Search This Blog

Monday, October 03, 2005

iDefense warns of flaws in Helix Player

JASON MESERVE VIRUS AND BUG PATCH ALERT
10/03/05
Today's focus: iDefense warns of flaws in Helix Player

In this issue:

* Patches from Trustix, Ubuntu, Gentoo, others
* Beware Trojan named Radium that can be used for a number of
malicous purposes
* Online safety threats lurk in instant messages, and other
interesting reading
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Sybase

It sounds so simple: if you collect enough business information,
you'll glean valuable insights that can drive both revenue
growth and competitive advantage. Along the way, however,
companies are discovering that managing the explosive growth of
online data can prove a formidable challenge. Here's how to
assess your data management style, and maximize your
opportunities to turn online data into business opportunity.
Click here for more on taming the data explosion.
http://www.fattail.com/redir/redirect.asp?CID=116677
_______________________________________________________________
HOW WILL YOU HANDLE YOUR GROWING NETWORK LOAD?

InfiniBand, EtherFabric and iWarp are all high-speed
interconnect technologies aimed at offloading network
connections from server CPUs. And the buzz on them is picking up
as users look for alternatives to 10G Ethernet to handle their
growing network loads. What questions should you ask about these
new technologies? For more, click here:
http://www.fattail.com/redir/redirect.asp?CID=116089
_______________________________________________________________

Today's focus: iDefense warns of flaws in Helix Player

By Jason Meserve

Today's bug patches and security alerts:

iDefense warns of flaws in Helix Player

Multiple vulnerabilities have been found in RealNetworks Helix
Player. The most serious of the flaws could be exploited to run
malicious code on the affected machine. For more, go to:
<http://www.networkworld.com/go2/1003bug1a.html>

RealNetworks advisory:
<http://service.real.com/help/faq/security/050930_player/EN/>

Related fix from Debian:
<http://www.debian.org/security/2005/dsa-826>
**********

Trustix, Ubuntu patch unzip

A race condition has been found in the unzip file decompression
utility. An attacker could exploit this in "hard link attack" on
a file being unzipped. For more, go to:

Trustix:
<http://www.trustix.org/errata/2005/0053/>

Ubuntu:
<http://www.networkworld.com/go2/1003bug1b.html>
**********

Gentoo, Ubuntu patch AbiWord

AbiWord, a free word processing program, is vulnerable to a
buffer overflow when an RTF file is being imported. An attacker
could exploit this to run malicious code on the affected
machine. For more, go to:

Gentoo:
<http://security.gentoo.org/glsa/glsa-200509-20.xml>

Ubuntu:
<http://www.networkworld.com/go2/1003bug1c.html>
**********

DoS flaws in Squid

A couple of denial-of-service vulnerabilities have been found in
Squid, the open source proxy server. Patches are available:

Debian:
<http://www.debian.org/security/2005/dsa-809>
<http://www.debian.org/security/2005/dsa-828>

Ubuntu:
<http://www.networkworld.com/go2/1003bug1d.html>
**********

Debian fixes MySQL flaws

A number of vulnerabilities have been found in various MySQL
implementations for Debian. The most serious of the flaws could
be exploited to run malicious code on the affected machine. For
more, go to:

MySQL:
<http://www.debian.org/security/2005/dsa-829>

mysql-dfsg:
<http://www.debian.org/security/2005/dsa-831>

mysql-dfsg 4.1:
<http://www.debian.org/security/2005/dsa-833>

Debian patches cfengine, cfengine2

According to an alert from Debian, "Javier Fernandez-Sanguino
Pena discovered several insecure temporary file uses in
cfengine, a tool for configuring and maintaining networked
machines, that can be exploited by a symlink attack to overwrite
arbitrary files owned by the user executing cfengine, which is
probably root." For more, go to:

cfengine:
<http://www.debian.org/security/2005/dsa-835>

cfengine2:
<http://www.debian.org/security/2005/dsa-836>

Debian releases fix for Gopher

Multiple buffer overflow vulnerabilities have been found in
Gopher, the text-based Hypertext application. An attacker could
exploit the flaw through a malicious Gopher server. For more, go
to:
<http://www.debian.org/security/2005/dsa-832>

Debian patches ntlmaps

A flaw in the configuration files of ntlmaps leaves certain
system files word-writeable and may be exploited to grab
username and password information. For more, go to:
<http://www.debian.org/security/2005/dsa-830>

Debian issues fix for backupninja

A new update for backupninja fixes a flaw in the way temporary
files are created. An attacker could exploit the temporary files
in a symlink attack against the affected machine. For more, go
to:
<http://www.debian.org/security/2005/dsa-827>

Debian patches prozilla

A buffer overflow in prozilla, multi-threaded download
accelerator, could be exploited to run malicious applications on
the affected machine. For more, go to:
<http://www.debian.org/security/2005/dsa-834>

Debian releases patch for ClamAV

A buffer overflow has been found in the process that scans
UPX-packed executables. There's also a denial-of-service flaw in
the way FSG-packed executables are processed. For more, go to:
<http://www.debian.org/security/2005/dsa-824>

Debian updates zsych

A new update for zsynch fixes a previous fix that inadvertently
added a new flaw. For more, go to:
<http://www.debian.org/security/2005/dsa-797>

Debian patches util-linux

According to a recent Debian advisory, "David Watson discovered
a bug in mount as provided by util-linux and other packages such
as loop-aes-utils that allows local users to bypass filesystem
access restrictions by re-mounting it read-only." For more, go
to:

util-linux:
<http://www.debian.org/security/2005/dsa-823>

loop-aes-utils:
<http://www.debian.org/security/2005/dsa-825>

Debian issues patch for gtkdiskfree

Debiab: "Eric Romang discovered that gtkdiskfree, a GNOME
program that shows free and used space on filesystems, creates a
temporary file in an insecure fashion." For more, go to:
<http://www.debian.org/security/2005/dsa-822>
**********

Ubuntu releases fix for cpio

A race condition in the way cpio outputs files could be
exploited to change the permissions of arbitrary files on the
affected machine. For more, go to:
<http://www.networkworld.com/go2/1003bug1e.html>

Ubuntu issues SNMP update

A denial-of-service vulnerability has been found in the Ubuntu
SNMP implementation. A new update is available to patch the
flaw. For more, go to:
<http://www.networkworld.com/go2/1003bug1f.html>
**********

Gentoo patches Hylafax

The Hylafax fax server package does not create temporary files
in a secure manner. A local attacker could exploit this to
overwrite files on the affected machine. For more, go to:
<http://security.gentoo.org/glsa/glsa-200509-21.xml>
**********

Today's roundup of virus alerts:

W32/Mytob-EQ -- A Mytob variant that disables certain system
processes and limits access to security related Web sites by
modifying the Windows HOSTS file. It spreads through e-mail with
a double-extension attachment and drops "Lien Van de Kelder.exe"
in the Windows System folder. (Sophos)

W32/Rbot-AJO -- An Rbot variant that uses a randomly named file
as its point of infection. It spreads through network shares by
exploiting a number of known Windows flaws. Backdoor access is
provided via IRC. (Sophos)

W32/Rbot-APN -- This Rbot variant installs itself as
"Internet.exe" in the Windows System folder. It also targets
peer-to-peer networks. (Sophos)

W32/Rbot-APT -- Yet another Rbot variant. This one uses
"win.pif" in the Windows System directory as its infection
point. It exploits a number of known Windows vulnerabilities as
spreads through network shares. (Sophos)

W32/Rbot-APW -- The fourth Rbot Trojan of the day drops
"winsass.exe" in the Windows System folder and can be used for a
number of malicious purposes, including scanning ports, stealing
information and download additional information. (Sophos)

W32/Rbot-APU -- Our fifth Rbot variant uses the filename
"WinSGR32.exe" to infected the Windows System directory of the
target machine. (Sophos)

W32/Rbot-AQA -- The sixth Rbot variant uses a randomly named
file placed in the Windows System folder as its infection point.
It too can provide access via IRC and be used for a number of
malicious purposes. (Sophos)

Troj/GrayBird-Z -- A backdoor Trojan that drops
"G_Server1.2.exe" in the Windows folder. (Sophos)

W32/Eyeveg-M -- An e-mail worm that spreads through a message
with a one word subject. It attempts to direct the user to one
of four Web sites to download code (all of the sites are down).
If installed, Eyeveg-M can be used to log keystrokes, send
e-mail and steal passwords. (Sophos)

Troj/Radium-A -- Radium is a Trojan that can be used for a
number of malicious purposes, including deleting files,
executing code and kill running programs. It drops "HelpSvc.exe"
in the Windows System folder and listens for commands on TCP
port 8192. (Sophos)

Troj/Wirefa-A -- A Windows Trojan that drops "update.exe" in the
Windows System folder. It can download additional code from a
remote location. (Sophos)
**********

From the interesting reading department:

Online safety threats lurk in instant messages

By now you know to be leery of e-mail attachments, even when
they seem to come from a friend or colleague. These days,
however, you also have to be careful of IM attachments and links
- because the virus writers are already there, too. PC World,
09/30/05.
<http://www.networkworld.com/go2/1003bug1g.html>

Novell downplays server hack

An internal Novell investigation of an apparent hack involving
one of its computers revealed that the incident was less serious
than was described by the security consultant who reported it to
the company, a spokesman said Friday. Computerworld, 09/30/05.
<http://www.networkworld.com/nl7934nlsecuritynewsal7955>

Hackers fail to break into Via's StrongBox

Hackers at a security conference in Malaysia failed to break
into Via Technologies' StrongBox security application during a
competition, Via officials said Friday, but the company gathered
some valuable feedback from participants. IDG News Service,
09/30/05.
<http://www.networkworld.com/nl7935nlsecuritynewsal7956>
_______________________________________________________________
To contact: Jason Meserve

Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>

Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Sybase

It sounds so simple: if you collect enough business information,
you'll glean valuable insights that can drive both revenue
growth and competitive advantage. Along the way, however,
companies are discovering that managing the explosive growth of
online data can prove a formidable challenge. Here's how to
assess your data management style, and maximize your
opportunities to turn online data into business opportunity.
Click here for more on taming the data explosion.
http://www.fattail.com/redir/redirect.asp?CID=116676

_______________________________________________________________
FEATURED READER RESOURCE

The Trend Micro Threat Map

The Trend Micro Threat Map dynamically displays real-time data
to show worldwide trends in virus and content security threats
as they happen. Collected from actual computer infections, the
Threat Map can be used to help determine appropriate security
policies, based on the prevalence of threats that can adversely
affect your business.

<http://www.networkworld.com/go/trendmicro/trend_frr>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at <http://www.subscribenw.com/nl2>

International subscribers click here:
<http://nww1.com/go/circ_promo.html>
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)