NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT 09/09/04 Today's focus: Linux patch grab bag
Dear [EMAIL PROTECTED], In this issue: * Patches from Mandrake Linux, SuSE, SCO, others * Beware the neverending variants of Rbot * Leaked memos link spammers to ISP Savvis, and other ��interesting reading * Links related to Virus and Bug Patch Alert * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Intel A NW Special Report: The State of Wireless LANs Wireless has becomes more integrated and accepted as a way of doing business. However, several questions are raised about its current state; what are the trends and best practices for deploying wireless LANs? What are the leading applications? What are the tradeoffs in current wireless standards? What are the best options for wireless infrastructures and security mechanisms? Click here to download your copy, no registration required http://www.fattail.com/redir/redirect.asp?CID=79119 _______________________________________________________________ DEFENSIBLE MESSAGING ARCHITECTURE Acceptable-use policies. SPF and SMTPi. Are you fluent in the new language and best practices of sophisticated content management? Get up to speed fast and stay ahead of the spammers at at Strategy & Management for Messaging & Spam, the sophisticated new Network World Technology Tour event coming to Atlanta, Dallas, Denver and New York in September. http://www.fattail.com/redir/redirect.asp?CID=79688 _______________________________________________________________ Today's focus: Linux patch grab bag By Jason Meserve The virus writer (or writers) responsible for the recent MyDoom-V variant have put a cleartext message in the code, according to an alert from BitDefener. The notes states: "We searching 4 work in AV industry". Maybe they should stop spreading viruses first, then look for a job... Today's bug patches and security alerts: Mandrake Linux, SuSE patch zlib A data handling error in zlib's 'inflate' function could be exploited in a denial-of-service against the machine running the compression application. For more, go to: Mandrake Linux: <http://www.nwfusion.com/go2/0906bug2a.html> SuSE: <http://www.suse.com/de/security/2004_29_zlib.html> ********** SCO, SuSE release patches for Apache2 Both SCO and SuSE have released patches for the popular Apache Web server applications. SuSE is patching a flaw in the mod_ssl code that could be exploited in a denial-of-service attack. SCO's patch is for OpenServer and fixes a problem in the mod_digest code, which could be exploited by an unauthorized user to gain authentication. For more, go to: SCO: <ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.14> SuSE: <http://www.suse.com/de/security/2004_30_apache2.html> ********** Gentoo, Mandrake Linux release fixes for imblib, imlib2 A buffer overflow in the BMP image handling code for ImageMagick (imlib). The vulnerability is similar to the one reported in the QT image handler. For more, go to: Gentoo: <http://security.gentoo.org/glsa/glsa-200409-12.xml> Mandrake Linux: <http://www.nwfusion.com/go2/0906bug2b.html> ********** SCO patches OpenSSL for OpenServer Several vulnerabilities in the OpenSSL implementation for OpenServer have been fixed. For more, go to: <ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10> SCO issues fix for Squid on OpenServer A null character vulnerability in "%xx" decoding function in certain versions of Squid could be exploited bypass the application's access control list. For more, go to: <ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.13> ********** Mandrake Linux patches cdrecord The cdrecord application does not properly drop its root access when it launches. This could exploited by a local user to gain elevated privileges. For more, go to: <http://www.nwfusion.com/go2/0906bug2c.html> ********** Gentoo patches star A root vulnerability has been found in star, a tape archive application. A local user could exploit this to gain root access. For more, go to: <http://security.gentoo.org/glsa/glsa-200409-11.xml> Gentoo fixes lha According to an alert from Gentoo, "Several buffer overflows and a shell metacharacter command execution vulnerability have been found in LHa. These vulnerabilities can be used to execute arbitrary code." For more, go to: <http://security.gentoo.org/glsa/glsa-200409-13.xml> ********** Siemens releases patch for series 65 phones Siemens Tuesday said it has received the green light from operators to offer a patch for a software defect in some of its 65 series mobile phones that could cause hearing damage. IDG News Service, 09/08/04. <http://www.nwfusion.com/news/2004/0908siemerelea.html?nl> ********** Today's roundup if virus alerts: W32/Rbot-IE - A "standard issue" Rbot variant that spreads via network shares and used IRC for backdoor access. This version infects "mswctl32.exe" in the Windows System directory. (Sophos) W32/Rbot-IH - Similar to Rbot-IE, except that it uses the filename "windll.exe". It also has the ability to steal CD keys for popular applications. (Sophos) W32/Rbot-CZ - Same as the above Rbot variants with the added ability to delete network shares. This variant uses the filename "WINSYS32.EXE". (Sophos) W32/Rbot-FL - This Rbot variant can be used as proxy and spam relay or as an FTP server. Like other Rbot variants, it spreads via network shares and infects the file "ati2vid.exe" in C:\. (Sophos) W32/Rbot-IP - Another standard issue Rbot variant (see Rbot-IE above). It uses the filename "DVLDR.EXE". (Sophos) W32/Forbot-C - This worm spreads via shared network drives, uses IRC for backdoor access and can terminate certain security related applications running on the infected machine. It uses "winitr32.exe" in the Windows System directory as its infection point. (Sophos) W32/Britney-B - A worm that spreads via the A: drive using the file name "Britney.exe". No word on what kind of damage it may cause. (Sophos) W32/Nyxem-C - A virus that spreads via network shares, e-mail, Yahoo Messenger and Yahoo Pager. It creates a number of files on the infected machine and launches Windows Media Player to mask its activities. (Sophos) W32/Neveg-C - An old-school virus that spreads via mass-mailing email. It copies itself to the Windows System folder as "services.exe". (Sophos) ********** >From the interesting reading department: Leaked memos link spammers to ISP Savvis Internal e-mail messages from Savvis Communications have surfaced on the Internet that show that the St. Louis-based ISP catered to online e-mail marketing companies it suspected of sending out unsolicited commercial ("spam") e-mail, even using "subversive business methods" to help spammers stay online after their Internet address was blacklisted. IDG News Service, 09/08/04. <http://www.nwfusion.com/edge/news/2004/0908leakmemos.html?nl> Microsoft offers more time to test XP Service Pack 2 Microsoft is giving users more time to prepare for Windows XP Service Pack 2 by doubling the time a special registry key will prevent PCs from automatically downloading and installing the mammoth update. IDG News Service, 09/07/04. <http://www.nwfusion.com/news/2004/0907microoffer.html?nl> Totally Unplugged: Wireless insecurity rising Today, anyone can create a wireless network or wirelessly extend an enterprise network using inexpensive wireless routers and client adapters from major retail chains. But making it easier for hackers to access enterprise data is by no means the only security risk that companies face. Individuals intent on stealing music or uploading porn prefer to borrow someone else's network. And unauthorized wireless nodes can cause interference to authorized nodes, disrupting network operations. Network World, 09/06/04. <http://www.nwfusion.com/columnists/2004/090604brodsky.html?nl> _______________________________________________________________ To contact: Jason Meserve Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at <mailto:[EMAIL PROTECTED]>. Check out his Multimedia Exchange weblog at: <http://www.nwfusion.com/weblogs/multimedia/> _______________________________________________________________ This newsletter is sponsored by Intel A NW Special Report: The State of Wireless LANs Wireless has becomes more integrated and accepted as a way of doing business. However, several questions are raised about its current state; what are the trends and best practices for deploying wireless LANs? What are the leading applications? What are the tradeoffs in current wireless standards? What are the best options for wireless infrastructures and security mechanisms? Click here to download your copy, no registration required http://www.fattail.com/redir/redirect.asp?CID=79118 _______________________________________________________________ ARCHIVE LINKS Virus and Bug Patch Alert archive: http://www.nwfusion.com/newsletters/bug/index.html Breaking security news, updated daily http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE NETWORK WORLD SPECIAL REPORTS NOW AVAILABLE Focused reports on compelling industry topics, Network World Special Reports are available online at Network World Fusion. Network World Special Reports on IP Telephony Security, the State of Wireless LANs, trends in the networked world and more are currently available. Download any or all of our Special Reports at: <http://www.nwfusion.com/vendorview/specialreports.html> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED] ------------------------ Yahoo! Groups Sponsor --------------------~--> $9.95 domain names from Yahoo!. Register anything. http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/BCfwlB/TM --------------------------------------------------------------------~-> <a href=http://English-12948197573.SpamPoison.com>Fight Spam! Click Here!</a> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/kumpulan/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
