NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
09/12/05
Today's focus: Patch Tuesday cancelled
Dear security.world@gmail.com,
In this issue:
* Patches from Gentoo, HP, 3Com, others
* Beware Tilebot that spreads through network shares by
exploiting the Windows LSASS vulnerability
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by ProCurve Networking by HP
Network World Executive Guide: The Evolution of Management
Technologies
With applications and infrastructures growing more sophisticated
and demanding, network and systems management technologies are
more critical than ever. Elevating their focus from bits and
bytes, these networked systems are being called on to close the
gap between IT and business services. Read about the future of
management, including BSM and emerging automation tools. Learn
about 'hot spots' and 'best products' in network management.
http://www.fattail.com/redir/redirect.asp?CID=114148
_______________________________________________________________
Network World Technology Insider on Security
Is Encryption the Perspective?
Encryption won't solve all your security issues but these days
there is no excuse for not safeguarding your organization's
sensitive data. From Clear Choice product coverage to new
regulations and high-profile breaches, this Technology Insider
on Security covers it all. Click here to read now:
http://www.fattail.com/redir/redirect.asp?CID=113977
_______________________________________________________________
Today's focus: Patch Tuesday cancelled
By Jason Meserve
Today's bug patches and security alerts:
Microsoft scraps September security update
Microsoft has decided not to go ahead with its monthly security
update after encountering an unspecified quality issue with the
software patch it had planned to release next Tuesday. This
Thursday, Microsoft said it would be offering a patch to a
critical flaw in its Windows operating system next week. The
next day, however, company representatives said that the company
had changed its mind and would not be releasing any security
patches this month after all. IDG News Service, 09/09/05.
<http://www.networkworld.com/go2/0912bug1e.html>
**********
Firefox flaw found: Remote exploit possible
Computers running the Firefox browser could be open to remote
attack as a result of a buffer overflow vulnerability reported
Friday by security researcher Tom Ferris. Vulnerable versions of
Firefox include all those up to 1.06, and even Version 1.5 Beta
1 (Deer Park Alpha 2), released on Thursday, he wrote in a
posting to his Web site, Security Protocols, and to the Full
Disclosure security mailing list just after 6 a.m. GMT Friday.
IDG News Service, 09/09/05.
<http://www.networkworld.com/nlvirusbug6890>
Note: No patch has been provided as noon today.
**********
DoS flaw found in Squid
A denial-of-service vulnerability has been found in the open
source Squid proxy server. Specifically, the flaw is in the
"store.c" code library. A fix is available:
<http://www.networkworld.com/go2/0912bug1d.html>
Related Gentoo patch:
<http://security.gentoo.org/glsa/glsa-200509-06.xml>
**********
HP patches ProLiant DL585 access flaw
A flaw in the HP ProLiant DL585 server could be exploited to
take control of the system, but only when it is being powered
down. For more, go to:
<http://www.securityfocus.com/archive/1/409673/30/90/threaded>
**********
3Com patches Network Supervisor
3Com has released an update for its Network Supervisor
monitoring product after iDefense reported a directory traversal
flaw in the application. An attacker could exploit this to view
nearly any file on the affected machine. For more, go to:
<http://www.networkworld.com/go2/0912bug1c.html>
**********
Flaw in Novell's NetMail IMAP daemon
According to an alert from security researchers at iDefense,
"Remote exploitation of a heap overflow vulnerability in
Novell's NetMail IMAP daemon allows unauthenticated attackers to
execute arbitrary code with the privileges of the underlying
user." For more, go to:
<http://www.networkworld.com/go2/0912bug1b.html>
iDefense advisory:
<http://www.networkworld.com/go2/0912bug1a.html>
**********
Debian patches polygen
A flaw in the way the polygen application creates certain files
could be exploited by an attacker to fill the entire filesystem.
For more, go to:
<http://www.debian.org/security/2005/dsa-794>
Debian issues fix for webcalendar
According to a Debian advisory, "A trivially-exploitable bug was
discovered in webcalendar that allows an attacker to execute
arbitrary code with the privileges of the HTTP daemon on a
system running a vulnerable version." For more, go to:
<http://www.debian.org/security/2005/dsa-799>
**********
Today's roundup of virus alerts:
W32/Tilebot-P -- Tilebot spreads through network shares by
exploiting the Windows LSASS vulnerability. It drops
"msconfig32.exe" in the root directory and can be used to
download code from a remote site via HTTP. (Sophos)
Troj/Zapchas-T -- Another Trojan that tries to communicate with
remote servers via HTTP. This one drops "svchost.exe" in the
Windows System fodler and can allow backdoor access via IRC.
(Sophos)
Troj/Iyus-N -- A downloader Trojan that pulls code from a remote
server and executes it on the infected machine. It drops
"install.exe" in the Windows System directory and disables
security related applications. (Sophos)
W32/Forbot-FO -- A new Forbot variant that spreads via an e-mail
attachment, exploiting the Windows LSASS and ASN.1
vulnerabilities. The infected message looks like an account
warning and has a ZIP attachment. It drops "svchosts.exe" in the
Windows system folder. (Sophos)
Troj/Dloader-TW -- A Trojan horse application that can download
malicious code via HTTP (meaning it's firewall friendly) from a
remote site. (Sophos)
W32/Bobax-S -- An e-mail worm that attempts to exploit the
Windows PnP vulnerability. It spreads through a message titled
"Cool" and injects its payload into the Windows Explorer process
to evade detection. (Sophos)
W32/Bobax-R -- A similar Bobax variant with the added ability to
modify the Windows HOSTS file to prevent access to security
related Web sites. (Sophos)
Troj/Domwis-O -- A Trojan that allows backdoor access to the
infected machine via an unspecified means. It installs itself as
"syscfg16.exe" in the Windows folder. (Sophos)
W32/Zotob-D -- A new variant of the Zotob worm, which exploits
the Windows PnP vulnerability has it spreads through network
shares. It can be used to allow backdoor access to the infected
machine and modify the Windows HOSTS file to limit access to
security related Web sites. (Sophos)
The top 5: Today's most-read stories
1. Google hacking <http://www.networkworld.com/nlvirusbug6699>
2. Supermarket chain freezes Internet access
<http://www.networkworld.com/nlvirusbug6700>
3. Cisco warns of another IOS bug
<http://www.networkworld.com/nlvirusbug6891>
4. Firefox upgrade offers improved usability, security
<http://www.networkworld.com/nlvirusbug6892>
5. 2005 salary survey
<http://www.networkworld.com/nlvirusbug4048>
_______________________________________________________________
To contact: Jason Meserve
Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>
Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by ProCurve Networking by HP
Network World Executive Guide: The Evolution of Management
Technologies
With applications and infrastructures growing more sophisticated
and demanding, network and systems management technologies are
more critical than ever. Elevating their focus from bits and
bytes, these networked systems are being called on to close the
gap between IT and business services. Read about the future of
management, including BSM and emerging automation tools. Learn
about 'hot spots' and 'best products' in network management.
http://www.fattail.com/redir/redirect.asp?CID=114147
_______________________________________________________________
ARCHIVE LINKS
Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html
Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
GARTNER'S SECURITY HYPE-O-METER
What is hype and has it influenced your network security
efforts? At a recent Gartner security summit, analysts described
what they say are "The Five Most Overhyped Security Threats,"
risks that have been overblown and shouldn't be scaring everyone
as much as they seem to be. For more, click here:
<http://www.networkworld.com/weblogs/security/009180.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2
International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment