NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
08/08/05
Today's focus: Patch Tuesday coming
Dear security.world@gmail.com,
In this issue:
* Patches from Microsoft, Mandriva, Gentoo, others
* Beware new Bagle variant that spreads through e-mail and
peer-to-peer file sharing networks
* Google now a hacker's tool, and other interesting reading
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Nokia
Empower Your Mobile Enterprise
Nokia believes that business mobility will fundamentally change
the way work gets done-and for the better. To allow the entire
organization to get the most from this paradigm shift in
productivity, Nokia Enterprise Solutions focuses on delivering
increased efficiency through enhanced mobility. Learn more by
downloading this white paper today!
http://www.fattail.com/redir/redirect.asp?CID=109971
_______________________________________________________________
FREE NETWORK WORLD PRINT SUBSCRIPTIONS - SIGN UP NOW!
Security is one of the most pressing issues in all of IT, and
you need to stay on top of it. Network World delivers the
hottest security news. Network IT Executives depend upon Network
World for the information they need to keep their networks
secure! SUBSCRIBE TODAT AT:
http://www.fattail.com/redir/redirect.asp?CID=110021
_______________________________________________________________
Today's focus: Patch Tuesday coming
By Jason Meserve
Get ready for Patch Tuesday:
Microsoft to release 'critical' patches [this] week
Microsoft will release six software patches [this] Tuesday
covering flaws in its Windows operating system. The company also
is planning to release an updated version of its Microsoft
Windows Malicious Software Removal Tool, and a nonsecurity
update for Windows, Microsoft said in a statement posted to its
Web site Thursday. IDG News Service, 08/04/05.
<http://www.networkworld.com/nlvirusbug4552>
And if the monthly Microsoft patch cycle was not enough, the
Cisco IOS story keeps getting better:
Questions dog Cisco routers
Heavy fallout continues on several fronts from a security
researcher's recent disclosure that unpatched Cisco routers can
be subverted by buffer-overflow attacks and shell-code exploits.
Network World, 08/08/05.
<http://www.networkworld.com/news/2005/080805-cisco-routers.html>
Today's bug patches and security alerts:
Mandriva, Ubuntu releases fixes for Apache, Apache 2
A couple of flaws have been found in the popular Apache Web
server software for Unix/Linux. The most serious of the
vulnerabilities could be exploited to bypass firewall protection
or used in cross-scripting attacks. For more, go to:
Mandriva (Apache):
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:130>
Mandriva (Apache 2):
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:129>
Ubuntu (Apache 2):
<https://www.ubuntulinux.org/support/documentation/usn/usn-160-1>
**********
Ubuntu patches bzip2
A flaw in the way bzip2 handles meta characters such as "|" and
"&" could be exploited to run malicious code on the affected
machine. For more, go to:
<https://www.ubuntulinux.org/support/documentation/usn/usn-161-1>
**********
Mandriva releases Ethereal fix
A number of buffer overflow and other vulnerabilities have been
found in Ethereal, the popular network-monitoring tool. For
more, go to:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:131>
**********
Trustix issues "multi"
The latest operating system update from Trustix patches flaws in
bzip2, perl-compress-zlib, and proftp. The most serious of the
vulnerabilities could be exploited to compromise the affected
machine. For more, go to:
<http://www.trustix.org/errata/2005/0040/>
**********
SuSE releases kernel update
A new kernel update fixes a variety of security (and
non-security) issues found in previous releases. For more, go
to:
<http://www.networkworld.com/go2/0808bug1a.html>
**********
Gentoo patches AMD64 x86 emulation base libraries
A buffer overflow in the AMD64 x86 emulation base libraries for
Gentoo could be exploited to run arbitrary code on the affected
machine. For more, go to:
<http://security.gentoo.org/glsa/glsa-200507-28.xml>
Gentoo releases fix for ProFTPD
A buffer overflow in the ProFTPD FTP server could be exploited
to run malicious code on the affected machine. For more, go to:
<http://security.gentoo.org/glsa/glsa-200508-02.xml>
Gentoo releases update for nbSMTP
A format string vulnerability in nbSMTP, an SMTP client, could
be exploited by an attacker to run malicious applications on the
affected server. For more, go to:
<http://security.gentoo.org/glsa/glsa-200508-03.xml>
Gentoo patches pstotext
Pstotext, a tool for extracting text from PostScript and PDA
files, contains a vulnerability that is remotely exploitable. An
attacker could use this to run arbitrary commands on the
affected system. For more, go to:
<http://security.gentoo.org/glsa/glsa-200507-29.xml>
Gentoo issues patch for Netpbm
According to a Gentoo advisory, "The pstopnm utility, part of
the Netpbm tools, contains a vulnerability which can potentially
result in the execution of arbitrary code." For more, go to:
<http://security.gentoo.org/glsa/glsa-200508-04.xml>
**********
Today's roundup of virus alerts:
First family of Windows Vista viruses unleashed
An Austrian hacker earned the dubious distinction of writing
what are thought to be the first known viruses for Microsoft's
Windows Vista operating system. Written in July, the viruses
take advantage of a new command shell, codenamed Monad, that is
expected to be included in future versions of the Windows
operating system. IDG News Service, 08/04/05.
<http://www.networkworld.com/news/2005/080405-vista-virus.html>
Related:
No Monad scripting in first Windows Vista, 08/05/05.
<http://www.networkworld.com/news/2005/080505-vista-monad.html>
W32/Mytob-DZ -- This latest Mytob e-mail worm provides backdoor
access to the infected machine via IRC. It spreads through a
message that looks like an account termination notice. The
infected attachment will most likely have a double extension.
(Sophos)
W32/Bagle-BW -- A new Bagle variant that spreads through e-mail
and peer-to-peer file sharing networks. The virus uses a variety
of message characteristics in its attempt to infect through the
mail. In either case, it will drop "winhost.exe" in the Windows
System directory. In addition to providing backdoor access to
the infected host, the virus will also terminate certain
anti-virus and security-related applications. (Sophos)
W32/Sdbot-ABS -- This Sdbot variant spreads through network
shares and allows unauthorized access via IRC. It drops
"windir32.exe" in the Windows System directory and can be used
for a number of malicious applications. (Sophos)
W32/Sdbot-ABR -- Another Sdbot backdoor worm. This strain drops
"exbce.exe" in the Windows System directory. (Sophos)
W32/Rbot-AKA -- A new Rbot variant that drops "tskmgr.exe" on
the infected machine after spreading through a poorly protected
network share connection. Rbot-AKA will provide backdoor access
to intruders via IRC. (Sophos)
Troj/Nailpol-A -- A virus that drops a randomly named file on
the infected host. It can be used to download and execute
additional code. (Sophos)
**********
From the interesting reading department:
Google now a hacker's tool
Somewhere out on the Internet, an Electric Bong may be in
danger. The threat: a well-crafted Google query that could allow
a hacker to use Google's massive database as a resource for
intrusion. IDG News Service, 08/02/05.
<http://www.networkworld.com/nlvirusbug4553>
Technology Update: DKIM fights phishing and e-mail forgery
DomainKeys Identified Mail is an e-mail authentication proposal
that strengthens user protection from e-mail forgery, and
increases accountability for spam and phishing scams. Network
World, 08/08/05.
<http://www.networkworld.com/nlvirusbug4554>
Anti-spyware firm warns of massive ID theft ring
Officials at Sunbelt Software, a Clearwater, Fla.-based vendor
of anti-spyware tools, said the company stumbled upon a massive
ID theft ring that is using a well-known spyware program to
break into and systematically steal confidential information
from an unknown number of computers worldwide. Computerworld,
08/05/05.
<http://www.networkworld.com/news/2005/080505-id-theft.html>
EMC stresses end-to-end security
EMC is looking to focus on providing end-to-end security for its
customers and deliver more management capabilities in its
software offerings, according to executives speaking at the
company's analyst day in New York on Thursday. IDG News Service,
08/04/05.
<http://www.networkworld.com/news/2005/080405-emc-security.html>
HP ports Virus Throttler to Linux
HP next week plans to release Linux versions of its Virus
Throttler security technology and ProLiant Essentials
Intelligent Networking Pack, the company confirmed Friday. IDG
News Service, 08/05/05.
<http://www.networkworld.com/news/2005/080505-hp-linuxworld.html>
The top 5: Today's most-read stories
1. First family of Windows Vista viruses unleashed
<http://www.networkworld.com/nlvirusbug4555>
2. The CEO's sidekick
<http://www.networkworld.com/nlvirusbug4556>
3. BellSouth sues AT&T
<http://www.networkworld.com/nlvirusbug4557>
4. Leaked Cisco slides pulled after legal threats
<http://www.networkworld.com/nlvirusbug4468>
5. Cisco vulnerability posted to Internet
<http://www.networkworld.com/nlvirusbug4471>
_______________________________________________________________
To contact: Jason Meserve
Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>
Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Nokia
Empower Your Mobile Enterprise
Nokia believes that business mobility will fundamentally change
the way work gets done-and for the better. To allow the entire
organization to get the most from this paradigm shift in
productivity, Nokia Enterprise Solutions focuses on delivering
increased efficiency through enhanced mobility. Learn more by
downloading this white paper today!
http://www.fattail.com/redir/redirect.asp?CID=109970
_______________________________________________________________
ARCHIVE LINKS
Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html
Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
HARD WORK, GOOD PAY
According to Network World's 2005 Salary Survey, network
professionals are enjoying substantial increases in pay,
especially at the highest- and lowest-tier job titles. But are
those increases coming with higher titles, more work or both?
Find out if compensation alone is keeping network professionals
happy in their careers - or is something else? Click here:
<http://www.networkworld.com/you/2005/072505-salary-survey.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2
International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment