Search This Blog

Monday, September 26, 2005

New Mac OS X update fixes flaws

JASON MESERVE VIRUS AND BUG PATCH ALERT
09/26/05
Today's focus: New Mac OS X update fixes flaws

In this issue:

* Patches from Apple, Trustix, SCO, others
* Beware virus that spreads through message that looks like
Spanish and has an attachment called "bailando.vbe"
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Xerox

Need to reduce operating costs, get quicker ROI, and increase
productivity? Learn about how "The Efficient Office" shares IT
business strategies for achieving maximum results from document
management tools. Also, discover the four efficient-office
constituencies and how their differing needs must be considered
to deploy an effective solution in any organization.
http://www.fattail.com/redir/redirect.asp?CID=115912
_______________________________________________________________
REVISTING SPYWARE

Spyware can kill your business quicker than spam or viruses.
Spyware insidiously logs your keystrokes, rifles through your
files for password and credit card data, peppers your screen
with ads and slows your PCs to a crawl. So how do you stop it?
Network World reviews 16 spyware stopping products. Click here:

http://www.fattail.com/redir/redirect.asp?CID=115661
_______________________________________________________________

Today's focus: New Mac OS X update fixes flaws

By Jason Meserve

Today's bug patches and security alerts:

New update from Apple fixes numerous Mac OS X flaws

A new update from Apple fixes flaws in ImageIO, Mail, malloc,
QuickDraw Manager, QuickTime for Java, Ruby, Safari,
SecurityAgent and securityd. The most serious of the flaws could
be exploited to gain elevated privileges and run arbitrary code
on the affected machine. For more, go to:
<http://docs.info.apple.com/article.html?artnum=302413>
**********

Trustix patches ClamAV

A buffer overflow has been found in the process that scans
UPX-packed executables. There's also a denial-of-service flaw in
the way FSG-packed executables are processed. For more, go to:
<http://www.trustix.org/errata/2005/0051/>
**********

SCO patches TCP Remote ICMP Denial Of Service Vulnerabilities

A couple of denial-of-service vulnerabilities have been found in
the ICMP implementation for SCO OpenServer. For more, go to:
<ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.38>
**********

Mandriva patches masqmail

Two flaws have been found in masqmail. Both could be exploited
to run arbitrary code on the affected machine. For more, go to:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:168>

Mandriva releases fix for XFree86

An integer overflow in XFree86's pixmap could be exploited to
gain elevated privileges on the affected machine. For more, go
to:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:164>

Mandriva issues MySQL update

A stack-based buffer overflow in one of the MySQL functions
could be exploited to run arbitrary code on the affected
machine. For more, go to:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:163>
**********

More Mozilla updates available

A number of vulnerabilities have been found in various
Mozilla-based packages, including Firefox. The most serious of
the flaws could be exploited to run arbitrary code. For more, go
to:

Fedora (Mozilla):
<http://www.networkworld.com/go2/0926bug1g.html>

Gentoo:
<http://security.gentoo.org/glsa/glsa-200509-11.xml>

Ubuntu (Mozilla, Firefox):
<http://www.networkworld.com/go2/0926bug1f.html>

HP has also releases a fix for OpenVMS related to these Mozilla
issues:
<http://h71000.www7.hp.com/openvms/products/ips/cswb/cswb.html>
**********

Ubuntu patches umount

A flaw in one of the umout options could be exploited by a local
user to run malicious code on the affected machine. For more, go
to:
<http://www.networkworld.com/go2/0926bug1e.html>
**********

Debian patches courier

According to an alert from Debian, "Jakob Balle discovered that
with 'Conditional Comments' in Internet Explorer it is possible
to hide javascript code in comments that will be executed when
the browser views a malicious email via sqwebmail. Successful
exploitation requires that the user is using Internet Explorer."
For more, go to:
<http://www.debian.org/security/2005/dsa-820>

Debian releases Python updates

Both Version 2.1 and 2.2 of Debian's Python implementation are
vulnerable to the integer over flow in the PCRE library. An
attacker could exploit this to run arbitrary code on the
affected machine. For more, go to:

Python 2.1:
<http://www.debian.org/security/2005/dsa-819>

Pythod 2.2:
<http://www.debian.org/security/2005/dsa-817>

Debian issues fix for kdeedu

The langen2kvhtml application from the kvoctrain package in
kdeedu does not properly create temporary files. An attacker
could exploit this in a symlink attack. For more, go to:
<http://www.debian.org/security/2005/dsa-818>

Debian patches kdebase

A lock file handling error in kcheckpass could be exploited to
gain elevated privileges on the affected machine. For more, go
to:
<http://www.debian.org/security/2005/dsa-815>

Debian issues patch for lm-sensors

The lm-sensors application creates temporary files with
predictable names, which could be exploited in a symlink attack.
For more, go to:
<http://www.debian.org/security/2005/dsa-814>

Debian patches centericq

Several flaws have been found in centericq, a text-mode
multi-protocol instant messenger client. The flaws could be
exploited to run arbitrary code on the affected machine. For
more, go to:
<http://www.debian.org/security/2005/dsa-813>

Debian releases patch for turqstat

According to a Debian advisory, "Peter Karlsson discovered a
buffer overflow in Turquoise SuperStat, a program for gathering
statistics from Fidonet and Usenet, that can be exploited by a
specially crafted NNTP server." For more, go to:
<http://www.debian.org/security/2005/dsa-812>

Debian patches common-lisp-controller

A flaw in the common-lisp-controller, a Common Lisp source and
compiler manager, could be exploited by a local user to run
malicious script. For more, go to:
<http://www.debian.org/security/2005/dsa-811>
**********

HP patches System Management Homepage

A flaw in the System Management Homepage could be exploited by a
remote user in a denial-of-service or cross-scripting attack.
For more, go to:

Windows:
<http://www.networkworld.com/go2/0926bug1d.html>

Linux:
<http://www.networkworld.com/go2/0926bug1c.html>

HP fixes Tru64 libXpm flaw

Multiple denial-of-service vulnerabilities have been found in
the libXpm and dximageview module for Tru64. In some cases, an
attacker could run malicious code on the affected machine. For
more, go to:
<http://www.securityfocus.com/archive/1/411324/30/30/threaded>

HP patches ftp daemon for Tru64

A denial-of-service vulnerability has been found in the HP Tru64
FTP daemon. A fix is available. For more, go to:
<http://www.securityfocus.com/archive/1/411225/30/30/threaded>
**********

Fedora updates squirrelmail

A flaw in the way squirrelmail handles the $_POST could be
exploited by an attacker using a malicious URL. If clicked, the
flaw could be exploited to change squirrelmail preferences. For
more, go to:
<http://www.networkworld.com/go2/0926bug1b.html>

Fedora releases update for Zlib

A buffer overflow flaw in Zlib could be exploited in a
denial-of-service attack against the affected machine. For more,
go to:
<http://www.networkworld.com/go2/0926bug1a.html>
**********

Gentoo issues patch for Webmin, Usermin

According to a Gentoo advisory, "If Webmin or Usermin is
configured to use full PAM conversations, it is vulnerable to
the remote execution of arbitrary code with root privileges."
For more, go to:
<http://security.gentoo.org/glsa/glsa-200509-17.xml>

Gentoo patches Mantis

A SQL injection vulnerability could be exploited to access or
change data in the database. For more, go to:
<http://security.gentoo.org/glsa/glsa-200509-16.xml>

Gentoo releases fix for Zebedee

A bug in Zebedee, an application for creating an encrypted TCP
tunnel between two machines, is vulnerable to a
denial-of-service attack. For more, go to:
<http://security.gentoo.org/glsa/glsa-200509-14.xml>

Gentoo issues fix for Apache, mod_ssl

Flaws in the Apache-mod_ssl tandem could be exploited to bypass
the access control list and potentially gain elevated privileges
on the affected machine. For more, go to:
<http://security.gentoo.org/glsa/glsa-200509-12.xml>

Gentoo patches mailutils

According to a Gentoo advisory, "An authenticated IMAP user
could exploit the format string error in imap4d to execute
arbitrary code as the imap4d user, which is usually root." For
more, go to:
<http://security.gentoo.org/glsa/glsa-200509-10.xml>

Gentoo releases fix in Py2Play

A "design flaw" in Py2Play, a peer-to-peer network game engine
written in Python, could be exploited to run malicious code on
the affected machine. For more, go to:
<http://security.gentoo.org/glsa/glsa-200509-09.xml>
**********

Today's roundup of virus alerts:

Troj/GrayBird-X -- A backdoor Trojan that can connect with
remote sites via HTTP. It drops "svchost.exe" in the Windows
folder. (Sophos)

W32/Pegas-A -- A virus that spreads via e-mail and can be used
to steal local information as well as delete files. It spreads
through message that looks like Spanish and has an attachment
called "bailando.vbe". (Sophos)

W32/Mytob-EL -- Another Mytob e-mail worm, which spreads through
messages that look like an account or password warning. The
message will have an attachment with a double extension. It
drops "servicces.exe" in the Windows System folder. (Sophos)

W32/Mytob-CU -- This Mytob variant spreads in a similar fashion
to Mytob-EL above. It drops "xxx.exe" in the Windows System
folder. (Sophos)

VBS/Cazdeg-D -- A virus that attempts to infect VBScript,
JavaScript, ZIP, HTML, Word Document and Excel Spreadsheet
files. It spreads through peer-to-peer networks and can setup an
IRC accessbile backdoor. (Sophos)

W32/Rbot-AJO -- An Rbot variant that spreads through network
shares by exploiting a number of known Windows vulnerabilities.
It drops a randomly named file in the Windows System folder. It
can be used for a number of malicious applications and allows
backdoor access via IRC. (Sophos)

W32/Rbot-SQ -- Another Rbot variant that targets Windows
machines that do not have all the proper patches installed. This
version drops "mcafeee.exe" in the Windows System folder.
(Sophos)

Troj/Sharp-J -- A backdoor worm that can inject code into
running processes and be used to download additional code from
remote sites. It drops "win32.exe" and "winlog.exe" in the
Windows System folder. (Sophos)

W32/Traxg-E -- A mass mailing worm that also can spread via
network shares. It creates "FOLDER.HTT" in the root directory
and attempts to add an "admin" account to the affected machine.
(Sophos)

Troj/Whistler-F -- A Trojan that attempts to delete files from
the infected host. It spreads through network shares, dropping
"WXP" in the root directory with the message "You did a piracy,
you deserve it". It also installs "whismng.exe" in the Windows
System directory. (Sophos)

W32/Codbot-AA -- A backdoor Trojan that can be used to download
additional code, run an FTP server and harvest system
information. The bot can be controlled via an IRC channel. It
drops "winjava.exe" in the Windows System folder. (Sophos)

W32/Wurmark-M -- A worm that targets Windows machines. It drops
"MsUpdate.exe" in a similarly named directory off the Program
Files folder. No work on what kind of damage it can cause.
(Sophos)

Troj/Divo-B -- A password stealing Trojan that targets certain
Internet banking sites. It displays a number of fake messages
asking the user to " Please input your MEMORABLE INFORMATION."
(Sophos)

Troj/Lecna-D -- A backdoor Trojan that communicates with a
remote server via HTTP. It drops "WINDOWSUPDATE.EXE" in the
Windows System folder. (Sophos)

W32/Sdbot-ADB -- An Sdbot IRC backdoor worm that drops
"HeIp.exe" in the Windows System folder. It spreads via network
shares. (Sophos)

W32/Zafi-E -- A worm that spreads via e-mail and peer-to-peer
networks. When infecting a machine, it displays the message
"Windows has blocked access to this image." The infected e-mail
will have an attachment with CMD, SCR, PIF, COM, or ZIP as its
extension. It harvests additional e-mail address from its host.
(Sophos)
_______________________________________________________________
To contact: Jason Meserve

Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>

Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Xerox

Need to reduce operating costs, get quicker ROI, and increase
productivity? Learn about how "The Efficient Office" shares IT
business strategies for achieving maximum results from document
management tools. Also, discover the four efficient-office
constituencies and how their differing needs must be considered
to deploy an effective solution in any organization.
http://www.fattail.com/redir/redirect.asp?CID=115911

_______________________________________________________________
FEATURED READER RESOURCE

The Trend Micro Threat Map

The Trend Micro Threat Map dynamically displays real-time data
to show worldwide trends in virus and content security threats
as they happen. Collected from actual computer infections, the
Threat Map can be used to help determine appropriate security
policies, based on the prevalence of threats that can adversely
affect your business.

<http://www.networkworld.com/go/trendmicro/trend_frr>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at <http://www.subscribenw.com/nl2>

International subscribers click here:
<http://nww1.com/go/circ_promo.html>
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)