JASON MESERVE VIRUS AND BUG PATCH ALERT
10/17/05
Today's focus: Symantec patches Veritas NetBackup bug
In this issue:
* Patches from Gentoo, Debian, Mandriva others
* Beware new Trojan, Sdbot, Mytob variants
* Exploit code discovered for new Microsoft flaw
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Avaya
Network World Executive Guide: Making the Most of Mobility
As the demand for wireless access grows so does the need for
timely information about this technology. The editors of Network
World have put together the following Executive Guide so IT
professionals can take a clear look at mobile standards,
security, what's happening in the field and where mobility is
headed.
http://www.fattail.com/redir/redirect.asp?CID=117623
_______________________________________________________________
IS WIMAX REALLY JUST AROUND THE CORNER?
With excitement building about WiMAX, you might be surprised
that, technically, no real WiMAX products are available yet.
That is, none that meet the 802.16 profile as defined by the
WiMAX Forum and certified compatible by the Forum's appointed
lab in Spain. Will there be products? Click here for more:
http://www.fattail.com/redir/redirect.asp?CID=117730
_______________________________________________________________
Today's focus: Symantec patches Veritas NetBackup bug
By Jason Meserve
Today's bug patches and security alerts:
Symantec patches Veritas NetBackup bug
Symantec has patched a critical vulnerability in its Veritas
NetBackup software that could be used to seize control of an
unpatched system. A bug in the Java authentication service, used
by both NetBackup servers and clients, could be exploited by
means of a specially crafted command, which could give attackers
control of the system, said the French Security Incident
Response Team, in a bulletin posted Wednesday. IDG News Service,
10/13/05.
<http://www.networkworld.com/news/2005/101305-symantec.html>
Symantec advisory:
<http://www.networkworld.com/nl8867>
**********
A number of Linux vendors have released a slew of patches, so
we're going with an abbreviated roundup to get them all
published.
Gentoo:
* uw-imap (buffer overflow, code execution):
<http://security.gentoo.org/glsa/glsa-200510-10.xml>
* KOffice, KWord (buffer overflow, code execution):
<http://security.gentoo.org/glsa/glsa-200510-12.xml>
* SPE (file permissions, privilege escalation):
<http://security.gentoo.org/glsa/glsa-200510-13.xml>
**********
Debian:
* tcpdump (buffer overflow, denial of service):
<http://www.debian.org/security/2005/dsa-854>
* openvpn (multiple flaws):
<http://www.debian.org/security/2005/dsa-851>
* up-imapproxy (format string flaws, code execution):
<http://www.debian.org/security/2005/dsa-852>
* ethereal (multiple flaws):
<http://www.debian.org/security/2005/dsa-853>
* py2play (design flaw, code execution):
<http://www.debian.org/security/2005/dsa-856>
* graphviz (permissions, file overwrite):
<http://www.debian.org/security/2005/dsa-857>
* xloadimage (buffer overflow, code execution):
<http://www.debian.org/security/2005/dsa-858>
* xli (buffer overflows, code execution):
<http://www.debian.org/security/2005/dsa-859>
* uw-imap (buffer overflow, code execution):
<http://www.debian.org/security/2005/dsa-861>
* ruby1.8 (programming error, code execution):
<http://www.debian.org/security/2005/dsa-864>
* hylafax (file permissions, file overwrite):
<http://www.debian.org/security/2005/dsa-865>
**********
Mandriva:
* squirrelmail (cross-scripting flaw):
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:178>
* squid (authentication flaw, denial of service):
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:181>
* curl (buffer overflow):
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:182>
* wget (buffer overflow):
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:183>
* cfengine (file permissions, symlink attack):
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:184>
* koffice (heap overflow, code execution):
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:185>
**********
Ubuntu:
* cfengine (file permissions, symlink attack):
<http://www.networkworld.com/go2/1017bug1a.html>
* kernel (multiple flaws):
<http://www.networkworld.com/go2/1017bug1b.html>
* Mozilla Thunderbird (buffer overflow, code execution):
<http://www.networkworld.com/go2/1017bug1c.html>
* sqwebmail (cross scripting, code execution):
<http://www.networkworld.com/go2/1017bug1d.html>
* KOffice (buffer overflow, code execution):
<http://www.networkworld.com/go2/1017bug1e.html>
* abiword (buffer overflow, code execution):
<http://www.networkworld.com/go2/1017bug1f.html>
* SSL library (cryptographic weakness):
<http://www.networkworld.com/go2/1017bug1g.html>
* Curl, wget (buffer overflows):
<http://www.networkworld.com/go2/1017bug1h.html>
**********
Today's roundup of virus alerts:
W32/Sdbot-ADY -- A new Sdbot variant that spreads through
network shares and allows back-door access via IRC. It installs
"smsc.exe" in the Windows folder and registers as "System
Manager Service". (Sophos)
Troj/Small-QJ -- A Trojan that drops "winhlp32.dll" on the
infected machine and can download code via an HTTP connection
from a remote server. (Sophos)
Troj/Istbar-BT -- Not much is known about this virus, other than
it drops "jfghjfgudk.exe" in the temp directory. (Sophos)
Troj/Agent-EN -- A Trojan that can be used in a distributed
denial-of-service attack on a third-party site. It installs
itself as "system16.exe", "system.exe", "systemup.exe" or
vbstub.exe". (Sophos)
W32/Mytob-EX -- This Mytob variant spreads through e-mail and
network shares, dropping "picx.exe" in the Windows System
folder. The infected e-mail message looks like a password update
confirmation or account warning. The virus can limit access to
security Web sites by modifying the Windows HOSTS file. (Sophos)
W32/Mytob-EY -- Another similar Mytob variant. This one uses
"winsvc.exe" in the Windows System directory as its infection
point. (Sophos)
Troj/Domwis-O -- A back-door Trojan that installs itself as
"syscfg16.exe" in the Windows folder. No word on how it spreads
between machines. (Sophos)
W32/Rbot-ARQ -- This Rbot variant exploits a number of known
Windows flaws as it spreads via network shares. It drops
"spoolsae.exe" and can be used for a number of malicious
purposes, including granting back-door access via IRC. (Sophos)
W32/Rbot-ARX -- Another Rbot variant that spreads through
network shares and allows back-door access via IRC. This one
installs "wurmgrd32.exe" in the Windows System directory.
(Sophos)
W32/Sober-L -- An e-mail worm that opens notepad and displays
the text "Mail-Text: Unzip failed" after infecting a machine. It
drops "SMSS.EXE" in a Windows subfolder. The infected e-mail
attachment will be a ZIP file. (Sophos)
W32/Agobot-TS -- This Agobot variant drops "winlogin.exe" in the
Windows System folder after spreading through a network share.
It can allow back-door access via IRC. (Sophos)
W32/Agobot-TU -- Another similar Agobot variant. This one
installs itself as "winjava.exe". (Sophos)
**********
From the interesting reading department:
Exploit code discovered for new Microsoft flaw
Security assessment vendor Immunity has discovered a way to
exploit a recently disclosed bug in Microsoft's Windows
operating system, and researchers are concerned that a new worm
attack - similar to last August's Zotob outbreak - may be
imminent. IDG News Service, 10/13/05.
<http://www.networkworld.com/nlsecuritynewsal8780>
HP recalls thousands of laptop battery packs
HP Friday recalled around 135,000 lithium-ion rechargeable
battery packs after several melted or charred the plastic cases
of laptops, a company spokesman said. IDG News Service,
10/14/05.
<http://www.networkworld.com/news/2005/101405-hp-recall.html>
_______________________________________________________________
To contact: Jason Meserve
Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>
Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Avaya
Network World Executive Guide: Making the Most of Mobility
As the demand for wireless access grows so does the need for
timely information about this technology. The editors of Network
World have put together the following Executive Guide so IT
professionals can take a clear look at mobile standards,
security, what's happening in the field and where mobility is
headed.
http://www.fattail.com/redir/redirect.asp?CID=117622
_______________________________________________________________
FEATURED READER RESOURCE
Network World Technology Insider on Security: Is Encryption the
Perspective?
Encryption won't solve all your security issues but these days
there is no excuse for not safeguarding your organization's
sensitive data. From Clear Choice product coverage to new
regulations and high-profile breaches, this Technology Insider
on Security covers it all. Click here to read now:
<http://www.networkworld.com/nlantispamnewsal7558>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at <http://www.subscribenw.com/nl2>
International subscribers click here:
<http://nww1.com/go/circ_promo.html>
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment