Apple patches QuickTime

NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
06/06/05
Today's focus: Apple patches QuickTime

Dear security.world@gmail.com,

In this issue:

* Patches from Apple, Gentoo, HP, others
* Beware sophisticated Web attack detailed by CA
* Mytob writers could be creating a super bug
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Dupont
Reduce Fire Safety Risk in Your Network!

Concerns are rising about the growing number of combustible
cables present in buildings required to service the
ever-increasing demands of IT networks. More workstations are
taxing the infrastructure. These concerns are the thrust behind
new "limited combustible" cables that reduce fire safety risk.
Click here for news, a free demo CD and more. Visit DuPont's
Cabling center today!
http://www.fattail.com/redir/redirect.asp?CID=106112
_______________________________________________________________
FREE NETWORK WORLD PRINT SUBSCRIPTIONS FOR NEWSLETTER
SUBSCRIBERS

Security is one of the most pressing issues in all of IT, and
you need to stay on top of it. Network World delivers the
hottest security news. Network IT Executives depend upon Network
World for the information they need to keep their networks
secure! Subscribe today at
http://www.fattail.com/redir/redirect.asp?CID=105769
_______________________________________________________________

Today's focus: Apple patches QuickTime

By Jason Meserve

Today's bug patches and security alerts:

Apple releases security update for QuickTime

A flaw in the way Quartz Composer objects are handled by
QuickTime 7.0 could be exploited to gather local data and send
it to a remote Web site. QuickTime Version 7.0.1 fixes the
issue:
<http://docs.info.apple.com/article.html?artnum=301714>
**********

Debian, Gentoo patch Mailutils

Multiple flaws have been found in the Debian and Gentoo
implementation of Mailutils, a collection mail utility
applications. The most serious of the vulnerabilities could be
exploited to run malicious code on the affected machine. For
more, go to:

Debian:
<http://www.debian.org/security/2005/dsa-732>

Gentoo:
<http://security.gentoo.org/glsa/glsa-200505-20.xml>
**********

Debian releases fix for bzip2

A race condition in bzip2, a file compressor and decompressor,
could be exploited by an attacker to change permissions of a
file being decompressed. For more, go to:
<http://www.debian.org/security/2005/dsa-730>

Debian patches krb4

A couple of buffer overflows have been found in the telnet
client that comes with the krb4 package for Debian. A remote
attacker may exploit these flaws to run malicious applications
on the affected machine. For more, go to:
<http://www.debian.org/security/2005/dsa-731>
**********

HP patches OpenView Radia Management Applications

According to an alert from HP, "A potential security
vulnerability has been identified with HP OpenView Radia
Management Applications - Radia Notify Daemon versions 2.x, 3.x,
and 4.x where the potential vulnerability could be exploited to
allow a remote user to execute unauthorized programs on managed
client systems leading to unauthorized access to data and denial
of service." For more, go to:
<http://www.securityfocus.com/archive/1/401417/30/0/threaded>

Related advisory from Grok:
<http://www.grok.org.uk/advisories/radexecd.html>
**********

Fedora releases update for kernel

A number of vulnerabilities in the Fedora Legacy kernel have
been fixed, which impacts Red Hat Linux 7.3, Red Hat Linux 9 and
Fedora Core 1. The most serious of the flaws could be exploited
to run malicious code on the affected machine. For more, go to:
<http://www.securityfocus.com/archive/1/401520/30/0/threaded>
**********

Patch available for Drupal

A flaw in the Drupal content management system could be
exploited by an attacker to gain administration privileges on
the affected machine. For more, go to:
<http://drupal.org/drupal-4.6.1>
**********

Today's roundup of virus alerts:

CA details sophisticated Web attack

A new "sophisticated" attack that uses three pieces of malware
to turn PCs into zombies that can be sold to criminal groups has
appeared on the Internet this week, security vendor Computer
Associates said Thursday. IDG News Service, 06/02/05.
<http://www.networkworld.com/news/2005/060205-ca-worm.html?nl>

W32/Agobot-SV - A backdoor worm that exploits a number of known
Windows vulnerabilities as it tries to enter through a network
share. It drops "wmmndir.exe" on the infected machine and can
disable security-related applications. (Sophos)

W32/Sdbot-YW - This IRC backdoor worm can be used in
denial-of-service attacks and to download/execute code from a
remote site. It spreads through network shares, dropping
"hmusvc32.exe" on the infected machine. (Sophos)

W32/Sdbot-ZE - Another Sdbot variant. This one drops "hdsys.exe"
on the infected machine and can disable security applications.
(Sophos)

W32/Rbot-AEF - Another backdoor bot that allows access to the
infected machine via IRC. This Rbot variant drops "WINSYS.exe"
in the Windows System folder. (Sophos)

W32/Rbot-AEJ - This Rbot variant installs itself as "system.exe"
and can be used for a number of malicious applications,
including launching a denial-of-service attack, acting as a
proxy server and logging keystrokes. (Sophos)

W32/Mytob-M - A mass-mailing worm variant that spreads through a
message looking like an account warning of some type. The
attachment could be a zip file with a double extension to
confuse users. It disables access to security Web sites by
modifying the Windows HOSTS file. (Sophos)

Troj/CashGrab-C - A Trojan that attempts to steal information
entered into banking Web sites. One file it installs on the
infected machine is "msupdate.dll". (Sophos)

Troj/FakeAle-D - A virus that displays a fake blue screen error
message in the background of the infected Windows machine. It
also can be change the setting for Internet Explorer. It drops
"wp.exe" on the infected machine. (Sophos)
**********

From the interesting reading department:

Mytob writers could be creating a super bug

Virus writers responsible for the recent rash of Mytob worm
variants could be working on creating a super worm, a security
researcher warned Friday. The "HellBot" group behind the Mytob
worms write programming instructions in their code that mirror
the way developers work, said Sophos Security Consultant Carole
Theriault. IDG News Service, 06/03/05.
<http://www.networkworld.com/news/2005/060305-mytob-worm.html?nl>
_______________________________________________________________
To contact: Jason Meserve

Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>
_______________________________________________________________
This newsletter is sponsored by Dupont
Reduce Fire Safety Risk in Your Network!

Concerns are rising about the growing number of combustible
cables present in buildings required to service the
ever-increasing demands of IT networks. More workstations are
taxing the infrastructure. These concerns are the thrust behind
new "limited combustible" cables that reduce fire safety risk.
Click here for news, a free demo CD and more. Visit DuPont's
Cabling center today!
http://www.fattail.com/redir/redirect.asp?CID=106111
_______________________________________________________________
ARCHIVE LINKS

Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html

Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
CALL FOR ENTRIES: 2005 ENTERPRISE ALL-STAR AWARDS

Network World is looking for entries for its inaugural
Enterprise All-Star Awards program. The Enterprise All-Star
Awards will honor user organizations that demonstrate
exceptional use of network technology to further business
objectives. Network World will honor dozens of user
organizations from a wide variety of industries, based on a
technology category. Deadline: July 8. Enter today:
<http://www.networkworld.com/survey/easform.html?net>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To unsubscribe from promotional e-mail go to:
<http://www.nwwsubscribe.com/Preferences.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005