SquirrelMail flaws fixed

NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
06/23/05
Today's focus: SquirrelMail flaws fixed

Dear security.world@gmail.com,

In this issue:

* Patches from Gentoo, Mandriva, others
* Beware new Mytob variants
* Computers' Insecure Security
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Oracle
SAN and SMP, Pooling or Provisioning - what does it all mean?

Find out with the Oracle Grid Computing Glossary! Like any
technology, grid computing is made up of a specialized set of
terms and acronyms. This comprehensive glossary provides a
definition of important grid-related terms.
http://www.fattail.com/redir/redirect.asp?CID=107102
_______________________________________________________________
FREE NETWORK WORLD PRINT SUBSCRIPTIONS FOR NEWSLETTER
SUBSCRIBERS

Security is one of the most pressing issues in all of IT, and
you need to stay on top of it. Network World delivers the
hottest security news. Network IT Executives depend upon Network
World for the information they need to keep their networks
secure! Subscribe today at
http://www.fattail.com/redir/redirect.asp?CID=106873
_______________________________________________________________

Today's focus: SquirrelMail flaws fixed

By Jason Meserve

Today's bug patches and security alerts:

SquirrelMail flaws fixed

A number of cross-scripting vulnerabilities have been found in
SquirrelMail, a PHP-based Webmail application. An attacker could
exploit this by sending specially crafted URLs to the intended
victim, allowing the attacker to take control of the user's
session. For more, go to:
<http://www.squirrelmail.org/security/issue/2005-06-15>

Related Gentoo fix:
<http://security.gentoo.org/glsa/glsa-200506-19.xml>
**********

Gentoo releases fix for MediaWiki

A flaw in the way MediaWiki, a tool for editing wikipedia
entries, handles inclusions on template pages could be exploited
in a cross-scripting attack. Malicious code could be run via an
unsuspecting user's browser. For more, go to:
<http://security.gentoo.org/glsa/glsa-200506-12.xml>

Gentoo patches webapp-config

The Gentoo application install utility webapp-config does not
create temporary files in a secure manner. An attacker could
exploit this to run potentially malicious code on the affected
machine. For more, go to:
<http://security.gentoo.org/glsa/glsa-200506-13.xml>

Gentoo issues patch for PeerCast

The PeerCast multimedia streaming engine for Gentoo contains a
format string vulnerability that could be exploited to run
malicious applications on the affected machine. A fix is
available. For more, go to:
<http://security.gentoo.org/glsa/glsa-200506-15.xml>

Gentoo fixes cpio flaw

A directory traversal vulnerability has been found in Gentoo's
implementation of cpio, a file archiving tool. An attacker could
exploit this to view virtually any directory on the affected
system. For more, go to:
<http://security.gentoo.org/glsa/glsa-200506-16.xml>
**********

Mandriva, Ubuntu patch tcpdump

A number of the tcpdump protocol decoders contain flaws that
could send the network monitoring application into an infinite
loop, resulting in a denial of service. For more, go to:

Mandriva:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:101>

Ubuntu:
<https://www.ubuntulinux.org/support/documentation/usn/usn-141-1>
**********

Mandriva patches gedit

According to a Mandriva security advisory, "A vulnerability was
discovered in gEdit where it was possible for an attacker to
create a file with a carefully crafted name which, when opened,
executed arbitrary code on the victim's computer. It is highly
unlikely that a user would open such a file, due to the file
name, but could possibly be tricked into opening it." For more,
go to:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:102>
**********

Gentoo, SuSE patch Java flaw

As we reported last week, Sun found a couple flaws in its Java
Runtime environment that could allow an attacker to take control
of the infected machine. Gentoo and SuSE have released updates
for their respective Linux platforms to fix these Java
vulnerabilities. For more, go to:

Gentoo:
<http://security.gentoo.org/glsa/glsa-200506-14.xml>

SuSE:
<http://www.networkworld.com/go2/0620bug2b.html>
**********

Gentoo, Mandriva, Ubuntu release Sudo patch

A race condition in Sudo could be exploited to run applications
with the privileges on another user. Fixes are available. For
more, go to:

Gentoo:
<http://security.gentoo.org/glsa/glsa-200506-22.xml>

Mandriva:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:103>

Ubuntu:
<https://www.ubuntulinux.org/support/documentation/usn/usn-142-1>
**********

Today's roundup of virus alerts:

Downloader.DCM - A Trojan Horse that installs Dumador.BC (below)
on the infected machine. The Downloader.DCM code must be spread
manually and attempts to hide from firewalls and other security
applications. (Panda Software)

Dumador.BC - A remote control tool that is dropped by
Download.DCM. It also disables anti-virus applications on the
affected machine. (Panda Software)

Looxee - A hacker tool that can be used to monitor activity on
an infected machine, including e-mails, chats and other
applications. (Panda Software)

W32/Mytob-BI - A new variant of the Mytob e-mail/network share
worm. This version drops "winsys33.exe" on the infected machine
and can limit access to security Web sites by modifying the
Windows HOSTS file. The infected e-mail message looks like an
account suspended warning. (Sophos)

W32/Mytob-GZ - Another Trojan that can be controlled through an
IRC connection. This Mytob variant drops "taskmr.exe" on the
infected machine. It's e-mails look like a status report or
delivery failure message. (Sophos)

W32/Mytob-BQ - Batting for a triple with Mytob, that variant
installs itself as "winxpserv.exe" on the infected machine. It
too limits access to the security Web sites by modifying the
Windows HOSTS file. (Sophos)

W32/Rbot-KX - An Rbot variant that allows backdoor access
through IRC and can be used for a number of malicious purposes,
including running proxy servers on the infected machine and
logging keystrokes. It spreads through network shares and drops
"iiexplorer.exe" in the Windows System folder. (Sophos)

W32/Rbot-AFR - This Rbot variant exploits a couple different
Windows vulnerabilities as it spreads through shared network
drives. It too can allow control through IRC and be used for a
number of malicious purposes. It installs "syspci32.exe" in the
Windows System folder. (Sophos)

W32/Sdbot-ZM - A Trojan that installs itself as "nawdll32.exe"
in the Windows System directory. It spreads through network
shares and allows backdoor access via IRC. It can act as an FTP
server and download/execute additional code. (Sophos)

W32/Sdbot-YW - Another Sdbot variant that allows control of the
infected machine via IRC. YW drops "hmusvc32.exe" in the Windows
System folder. (Sophos)

W32/Sdbot-ZO - Our third Sdbot variant today acts much the same
way as the previous two. It's infected file is "burndl32.exe".
(Sophos)

Troj/Bizves-B - A downloader Trojan that installs as
"popcorn.exe". (Sophos)

W32/Randon-AN - Another Trojan horse application that attempts
to provide access to the infected host through IRC. It drops a
number of files on the target machine, including "app.exe" and
"netservup.exe". (Sophos)
**********

From the interesting reading department:

Computers' Insecure Security

A new Yankee Group report, to be released June 20, shows the
number of vulnerabilities found in security products increasing
sharply for the third straight year - and for the first time
surpassing those found in all Microsoft products. The majority
of these weaknesses are found by researchers, academics, and
security companies. Trouble is, hackers then take those findings
and use it for nefarious purposes. BusinessWeek Online,
06/17/05.
<http://www.networkworld.com/go2/0620bug2a.html>
_______________________________________________________________
To contact: Jason Meserve

Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>

Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Oracle
SAN and SMP, Pooling or Provisioning - what does it all mean?

Find out with the Oracle Grid Computing Glossary! Like any
technology, grid computing is made up of a specialized set of
terms and acronyms. This comprehensive glossary provides a
definition of important grid-related terms.
http://www.fattail.com/redir/redirect.asp?CID=107101
_______________________________________________________________
ARCHIVE LINKS

Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html

Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
CALL FOR ENTRIES: 2005 ENTERPRISE ALL-STAR AWARDS

Network World is looking for entries for its inaugural
Enterprise All-Star Awards program. The Enterprise All-Star
Awards will honor user organizations that demonstrate
exceptional use of network technology to further business
objectives. Network World will honor dozens of user
organizations from a wide variety of industries, based on a
technology category. Deadline: July 8. Enter today:
<http://www.networkworld.com/survey/easform.html?net>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005