JASON MESERVE VIRUS AND BUG PATCH ALERT
10/20/05
Today's focus: Oracle patches 88 holes in quarterly security
update
In this issue:
* Patches from Oracle, Cisco, KDE, others
* Beware four new Rbot variants
* Possible issue with latest Windows update
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Avocent
Network World Executive Guide: Reviewing Trends and Insights for
SMB Executives
Life is different for IT professionals at small and mid-sized
businesses, which don't have the luxury of hiring legions of
network experts. Read how network executives are keeping a firm
footing on an ever-shifting product landscape. Learn about
trends and insights surrounding VoIP and VPNs; plus get
commentaries from leading experts on storage strategies for
smaller businesses.
http://www.fattail.com/redir/redirect.asp?CID=117599
_______________________________________________________________
This newsletter is sponsored by Trend Micro
The Trend Micro Threat Map dynamically displays real-time data
to show worldwide trends in virus and content security threats
as they happen. Collected from actual computer infections, the
Threat Map can be used to help determine appropriate security
policies, based on the prevalence of threats that can adversely
affect your business.
http://www.fattail.com/redir/redirect.asp?CID=117488
_______________________________________________________________
Today's focus: Oracle patches 88 holes in quarterly security
update
By Jason Meserve
Today's bug patches and security alerts:
Oracle patches 88 holes in quarterly security update
Oracle released a bundle of critical security patches for its
software on Tuesday, fixing 88 vulnerabilities in products
including its database and application servers, and in some
PeopleSoft and JD Edwards applications. A work-around exists for
just one of the vulnerabilities, according to Oracle. It
recommends applying the patches as soon as possible. IDG News
Service, 10/19/05.
<http://www.networkworld.com/nl9231>
Oracle advisory:
<http://www.networkworld.com/go2/1017bug2a.html>
Related CERT advisory:
<http://www.us-cert.gov/cas/techalerts/TA05-292A.html>
**********
Sourcefire discloses buffer-overflow vulnerability in Snort
Sourcefire, which oversees the open-source intrusion-detection
system Snort and makes commercial products based on it, Tuesday
disclosed a major vulnerability in Snort along with corrective
measures to mitigate the risk. NetworkWorld.com, 10/18/05.
<http://www.networkworld.com/news/2005/101805-snort.html?nl>
Sourcefire advisory:
<http://www.networkworld.com/nl9232>
Related CERT advisory:
<http://www.us-cert.gov/cas/techalerts/TA05-291A.html>
Related ISS advisory:
<http://xforce.iss.net/xforce/alerts/id/207>
**********
IBM warns of AIX flaw
The Iscfg command in IBM's AIX 5.2 contains a flaw that could be
exploited by a local user to gain elevated privileges (including
root) on the affected machine. For more, go to:
<http://www-1.ibm.com/support/docview.wss?uid=isg1IY77624>
**********
Cisco warns of 11500 Content Services Switch flaw
According to a Cisco advisory, "Cisco CSS 11500 Series Content
Services Switches (CSS) configured with Secure Socket Layer
(SSL) termination services are vulnerable to a denial-of-service
(DoS) attack when processing malformed client certificates.
Cisco has made free software available to address this
vulnerability. There are workarounds available to mitigate the
effects of the vulnerability." For more, go to:
<http://www.networkworld.com/nl9233>
**********
Possible issue with latest Windows update
Microsoft is reporting that one of its October security updates
(MS05-051) may cause other problems, including not allowing
authenticated users to log in. A workaround is available:
<http://support.microsoft.com/kb/909444/en-us>
Original advisory:
<http://www.microsoft.com/technet/security/advisory/909444.mspx>
**********
KDE reports KWord RTF import buffer overflow
A buffer overflow in the KWord RTF importer could be exploited
to run malicious code on the affected machine. KWord is part of
the KOffice suite. A fix is available:
<http://www.kde.org/info/security/advisory-20051011-1.txt>
**********
OpenPKG, SuSE patch OpenSSL
A flaw in the way OpenSSL handles a newer version of the SSL
protocol could result in the use of a less-secure version of
SSL. An attacker could exploit this to tamper with the data
being transmitted. For more, go to:
OpenPKG:
<http://www.networkworld.com/nl9234>
SuSE:
<http://www.networkworld.com/go2/1017bug2b.html>
**********
Mandriva, Ubuntu patch lynx
A buffer overflow in the Lynx news reader could be exploited to
redirect users to malicious Web sites. For more, go to:
Mandriva:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:186>
Ubuntu:
<http://www.networkworld.com/go2/1017bug2c.html>
**********
Today's roundup of virus alerts:
W32/Mytob-GH -- Another new Mytob e-mail worm variant. The
infected messages have a subject line that look like an account
warning and a ZIP attachment. This variant installs itself as
"d.exe" in the Windows System folder, allows backdoor access via
IRC and attempts to terminate security related applications.
(Sophos)
W32/Mytob-FA -- Yet another Mytob e-mail worm. It too spreads
through a message that looks like an account warning. The
infected attachment will have a double extension, ending in BAT,
CMD, PIF, SCR, EXE or ZIP. It drops "wID32.exe" on the infected
machine. (Sophos)
W32/Fanbot-H -- Fanbot works in a similar way to Mytob above,
but also spreads through P2P networks. The infected e-mail
message looks like an account warning or an invitation to Skype.
The attachment will be a ZIP file. It allows backdoor access
through IRC. (Sophos)
W32/Fanbot-C -- This Fanbot variant installs itself as
"remote.exe" in the Windows System folder. It disables access to
security related Web sites by modifying the Windows HOSTS file.
(Sophos)
W32/Fanbot-K -- Our third Fanbot variant of the day drops
"remote.exe" in the Windows System directory and runs as the
service "Ph4nt0m". It too allows backdoor access via IRC and can
be used for a number of malicious purposes. (Sophos)
Troj/Dloader-WF -- A downloader application that tries to grab
files from <http://www.slotch.com/>. (Sophos)
Troj/GrayBird-X -- This worm installs itself as "svchost.exe" in
the Windows System directory and attempts to connect with remote
servers via HTTP. It also injects its code into Internet
Explorer to avoid detection. (Sophos)
W32/Rbot-APJ -- An Rbot variant that exploits a number of
well-known Windows vulnerabilities as it spreads through network
shares. It can allow backdoor access via IRC and can be used to
launch distributed denial-of-service attacks and to steal local
information. It's installed as "mswin.pif". (Sophos)
W32/Rbot-ASH -- Like most Rbot variants, this one spreads
through network shares and allows backdoor access via IRC. It
drops "lockx.exe" in the Windows System folder. (Sophos)
W32/Rbot-ASF -- The third Rbot variant of the day drops
"svchoes.exe" in the Windows System folder. Its malicious
properties are similar to those above. (Sophos)
W32/Rbot-ASI -- Our fourth Rbot variant today drops
"winsrvc.exe" in the Windows System directory. (Sophos)
Troj/Dadobra-H -- This backdoor worm installs "updatexp.exe" in
the Windows System directory. It can send notification messages
to remote hosts and download additional code via HTTP. (Sophos)
Troj/Bancban-AN -- A password-stealing Trojan that captures
information entered into Internet banking sites. It copies
itself to "smss.exe" in the Windows System folder. (Sophos)
W32/Leebad-A -- A Windows worm that sets up a new administrator
account on the infected machine. It drops "System32.exe" and
"system32dll.dll" on the target machine. The latter is a
keylogger. (Sophos)
W32/Bagle-AP -- This Bagle variant spreads through e-mail and
peer-to-peer networks. The infected message appears to come from
" <mailto:monica@postcard.ru> " and has some Russian text. The
e-mail recipient is directed to click a link, which will
download additional malicious code. (Sophos)
Troj/Taladra-F -- A backdoor Trojan that installs "ntsvc.ocx" in
the Windows System folder. No word on how it spreads between
machines. (Sophos)
W32/Brontok-A -- An e-mail worm that uses a random subject line
but always has the attachment "Kangen.exe". (Sophos)
Troj/Squado-A -- A downloader Trojan that drops "MS Office.hta"
in the Windows system folder. No word on how it spreads.
(Sophos)
Troj/Tompai-B -- A backdoor worm that reports its existence to
the author via e-mail. It drops a number of EXE files on the
target, including "mainsv.exe" in the Windows System folder.
Backdoor access is provided via IRC. (Sophos)
_______________________________________________________________
To contact: Jason Meserve
Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>
Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Avocent
Network World Executive Guide: Reviewing Trends and Insights for
SMB Executives
Life is different for IT professionals at small and mid-sized
businesses, which don't have the luxury of hiring legions of
network experts. Read how network executives are keeping a firm
footing on an ever-shifting product landscape. Learn about
trends and insights surrounding VoIP and VPNs; plus get
commentaries from leading experts on storage strategies for
smaller businesses.
http://www.fattail.com/redir/redirect.asp?CID=117598
_______________________________________________________________
FEATURED READER RESOURCE
Network World New Data Center: Spotlight on Advanced IP
Piecing Together the Next Generation IT Architecture. This 5th
installment in a 6 part series takes a look at at On-demand
services, automated management, and management technologies.
PLUS, see how two IT Execs are plotting their way to an all
IP-world. This NDC issue has it all, click here to read now:
<http://www.networkworld.com/supp/2005/ndc5/>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at <http://www.subscribenw.com/nl2>
International subscribers click here:
<http://nww1.com/go/circ_promo.html>
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment