Monday, July 25, 2005

Flaw in Novell GroupWise Webaccess


NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
07/25/05
Today's focus: Flaw in Novell GroupWise Webaccess

Dear security.world@gmail.com,

In this issue:

* Patches from Debian, HP, Gentoo, others
* Beware latest Mytob variants
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Colubris Networks
5 Key Principles to Creating a Wireless LAN Plan. Download "The
New Wireless LAN Architecture" Special Report today.

Agility is the key to managing a successful Wireless LAN. In
the Special Report The New Wireless LAN Architecture, read how
you can create a plan based on 5 key principles. You will also
assess enhanced services while reviewing the primary business
and organizational trends that are driving this technology.
http://www.fattail.com/redir/redirect.asp?CID=108842
_______________________________________________________________
CYBERSLACKING - IT COSTS

To the tune of $178 billion annually, according to a recent
study. Employees, at work, are reading the news, checking
personal e-mail, conducting online banking, travel and shopping
more than you might realize. How much time? Click here for more:

http://www.fattail.com/redir/redirect.asp?CID=108713
_______________________________________________________________

Today's focus: Flaw in Novell GroupWise Webaccess

By Jason Meserve

Today's bug patches and security alerts:

Flaw in Novell GroupWise Webaccess

A cross-scripting vulnerability has been discovered in the
Novell GroupWise Webaccess client. An attacker could send a
specially crafted message that when opened through the Webaccess
client, could execute on the local system. For more, go to:
<http://securitytracker.com/alerts/2005/Jul/1014515.html>

Novell advisory:
<http://www.networkworld.com/go2/0725bug1a.html>
**********

Debian patches heimdal

A buffer overflow in Debian's implementation of Heimdal could be
exploited to run malicious code on the affected machine. For
more, go to:
<http://www.debian.org/security/2005/dsa-765>

Debian issues fix for ekg

A number of flaws have been found in ekg, a instant messenger
application. The most serious of the flaws could be exploited to
run malicious code on the affected machine. For more, go to:
<http://www.debian.org/security/2005/dsa-760>

Debian updates phppgadmin

According to an alert from Debian, "A vulnerability has been
discovered in phppgadmin, a set of PHP scripts to administrate
PostgreSQL over the WWW, that can lead to disclose sensitive
information. Successful exploitation requires that
"magic_quotes_gpc" is disabled." For more, go to:
<http://www.debian.org/security/2005/dsa-759>

Debian patches krb5

Two flaws in the MIT Kerberos 5 system (krb5) could be exploited
to run arbitrary code on the affected machine. For more, go to:
<http://www.debian.org/security/2005/dsa-757>
**********

HP patches TCP/IP stack flaw in HP-UX

According to an alert from HP, "Several potential security
vulnerabilities have been identified in the HP Tru64 UNIX TCP/IP
including ICMP, and Initial Sequence Number generation (ISN).
These exploits could result in a remote denial-of-service from
network throughput reduction for TCP connections, the reset of
TCP connections, or TCP spoofing." For more, go to:
<http://www.securityfocus.com/archive/1/405647/30/60/threaded>
**********

KDE warns of flaw in Kate

A flaw in the way file permissions are set when Kate restores
files to system could allow more liberal access to files after a
restore. For more, go to:
<http://www.kde.org/info/security/advisory-20050718-1.txt>

Related patches:

Mandriva:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:122>

Ubuntu:
<https://www.ubuntulinux.org/support/documentation/usn/usn-150-1>
**********

Zlib flaw patched

A flaw in the way zlib, a file compression/decompression
utility, handles compressed files could be exploited to crash
the application. For more, go to:

Debian:
<http://www.debian.org/security/2005/dsa-763>

Gentoo:
<http://security.gentoo.org/glsa/glsa-200507-19.xml>

Mandriva:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:124>

Ubuntu:
<https://www.ubuntulinux.org/support/documentation/usn/usn-151-1>
**********

Gentoo patches Mozilla Thunderbird

A new update for the Mozilla-based Thunderbird browser could be
exploited to run script with elevated privileges on the affected
machine. For more, go to:
<http://security.gentoo.org/glsa/glsa-200507-17.xml>
**********

Mandriva patches nss_ldap

According to Mandriva, "Rob Holland, of the Gentoo Security
Audit Team, discovered that pam_ldap and nss_ldap would not use
TLS for referred connections if they are referred to a master
after connecting to a slave, regardless of the "ssl start_tls"
setting in ldap.conf." For more, go to:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:121>
**********

Today's roundup of virus alerts:

W32/Opanki-F -- A backdoor Trojan that allows access via IRC and
spreads through AOL Instant Messenger using the text "hehe i
promise it wasn't me <url removed>". It installs itself as
"taskbar.exe". (Sophos)

W32/Kelvir-AQ -- Another worm that spreads through instant
messaging, this time Microsoft Messenger with the text "wtff why
are you in this crazy site?". (Sophos)

W32/Kelvir-AR -- Another Kelvir variant that attempts to direct
people to a malicious Web site, which has been taken offline.
(Sophos)

Troj/Brospy-A -- A worm that harvests passwords and username
information from the infected machine, sending the data to a
specified e-mail address. It drops "appwiz.dll" in the Windows
System folder. (Sophos)

Troj/Bancos-DH -- This worm displays fake login pages for
banking sites as a means of gathering username and password
data. It drops "comdlg32.ocx" in the Windows System folder.
(Sophos)

W32/Rbot-AGW -- A new Rbot variant that spreads through network
shares, dropping "winupdat32.exe" in the Windows System folder.
It allows backdoor access through an IRC channel. (Sophos)

Troj/Borobot-I -- This backdoor worm spreads through network
shares and drops "msupdate.exe" on its host. (Sophos)

Troj/Iyus-N -- A downloader Trojan that drops two files,
"setting.inf" and "install.exe". It also disables security
applications running on the infected machine. (Sophos)

Troj/Bancban-DV -- A password stealing Trojan that targets
Brazilian banking sites. It drops "imgrt.scr" in the Windows
System folder. (Sophos)

W32/Mytob-DU -- The latest Mytob variant spreads through e-mail,
exploiting the Windows LSASS vulnerability. It drops
"taskgmrs.exe" in the Windows System folder. (Sophos)

W32/Mytob-IN -- Another Mytob variant. This one uses a message
that looks like something sent to a member of a group, alerting
of them of a password update. It drops "memloader.exe" in the
Windows System folder, prevents access to security site by
modifying the Windows HOSTS file and disables security
applications. (Sophos)

The top 5: Today's most-read stories

1. Future-proof your network
<http://www.networkworld.com/nlvirusbug3583>

2. City finds big savings in Linux
<http://www.networkworld.com/nlvirusbug3692>

3. Appliances replace DNS, DHCP software
<http://www.networkworld.com/nlvirusbug3584>

4. Life's rich in telecom... if you're a lawyer
<http://www.networkworld.com/nlvirusbug3693>

5. The ROI of VoIP <http://www.networkworld.com/nlvirusbug3586>

Today's most forwarded story:

Microsoft to acquire FrontBridge for e-mail security
<http://www.networkworld.com/nlvirusbug3694>
_______________________________________________________________
To contact: Jason Meserve

Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>

Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Colubris Networks
5 Key Principles to Creating a Wireless LAN Plan. Download "The
New Wireless LAN Architecture" Special Report today.

Agility is the key to managing a successful Wireless LAN. In
the Special Report The New Wireless LAN Architecture, read how
you can create a plan based on 5 key principles. You will also
assess enhanced services while reviewing the primary business
and organizational trends that are driving this technology.
http://www.fattail.com/redir/redirect.asp?CID=108841
_______________________________________________________________
ARCHIVE LINKS

Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html

Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE

THE NEW DATA CENTER: SPOTLIGHT ON STORAGE

This Network World report takes a look at storage trends such as
virtualization, encryption and archiving. Here you will also
find seven tips for managing storage in the new data center, how
storage encryption can help ease the threat of identity theft,
why one exec believes its all about the information and more.
Click here:

<http://www.networkworld.com/supp/2005/ndc4/>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

No comments:

Post a Comment