Search This Blog

Thursday, September 08, 2005

Cisco patches IOS firewall flaw

NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
09/08/05
Today's focus: Cisco patches IOS firewall flaw

Dear security.world@gmail.com,

In this issue:

* Patches from Cisco, Debian, FreeBSD, others
* Beware e-mail harvesting worm that spreads through network
  shares, exploiting the Windows LSASS vulnerability
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Tacit
Network World Executive Guide: Staying Focused on the Moving
Target that is Storage

Keeping pace with evolving storage strategies, architectures,
and trends is not unlike keeping pace with your organizations
underlying capacity needs. From ILM strategies to SAN management
to the threat of those USB memory sticks, this Network World
Executive Guide will help you stay focused on the moving target
that is Storage. Register now and get a free copy of Network
World's Storage Executive Guide.
http://www.fattail.com/redir/redirect.asp?CID=112863
_______________________________________________________________
THE BEST WAY TO STOP SPYWARE

According to the National Cyber Security Alliance, spyware
currently affects 80% to 90% of desktops. Spyware prevention
must be effective without impeding business. It must be
affordable, yet extensible and adaptable. What is the best way
to stop spyware? Click here for more:
http://www.fattail.com/redir/redirect.asp?CID=112374
_______________________________________________________________

Today's focus: Cisco patches IOS firewall flaw

By Jason Meserve

Today's bug patches and security alerts:

Cisco patches IOS firewall flaw

According to a Cisco advisory, "Cisco IOS Software is vulnerable
to a denial of service and potentially an arbitrary code
execution attack when processing the user authentication
credentials from an Authentication Proxy Telnet/FTP session. To
exploit this vulnerability an attacker must first complete a TCP
connection to the IOS device running affected software and
receive an auth-proxy authentication prompt." For more, go to:
<http://www.cisco.com/warp/public/620/1.html>
**********

KDE publishes fix for a number of flaws

A number of KDE graphical environments contain multiple flaws.
The most serious of them could be exploited to gain root access
on the affected machine. For more, go to:
<http://www.kde.org/info/security/advisory-20050905-1.txt>

Related fixes:

Mandriva (kdebase):
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:160>

Mandriva (kdeedu):
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:159>

Ubuntu:
<http://www.ubuntu.com/usn/usn-176-1/document_view>
**********

Debian, FreeBSD patch cvs

A flaw in the way temporary files are created by cvsbug, part of
the CVS version control system, could be exploited to place
arbitrary files on the affected machine. For more, go to:

Debian:
<http://www.debian.org/security/2005/dsa-802>

FreeBSD:
<http://www.networkworld.com/go2/0905bug2a.html>
**********

More PCRE fixes available

An integer overflow in the Perl Compatible Regular Expressions
(PCRE) library could be exploited by to run malicious code on
the affected machine. For more, go to:

Debian (pcre3):
<http://www.debian.org/security/2005/dsa-800>

Gentoo:
<http://security.gentoo.org/glsa/glsa-200508-17.xml>

OpenPKG:
<http://www.openpkg.org/security/OpenPKG-SA-2005.018-pcre.txt>
**********

OpenPKG releases OpenSSH update

As we reported in our last newsletter, there's a new version of
OpenSSH available that includes fixes for a number of flaws in
previous releases. The OpenPKG version of the update is here:
<http://www.openpkg.org/security/OpenPKG-SA-2005.019-openssh.txt>
**********

Gentoo, Mandriva patch mplayer

A buffer overflow in mplayer, a multimedia player, could be
exploited through a malicious video file, allowing the attacker
to run arbitrary code on the affected machine. For more, go to:

Gentoo:
<http://security.gentoo.org/glsa/glsa-200509-01.xml>

Mandriva:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:158>
**********

Debian, Mandriva release fix for ntp

The Network Time Protocol (ntp) does not properly set its
permissions. A fix is available for this bug. For more, go to:

Debian:
<http://www.debian.org/security/2005/dsa-801>

Mandriva:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:156>
**********

Debian, OpenPKG patch proftpd

Two format string vulnerabilities have been found in the proftpd
server, which could be exploited to insert data into a connected
SQL database. For more, go to:

Debian:
<http://www.debian.org/security/2005/dsa-795>

OpenPKG:
<http://www.openpkg.org/security/OpenPKG-SA-2005.020-proftpd.txt>
**********

Debian patches sqwebmail flaw

The sqwebmail mail application that comes in the Courier suite
does not properly handle certain attachments. An attacker could
exploit this to insert malicious scripts on the affected
machine. For more, go to:
<http://www.debian.org/security/2005/dsa-793>
**********

SuSE patches kernel

A new update to the SuSE Linux kernel fixes a number of flaws
found in previous releases. Most of the vulnerabilities could be
exploited to crash the kernel. For more, go to:
<http://www.networkworld.com/go2/0905bug2b.html>
**********

Today's roundup of virus alerts:

New Trojan swaps porn for Koran

A new Trojan horse program circulating around the Internet this
week appears to be on a moral mission to stamp out adult Web
sites, according to security research firm Sophos. Instead of
snooping for sensitive financial information or secretly taking
control of an infected computer, the Trojan, called Yusufali-A,
monitors Web surfing habits. IDG News Service, 09/06/05.
<http://www.networkworld.com/news/2005/090605-trojan.html>

Troj/Perda-D -- A Trojan horse that creates a proxy server on
the affected machine. It may also mess up the Windows Firewall
on XP. It uses a random file name as its infection point.
(Sophos)

Troj/Sisery-A -- An interesting little virus that changes a
number of Windows and application characteristics. More annoying
than damaging. (Sophos)

W32/Alasrou-A -- An e-mail harvesting worm that spreads through
network shares, exploiting the Windows LSASS vulnerability. It
installs itself as "file1.exe" in the Windows temp directory.
(Sophos)

W32/Tilebot-O -- This Trojan can turn its infected host into a
proxy server, participate in denial-of-service attacks, access
remote machines via HTTP and disable security applications. It
spreads through network shares, exploiting a number of known
Windows vulnerabilities. It installs itself as "rdriv.sys".
(Sophos)

W32/Rbot-AGV -- An Rbot variant that installs itself to look
like a McAfee file (mcafee32.exe in the Windows System
directory). It spreads through network shares and allows
backdoor access via IRC. (Sophos)

Troj/Haxdoor-AI -- An IRC backdoor worm that can be used to
terminate security related applications. It drops "msftcpip.sys"
on the infected machine. (Sophos)

Troj/BankAsh-J -- A Trojan that harvests user names and
passwords from the infected machine, sending the bounty to a
remote site via FTP. It also tries to suppress firewall messages
in an effort to hide its presence. (Sophos)

W32/Codbot-X -- A backdoor Trojan that allows FTP access, logs
keystrokes, and harvests other local system information. It
installs itself as "spooler.exe" in the Windows System folder.
When spreading through network shares, it exploits a number of
known Windows flaws. (Sophos)

Troj/Zapchas-K -- A backdoor Trojan that spreads through an IRC
connection, usually as the file "postcard.gif.exe". (Sophos)

Troj/Paymite-B -- A virus that attempts to modify the Windows
Start page, among other attributes. It installs itself as
"paytime.exe" in the Windows System folder. (Sophos)

W32/Agobot-PI -- An Agobot variant that drops "Ksrv32.exe" in
the Windows System folder. It can be used for a number of
malicious applications and can terminate security related
utilities. (Sophos)

The top 5: Today's most-read stories

1. Cisco Catalyst 4948-10GE aces performance tests
<http://www.networkworld.com/nlvirusbug6698>

2. 2005 salary survey
<http://www.networkworld.com/nlvirusbug4048>

3. Google hacking <http://www.networkworld.com/nlvirusbug6699>

4. Supermarket chain freezes Internet access
<http://www.networkworld.com/nlvirusbug6700>

5. VoIP rollouts generate heat, power concerns
<http://www.networkworld.com/nlvirusbug6314>

_______________________________________________________________
To contact: Jason Meserve

Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>

Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Tacit
Network World Executive Guide: Staying Focused on the Moving
Target that is Storage

Keeping pace with evolving storage strategies, architectures,
and trends is not unlike keeping pace with your organizations
underlying capacity needs. From ILM strategies to SAN management
to the threat of those USB memory sticks, this Network World
Executive Guide will help you stay focused on the moving target
that is Storage. Register now and get a free copy of Network
World's Storage Executive Guide.
http://www.fattail.com/redir/redirect.asp?CID=112862
_______________________________________________________________
ARCHIVE LINKS

Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html

Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
GARTNER'S SECURITY HYPE-O-METER

What is hype and has it influenced your network security
efforts? At a recent Gartner security summit, analysts described
what they say are "The Five Most Overhyped Security Threats,"
risks that have been overblown and shouldn't be scaring everyone
as much as they seem to be. For more, click here:
<http://www.networkworld.com/weblogs/security/009180.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)