Thursday, August 25, 2005

PnP flaw hits XP too

NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
08/25/05
Today's focus: PnP flaw hits XP too

Dear security.world@gmail.com,

In this issue:

* Patches from Cisco, Gentoo, SuSE, others
* Beware new messenger worm that works in multiple languages
* F-Secure Weblog: Eye-witness account of a global virus
  outbreak, and other interesting reading
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponosred by Akamai
Download the Network World Special Report: Accelerating
Web-based Applications: Managed Services Offer Benefits Without
Infrastructure Headaches

Look at most companies and you'll find one thing in common, a
move to Web-enable mission critical applications. A new breed of
managed services, aimed directly at accelerating performance and
availability of Web-based applications, helps companies attain
their goals of profit and growth - no matter how far or wide the
audience they are trying to reach. Learn how Web-based
applications can allow your company to boost the bottom line.
Download this Special Report today!
http://www.fattail.com/redir/redirect.asp?CID=110787
_______________________________________________________________
THE ROI OF VOIP

When it comes to VoIP, most network managers are satisfied that
the technology works. But there are questions: What will the new
technology cost to roll out and support, and what benefits can
companies expect to reap? Check out NW's step-by-step guide on
how to determine the true cost and benefits of VoIP. Click here:
http://www.fattail.com/redir/redirect.asp?CID=110699
_______________________________________________________________

Today's focus: PnP flaw hits XP too

By Jason Meserve

Today's bug patches and security alerts:

Windows XP also has plug-and-play vulnerability

PCs running a certain configuration of Microsoft's Windows XP
operating system have the same security vulnerability exploited
by the Zotob worm that ran riot on Windows 2000 systems last
week , Microsoft said. IDG News Service, 08/24/05.
<http://www.networkworld.com/news/2005/082405-zotob-worm.html>

Microsoft advisory:
<http://www.microsoft.com/technet/security/advisory/906574.mspx>
**********

CA patches security flaws in multiple products

Computer Associates [CA] has issued patches to fix security
flaws involving its Message Queuing software that affect many of
its products. The Register, 08/23/05.
<http://www.theregister.co.uk/2005/08/23/ca_security_flap/>

CA advisory:
<http://www.networkworld.com/go2/0822bug2a.html>
**********

Cisco releases two patches

Cisco has releases two new updates that fix security flaws in a
couple of products. The first update fixes a vulnerability in
Intrusion Prevention System that could allow an attacker to take
full control of the IPS advice. Second, a flaw in the way
CiscoWorks Management Center for IDS Sensors handles SSL
certificates could be exploited by an attacker to spoof a
sensor. For more, go to:

Cisco Intrusion Prevention System Vulnerable to Privilege
Escalation:
<http://www.networkworld.com/nlvirusbug5917>

SSL Certificate Validation Vulnerability in IDS Management
Software:
<http://www.networkworld.com/nlvirusbug5918>
**********

Gentoo patches Awstats

The AWstats statistics program does not properly validate
certain input. An attacker could exploit this to run malicious
Perl code on the affected machine. For more, go to:
<http://security.gentoo.org/glsa/glsa-200508-07.xml>

Gentoo releases fix for Evolution

Flaws in the Evolution e-mail client could be exploited in a
denial-of-service attack or to potentially run malicious code on
the affected system. For more, go to:
<http://security.gentoo.org/glsa/glsa-200508-12.xml>
**********

Debian, Gentoo patch bluez-utils

Bluez-utils, a tool for implementing the Bluetooth wireless
standard on Linux, is not properly validating input, which could
be exploited to run malicious commands on the affected machine.
For more, go to:

Debian:
<http://www.debian.org/security/2005/dsa-782>

Gentoo:
<http://security.gentoo.org/glsa/glsa-200508-09.xml>
**********

Gentoo, Mandriva release fix for php-pear

According to the Mandriva advisory, "A problem was discovered in
the PEAR XML-RPC Server package included in the php-pear
package. If a PHP script which implements the XML-RPC Server is
used, it would be possible for a remote attacker to construct an
XML-RPC request which would cause PHP to execute arbitrary
commands as the 'apache' user." For more, go to:

Gentoo:
<http://security.gentoo.org/glsa/glsa-200508-13.xml>

Mandriva:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:146>

Related fix from Gentoo for TikiWiki, eGroupWare:
<http://security.gentoo.org/glsa/glsa-200508-14.xml>
**********

Gentoo, SuSE patch Adobe Reader

A buffer overflow in the Adobe Reader plug-in could be exploited
in a denial-of-service attack or to potentially run arbitrary
code. For more, go to:

Gentoo:
<http://security.gentoo.org/glsa/glsa-200508-11.xml>

SuSE:
<http://www.networkworld.com/go2/0822bug2b.html>
**********

Today's roundup of virus alerts:

New Messenger worm works in multiple languages

Users of Microsoft's MSN Messenger should be aware of a new
"smart" worm that checks the configuration of their Windows
client and sends a message in the appropriate language,
according to security companies Akonix Systems and Symantec.
Both companies published alerts on Wednesday. IDG News Service,
08/25/05.
<http://www.networkworld.com/go2/0822bug2c.html>

W32/Spybot-DU -- A backdoor Trojan that allows backdoor access
via IRC. It spreads through network shares, deploying
"sysmod.exe" in the Windows System directory. (Sophos)

W32/Dref-D -- A virus that spreads through IRC and e-mail,
usually with a .rar, .pif or .scr attachment. It saves itself to
"SysDref.exe" in the Windows System directory. (Sophos)

Troj/Keylog-AM -- A Trojan that steals passwords and monitor
Internet usage. It drops "sys32me.ini" and "sys32bin.ini" in the
Windows system folder. (Sophos)

W32/Rbot-ALG -- A new Rbot variant that spreads via network
shares, exploiting a number of known Windows vulnerability
including the PnP flaw. It drops "qsecue.exe" in the system
folder and can be used for a number of malicious purposes, all
controlled via IRC. (Sophos)

Troj/PurScan-W -- A worm that changes Internet Explorer's
settings and directs the infected system to a Web site, where
"installer.exe" and "mt-uninstaller.exe" are downloaded, both
install adware. (Sophos)

Troj/Nailpol-A -- A Trojan that injects its code into other
running processes. It can can be used to monitor 'net usage on
the affected machine. (Sophos)

Troj/Litebot-D -- This Trojan provides backdoor access to IRC,
dropping "uninst.bat" in the Windows system folder in the
process. (Sophos)

W32/Tilebot-M -- A new Tilebot variant that spreads through
network shares, taking advantage of the Windows PnP and other
known flaws. It installs itself as "msdnupdate32" in the Windows
folder. (Sophos)

Troj/Dloader-SK -- A Trojan that downloads and installs
additional malicious code. It initially stores itself as
"dllsys.dll" in the Windows System folder. (Sophos)

Troj/Whistler-F -- Another worm that blames you for piracy and
attempts to delete files from infected machine. It drops
"whismng.exe" in the Windows System folder. (Sophos)

W32/PrsKey-A -- A password stealing Trojan that targets the
Priston Tale game and Yahoo! web email accounts. It installs
"Winllogo.exe" and "Win.exe" in the Program Files\Common Files
directory. (Sophos)

W32/Lebreat-F -- A mass mailing worm that exploits the Windows
LSASS and PnP flaws. It can act as an ftp server and drops a
number of files, including "winhost.tmp", in the various Windows
directories. (Sophos)
**********

From the interesting reading department:

F-Secure Weblog: Eye-witness account of a global virus outbreak

Mikko Hypponen details the minute-by-minute account of the Zotob
worm's outbreak.
<http://www.networkworld.com/go2/0822bug2d.html>

Whitepaper: The Pharming Guide

This paper, extending the original material of "The Phishing
Guide", examines in depth the workings of the name services of
which Internet-based customers are dependant upon, and how they
can be exploited by Pharmers to conduct identity theft and
financial fraud on a massive scale. NGSSoftware, 8/2005.
<http://www.ngssoftware.com/papers/ThePharmingGuide.pdf>

The top 5: Today's most-read stories

1. Zotob worm also targets Windows XP
<http://www.networkworld.com/nlvirusbug5919>

2. Dr. Internet: Installing DHCP on Linux
<http://www.networkworld.com/nlvirusbug5920>

3. Cisco preparing management play
<http://www.networkworld.com/nlvirusbug5921>

4. IP PBXs outsell traditional PBXs, study says
<http://www.networkworld.com/nlvirusbug5922>

5. Test: Xirrus XS-3900 offers out-of-this-world Wi-Fi capacity
<http://www.networkworld.com/nlvirusbug5923>

Today's most-forwarded story:

IP PBXs outsell traditional PBXs, study says
<http://www.networkworld.com/nlvirusbug5924>
_______________________________________________________________
To contact: Jason Meserve

Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>

Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponosred by Akamai
Download the Network World Special Report: Accelerating
Web-based Applications: Managed Services Offer Benefits Without
Infrastructure Headaches

Look at most companies and you'll find one thing in common, a
move to Web-enable mission critical applications. A new breed of
managed services, aimed directly at accelerating performance and
availability of Web-based applications, helps companies attain
their goals of profit and growth - no matter how far or wide the
audience they are trying to reach. Learn how Web-based
applications can allow your company to boost the bottom line.
Download this Special Report today!
http://www.fattail.com/redir/redirect.asp?CID=110786
_______________________________________________________________
ARCHIVE LINKS

Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html

Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
IT STAFF SHORTAGE LOOMING

Outsourcing. Automation. Downsizing. The industry has been awash
in unemployed IT pros. But experts are now predicting an IT
staffing crunch is just around the corner, and the implications
for U.S. technology innovation are sobering. What might be
causing the shortage and what might need to be done to prevent
it? Click here:
<http://www.networkworld.com/nlvirusbug5925>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

No comments:

Post a Comment