Search This Blog

Tuesday, September 20, 2005

Flaws in Linksys router firmware

NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
09/19/05
Today's focus: Flaws in Linksys router firmware

Dear security.world@gmail.com,

In this issue:

* Patches from Gentoo, SuSE, Debian, others
* Beware Google-spoofing worm
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by HP
FROM THE NETWORK CORE TO THE NETWORK EDGE

Traffic management becomes critical as your network
infrastructure expands to support different types of traffic and
users. Most traffic management solutions have serious
limitations: too expensive, difficult to use, and overly taxing
on bandwidth. However ProCurve Networking by HP addresses these
requirements, overcomes the limitations of other solutions, and
gives you valuable insight into LAN performance. Click here to
download HP's Traffic Management Whitepaper
http://www.fattail.com/redir/redirect.asp?CID=115510
_______________________________________________________________
SPYWARE SHOOTOUT

Need to defend your network from spyware? Lots of tools and
software have hit the market recently, and network executives
are left to decide which weapon works best. Our Spyware Shootout
2005 suggests the gateway approach might be the best starting
point but is it a long-term strategy? Click here for more:
http://www.fattail.com/redir/redirect.asp?CID=114654
_______________________________________________________________

Today's focus: Flaws in Linksys router firmware

By Jason Meserve

Today's bug patches and security alerts:

Multiple vulnerabilities in Linksys router firmware

Versions of 3.03.6 and 3.01.03 of the Linksys WRT54G wireless
router contain several vulnerabilities that could be exploited
by an attacker to take control of the HTTP Web management
interface. Version 4.20.7 is said to fix the issue. The update
can be downloaded here:
<http://www.networkworld.com/go2/0919bug1j.html>

Related advisories from iDefense:

Linksys WRT54G Router Remote Administration apply.cgi Buffer
Overflow Vulnerability
<http://www.networkworld.com/go2/0919bug1i.html>

Linksys WRT54G 'upgrade.cgi' Firmware Upload Design Error
Vulnerability
<http://www.networkworld.com/go2/0919bug1h.html>

Linksys WRT54G Management Interface DoS Vulnerability
<http://www.networkworld.com/go2/0919bug1g.html>

Linksys WRT54G 'restore.cgi' Configuration Modification Design
Error Vulnerability
<http://www.networkworld.com/go2/0919bug1f.html>

Linksys WRT54G Router Remote Administration Fixed Encryption Key
Vulnerability
<http://www.networkworld.com/go2/0919bug1e.html>
**********

Sun reports flaw in Java Application Server

A flaw in the Sun Java Application Server could be exploited by
a remote user to view the contents of JAR files, which could be
exploited in future attacks. A fix is available:
<http://www.networkworld.com/nlvirusbug7300>
**********

Gentoo patches Net-SNMP

Gentoo's implementation of Net-SNMP contains an non-secure
DT_RPATH module, which could be exploited to gain elevated
privileges. For more, go to:
<http://security.gentoo.org/glsa/glsa-200509-05.xml>

Gentoo issues fix for phpLDAPadmin

According to an alert from Gentoo, "A flaw in phpLDAPadmin may
allow attackers to bypass security restrictions and connect
anonymously." For more, go to:
<http://security.gentoo.org/glsa/glsa-200509-04.xml>

Gentoo releases patch for OpenTTD

A format string flaw in OpenTTD could be exploited to run
malicious code on the affected machine. For more, go to:
<http://security.gentoo.org/glsa/glsa-200509-03.xml>

Gentoo updates Python

The Python scripting language is vulnerable to a heap overflow
in the PCRE code library, which could be exploited to run
malicious commands on the affected machine. For more, go to:
<http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml>

Gentoo updates X.Org

A heap overflow X.Org could be exploited to run malicious code
and gain elevated privileges on the affected machine. For more,
go to:
<http://security.gentoo.org/glsa/glsa-200509-07.xml>
**********

SuSE patches php4,php5

Multiple flaws have been found in Versions 4 and 5 of the
popular PHP scripting language. The most serious of the flaws
could be exploited to run malicious code on the affected
machine. For more, go to:
<http://www.networkworld.com/nlvirusbug7301>
**********

Debian, OpenPKG, Ubuntu patches modssl

An "information disclosure" vulnerability has been found in
modssl. Debian, OpenPKG and Ubuntu have released a fix for the
problem:

Debian:
<http://www.debian.org/security/2005/dsa-807>

OpenPKG:

<http://www.openpkg.org/security/OpenPKG-SA-2005.017-modssl.html>

Ubuntu:
<http://www.networkworld.com/go2/0919bug1d.html>
**********

Mandriva releases patch for smb4k

A flaw in the way certain temporary files are created by
Mandriva's implementation of smb4k could be exploited in a
symlink attack to access other files. For more, go to:

<http://www.mandriva.com/security/advisories?name=MDKSA-2005:157>

**********

Ubuntu releases kernel update

A new kernel update from Ubuntu fixes a number of flaws found in
previous releases. The flaws could be exploited in a
denial-of-service attack or to run arbitrary code. For more, go
to:
<http://www.networkworld.com/go2/0919bug1c.html>

Ubuntu patches lesstif1

A previous update for lesstif did not fix all the original
problems. For more, go to:
<http://www.networkworld.com/go2/0919bug1b.html>
**********

Debian patches tdiary

According to a Debian alert, "The tdiary Development Team has
discovered a Cross-Site Request Forgery (CSRF) vulnerability in
tdiary, a new generation Weblog that can be exploited by remote
attackers to alter the users information." For more, go to:
<http://www.debian.org/security/2005/dsa-808>
**********

Debian, Ubuntu release Mozilla updates

Several vulnerabilities have been found in the Mozilla browser
code, which could be exploited to run arbitrary code on the
affected machine. For more, go to:

Debian:
<http://www.debian.org/security/2005/dsa-810>

Ubuntu:
<http://www.networkworld.com/go2/0919bug1a.html>
**********

Today's roundup of virus alerts:

Security vendor warns of Google-spoofing worm

Downloaders looking for a free "Star Wars" game may instead find
themselves installing a new worm that gives them dodgy Google
search results. The worm, called P2Load.A, is being spread on
peer-to-peer programs like Shareaza and Imesh, masquerading as a
free version of the Lucasfilm game "Knights of the Old Republic
II," said Forrest Clark, senior manager of consumer product
marketing with anti-virus vendor Panda Software. IDG News
Service, 09/16/05.
<http://www.networkworld.com/nlvirusbug7302>

W32/Forbot-FO -- A backdoor worm that spreads via an e-mail
attachment in a message that looks like an account warning. The
attachment will have a .zip extension and install "svchosts.exe"
in the Windows System directory. (Sophos)

W32/Rbot-ANQ -- An Rbot variant that spreads via network shares,
dropping "ms-dos.pif" on the infected machine. It exploits
several Windows flaws in its attempt to infect the machine.
Backdoor access is allowed through IRC. (Sophos)

Troj/Dremn-B -- A keylogging Trojan that tries to capture
username and password information. It drops "syspol.exe" in the
Windows System folder. (Sophos)

W32/Agobot-PI -- An Agobot variant that spreads through network
shares and allows backdoor access via IRC. It drops "Ksrv32.exe"
in the Windows System folder. It can be used for a number of
malicious applications, disables security related applications
and limits access to security Web sites by modifying the Windows
HOSTS file. (Sophos)

W32/Sdbot-ADC -- An Sdbot variant that exploits a number of
known Windows flaws as it spreads through network shares. It
drops "msconfig32.exe" in the Windows System directory and
provides backdoor access via IRC. (Sophos)

W32/Sdbot-ADE -- Another Sdbot variant that allows backdoor
access via IRC. It drops "iexplore.exe" in the Windows System
folder. (Sophos)

W32/Mytob-EJ -- A new Mytob variant that spreads through an
e-mail message that usually looks like an account warning. The
infected attachment will have a double extension and
"servce.exe" is dropped in the Windows System folder. (Sophos)

Troj/Clicker-Y -- A Trojan that tries to open a remote Web site.
It drops "efsdfgxg.exe" in the Windows system folder. (Sophos)

W32/Tirbot-D -- A backdoor Trojan that exploits the Windows
LSASS vulnerability. It drops "MSDTCs.exe" in the Windows system
folder and allows the infected machine to be used for a number
of malicious purposes. (Sophos)

Troj/Kagen-A -- A virus that displays a Word document with a
message written in Indonesian. It installs itself as
"ccApps.exe" in the Windows system directory. (Sophos)

The top 5: Today's most-read stories

1. McAfee, Omniquad top anti-spyware test
<http://www.networkworld.com/nlvirusbug6939>

2. DemoFall preview <http://www.networkworld.com/nlvirusbug7303>

3. EBay bid shows promise of VoIP
<http://www.networkworld.com/nlvirusbug7304>

4. The rise of the IT architect
<http://www.networkworld.com/nlvirusbug7305>

5. Volunteers rebuild Gulf Coast communications with wireless
nets <http://www.networkworld.com/nlvirusbug7306>

_______________________________________________________________
To contact: Jason Meserve

Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>

Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by HP
FROM THE NETWORK CORE TO THE NETWORK EDGE

Traffic management becomes critical as your network
infrastructure expands to support different types of traffic and
users. Most traffic management solutions have serious
limitations: too expensive, difficult to use, and overly taxing
on bandwidth. However ProCurve Networking by HP addresses these
requirements, overcomes the limitations of other solutions, and
gives you valuable insight into LAN performance. Click here to
download HP's Traffic Management Whitepaper
http://www.fattail.com/redir/redirect.asp?CID=115509
_______________________________________________________________
ARCHIVE LINKS

Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html

Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE

IS IT THE NETWORK OR THE STORAGE THAT'S THE PROBLEM?

Midsize and larger businesses often find their IT topology has
become a complex mix of servers, networks and storage systems.
Many of these companies also route long-haul traffic over
fiber-based networks - metropolitan-area networks, WANs and
private optical networks. Who's responsible when a
storage-related problem occurs on a fiber network? For more,
click here:

<http://www.networkworld.com/nlvirusbug7118>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)