NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
08/04/05
Today's focus: CA patches critical BrightStor flaw
Dear security.world@gmail.com,
In this issue:
* Patches from CA, HP, Debian, others
* Beware virus spreading via e-mail with an attachment claiming
to be pictures of Saddam Hussein or Osama bin Laden
capture/killed
* Cisco.com passwords reset after exposure
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Ciena
NetworkWorld Special Report - The Adaptive WAN: The factors
driving WAN evolution
A combination of business and technology trends are changing the
demands on the enterprise WAN. This NetworkWorld Special Report
explores some of the key business and technology trends that are
driving and enabling the evolution of the enterprise WAN and how
the enterprise WAN can become adaptive to support these trends.
http://www.fattail.com/redir/redirect.asp?CID=109230
_______________________________________________________________
CAN'T STAND THE HEAT?
Neither can your servers. Having dense servers means more heat
and more power consumption in smaller spaces. Find out why just
adding more air conditioners won't cut it and what you need to
do to stay cool this summer... and beyond. Click here:
http://www.fattail.com/redir/redirect.asp?CID=109070
_______________________________________________________________
Today's focus: CA patches critical BrightStor flaw
By Jason Meserve
Today's bug patches and security alerts:
CA patches critical BrightStor flaw
Computer Associates has released software patches that fix a
critical vulnerability in the company's BrightStor ARCserve
Backup and Enterprise Backup agents. The vulnerability, which
was first discovered by security research firm iDefense, could
allow attackers to take control of a system running the
software. It could also be used as the basis of a denial of
service attack, according to an advisory published. IDG News
Service, 08/03/05.
<http://www.networkworld.com/news/2005/080305-ca-patch.html>
CA advisory:
<http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33239>
iDefense advisory:
<http://www.networkworld.com/go2/0801bug2a.html>
**********
Gentoo releases zlib update
A flaw in the way zlib, a file compression/decompression
utility, handles compressed files could be exploited to crash
the application. For more, go to:
<http://security.gentoo.org/glsa/glsa-200508-01.xml>
**********
Debian patches pdns
A number of vulnerabilities in pdns, a name server for Debian
Linux, could be exploited in a denial-of-service attack. For
more, go to:
<http://www.debian.org/security/2005/dsa-771>
Debian fixes apt-cacher
According to a Debian advisory, "Eduard Bloch discovered a bug
in apt-cacher, a caching system for Debian package and source
files, that could allow remote attackers to execute arbitrary
commands on the caching host as user www-data." For more, go to:
<http://www.debian.org/security/2005/dsa-772>
**********
Trustix releases another "multi"
A new update from Trustix fixes flaws in mysql, fetchmail, zlib,
perl, apache, netpbm, vim and nss_ldap. The most serious of the
vulnerabilities could be exploited to run malicious applications
on the affected machine. For more, go to:
<http://www.trustix.org/errata/2005/0038/>
**********
Mandriva, Ubuntu issues Mozilla updates
New Mozilla updates from Mandriva and Ubuntu fix flaws that
could be exploited to run arbitrary code on the affected
machine. For more, go to:
Mandriva:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:128>
Ubuntu (Mozilla Thunderbird):
<https://www.ubuntulinux.org/support/documentation/usn/usn-157-2>
**********
Ubuntu patches gzip
A flaw in the way gzip handles meta characters such as "|" and
"&" could be exploited to run malicious code on the affected
machine. For more, go to:
<https://www.ubuntulinux.org/support/documentation/usn/usn-158-1>
Ubuntu releases fix for unzip
According to an alert from Ubuntu, "If a ZIP archive contains
binaries with the setuid and/or setgid bit set, unzip preserved
those bits when extracting the archive. This could be exploited
by tricking the administrator into unzipping an archive with a
setuid-root binary into a directory the attacker can access.
This allowed the attacker to execute arbitrary commands with
root privileges." For more, go to:
<https://www.ubuntulinux.org/support/documentation/usn/usn-159-1>
**********
HP patches System Management Homepage
A buffer overflow in the HP System Management Homepage (v2.0.x)
could be exploited in a denial-of-service attack against the
affected system. For more, go to:
<http://www.securityfocus.com/archive/1/407141/30/0/threaded>
HP releases update for Apache on HP-UX
A denial-of-service vulnerability has been found in the version
of Apache for the HP-UX operating system. In addition, the flaw
could be used to bypass SSLCipherSuite restrictions. For more,
go to:
<http://www.securityfocus.com/archive/1/406996/30/0/threaded>
**********
Today's roundup of virus alerts:
W32/Bobax-N -- A virus that spreads through e-mail with an
attachment claiming to be pictures of Saddam Hussein or Osama
bin Laden capture/killed. The infected attachment will most
likely have a double extension. It can be used to disable
security applications on the infected machine. (Sophos)
W32/Lebreat-E -- A Trojan horse that spreads through network
shares and exploits the Windows LSASS vulnerability. It can be
used in denial-of-service attacks against the Web sites of two
anti-virus vendors. It installs itself as "beagle.exe" in the
Windows System folder. (Sophos)
Pombero-2029 -- According to Sophos, "Pombero-2029 puts a smiley
character in the top left corner of the screen." That's all the
description they give. (Sophos)
Troj/Hogil-G -- This Trojan horse attempts to download and
install additional malicious code from a remote site. It
terminates any existing dial-up connections and tries a
different number. Also, it displays an error message of ""Could
not start Event Logger". (Sophos)
W32/Mytob-E -- A new version of Mytob that spreads through
e-mail, installing "taskgmr.exe" in the Windows System folder
and dropping a few .scr files in the root directory. The Windows
HOSTS file is modified to limit access to security-related Web
sites. (Sophos)
W32/Mytob-KK -- A very similar Mytob variant that also spreads
through e-mail and drops "taskgmrs.exe" in the Windows System
directory. It tries to exploit the Windows LSASS vulnerability
in its quest to infect a host. The infected e-mail attachment
will most likely have a double extension. (Sophos)
W32/Mytob-HM -- Yet another Mytob e-mail worm variant. This one
installs itself as "yahooicons.exe" in the Windows System
folder. (Sophos)
W32/Mytob-DY -- Our fourth Mytob variant today can be used for
e-mail address harvesting. This one uses a number of different
message attributes in its attempt to spread. Most of the
infected messages will have double-extension attachments.
(Sophos)
W32/Kalel-E -- A worm that spreads through e-mail and
peer-to-peer file sharing networks. When infecting a machine, it
displays the fake error message "Setup Initialization Error:
Current platform is not supported". The e-mail message is titled
"**WARNING** Your e-mail was blocked". It drops a number of
files on the infected machine, including "services.exe" in the
System folder. (Sophos)
W32/Rbot-AJO -- This new Rbot variant uses a random file name to
infect a machine. Backdoor access is provided by IRC. The
infected machine can be used in denial-of-service attacks and
for other malicious applications. (Sophos)
W32/Tilebot-B -- A backdoor worm that allows access via IRC. It
drops "tsecure.exe" in the Windows System directory and can be
used to download additional malicious code. (Sophos)
W32/Fan-A -- A worm that searches for and opens Word and Excel
documents. It may add "Happy B'day to'na!!!" to some of the
opened Word documents. (Sophos)
**********
From the interesting reading department:
Cisco.com passwords reset after exposure
Cisco is resetting passwords for all registered users of its
Cisco.com Web site after discovering a vulnerability in its
search engine software that left user passwords exposed, the
company said Wednesday. IDG News Service, 08/03/05.
<http://www.networkworld.com/nlvirusbug4467>
The top 5: Today's most-read stories
1. Leaked Cisco slides pulled after legal threats
<http://www.networkworld.com/nlvirusbug4468>
2. Gartner: Bank card fraud too easy for phishers
<http://www.networkworld.com/nlvirusbug4469>
3. BellSouth cuts DSL pricing
<http://www.networkworld.com/nlvirusbug4470>
4. Cisco vulnerability posted to Internet
<http://www.networkworld.com/nlvirusbug4471>
5. Google now a hacker's tool
<http://www.networkworld.com/nlvirusbug4472>
_______________________________________________________________
To contact: Jason Meserve
Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>
Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Ciena
NetworkWorld Special Report - The Adaptive WAN: The factors
driving WAN evolution
A combination of business and technology trends are changing the
demands on the enterprise WAN. This NetworkWorld Special Report
explores some of the key business and technology trends that are
driving and enabling the evolution of the enterprise WAN and how
the enterprise WAN can become adaptive to support these trends.
http://www.fattail.com/redir/redirect.asp?CID=109229
_______________________________________________________________
ARCHIVE LINKS
Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html
Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
HARD WORK, GOOD PAY
According to Network World's 2005 Salary Survey, network
professionals are enjoying substantial increases in pay,
especially at the highest- and lowest-tier job titles. But are
those increases coming with higher titles, more work or both?
Find out if compensation alone is keeping network professionals
happy in their careers - or is something else? Click here:
<http://www.networkworld.com/you/2005/072505-salary-survey.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2
International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment