www.networkworld.com/go2/0718bug1i.html>
**********

Ubuntu advisories:

Linux AMD64 kernel (DoS flaw):
<https://www.ubuntulinux.org/support/documentation/usn/usn-143-1>

wget (multiple flaws):
<https://www.ubuntulinux.org/support/documentation/usn/usn-145-1>

Ruby (XML-RPC script injection):
<https://www.ubuntulinux.org/support/documentation/usn/usn-146-1>
**********

Today's roundup of virus alerts:

Troj/Fishnat-A -- A phishing Trojan that fakes a login for a
specific bank, looking for user name and password information.
(Sophos)

Troj/BindFil-G -- A password-stealing Trojan that drops
"winapi.dll" on the infected machine. (Sophos)

W32/Rbot-AGW -- An Rbot variant that spreads through network
shares and allows backdoor access via IRC. It drops
"winupdat32.exe" in the infected machine's Windows system
folder. (Sophos)

W32/Rbot-AHZ -- Another IRC backdoor Rbot variant. This one
installs itself as "testtts.exe". (Sophos)

W32/Mytob-DP -- This new Mytob variant spreads through e-mail
using a "your password has been updated" message. It drops
"kaspersky.exe" on the infected machine, terminates certain
anti-virus applications and prevents access to security sites by
modifying the Windows HOSTS file. (Sophos)

Troj/FakeAle-D -- A virus that changes the Internet Explorer
default settings and changes the Windows background to a fake
error message. It drops "wp.bmp" and "wp.exe" in the root
directory. (Sophos)

WM97/Sundor-A -- A Microsoft Word macro virus that displays a
picture of an alien on the infected machine. It also attempts to
delete documents and other files. (Sophos)

W32/Francette-T -- An IRC Trojan that spreads through network
shares by exploiting a number of well known Windows
vulnerabilities. It targets specific Internet banking sites,
looking for username and password information. (Sophos)

W32/Forbot-FD -- A Forbot variant that spreads through network
shares by exploiting known Windows flaws and contains a
mass-mailing capability. The mail messages look like account
warning messages. It will install "svchosts.exe" in the Windows
system directly. (Sophos)

W32/Kalel-D -- An e-mail worm that looks like an e-mail account
storage warning. The infected message is titled "**NOTICE**
Mailbox Limitation" and contains the attachment
"mailbox_rules.zip". It can be used to log keystrokes. (Sophos)

Troj/DlDial-A -- A Trojan that terminates any existing dial-up
connection and reconnects to a premium-rate service. (Sophos)

W32/Lebreat-A -- An e-mail worm that attempts to exploit the
Windows LSASS vulnerability. The infected message warns of a
credit card charge of $500.00. It opens an FTP connection on
port 8885 and attempts to download "update3.exe" from a remote
site. (Sophos, F-Secure)

W32/Lebreat-B -- Another similar Lebtreat variant. This one also
attempts a denial-of-service attack against symantec.com.
(Sophos)

W32/Lebreat-C -- A third Lebtreat variant. This one uses a
temporary file "xzy6.tmp". (Sophos)
**********

From the interesting reading department:

Virus scanner bug cost Trend Micro $8 million

Anti-virus software vendor Trend Micro Thursday said that a bug
in its own software that affected thousands of customers has
cost the company $8 million. The issue has also forced it to
lower its revenue and profit forecasts for the April to June
quarter. IDG News Service, 07/14/05.
<http://www.networkworld.com/go2/0718bug1j.html>

VeriSign buys security researcher iDefense for $40 million

Looking to flesh out its line of managed security services
products, VeriSign has snapped up network security researcher
iDefense. The $40 million cash acquisition was completed
Wednesday, according to VeriSign. IDG News Service, 07/14/05.
<http://www.networkworld.com/go2/0718bug1k.html>
_______________________________________________________________
To contact: Jason Meserve

Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>

Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Hewlett Packard
Special Report-Regulatory Compliance and the Role of Today's CIO

With a growing body of legislation dictating how enterprises may
create, use, share, and retain electronic records, CIOs must
develop data storage and management strategies that meet
regulatory compliance and support their organizations' overall
business goals. Fortunately, these objectives are not mutually
exclusive. Download this Special Report from Kahn Consulting,
click here
http://www.fattail.com/redir/redirect.asp?CID=108677
_______________________________________________________________
ARCHIVE LINKS

Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html

Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
THE ROI OF VOIP

When it comes to VoIP, most network managers are satisfied that
the technology works. But there are questions: What will the new
technology cost to roll out and support, and what benefits can
companies expect to reap? Check out NW's step-by-step guide on
how to determine the true cost and benefits of VoIP. Click here:
<http://www.networkworld.com/research/2005/071105-voip.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)