NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
08/15/05
Today's focus: Attacks reported for critical Veritas Backup
Exec flaw
Dear security.world@gmail.com,
In this issue:
* Patches from Red Hat, Mandriva, SuSE, others
* Beware network worm that tries to exploit a number of known
Windows vulnerabilities
* Patching day still a work in progress, and other interesting
reading
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Avaya
Network World Executive Guide: Evaluating VoIP in the Enterprise
Got VoIP? More and more companies are answering yes...the
reasons vary from cost savings, network flexibility, and ease of
administration. Yet others are drawn to the promise of advanced
VoIP applications such as unified messaging and collaboration.
Register now and get a free copy of Network World's Got VoIP?
Executive Guide, which outlines the keys to successful VoIP
deployments.
http://www.fattail.com/redir/redirect.asp?CID=110555
_______________________________________________________________
VOIP SECURITY THREATS: FACT OR FICTION?
Although it's difficult to find a company that has suffered at
the hands of VoIP abusers, viruses, spam and phishing have run
rampant on other IP-based communications systems. Will similar
threats find their way to VoIP? Find out what the experts say
and how should prepare your network against such potential
abuses. Click here:
http://www.fattail.com/redir/redirect.asp?CID=110069
_______________________________________________________________
Today's focus: Attacks reported for critical Veritas Backup
Exec flaw
By Jason Meserve
Today's bug patches and security alerts:
Attacks reported for critical Veritas Backup Exec flaw
Attackers are reported to be exploiting an unpatched
vulnerability in Symantec's Veritas Backup Exec Agent for
Windows software, according to an alert published Friday by
Symantec. IDG News Service, 08/15/05.
<http://www.networkworld.com/news/2005/081305-vertitas-flaw.html>
CERT advisory:
<http://www.us-cert.gov/cas/techalerts/TA05-224A.html>
ISS alert:
<http://xforce.iss.net/xforce/alerts/id/204>
**********
Exploits on the loose for latest Microsoft bugs
Just days after the release of Microsoft's latest security
patches, security researchers have begun publishing software
that could be used to seize control of unpatched Windows
computers. IDG News Service, 08/12/05.
<http://www.networkworld.com/nlvirusbug5095>
**********
Red Hat, Ubuntu patch gaim
A new update for Gaim, an open source instant messaging client,
fixes a potential denial-of-service vulnerability. For more, go
to:
Red Hat:
<http://rhn.redhat.com/errata/RHSA-2005-627.html>
Ubuntu:
<https://www.ubuntulinux.org/support/documentation/usn/usn-168-1>
**********
Mandriva, Ubuntu patch heartbeat
Heartbeat, a sub-system for High-Availability Linux, does not
create temporary files in a secure fashion. An attacker could
exploit this using a symlink attack. For more, go to:
Mandriva:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:132>
Ubuntu:
<https://www.ubuntulinux.org/support/documentation/usn/usn-165-1>
**********
Ubuntu releases patch for Evolution
Flaws in the Evolution e-mail client could be exploited in a
denial-of-service attack or to potentially run malicious code on
the affected system. For more, go to:
<https://www.ubuntulinux.org/support/documentation/usn/usn-166-1>
Ubuntu fixes netpbm
A flaw in one of the conversion tool attributes could be
exploited by an attacker to run malicious commands on the
affected system. For more, go to:
<https://www.ubuntulinux.org/support/documentation/usn/usn-164-1>
**********
SuSE patches multiple flaws
A new update from SuSE fixes flaws in mozilla, Mozilla Firefox,
epiphany and galeon. Most of the vulnerabilities could leak
sensitive system information. For more, go to:
<http://www.networkworld.com/go2/0815bug1a.html>
**********
Debian releases new AMD64 packages
A new update to Debian Linux implementation for the AMD64
platform fixes several flaws found in previous releases. For
more, go to:
<http://www.debian.org/security/2005/dsa-773>
Debian patches fetchmail
According to an alert from Debian, "Edward Shornock discovered a
bug in the UIDL handling code of fetchmail, a common POP3, APOP
and IMAP mail fetching utility. A malicious POP3 server could
exploit this problem and inject arbitrary code that will be
executed on the victim host. If fetchmail is running as root,
this becomes a root exploit." For more, go to:
<http://www.debian.org/security/2005/dsa-774>
**********
Mandriva patches xpdf, gpdf
A bug in the xpdf and gpdf PDF document view applications could
cause all system resources to be consumed, resulting in a denial
of service. For more, go to:
xpdf:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:134>
gpdf:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:136>
**********
Today's round up of virus alerts:
W32/Zotob-A -- A new worm that seems to be spreading more
quickly than most others. It's a backdoor Trojan that allows
access via IRC and modifies to the Windows HOSTS file to limit
access to security related Web sites. It drops "botzor.exe" on
the infected host after exploiting one of a number of known
Windows flaws. (Sophos)
W32/Zotob-B -- Another Zotob variant with a minor change: It
uses "csm.exe" as its infection point. (Sophos)
W32/Mytob-JM -- This latest Mytob variant spreads through e-mail
messages that look like account security warnings. The message
prompts users to open the attached file, which usually has a
double extension. The virus installs itself as "Lien Van de
Kelder.exe" and disables access to security related Web sites by
modifying the Windows HOSTS file. (Sophos)
W32/Mytob-HM -- Another new Mytob variant uses messages that
look like a bounced e-mail. Mytob-HM has similar functionality
as Mytob-JM above, except it uses the file "yahooicons.exe" as
its infection point. (Sophos)
Troj/Weasyw-B -- This virus can be used to download additional
code from a remote Web site. It uses a randomly named file to
infect a machine. (Sophos)
W32/Tilebot-E -- A network worm that tries to exploit a number
of known Windows vulnerabilities. It drops "vsmom.exe" and
"msvnc.sys" on the infected machine and call allow backdoor
access via IRC. (Sophos)
Troj/Bancban-EG -- This Trojan steals username and password
information for Brazilian banking sites. It installs "cssrs.exe"
in the Windows System folder. (Sophos)
Troj/Litebot-B -- A Trojan horse that provides backdoor access
via IRC. It drops "uninst.bat" on the infected machine. (Sophos)
Troj/Nailpol-A -- A virus that injects its code into other
applications to remain active. It can also change file names in
order to avoid detection. (Sophos)
Troj/ServU-BC -- A modified FTR server that runs continuously on
port 43958. It also reads from the file "chkdrv.vxd". (Sophos)
**********
From the interesting reading department:
Patching day still a work in progress
In what has become the technology equivalent of a monthly
tetanus shot, IT administrators wait for the second Tuesday of
the month knowing that what doesn't kill them will make their
networks stronger. Network World, 08/15/05.
<http://www.networkworld.com/news/2005/081505-patch.html>
Technology Insider: E-mail encryption
Encryption won't solve all your security problems, but these
days there's no excuse for not protecting sensitive data whether
it's in e-mail, sitting in a database or on a backup tape on the
way to your offsite storage facility. Network World, 08/15/05.
<http://www.networkworld.com/nlvirusbug5096>
Mobile viruses could score big at soccer World Cup
Next year's FIFA World Cup soccer tournament in Germany could be
fertile ground for mobile phone viruses if the World Athletics
Championships in Finland, which ended Sunday, are any
indication, security experts warn. IDG News Service, 08/15/05.
<http://www.networkworld.com/nlvirusbug5097>
The top 5: Today's most-read stories
1. Cisco to double Catalyst 6500 switch capacity in coming
months, report says
<http://www.networkworld.com/nlvirusbug5098>
2. Ex WorldCom CFO Sullivan gets 5 years in jail
<http://www.networkworld.com/nlvirusbug5099>
3. Microsoft open source exec: Not the loneliest guy in Redmond
<http://www.networkworld.com/nlvirusbug4981>
4. Cisco mulls acquiring Nokia, report says
<http://www.networkworld.com/nlvirusbug5100>
5. IT staff shortage looming
<http://www.networkworld.com/nlvirusbug5101>
_______________________________________________________________
To contact: Jason Meserve
Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>
Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Avaya
Network World Executive Guide: Evaluating VoIP in the Enterprise
Got VoIP? More and more companies are answering yes...the
reasons vary from cost savings, network flexibility, and ease of
administration. Yet others are drawn to the promise of advanced
VoIP applications such as unified messaging and collaboration.
Register now and get a free copy of Network World's Got VoIP?
Executive Guide, which outlines the keys to successful VoIP
deployments.
http://www.fattail.com/redir/redirect.asp?CID=110554
_______________________________________________________________
ARCHIVE LINKS
Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html
Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
HARD WORK, GOOD PAY
According to Network World's 2005 Salary Survey, network
professionals are enjoying substantial increases in pay,
especially at the highest- and lowest-tier job titles. But are
those increases coming with higher titles, more work or both?
Find out if compensation alone is keeping network professionals
happy in their careers - or is something else? Click here:
<http://www.networkworld.com/you/2005/072505-salary-survey.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2
International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment