Search This Blog

Thursday, July 14, 2005

Major fixes from Microsoft, Cisco and others


NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
07/14/05
Today's focus: Major fixes from Microsoft, Cisco and others

Dear security.world@gmail.com,

In this issue:

* Patches from Microsoft, Cisco, Oracle, others
* Beware hackers exploiting the London terrorist attacks with
  e-mail worm
* Cybercrooks lure citizens into international crime
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Hewlett Packard
Special Report-Regulatory Compliance and the Role of Today's CIO

With a growing body of legislation dictating how enterprises may
create, use, share, and retain electronic records, CIOs must
develop data storage and management strategies that meet
regulatory compliance and support their organizations' overall
business goals. Fortunately, these objectives are not mutually
exclusive. Download this Special Report from Kahn Consulting to
learn about the confluence of information management and
regulatory compliance and how it can help your enterprise
realize tangible business benefits. Read now!
http://www.fattail.com/redir/redirect.asp?CID=108265
_______________________________________________________________
FREE NETWORK WORLD PRINT SUBSCRIPTIONS FOR NEWSLETTER
SUBSCRIBERS

Security is one of the most pressing issues in all of IT, and
you need to stay on top of it. Network World delivers the
hottest security news. Network IT Executives depend upon Network
World for the information they need to keep their networks
secure! Subscribe today at
http://www.fattail.com/redir/redirect.asp?CID=108251
_______________________________________________________________

Today's focus: Major fixes from Microsoft, Cisco and others

By Jason Meserve

I wanted to share this quote from the New York Times' John
Tierney regarding the recent sentencing of the Sasser worm
author:

"Make the hacker spend 16 hours a day fielding help desk
inquiries in an AOL chat room for computer novices. Force him to
do this with a user name at least as uncool as KoolDude and to
work on a vintage IBM PC with a 2400-baud dial-up connection.
Most painful of all for any geek, make him use Windows 95 for
the rest of his life."

Exactly. You can read the whole thing here:
<http://www.nytimes.com/2005/07/12/opinion/12tierney.html>

[Full disclosure: I originally saw the quote in the GMSV
newsletter from the San Jose Mercury news.]

Today's bug patches and security alerts:

Microsoft patches IE, Word, Windows

Microsoft has released three software updates that patch
critical security flaws in its products, including a patch for
an Internet Explorer vulnerability that was first reported last
week. The company also released patches for Microsoft Word and
for a feature of the Windows operating system that is used by a
number of applications. All three of the patches, which
Microsoft calls "updates," are rated "critical," meaning that
the flaws they fix could allow malicious code to be installed on
a user's computer with very little user action. The updates
affect current versions of Window sand Internet Explorer as well
as certain older versions of Word, according to Stephen
Toulouse, security program manager with Microsoft's security
response center. IDG News Service, 07/12/05.
<http://www.networkworld.com/nlvirusbug3282>

Microsoft advisories:

Vulnerability in JView Profiler Could Allow Remote Code
Execution:
<http://www.networkworld.com/nlvirusbug3283>

Vulnerability in Microsoft Color Management Module Could Allow
Remote Code Execution:
<http://www.networkworld.com/nlvirusbug3284>

Vulnerability in Microsoft Word Could Allow Remote Code
Execution:
<http://www.networkworld.com/nlvirusbug3285>

Related advisories:

CERT:
<http://www.us-cert.gov/cas/techalerts/TA05-193A.html>

ISS - Microsoft Image Color Management flaw:
<http://xforce.iss.net/xforce/alerts/id/199m>

iDefense - Microsoft Word 2000 and Word 2002 Font Parsing Buffer
Overflow:
<http://www.networkworld.com/go2/0711bug2a.html>
**********

Cisco patches CallManager flaws

Cisco has released an update for its popular CallManager voice
over IP system that fixes a number of flaws. According to an
advisory from the company, "Cisco CallManager 3.3 and earlier,
4.0, and 4.1 are vulnerable to denial-of-service attacks, memory
leaks, and memory corruption which may result in services being
interrupted, servers rebooting, or arbitrary code being
executed." For more, go to:
<http://www.networkworld.com/nlvirusbug3286>

Related ISS advisory:
<http://xforce.iss.net/xforce/alerts/id/200>

Cisco fixes ONS 15216 OADM Telnet Denial-of-Service

According to Cisco, "The Cisco ONS 15216 OADM (Optical Add/Drop
Multiplexer) contains a vulnerability in the handling of telnet
sessions that can cause a denial-of-service condition in the
management plane. Traffic going through the Cisco ONS 15216 OADM
(i.e. transit traffic), is not affected when the management
plane is under a denial-of-service condition. However, clearing
the denial-of-service condition on the management plane requires
resetting the device, which impacts transit traffic." For more,
go to:
<http://www.networkworld.com/nlvirusbug3287>

Cisco issues fix for Security Agent vulnerability

Cisco's Security Agent network security software is vulnerable
to a denial-of-service attack. The attacker would have to
continually send specially crafted IP packets through the system
in order to exploit the flaw. For more, go to:
<http://www.networkworld.com/nlvirusbug3288>
**********

Oracle releases critical security updates

Oracle has released its latest quarterly batch of security
updates, offering fixes for several dozen security flaws in its
database, application server, business applications and other
products. IDG News Service, 07/13/05.
<http://www.networkworld.com/nlvirusbug3289>

Oracle advisory:
<http://www.networkworld.com/go2/0711bug2b.html>

Related CERT advisory:
<http://www.us-cert.gov/cas/techalerts/TA05-194A.html>
**********

Mozilla patches bugs in Firefox, Thunderbird

The Mozilla Foundation Tuesday fixed a number of security bugs
in its Firefox Web browser, many of which will also be patched
in upcoming releases of Mozilla's Thunderbird e-mail client and
Mozilla Internet software suite. IDG News Service, 07/12/05.
<http://www.networkworld.com/nlvirusbug3290>
**********

Flaw in Lotus Notes Webmail interface

SecurityTracker is warning of flaw in the Lotus Notes Webmail
interface that could allow HTML attachments to be opened and
executed without warning. An attacker could exploit this by
adding malicious code to the HTML page. For more, go to:
<http://securitytracker.com/alerts/2005/Jul/1014440.html>
**********

Apple releases Mac OS X v10.4.2 update

A new Mac OS X update from Apple fixes flaws in Dashboard and
the TCP/IP stack. The most serious of the flaws could be
exploited to run malicious code. For more, go to:
<http://docs.info.apple.com/article.html?artnum=301948>

Apple patches DoS flaw in Darwin Streaming Server

The Darwin Streaming Server's Web-based administration console
is vulnerable to a denial-of-service attack. A fix is available.
For more, go to:
<http://developer.apple.com/darwin/projects/streaming/>
**********

MIT patches Kerberos 5

MIT is reporting a number of flaws in its Kerberos 5 Key
Distribution Center. Attackers could exploit the flaws in
denial-of-service attacks against the server or potentially take
control of the entire Kerberos realm. For more, go to:
<http://www.networkworld.com/nlvirusbug3291>

Related fix from Gentoo:
<http://security.gentoo.org/glsa/glsa-200507-11.xml>
**********

Today's roundup of virus alerts:

Troj/Spexta-A -- This one should probably fall under the heading
"scum of the week." Hackers are exploiting the London terrorist
attacks with an e-mail worm that claims to have video of the
attack's aftermath in a ZIP file (LondonTerrorMovie.zip). It's
really a worm. (F-Secure, Sophos)

W32/Codbot-P -- A new Codbot Trojan that spreads through network
shares and can be used for a number of malicious applications,
including running FTP servers and logging keystrokes. (Sophos)

W32/Rbot-AHT -- Another new Rbot variant that spreads through
network shares by exploiting a number of well known Windows
vulnerabilities. It can allow backdoor access through IRC. It
installs itself as "service.exe" in the Windows System folder.
(Sophos)

W32/Rbot-BWI -- A new Rbot variant that is very similar to
Rbot-AHT above. This one uses "SetPoint.exe" as the infected
file. (Sophos)

Troj/Zlob-L -- A downloader Trojan that drops "notepad.exe" and
"msmsgs.exe" on the infected machine and can be used to download
additional code. (Sophos)

W32/Mytob-DJ -- A new Mytob e-mail worm that provides backdoor
IRC access and disables access to security related Web sites by
modifying the Windows HOSTS file. It drops "winsvc32.exe" in the
Windows System folder. (Sophos)

W32/Mytob-DK -- Another Mytob variant. This one displays a bunch
of fake messages on the infected system and drops
"fuuuucktttttt.exe". (Sophos)

W32/Mytob-DM -- Yet another Mytob variant. This one if very
similar to Mytob-DJ above, except its infected file is
"winNTsys32.exe". (Sophos)

Troj/RNWatch-A -- A backdoor Trojan that copies "winierun.exe"
and "bfwinier.exe" to the infected host. No word on what damage
it could cause or purposes it could be used for. (Sophos)

W32/Sdbot-AAL -- This new Sdbot variant spreads through network
shares, exploiting weak or non-existent passwords. It drops
"msnup32.exe" in the Windows System folder and attempts to
delete network shares every 2 minutes. (Sophos)

W32/Agobot-TA -- This Agobot variant provides backdoor access to
the infected machine and drops "windowsfw.exe" in the Windows
System folder. It spreads through weakly protected network
shares. (Sophos)
**********

From the interesting reading department:

Cybercrooks lure citizens into international crime

Karl and other ordinary citizens are being widely recruited by
international crime groups to serve as unwitting collaborators
-- referred to as mules -- in Internet scams to convert stolen
personal and financial data into tangible goods and cash.
Cybercriminals order merchandise online with stolen credit cards
and ship the goods overseas -- before either the credit card
owner or the online merchant catches on. The goods then are
typically sold on the black market. USA Today, 07/10/05.
<http://www.networkworld.com/go2/0711bug2c.html>
_______________________________________________________________
To contact: Jason Meserve

Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>

Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Hewlett Packard
Special Report-Regulatory Compliance and the Role of Today's CIO

With a growing body of legislation dictating how enterprises may
create, use, share, and retain electronic records, CIOs must
develop data storage and management strategies that meet
regulatory compliance and support their organizations' overall
business goals. Fortunately, these objectives are not mutually
exclusive. Download this Special Report from Kahn Consulting to
learn about the confluence of information management and
regulatory compliance and how it can help your enterprise
realize tangible business benefits. Read now!
http://www.fattail.com/redir/redirect.asp?CID=108264
_______________________________________________________________
ARCHIVE LINKS

Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html

Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
THE ROI OF VOIP

When it comes to VoIP, most network managers are satisfied that
the technology works. But there are questions: What will the new
technology cost to roll out and support, and what benefits can
companies expect to reap? Check out NW's step-by-step guide on
how to determine the true cost and benefits of VoIP. Click here:
<http://www.networkworld.com/research/2005/071105-voip.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

Posted by at

1 comment:

Anonymous said...

valium without prescriptions order valium online - diazepam valium cheap

11:49 PM

Post a Comment

Subscribe to: Post Comments (Atom)