JASON MESERVE VIRUS AND BUG PATCH ALERT
10/06/05
Today's focus: Multiple flaws in HP OpenView
In this issue:
* Patches from HP, Debian, Gentoo, others
* Beware virus that displays the message "Press OK to install
the party invitation..."
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Trend Micro
The Trend Micro Threat Map dynamically displays real-time data
to show worldwide trends in virus and content security threats
as they happen. Collected from actual computer infections, the
Threat Map can be used to help determine appropriate security
policies, based on the prevalence of threats that can adversely
affect your business.
http://www.fattail.com/redir/redirect.asp?CID=116031
_______________________________________________________________
This newsletter is sponsored by Trend Micro
The Trend Micro Threat Map dynamically displays real-time data
to show worldwide trends in virus and content security threats
as they happen. Collected from actual computer infections, the
Threat Map can be used to help determine appropriate security
policies, based on the prevalence of threats that can adversely
affect your business.
http://www.fattail.com/redir/redirect.asp?CID=116032
_______________________________________________________________
Today's focus: Multiple flaws in HP OpenView
By Jason Meserve
Today's bug patches and security alerts:
Multiple flaws in HP OpenView
NGSSoftware is warning of multiple vulnerabilities in the
popular HP OpenView management software. NGSSoftware is not
releasing specific details of the flaws, but says, "The flaws
can be exploited by attackers without valid credentials to fully
compromise a vulnerable server." Patches from HP can be
downloaded from:
<http://support.openview.hp.com/patches/>
The NGSSoftware advisory is here:
<http://www.securityfocus.com/archive/1/412576/30/0/threaded>
**********
Debian, HP releases Mozilla Firefox updates
A number of buffer overflow vulnerabilities have been found in
the Debian and HP implementations of the Mozilla Firefox
browser. The most serious of the flaws could be exploited to run
malicious code on the affected machine. For more, go to:
Debian:
<http://www.debian.org/security/2005/dsa-837>
<http://www.debian.org/security/2005/dsa-838>
HP:
<http://www.securityfocus.com/archive/1/412452/30/0/threaded>
**********
Mandriva updates kernel
A new update for Version 2.6 of the Mandrake Linux kernel fixes
a number of flaws found in earlier releases. The most serious of
the flaws could be exploited to run arbitrary files on the
affected machine. For more, go to:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:171>
**********
Debian patches Drupal
Some versions of the Drupal content management system ship with
flawed XML-RPC code libraries. An attacker could exploit this
run malicious PHP code on an affected site. For more, go to:
<http://www.debian.org/security/2005/dsa-840>
Debian releases fix for egroupware
The same XML-RPC vulnerabilities affect the Debian eGroupware
package as well. A fix is available:
<http://www.debian.org/security/2005/dsa-842>
Debian issues patch for apachetop
A poorly secured temporary file in apachetop, a monitoring
application for Apache, could be exploited in a symlink attack
to run malicious code on the affected machine. For more, go to:
<http://www.debian.org/security/2005/dsa-839>
Debian releases patch for arc
Two flaws have been found in the arc archival tool. Both could
leave an affected system open to a symlink attack. For more, go
to:
<http://www.debian.org/security/2005/dsa-843>
Debian patches mod-auth-shadow
A flaw in the Apache mod-auth-shadow module could be exploited
to bypass certain access control lists. A fix is available. For
more, go to:
<http://www.debian.org/security/2005/dsa-844>
**********
Gentoo patches gtkdiskfree
The gtkdiskfree utility creates temporary files with predictable
names. This could be exploited to run a malicious code on the
affected machine. For more, go to:
<http://security.gentoo.org/glsa/glsa-200510-01.xml>
Gentoo releases fix for Berkeley MPEG Tools
According to a Gentoo advisory, "The Berkeley MPEG Tools use
temporary files in various insecure ways, potentially allowing a
local user to overwrite arbitrary files." For more, go to:
<http://security.gentoo.org/glsa/glsa-200510-02.xml>
Gentoo patches Uim
A flaw in Uim could allow be exploited through linked
applications to gain elevated privileges on the affected
machine. For more, go to:
<http://security.gentoo.org/glsa/glsa-200510-03.xml>
Gentoo updates Texinfo
A function in Texinfo, a documentation system, creates temporary
files in a non-secure manner. An attacker could exploit this to
run arbitrary files on the affected machine. For more, go to:
<http://security.gentoo.org/glsa/glsa-200510-04.xml>
**********
Ubuntu releases dia update
According to an Ubuntu advisory, "Joxean Koret discovered that
the SVG import plugin did not properly sanitize data read from
an SVG file. By tricking an user into opening a specially
crafted SVG file, an attacker could exploit this to execute
arbitrary code with the privileges of the user." For more, go
to:
<http://www.networkworld.com/go2/1003bug2a.html>
**********
Today's roundup of virus alerts:
Troj/Badparty-A -- A virus that displays the message "Press OK
to install the party invitation...". If the user does, the virus
tries to delete the boot partition. (Sophos)
Troj/Banker-DV -- Another Trojan that targets passwords entered
into Brazilian banking sites. It drops "winlogin.exe" in the
Windows System folder. (Sophos)
Troj/Bandler-D -- A Windows Trojan that installs itself as
"smss.exe" in the Windows System directory. No word on what type
of damage it could cause. (Sophos)
W32/Opanki-AB -- A Trojan that copies itself to "nether.exe" in
the Windows folder. It provides backdoor access via IRC. It may
also be used to monitor IM conversations. (Sophos)
Troj/LittleW-E -- A backdoor Trojan that can be used to download
additional code from a remote site. This worm drops
"MiniServer.exe in the Windows directory. (Sophos)
Troj/Banload-N -- A Windows Trojan that downloads code from a
remote site and can be used to drop "cmrss.exe" in the System
directory. (Sophos)
W32/Rbot-LT -- An Rbot variant that spreads through network
shares. It drops "LSSRV.EXE" in the Windows System directory and
can be log keystrokes to "KEY32.TXT" in the Windows folder.
(Sophos)
W32/Rbot-AQF -- This Rbot variant tries to exploit a number of
known Windows vulnerabilities as it spreads through network
shares. It drops "msnwindows.exe" in the Windows System folder
and allows backdoor access through IRC. (Sophos)
W32/Bobax-S -- An e-mail worm that attempts to exploit the
Windows PnP vulnerability. It spreads via a message entitled
"Cool" with an attachment ending in pif, exe, scr or zip.
(Sophos)
Troj/Small-QJ -- A Windows Trojan that can communicate with
remote servers via HTTP. It drops "winhlp32.dll" on the infected
machine. (Sophos)
W32/Mytob-FT -- Another Mytob variant that spreads through an
e-mail message that typically looks like an account/password
warning message. The infected attachment usually has a double
extension with the latter ending in EXE, SCR or PIF. (Sophos)
W32/Ixbot-A -- A backdoor bot that allows access via an IRC and
through TCP port 5190. It spreads through AOL Instant Messenger
by getting a user to click on a link to an infected file.
(Sophos)
W32/Tilebot-W -- A Tilebot variant that tries to exploit various
Windows vulnerabilities, including the RPC DCOM flaw, as it
spreads via network shares. It drops "csrss.exe" in the Windows
System folder. (Sophos)
W32/Kassbot-I -- This Kassbot variant tries to prevent access to
various Kaspersky anti-virus sites by modifying the Windows
HOSTS file. It spreads through network shares by exploiting the
Windows LSASS vulnerability. "spools.exe" is dropped in the
Windows System folder. (Sophos)
_______________________________________________________________
To contact: Jason Meserve
Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>
Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Trend Micro
The Trend Micro Threat Map dynamically displays real-time data
to show worldwide trends in virus and content security threats
as they happen. Collected from actual computer infections, the
Threat Map can be used to help determine appropriate security
policies, based on the prevalence of threats that can adversely
affect your business.
http://www.fattail.com/redir/redirect.asp?CID=116030
_______________________________________________________________
FEATURED READER RESOURCE
IT PROS SHARE THEIR TALES OF MAKING ITIL WORK
Running an enterprise network is challenging. IT organizational
change can be even more so if managers don't balance efforts
proportionally across people, process and technology.
Implementing best practices frameworks such as Information
Technology Infrastructure Library (ITIL) can help, but they
introduce their own set of challenges. Click here for more:
<http://www.networkworld.com/news/2005/092205-itil.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at <http://www.subscribenw.com/nl2>
International subscribers click here:
<http://nww1.com/go/circ_promo.html>
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment