NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
08/22/05
Today's focus: IE flaw affects Office, Visual Studio users
Dear security.world@gmail.com,
In this issue:
* Patches from Mandriva, Debian, Fedora, others
* Beware Trojan that injects its malicious code in the
EXPLORER.EXE file
* NIST launches new vulnerability database, and other
interesting reading
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Nokia
Empower Your Mobile Enterprise
Nokia believes that business mobility will fundamentally change
the way work gets done-and for the better. To allow the entire
organization to get the most from this paradigm shift in
productivity, Nokia Enterprise Solutions focuses on delivering
increased efficiency through enhanced mobility. Learn more by
downloading this white paper today!
http://www.fattail.com/redir/redirect.asp?CID=110849
_______________________________________________________________
SPLIT-ANALYSIS WIRELESS SECURITY
Wireless security tools perform security analysis in sensors
scattered throughout a wireless LAN or in a central server, but
both options have drawbacks. A blended approach to wireless
security lets sensors and servers share the job of analysis.
Find out how split-analysis could boost wireless security on
your network. Click here:
http://www.fattail.com/redir/redirect.asp?CID=110726
_______________________________________________________________
Today's focus: IE flaw affects Office, Visual Studio users
By Jason Meserve
Network World Radio: Windows worms, flaws plague users
With multiple worms released last week to exploit the recently
patched Windows Plug and Play (PnP) flaw and a new details on an
Internet Explorer vulnerability that's not patched, users and
administrators have a lot on their plates. We're joined by
Johannes Ullrich of the Internet Storm Center and Eric Yoshizuru
of Panda Software to discuss the latest security threats. Listen
in:
<http://www.networkworld.com/research/2005/0822radio.html>
Today's bug patches and security alerts:
IE flaw affects Office, Visual Studio users
An unpatched bug in a file installed with Microsoft 's Office
and Visual Studio software could lead to some serious problems
for Internet Explorer users, security researchers have reported.
An attacker could seize control of a vulnerable system by
exploiting the bug, which the French Security Incident Response
Team (FrSIRT) reported in an alert published Wednesday. This
would be achieved by installing malicious code in a Web page
that exploits a memory corruption error in a file that ships
with Microsoft Office 2002 and Microsoft Visual Studio .Net 2002
products, the research organization said. IDG News Service,
08/18/05.
<http://www.networkworld.com/news/2005/081805-ie-flaw.html>
FrSIRT advisory:
<http://www.frsirt.com/english/advisories/2005/1450>
Workaround patch from Internet Storm Center:
<http://isc.sans.org/msddskillbit.php>
Microsoft advisory:
<http://www.microsoft.com/technet/security/advisory/906267.mspx>
**********
Mandriva patches cups
A flaw in the way cups handles printing PDF files could cause
one of the filters to crash. For more, go to:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:138>
Mandriva offers patch for ucd-snmp
A denial-of-service vulnerability has been found in the way
ucd-snmp processes certain network stream protocols. An attacker
could send a specially crafted packet to exploit the flaw. For
more, go to:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:137>
Madriva releases two kdegraphics fixes, tiff library patch
Two flaws have been found in the kdegraphics package for
Mandriva Linux. One could be exploited to consume system
resources when a PDF file is opened. Another is
denial-of-service flaw in the way TIFF image files are handled.
The TIFF image-handling library has been updated to fix the
latter problem as well. For more, go to:
PDF flaw:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:135>
TIFF flaw:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:143>
Libtiff update:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:142>
Mandriva issues patch for Evolution
Flaws in the Evolution e-mail client could be exploited in a
denial-of-service attack or to potentially run malicious code on
the affected system. For more, go to:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:141>
Mandriva patches proftpd
Two format string vulnerabilities have been patched in the
proftpd server by Mandriva. For more, go to:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:140>
**********
Debian releases Mozilla updates
Two Mozilla-related updates are available from Debian. The first
patches a JavaScript injection flaw that affects Mozilla and the
Firefox browser. A second update fixes numerous additional flaws
in Firefox. For more, go to:
Mozilla JavaScript injection:
<http://www.debian.org/security/2005/dsa-777>
Mozilla Firefox updates:
<http://www.debian.org/security/2005/dsa-779>
Debian patches clamav
An integer overflow and denial-of-service vulnerabilities have
been found in Clam Anti-viru for Debian. A fix is available. For
more, go to:
<http://www.debian.org/security/2005/dsa-776>
**********
Fedora releases fix for SpamAssassin
According to an alert from Fedora, "A denial of service bug has
been found in SpamAssassin versions below 2.64. A malicious
attacker could construct a message in such a way that would
cause spamassassin to stop responding, potentially preventing
the delivery or filtering of email." For more, go to:
<http://www.networkworld.com/go2/0822bug1a.html>
Fedora patches mc
A new update for Midnight Commander (mc) fixes multiple buffer
overflows, which could be exploited to run arbitrary commands on
the affected machine. For more, go to
<http://www.networkworld.com/go2/0822bug1b.html>
Fedora updates gzip
A flaw in the way the gzip compression utility processes files
using "zgrep" could be exploited to run arbitrary commands on
the affected system. For more, go to:
<http://www.networkworld.com/go2/0822bug1c.html>
**********
Drupal update fixes XML-RPC flaws
A new update for the Drupal content management system fixes a
flaw in the XML-RPC module, which could be exploited to run
malicious code on the affected machine. For more, go to:
<http://www.securityfocus.com/archive/1/408124/30/60/threaded>
Related XML-RPC advisories from Stefan Esser:
PEAR XML_RPC Remote PHP Code Injection Vulnerability:
<http://www.hardened-php.net/advisory_142005.66.html>
PHPXMLRPC Remote PHP Code Injection Vulnerability:
<http://www.hardened-php.net/advisory_152005.67.html>
**********
Today's roundup of virus alerts:
Troj/BagleDl-R -- A Trojan that injects its malicious code in
the EXPLORER.EXE file. It can be used to disable security
related applications and modify the HOSTS file to block access
to security Web sites. (Sophos)
W32/Hwbot-B -- A new IRC backdoor worm that exploits the Windows
PnP flaw. It drops "wpa.exe" in the Windows system folder.
(Sophos)
W32/Mytob-HM -- A Mytob variant that spreads through e-mail,
usually with an attachment with a double extension. It exploits
the Windows LSASS vulnerability, dropping "yahooicons.exe" in
the Windows system folder. (Sophos)
W32/Mytob-EE -- This Mytob variant spreads through messages that
look like account warnings. It installs itself as "skybot.exe"
in the Windows system folder and allows backdoor access through
IRC. The HOST file is also modified to block access to certain
sites. (Sophos)
W32/Kassbot-H -- A backdoor worm that exploits the Windows LSASS
vulnerability, dropping "spools.exe" in the Windows system
directory. Access is provided via IRC. It also modifies the
HOSTS file to block access to the kapersky.com site. (Sophos)
W32/Dogbot-C -- Yet another worm that tries to exploit the
Windows PnP vulnerability. It drops "\usrnt\windrg32.exe" in the
Windows system folder. It attempts to disable other security and
anti-spyware applications as well as provides IRC backdoor
access. (Sophos)
Troj/ByteVeri-M -- According to Sophos, "Java Applet that
exploits a vulnerability in the Byte Code Verify component of
the Microsoft VM to download and run an executable file."
(Sophos)
Troj/Brospy-A -- A Trojan that harvests password data from the
infected machine and e-mails it to a specified address. It drops
"appwiz.dll" in the Windows system folder. (Sophos)
W32/Demotry-B -- A worm that copies itself into "iexplorer .exe"
in multiple directories, including the root. It scans the
network on port 445 for other potential hosts. (Sophos)
Troj/Bancban-EM -- A password stealing Trojan that targets
certain banking Web sites. It drops "svchosts.scr" in the
Windows directory. (Sophos)
Troj/Whistler-F -- This Trojan attempts to delete files from the
infected host after dropping "whismng.exe" in the system folder
and displays the message "You did a piracy, you deserve it."
(Sophos)
W32/Agobot-TF -- This Agobot variant provides backdoor via IRC
and drops "taskmanager.exe" in the Windows system folder.
(Sophos)
Troj/Bardus-A -- A Trojan that installs "msnmsgr.exe" in the
Windows system folder and can be used to steal local data,
delete files and grab product registration keys. (Sophos)
**********
From the interesting reading department:
NIST launches new vulnerability database
The National Institute of Standards and Technology has launched
a new vulnerability database to help security professionals
learn about and correct vulnerabilities. Computerworld,
08/17/05.
<http://www.networkworld.com/news/2005/081705-nist-security.html>
Finns urge better Wi-Fi security after bank break-in
Finland called on its citizens to take more care securing their
Wi-Fi networks after it emerged this week that about $245,400
had been stolen from a local bank using an unprotected home
network. IDG News Service, 08/18/05.
<http://www.networkworld.com/nlvirusbug5509>
The top 5: Today's most-read stories
1. VoIP security threats: Fact or fiction?
<http://www.networkworld.com/nlvirusbug4052>
2. Google goes berserk
<http://www.networkworld.com/nlvirusbug5464>
3. IBM changes its Linux approach, focusing on customers
<http://www.networkworld.com/nlvirusbug5572>
4. Cisco to juice 6500 switch
<http://www.networkworld.com/nlvirusbug5461>
5. Windows worm beginning to spread
<http://www.networkworld.com/nlvirusbug5460>
Today's most-forwarded story:
VoIP security threats: Fact or fiction?
<http://www.networkworld.com/nlvirusbug5573>
_______________________________________________________________
To contact: Jason Meserve
Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>
Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Nokia
Empower Your Mobile Enterprise
Nokia believes that business mobility will fundamentally change
the way work gets done-and for the better. To allow the entire
organization to get the most from this paradigm shift in
productivity, Nokia Enterprise Solutions focuses on delivering
increased efficiency through enhanced mobility. Learn more by
downloading this white paper today!
http://www.fattail.com/redir/redirect.asp?CID=110848
_______________________________________________________________
ARCHIVE LINKS
Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html
Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
WIRELESS LANS BUYER'S GUIDE: THE GOODS ON 185 PRODUCTS
We've compiled the largest buyer's guide ever on wireless LAN
equipment. Whether you're looking for an access point, PC Card
or trying to decide between 802.11a, b or g, take a look at the
information that vendors have provided us. We've got the goods
on 185 products. Click here for more:
<http://www.networkworld.com/bg/wlan/index.jsp>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2
International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment