Monday, October 24, 2005

Exploit circulating for Oracle bug

JASON MESERVE VIRUS AND BUG PATCH ALERT
10/24/05
Today's focus: Exploit circulating for Oracle bug

In this issue:

* Patches from Oracle, HP, Ubuntu, others
* Three new Rbots circulate
* How one school traps infected PCs in its web
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Hitachi Data Systems
Achieve Enterprise-Class Business Continuity and Data Governance
on a Midrange Budget

Viruses, disaster recovery and regulation compliance are issues
front and center with all IT professionals. However, the
architects of the mid size platform face these concerns with
limited resources. In this Special Report: How to Achieve
Enterprise-Class Business Continuity on a Midrange Budget, learn
about strategies to confront IT challenges within your own
means.
http://www.fattail.com/redir/redirect.asp?CID=118123
_______________________________________________________________
USERS AWASH IN EMERGING WIRELESS OPTIONS

The days of simply giving traveling employees a cell phone for
talking and a laptop for dial-up data are long gone, replaced by
a complex landscape of overlapping choices. There are decisions
to be made regarding devices, carrier contracts, performance and
reach. How do you know which decisions are the right ones? Click
here for more:
http://www.fattail.com/redir/redirect.asp?CID=118174
_______________________________________________________________

Today's focus: Exploit circulating for Oracle bug

By Jason Meserve

Today's bug patches and security alerts:

Exploit circulating for newly patched Oracle bug

Database administrators now have a little added incentive to
install Oracle's latest security patches, released last week.
Malicious software is now circulating that can crash an
unpatched database server, and one security expert predicted
that more malware targeting the 89 recently patched
vulnerabilities is on the way. IDG News Service, 10/20/05.
http://www.networkworld.com/news/2005/102005-oracle-bug.html

Exploit code:
http://www.networkworld.com/go2/1024bug1a.html

Oracle patches:
http://www.networkworld.com/go2/1024bug1b.html
**********

Debian, HP release Mozilla updates

Several flaws have been patched in Mozilla by Debian and HP. The
most serious could be exploited in a denial-of-service attack or
to potentially execute malicious code on the affected machine.
For more, go to:

Debian:
http://www.debian.org/security/2005/dsa-866

HP:
http://www.securityfocus.com/archive/1/413288/30/90/threaded
**********

HP warns of DoS in HP-UX on Itanium

According to an alert from HP, "A potential security
vulnerability has been identified with HP-UX running on Itanium
platforms where, under certain conditions, a specific stack size
prevents proper operation. This vulnerability could be exploited
by a local authorized user to create a Denial of Service (DoS)."

http://www.securityfocus.com/archive/1/413298/30/90/threaded

HP releases Java Runtime Environment update for OpenView

A flaw in the Java Runtime Environment (JRE) for OpenView
Operations and OpenView VantagePoint could be exploited by an
applet to gain elevated privileges on the affected machine. For
more, go to:
http://www.securityfocus.com/archive/1/413945/30/30/threaded
**********

Gentoo patches Runpath issues

A flaw in Runpath, which could allow a user to gain elevated
privileges, impacts the Qt-UnixODBC, Perl and CMake packages. A
fix is available. For more, go to:
http://security.gentoo.org/glsa/glsa-200510-14.xml

Gentoo issues fix for phpMyAdmin

According to an alert from Gentoo, "phpMyAdmin contains a local
file inclusion vulnerability that may lead to the execution of
arbitrary code." For more, go to:
http://security.gentoo.org/glsa/glsa-200510-16.xml
**********

Gentoo, Mandriva, Ubuntu patch Lynx

A buffer overflow in the Lynx news reader could be exploited to
redirect users to malicious Web sites. For more, go to:

Gentoo:
http://security.gentoo.org/glsa/glsa-200510-15.xml

Mandriva:
http://www.networkworld.com/go2/1024bug1c.html

Ubuntu:
http://www.networkworld.com/go2/1024bug1d.html
**********

Ubuntu patches SSH server

A flaw in the SSH server's GSSAPI authentication module could
allow users trying to enter using another authentication method
to gain access. The default configuration of SSH is not
affected. For more, go to:
http://www.networkworld.com/go2/1024bug1e.html

Ubuntu releases fix for PHP

A flaw in PHP's open_basedir directive handling could allow
unauthorized users to gain access to certain system directories.
For more, go to:
http://www.networkworld.com/go2/1024bug1f.html

Ubuntu issues patch for graphviz

A flaw in graphviz's "dotty" tool uses temporary files and could
be exploited in a symlink attack to overwrite files on the
affected machine. For more, go to:
http://www.networkworld.com/go2/1024bug1g.html

Ubuntu patches netpbm

A buffer overflow in one of netpbm's conversion tools could be
exploited to run malicious code on the affected machine. For
more, go to:
http://www.networkworld.com/go2/1024bug1h.html
**********

SuSE patches OpenWBEM

During a SuSE security audit of OpenWBEM a number of integer and
buffer-overflow vulnerabilities have been found. An attacker
could exploit these flaws to gain root privileges on the
affected machine. For more, go to:
http://www.networkworld.com/go2/1024bug1i.html
**********

Debian releases Mozilla Thunderbird update

According to an alert from Debian, "Several security-related
problems have been discovered in Mozilla and derived programs.
Some of the following problems don't exactly apply to Mozilla
Thunderbird, even though the code is present. In order to keep
the codebase in sync with upstream it has been altered
nevertheless." For more, go to:
http://www.debian.org/security/2005/dsa-868

Debian patches module-assistant

Debian's module-assistant application does not properly create
temporary files, which could be exploited in an attack. For
more, go to:
http://www.debian.org/security/2005/dsa-867
**********

Today's roundup of virus alerts:

W32/Rbot-ANK -- A Rbot worm variant that spreads through network
shares by exploited weak passwords and known Windows flaws. It
allows backdoor access via IRC and installs "mswinsck.exe" in
the Windows System folder. (Sophos)

W32/Rbot-ASS -- Another Rbot backdoor worm. This variant drops
"psecure.exe" in the Windows System directory. (Sophos)

W32/Rbot-AST -- Our third Rbot variant of the day spreads in a
similar fashion as the previous two. This one installs itself as
"wininit32.exe" in the Windows System folder. (Sophos)

Troj/Mitglie-CE -- A backdoor worm that communicates with remote
sites via HTTP. It drops "winudll.exe" in the Windows System
folder. (Sophos)

Troj/Paymite-B -- A virus that tries to change the Internet
Explorer start page. It installs "paytime.exe" in the Windows
System directory. (Sophos)
**********

From the interesting reading department:

School traps infected PCs in its web

A team of IT staffers at the University of Indianapolis last
week showed off a bundle of open-source tools and scripts it
uses to trap and isolate PCs infected by viruses or spyware.
NetworkWorld.com, 10/20/05.
http://www.networkworld.com/nl9383

Microsoft patch problems continue

Windows users are continuing to experience problems with
Microsoft 's latest round of security patches. This time a
problem with a critical patch relating to Microsoft's DirectShow
streaming media software is leaving some Windows 2000 users
unprotected, even after they've installed a patch. IDG News
Service, 10/21/05.
http://www.networkworld.com/nl9384
_______________________________________________________________
To contact: Jason Meserve

Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at mailto:jmeserve@nww.com. Check out his
Multimedia Exchange weblog at:
http://www.networkworld.com/weblogs/multimedia/

Check out our weekly Network World Radio program at:
http://www.networkworld.com/radio/
_______________________________________________________________
This newsletter is sponsored by Zultys
Network World Executive Guide: The Real World of VoIP

Join the Network World editors in an Executive Guide dedicated
to VoIP. Learn about the time and cost of planning, installing
and troubleshooting VoIP. Understand the user experience and
where the technology is headed. This timely information is
crucial to all forward thinking IT executives considering VoIP.

http://www.fattail.com/redir/redirect.asp?CID=118129
______________________________________________________________
FEATURED READER RESOURCE

Network World New Data Center: Spotlight on Advanced IP

Piecing Together the Next Generation IT Architecture. This 5th
installment in a 6 part series takes a look at at On-demand
services, automated management, and management technologies.
PLUS, see how two IT Execs are plotting their way to an all
IP-world. This NDC issue has it all, click here to read now:

http://www.networkworld.com/supp/2005/ndc5/
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
http://www.nwwsubscribe.com/Changes.aspx

To change your e-mail address, go to:
http://www.nwwsubscribe.com/ChangeMail.aspx

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: mailto:jcaruso@nww.com

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: mailto:sponsorships@nwfusion.com

Copyright Network World, Inc., 2005

No comments:

Post a Comment