NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT 09/02/04 Today's focus: Oracle releases patches, finally
Dear [EMAIL PROTECTED], In this issue: * Patches from Oracle, SuSE, HP, others * Beware new Bagle variant * Symantec joins anti-phishing group, and other interesting ��reading * Links related to Virus and Bug Patch Alert * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Faronics Protect your computers today against the unknown threats of tomorrow. FreezeX is a revolutionary method to address blended threats. Unlike existing solutions, FreezeX utilizes a unique whitelist technology to provide proactive protection against spyware, keyloggers, Trojans, viruses, or any other malware. Powerful and secure, FreezeX is an economical software solution that prevents unauthorized executables from launching no matter if they are downloaded or introduced via removable media or the network. http://www.fattail.com/redir/redirect.asp?CID=78223 _______________________________________________________________ IS SECURITY RIPE FOR OUTSOURCING? Security demands for online applications such as e-commerce and Web services are prompting more corporate customers to hand off security functions - such as intrusion detection and firewalls - to outside service providers. Find out if security should be outsourced in this Network World article: http://www.fattail.com/redir/redirect.asp?CID=78279 _______________________________________________________________ Today's focus: Oracle releases patches, finally By Jason Meserve Today's bug patches and security alerts: Oracle releases delayed security patches Oracle this week released security patches that plug several vulnerabilities reported last month in its database software and other products. IDG News Service, 09/02/04. <http://www.nwfusion.com/news/2004/0902oraclrelea.html?nl> Oracle advisory (PDF): <http://www.nwfusion.com/go2/0830bug2a.html> CERT advisory: <http://www.us-cert.gov/cas/techalerts/TA04-245A.html> ********** Vulnerabilities in MIT Kerberos 5 distribution There are two vulnerabilities relating the to the MIT Kerberos 5 distribution. First, the ASN.1 decoder library that ships with the distribution is vulnerable to a denial-of-service attack: <http://web.mit.edu/kerberos/advisories/2004-003-patch_1.3.4.txt> Second, the "Key Distribution Center (KDC) program contains a double-free vulnerability that potentially allows a remote attacker to execute arbitrary code," according to an advisory from MIT. <http://web.mit.edu/kerberos/advisories/2004-002-patch_1.3.4.txt> Related Kerberos advisories: Cisco VPN 3000 Series Concentrators vulnerable: <http://www.cisco.com/warp/public/707/cisco-sa-20040831-krb5.shtml> Debian: <http://www.debian.org/security/2004/dsa-543> ********** Gaim update available Two remotely exploitable buffer overflows have been found in gaim, a general purpose Instant Messaging client that works with multiple IM services. Users should upgrade to Version 8.82. <http://gaim.sourceforge.net/downloads.php> Gentoo Gaim update: <http://forums.gentoo.org/viewtopic.php?t=215239> ********** SuSE patches kernel A number of vulnerabilities, which could be exploited in a denial-of-service attack, have been found in the SuSE kernel. An update is available: <http://www.suse.com/de/security/2004_28_kernel.html> ********** HP patches CDE libDtHelp A buffer overflow in the HP-UX CDE libDtHelp library could be exploited in a denial-of-service against an affected machine. Patches are available by logging into the HP IT Resource Center: <http://itrc.hp.com/> ********** Debian, Gentoo patch QT A flaw in the QT library BMP image handler could be exploited by a remote user to run their code of choice on the affected machine with the privileges of the user viewing the image. For more, go to: Debian: <http://www.debian.org/security/2004/dsa-542> Gentoo: <http://forums.gentoo.org/viewtopic.php?t=213362> ********** Debian releases Python 2.2 update According to an alert from Debian, "A buffer overflow bug in Python's getaddrinfo function, which could allow an IPv6 address, supplied by a remote attacker via DNS, to overwrite memory on the stack." A previous fix for this problem did not remedy the issue, this one supposedly does. <http://www.debian.org/security/2004/dsa-458> ********** Today's roundup of virus alerts: W32/Tzet-B - A network worm that spreads via shared machines with little or no password protection. The virus runs as "iglmtray.exe" It drops a bunch of Trojan horse files on the infected machine. (Sophos) Troj/LegMir-R - A password stealing Trojan horse that installs itself as "_Win32.exe" in the Windows System directory. No word on how it spreads. (Sophos) W32/Rbot-HI - An Rbot variant that logs keystrokes, may delete network shares and can allow backdoor access via IRC. It installs itself as "SYSTESMS.EXE" in the Windows System folder and spreads via network shares with weak password protection. (Sophos) W32/Rbot-HO - Another keystroke logger with the added ability to steal CD game keys. Spreads the same was as Rbot-HI, but uses the file "syswin32.exe". (Sophos) W32/Rbot-HQ - Can't virus writers go for something a little different than Rbot? Like all variants, it spreads via network shares, infects "mscnsz.exe" in the Windows System folder and can be used as a spam relay. (Sophos) W32/Rbot-HR - Similar functionality to Rbot-HQ, except the infected file is "winusb.exe". (Sophos) Troj/BagleDl-A - A new Bagle variant that tries download a gif image from 131 different Web sites. The virus also terminates certain security-related applications running on the infected machine. (Sophos) ********** >From the interesting reading department: McAfee releases VirusScan with intrusion prevention Anti-virus software company McAfee said Monday that a new version of its VirusScan Enterprise software contains so-called "intrusion prevention" features that can protect computers from attacks such as buffer overflows, which are often used by viruses, worms and malicious hackers to compromise vulnerable Microsoft Windows machines. IDG News Service, 08/30/04. <http://www.nwfusion.com/news/2004/0830mcafee.html?nl> Symantec joins anti-phishing group Anti-virus software company Symantec said Wednesday that it joined a group devoted to fighting online identity theft attacks known as "phishing scams." IDG News Service, 09/01/04. <http://www.nwfusion.com/news/2004/0901symanjoins.html?nl> Gearhead: Tie 'em up and lock 'em down Now in your network environment just consider what one of your users with an empty iPod, access to a USB port and bad intentions could get away with . . . chills you to the marrow, doesn't it? And when you think of it, the whole idea of any I/O devices on PCs being available when they aren't actually needed is pretty dumb. So what's a sysadmin to do? Network World, 08/30/04. <http://www.nwfusion.com/columnists/2004/083004gearhead.html?nl> Backspin: Market factors meet medical gear, upgrades The reality is it is all about politics and economics, not computer technology and IS people. I just want everybody involved to stop whining. Network World, 08/30/04. <http://www.nwfusion.com/columnists/2004/083004backspin.html?nl> Nutter's Help Desk: How to sniff a network Which is the best way to connect a protocol analyzer to an Ethernet network in order to "sniff" the packets on the wire? Network World, 08/30/04. <http://www.nwfusion.com/columnists/2004/0830nutter.html?nl> _______________________________________________________________ To contact: Jason Meserve Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at <mailto:[EMAIL PROTECTED]>. Check out his Multimedia Exchange weblog at: <http://www.nwfusion.com/weblogs/multimedia/> _______________________________________________________________ This newsletter is sponsored by Faronics Protect your computers today against the unknown threats of tomorrow. FreezeX is a revolutionary method to address blended threats. Unlike existing solutions, FreezeX utilizes a unique whitelist technology to provide proactive protection against spyware, keyloggers, Trojans, viruses, or any other malware. Powerful and secure, FreezeX is an economical software solution that prevents unauthorized executables from launching no matter if they are downloaded or introduced via removable media or the network. http://www.fattail.com/redir/redirect.asp?CID=78222 _______________________________________________________________ ARCHIVE LINKS Virus and Bug Patch Alert archive: http://www.nwfusion.com/newsletters/bug/index.html Breaking security news, updated daily http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE CHECK OUT NW FUSION'S NEW WHITE PAPER LIBRARY NW Fusion's White Paper Library was recently re-launched with new features and improved capabilities! Sort NW Fusion's library of white papers by Date and Vendor, view white papers by TECHNCIAL CATEGORY, mouse over white paper descriptions and take advantage of our IMPROVED white paper search engine. CLICK HERE: <http://www.nwfusion.com/vendorview/whitepapers.html> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED] ------------------------ Yahoo! Groups Sponsor --------------------~--> Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar. Now with Pop-Up Blocker. Get it for free! http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/BCfwlB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/kumpulan/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
