NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
09/05/05
Today's focus: New version of OpenSSH available
Dear security.world@gmail.com,
In this issue:
* Patches from Gentoo, Debian, others
* Beware backdoor Trojan that disables security related
applications running on the infected machine
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by HP
Network World Executive Guide: The Evolution of Management
Technologies
With applications and infrastructures growing more sophisticated
and demanding, network and systems management technologies are
more critical than ever. Elevating their focus from bits and
bytes, these networked systems are being called on to close the
gap between IT and business services. Read about the future of
management, including BSM and emerging automation tools. Learn
about 'hot spots' and 'best products' in network management.
http://www.fattail.com/redir/redirect.asp?CID=112902
_______________________________________________________________
THE BEST WAY TO STOP SPYWARE
According to the National Cyber Security Alliance, spyware
currently affects 80% to 90% of desktops. Spyware prevention
must be effective without impeding business. It must be
affordable, yet extensible and adaptable. What is the best way
to stop spyware? Click here for more:
http://www.fattail.com/redir/redirect.asp?CID=112373
_______________________________________________________________
Today's focus: New version of OpenSSH available
By Jason Meserve
Today's bug patches and security alerts:
New version of OpenSSH available
Version 4.2 of the OpenSSH application is now available. The new
update fixes a number of bugs found in previous releases,
including one that could allow dynamic port forwarding without a
specific IP address. For more, go to:
<http://www.networkworld.com/go2/0905bug1a.html>
**********
Gentoo releases Apache 2.0 update
A new update for Apache 2.0 from Gentoo fixes a
denial-of-service vulnerability. For more, go to:
<http://security.gentoo.org/glsa/glsa-200508-15.xml>
Gentoo patches Tor
A flaw in Tor, an anonymizer program that uses Onion Routing,
could result in the loss of anonymity and the disclosure of
information. For more, go to:
<http://security.gentoo.org/glsa/glsa-200508-16.xml>
Gentoo isuess patch for PhpWiki
Gentoo's PhpWiki implementation is vulnerable to the XML-RPC
flaw, which could be used to run malicious commands on the
affected machine. For more, go to:
<http://security.gentoo.org/glsa/glsa-200508-18.xml>
Gentoo fixes pam_ldap flaw
A bug in the way pam_ldap authenticates against an LDAP
directory could result in authentication being granted to any
user. A fix is available. For more, go to:
<http://security.gentoo.org/glsa/glsa-200508-22.xml>
Gentoo patches phpWebSite
According to the Gentoo alert, "phpWebSite is vulnerable to
multiple issues which result in the execution of arbitrary code
and SQL injection." For more, go to:
<http://security.gentoo.org/glsa/glsa-200508-21.xml>
**********
Debian patches php4
A number of vulnerabilities have been found and fixed in PHP4,
the popular server-side scripting language. The most serious of
the flaws could be exploited to run arbitrary code on the
affected machine. For more, go to:
<http://www.debian.org/security/2005/dsa-789>
Debian updates phpldapadmin
According to an alert from Debian, "Alexander Gerasiov
discovered that phpldapadmin, a web based interface for
administering LDAP servers, allows anybody to access the LDAP
server anonymously, even if this is disabled in the
configuration with the 'disable_anon_bind' statement." For more,
go to:
<http://www.debian.org/security/2005/dsa-790>
Debian releases fix for maildrop
The lockmail function for maildrop, a mail delivery agent with
filtering capabilities, does not properly drop its group (mail)
privileges after executing. An attacker could exploit this to
run their own code and commands with the elevated group
privilege. For more, to to:
<http://www.debian.org/security/2005/dsa-791>
Debian patches pstotext
A flaw in the pstotext, a tool for extracting text from
PostScript and PDF files, executes ghostscript commands could be
exploited to run malicious code on the affected machine. For
more, go to:
<http://www.debian.org/security/2005/dsa-792>
**********
Debian, Gentoo patch phpgroupware
A number of flaws have been found in the phpgroupware
application for Debian and Gentoo. The most serious of the
vulnerabilities could be used to run malicious applications on
the infected machine. For more, go to:
Debian:
<http://www.debian.org/security/2005/dsa-789>
Gentoo:
<http://security.gentoo.org/glsa/glsa-200508-20.xml>
**********
HP releases Java Runtime Environment, Java Web Start updates
Flaws in the Java Runtime Environment (JRE) and Java Web Start
for HP could be exploited by an untrusted applet to gain
elevated privileges, such as the ability to read and write local
files. Updates can be downloaded from:
<http://www.hp.com/go/java>
**********
Today's roundup of virus alerts:
W32/Sdbot-ACS -- An Sdbot variant that allows the infected
machine to be used as a proxy server, to download/execute
additional code and carry our denial-of-service attacks. It
spreads through network shares, dropping "help.pif" in the
System folder, and allows backdoor access via IRC. (Sophos)
Troj/Bancban-EW -- A Trojan that targets Internet banking sites,
looking for username and password data. It installs "imgst.scr"
in the Windows system folder. (Sophos)
W32/Mytob-DZ -- Another Mytob variant that spreads through
e-mail, usually a message that looks like some sort of account
termination warning. The infected message will have an
attachment with a double file extension. (Sophos)
W32/Mytob-EH -- Another new Mytob variant that spreads through
messages that look like account warnings. This one can allow
backdoor access via IRC, giving an attacker control over a
number of functions. It copies itself to "xDcc.exe" in the
Windows system directory. (Sophos)
Troj/Inor-R -- This is a dropper application used to install
other malicious Trojans. This particular nuisance drops
"fh4uh.exe" in the C:\ root directory. (Sophos)
Troj/PcClien-BW -- A Trojan that injects itself into
"winlogon.exe" to avoid detection. It could allow command shell
access via a high-numbered TCP port. (Sophos)
W32/Alasrou-A -- This worm harvests e-mail addresses from the
infected machine, FTPing the collected data to a remote site. It
spreads through network shares by exploiting the Windows LSASS
vulnerability and dropping "file1.exe" in the temp directory.
(Sophos)
Troj/Haxdoor-DW -- A backdoor Trojan that disables security
related applications running on the infected machine. It drops
"avpx32.dll" and a number of other files in the Windows system
folder. (Sophos)
W32/Forbot-FM -- Another IRC backdoor worm that spreads through
network shares. This one installs "rservers.exe" in the Windows
system folder. (Sophos)
W32/Rbot-AMR -- A backdoor IRC worm that spreads through network
shares, exploiting a number of known Windows flaws to do so. It
drops "ms-dos.pif" in the Windows system folder. (Sophos)
W32/Rbot-LT -- Another Rbot variant that also spreads through
network shares. This one installs itself as "LSSRV.EXE" in the
Windows system folder and can be used as a keylogger. (Sophos)
The top 5: Today's most-read stories
1. VoIP rollouts generate heat, power concerns
<http://www.networkworld.com/nlvirusbug6314>
2. Cell carriers tackle Katrina damage
<http://www.networkworld.com/nlvirusbug6466>
3. 2005 salary survey
<http://www.networkworld.com/nlvirusbug4048>
4. Google dives deeper into networking
<http://www.networkworld.com/nlvirusbug6313>
5. Katrina news <http://www.networkworld.com/nlvirusbug6467>
Today's most-forwarded story:
Cell carriers tackle Katrina damage
<http://www.networkworld.com/nlvirusbug6468>
_______________________________________________________________
To contact: Jason Meserve
Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>
Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by HP
Network World Executive Guide: The Evolution of Management
Technologies
With applications and infrastructures growing more sophisticated
and demanding, network and systems management technologies are
more critical than ever. Elevating their focus from bits and
bytes, these networked systems are being called on to close the
gap between IT and business services. Read about the future of
management, including BSM and emerging automation tools. Learn
about 'hot spots' and 'best products' in network management.
http://www.fattail.com/redir/redirect.asp?CID=112901
_______________________________________________________________
ARCHIVE LINKS
Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html
Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
VoIP
For the latest in VoIP, check out NW's Research Center on this
very topic. Here you will find a collection of the latest news,
reviews, product testing results and more all related to keeping
VoIP networks performing at their best. Click here for more:
<http://www.networkworld.com/topics/voip.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2
International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment