NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
09/15/05
Today's focus: Sun patches Java Web Proxy Server
Dear security.world@gmail.com,
In this issue:
* Patches from Sun, Debian, Trustix, others
* Beware new Mytob variant that spreads via a message that looks
like an account warning
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Ciena
Network World Executive Guide: Compliance can be an opportunity
for Network Improvements
Federal regulations such as the Health Insurance Portability and
Accountability Act and the Sarbanes-Oxley Act are driving
increased corporate spending on key IT areas such as security,
authentication, access control and document management. Get
advice from experts. Read about real-world tactics. Learn about
the dark side of compliance: what happens when thing wrong. And,
how mandates are affecting IT budgets.
http://www.fattail.com/redir/redirect.asp?CID=114120
_______________________________________________________________
Network World Technology Insider on Security
Is Encryption the Prescription?
Encryption won't solve all your security issues but these days
there is no excuse for not safeguarding your organization's
sensitive data. From Clear Choice product coverage to new
regulations and high-profile breaches, this Technology Insider
on Security covers it all. Click here to read now:
http://www.fattail.com/redir/redirect.asp?CID=114087
_______________________________________________________________
Today's focus: Sun patches Java Web Proxy Server
By Jason Meserve
Today's bug patches and security alerts:
Sun patches Java Web Proxy Server
Three vulnerabilities have been found in the Sun Java Web Proxy
Server. The flaws could be exploited in a denial-of-service
attack against the affected machine. Sun has released Version
3.6 Service Pack 8 to fix the problem. For more, go to:
<http://www.networkworld.com/nlvirusbug7115>
Related updates:
Apple:
<http://docs.info.apple.com/article.html?artnum=302265>
<http://docs.info.apple.com/article.html?artnum=302266>
**********
HP warns of flaw in OpenView Network Node Manager
According to an HP advisory, "Potential vulnerabilities have
been identified with OpenView Network Node Manager (OV NNM).
These vulnerabilities could be exploited remotely by an
unauthorized user to gain privileged access." For more, go to:
<http://www.securityfocus.com/archive/1/409720/30/60/threaded>
**********
More Squid updates available
As we reported earlier in the week, a denial of service
vulnerability has been found in the open source Squid proxy
server. Specifically, the flaw is in the "store.c" code library.
Additional fixes are available:
Debian:
<http://www.debian.org/security/2005/dsa-809>
Gentoo:
<http://security.gentoo.org/glsa/glsa-200509-06.xml>
Mandriva:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:162>
OpenPKG:
<http://www.openpkg.org/security/OpenPKG-SA-2005.021-squid.html>
**********
More Apache updates available
A couple of vulnerabilities have been found in the popular
Apache Web server, both Version 1 and 2. The flaws could be
exploited in a cross-scripting attack against other servers. For
more, go to:
Debian (Apache):
<http://www.debian.org/security/2005/dsa-803>
Debian (Apache2):
<http://www.debian.org/security/2005/dsa-805>
Mandriva (Apache2):
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:161>
SuSE:
<http://www.networkworld.com/nlvirusbug7116>
Ubuntu (Apache):
<http://www.networkworld.com/go2/0912bug2a.html>
Ubuntu (Apache2):
<http://www.networkworld.com/go2/0912bug2b.html>
**********
Trustix releases a "multi" update
A new update from Trustix fixes flaws apache, openssh and squid.
The most serious of the flaws could be exploited to run
malicious code on the affected machine. For more, go to:
<http://www.trustix.org/errata/2005/0047/>
**********
Debian patches kdelibs
A number of KDE graphical environments contain multiple flaws.
The most serious of them could be exploited to gain root access
on the affected machine. For more, go to:
<http://www.debian.org/security/2005/dsa-804>
**********
Today's roundup of virus alerts:
Troj/Dloader-UC -- A new downloader Trojan that pulls additional
malicious code from the Internet. It drops "ipwf.exe" in the
Windows System folder. (Sophos)
W32/Rbot-ANK -- An Rbot variant that spreads through network
shares by exploiting a number of Windows vulnerabilities. Rbot
allows backdoor access via IRC and can be used for a number of
malicious applications. This variant drops "mswinsck.exe" in the
Windows System folder. (Sophos)
W32/Rbot-ANP --Another similar Rbot variant. This one drops
"sdktemp.exe" in the Windows System folder. (Sophos)
W32/Sdbot-ACZ -- An Sdbot variant that exploits multiple Windows
flaws as it spreads via network shares. It installs itself as
"plou.exe" in the Windows System folder and allows backdoor
access via IRC. (Sophos)
Troj/Dropper-BC -- A virus that drops "gfgdgfddfgdfgwe.exe" in
the Windows system. Fortunately, it's a corrupt file and will
not run. (Sophos)
Troj/Dropper-BD -- Another corrupted version of Dropper. This
one installs "gfgdgfd.exe". (Sophos)
W32/Goldax-A -- Goldax is a peer-to-peer worm that drops
"mcfCC4.dll" and "mcfdrv.sys" in the Windows System folder of
the infected machine. It places a number of files that look like
porn on the infected system. (Sophos)
Troj/Divo-B -- A Trojan that tries to steal personal information
entered into banking sites, It spreads via network shares and
displays a message in Spanish or English asking the user to
enter "memorable information". (Sophos)
Troj/WinterLv-A -- A backdoor Trojan that allows attackers to
steal information, launch denial-of-service attacks, create an
FTP server and more. It registers itself as the service called
"Networksvc". (Sophos)
W32/Mytob-JM -- A new Mytob variant that spreads via a message
that looks like an account warning. It usually comes as an
attachment with a double extension. It installs itself as "Lien
Van de Kelder.exe" in the Windows System folder and can limit
access to security related Web sites by modifying the Windows
HOSTS file. (Sophos)
The top 5: Today's most-read stories
1. McAfee, Omniquad top anti-spyware test
<http://www.networkworld.com/nlvirusbug6939>
2. Google hacking <http://www.networkworld.com/nlvirusbug6699>
3. Supermarket chain freezes Internet access
<http://www.networkworld.com/nlvirusbug6700>
4. Cisco tackles RFID in the network
<http://www.networkworld.com/nlvirusbug7117>
5. What's the best way to protect against spyware?
<http://www.networkworld.com/nlvirusbug6940>
_______________________________________________________________
To contact: Jason Meserve
Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>
Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by ProCurve Networking by HP
Network World Executive Guide: The Evolution of Management
Technologies
With applications and infrastructures growing more sophisticated
and demanding, network and systems management technologies are
more critical than ever. Elevating their focus from bits and
bytes, these networked systems are being called on to close the
gap between IT and business services. Read about the future of
management, including BSM and emerging automation tools. Learn
about 'hot spots' and 'best products' in network management.
http://adserver.fattail.com/redir/redirect.asp?CID=114754
_______________________________________________________________
ARCHIVE LINKS
Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html
Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
IS IT THE NETWORK OR THE STORAGE THAT'S THE PROBLEM?
Midsize and larger businesses often find their IT topology has
become a complex mix of servers, networks and storage systems.
Many of these companies also route long-haul traffic over
fiber-based networks - metropolitan-area networks, WANs and
private optical networks. Who's responsible when a
storage-related problem occurs on a fiber network? For more,
click here:
<http://www.networkworld.com/nlvirusbug7118>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2
International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment