Monday, August 29, 2005

Sun warns of DHCP flaw in Solaris 10

NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
08/29/05
Today's focus: Sun warns of DHCP flaw in Solaris 10

Dear security.world@gmail.com,

In this issue:

* Patches from HP, SCO, Debian, others
* Beware worm that exploits the Windows LSASS vulnerability
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by HP
FROM THE NETWORK CORE TO THE NETWORK EDGE

Traffic management becomes critical as your network
infrastructure expands to support different types of traffic and
users. Most traffic management solutions have serious
limitations: too expensive, difficult to use, and overly taxing
on bandwidth. However ProCurve Networking by HP addresses these
requirements, overcomes the limitations of other solutions, and
gives you valuable insight into LAN performance.
http://www.fattail.com/redir/redirect.asp?CID=111707
_______________________________________________________________
SEVEN TIPS FOR MANAGING STORAGE

Considering adding to your storage arsenal or upgrading what you
already have? Follow these seven tips for managing storage in
the new data center and find out what you might need to put on
an RFP, and what you need to do before, during and after a
change in your storage environment. Click here for more:
http://www.fattail.com/redir/redirect.asp?CID=111584
_______________________________________________________________

Today's focus: Sun warns of DHCP flaw in Solaris 10

By Jason Meserve

Today's bug patches and security alerts:

Sun warns of DHCP flaw in Solaris 10

A flaw in the Solaris 10 DHCP client could be exploited to run
arbitrary code on the affected machine with root privileges. For
more, go to:
<http://www.networkworld.com/nlvirusbug5963>
**********

HP releases patch for Veritas File System

According to an advisory from HP, "A potential vulnerability has
been identified in HP-UX running the Veritas File System (VxFS)
that may allow a local authorized user access to unauthorized
data." For more, go to:
<http://www.securityfocus.com/archive/1/409195/30/30/threaded>

HP patches Openview Network Node Manager

A remote user could exploit a flaw in the HP Openview Network
Node Manager to gain privileges on the affected machine. For
more, go to:
<http://www.securityfocus.com/archive/1/409370/30/0/threaded>
**********

SCO patches cpio for UnixWare

A race condition in cpio for UnixWare could be exploited to view
unauthorized directories or potentially run arbitrary code. For
more, go to:
<ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32>
**********

Debian patches mantis

Two vulnerabilities have been found in mantis, a bug tracking
system. One flaw could be exploited in cross-scripting attack,
another to drop SQL code. For more, go to:
<http://www.debian.org/security/2005/dsa-778>

Debian releases fix for backup-manager

Two vulnerabilities have been found in backup-manager for
Debian. One could be exploited in a symlink attack, while the
other could disclose sensitive information. For more, go to:
<http://www.debian.org/security/2005/dsa-787>

Debian patches simpleproxy

A format string vulnerability in simpleproxy could be exploited
through replies from remote HTTP proxies. For more, go to:
<http://www.debian.org/security/2005/dsa-786>

Debian issues patch for libpam-ldap

According to an alert from Debian, "It has been discovered that
libpam-ldap, the Pluggable Authentication Module allowing LDAP
interfaces, ignores the result of an attempt to authenticate
against an LDAP server that does not set an optional data
field." For more, go to:
<http://www.debian.org/security/2005/dsa-785>

Debian releases patch for mysql

A script that comes with the MySQL database does not properly
secure temporary files, which could be exploited to run
arbitrary SQL commands on the affected machine. For more, go to:
<http://www.debian.org/security/2005/dsa-783>

Debian patches Mozilla Thunderbird

Several vulnerabilities have been fixed with this update for
Mozilla Thunderbird. The most serious of the flaws could be
exploited to run arbitrary code on the affected machine. For
more, go to:
<http://www.debian.org/security/2005/dsa-781>
**********

Ubuntu fixes gnupg

A flaw in part of the decryption algorithm for gnupg could
theoretically be used to view an encrypted message, though the
odds of this being exploited are slim. A patch is available for
the ultra cautious:
<https://www.ubuntulinux.org/support/documentation/usn/usn-170-1>

Ubuntu releases kernel update

A number of denial-of-service vulnerabilities have been found in
the Ubuntu Linux kernel. An update is available. For more, go
to:
<https://www.ubuntulinux.org/support/documentation/usn/usn-169-1>

Ubuntu patch PHP

A number of vulnerabilities have been found in the popular PHP
scripting engine. An attacker could exploit a couple of these to
run arbitrary code on the affected machine. For more, go to:
<https://www.ubuntulinux.org/support/documentation/usn/usn-171-1>

Ubuntu issues fix for lm-sensors

A flaw in the way one of the lm-sensors utilities creates
temporary files could be exploited in a symlink attack to run
malicious code on the affected machine, possibly under root
privileges. For more, go to:
<https://www.ubuntulinux.org/support/documentation/usn/usn-172-1>
**********

Gentoo issues fix for Kismet

A number of flaws have been found in Kismet, a wireless network
analyzer. The flaws could be exploited to run arbitrary code.
For more, go to:
<http://security.gentoo.org/glsa/glsa-200508-10.xml>
**********

Gentoo, Ubuntu patch pcre

The Perl library libpcre (pcre) is vulnerable to an integer
overflow that could be exploited to run malicious applications
on the affected machine. For more, go to:

Gentoo:
<http://security.gentoo.org/glsa/glsa-200508-17.xml>

Ubuntu:
<https://www.ubuntulinux.org/support/documentation/usn/usn-173-2>
**********

Debian, Ubuntu patch courier

According to an alert from Debian, "A problem has been
discovered in the Courier Mail Server. DNS failures were not
handled properly when looking up Sender Policy Framework (SPF)
records, which could allow attackers to cause memory
corruption." For more, go to:

Debian:
<http://www.debian.org/security/2005/dsa-784>

Ubuntu:
<http://www.securityfocus.com/archive/1/409322/30/0/threaded>
**********

Today's roundup of virus alerts:

Troj/SDM-C -- A Trojan that exploits the Microsoft Access (JET)
files vulnerability. It drops "ms.exe" on the infected machine.
(Sophos)

W32/Allocu-A -- A worm that exploits the Windows LSASS
vulnerability as it spreads through network shares, dropping
"msveup.exe" in the Windows System folder. It can be used to
disable anti-virus applications, participate in distributed
denial-of-service attacks and download/execute additional
malicious code. (Sophos)

Troj/Sacrep-A -- A keylogging Trojan that can deliver its bounty
via e-mail, FTP or HTTP post. It uses a random file name as its
infection point. (Sophos)

Troj/Deld-A -- A Trojan that drops "svchost.exe" and "lsass.exe"
in the Windows folder of the infected host. It also drops one of
the Bancban variants that target data entered into banking
sites. (Sophos)

Troj/Nethief-P -- This Trojan can act as a keystroke logger and
download/execute additional malicious code. It installs itself
as "EXPLORER.exe" in the System\ShellExt directory. (Sophos)

W32/Rbot-ALG -- A new Rbot variant that spreads through network
shares by exploiting a number of known Windows vulnerabilities,
including the recently patched PnP flaw. It installs itself as
"qsecue.exe". (Sophos)

W32/Dumaru-AK -- A worm that spreads through network shares or
e-mail. It drops "UPU.EXE" in the Windows System folder and
modifies the HOSTS file to prevent access to security-related
Web sites. It listens on port 1520 for incoming connections.
(Sophos)

W32/Tilebot-N -- A new Tilebot variant that tries to exploit the
Windows RPC-DCOM and LSASS vulnerabilities as it spreads through
network shares. It can be used to connect to a Web site via HTTP
and download additional code. (Sophos)

W32/Mytob-EG -- This new Mytob variant spreads through an e-mail
message looking like an account warning and with an attachment
that usually has a double extension. It drops "twunk_65.exe" in
the Windows System folder and allows backdoor access via IRC.
(Sophos)

Troj/Haxdoor-AI -- A backdoor Trojan that installs
"msftcpip.sys" and "tcpGDC.dll" in the Windows folder. It
modifies the Windows HOSTS file to prevent access to anti-virus
and other security related Web sites. (Sophos)

The top 5: Today's most-read stories

1. Windows XP also has plug-and-play vulnerability
<http://www.networkworld.com/nlvirusbug5919>

2. 2005 salary survey
<http://www.networkworld.com/nlvirusbug4048>

3. The ROI of VoIP
<http://www.networkworld.com/nlvirusbug3586>

4. IT staff shortage looming
<http://www.networkworld.com/nlvirusbug5510>

5. CLECs play a new tune
<http://www.networkworld.com/nlvirusbug5964>

Today's most-forwarded story:

Police 'futurists' walk fine line between goals and liberties
<http://www.networkworld.com/nlvirusbug5965>
_______________________________________________________________
To contact: Jason Meserve

Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>

Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by HP
FROM THE NETWORK CORE TO THE NETWORK EDGE

Traffic management becomes critical as your network
infrastructure expands to support different types of traffic and
users. Most traffic management solutions have serious
limitations: too expensive, difficult to use, and overly taxing
on bandwidth. However ProCurve Networking by HP addresses these
requirements, overcomes the limitations of other solutions, and
gives you valuable insight into LAN performance.
http://www.fattail.com/redir/redirect.asp?CID=111706
_______________________________________________________________
ARCHIVE LINKS

Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html

Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
IT STAFF SHORTAGE LOOMING

Outsourcing. Automation. Downsizing. The industry has been awash
in unemployed IT pros. But experts are now predicting an IT
staffing crunch is just around the corner, and the implications
for U.S. technology innovation are sobering. What might be
causing the shortage and what might need to be done to prevent
it? Click here:
<http://www.networkworld.com/nlvirusbug5925>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

No comments:

Post a Comment