NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT 09/20/04 Today's focus: CERT warns of Mozilla problems
Dear [EMAIL PROTECTED], In this issue: * Patches from Apple, Debian, Trustix, others * Beware latest Lovegate variants * Feds eyeing one access model for all, and other interesting ��reading * Links related to Virus and Bug Patch Alert * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Alterpoint Read the latest analyst report on Network Change and Configuration Management (NCCM) written by EMA's Dennis Drogseth. This report discusses the latest developments in the NCCM market, including an in-depth look at DeviceAuthority Suite, a comprehensive solution for configuring, changing, and controlling today's complex, multi-vendor IT network infrastructures. Download the report today to learn how you can leverage NCCM to reduce the cost and complexity of managing network change. http://www.fattail.com/redir/redirect.asp?CID=81347 _______________________________________________________________ DOWNLOAD THE LATEST SPECIAL REPORTS FROM NETWORK WORLD Focused reports on compelling industry topics, Network World Special Reports are available online at Network World Fusion. Network World Special Reports on Mobility, IP Telephony Security, the State of Wireless LANs and more are currently available. Download any or all of our Special Reports at: http://www.fattail.com/redir/redirect.asp?CID=81408 _______________________________________________________________ Today's focus: CERT warns of Mozilla problems By Jason Meserve Today's bug patches and security alerts: CERT warns of Mozilla problems Looks like that problem with Mozilla was more serious than we thought. CERT has issued a warning to users: "Several vulnerabilities exist in the Mozilla web browser and derived products, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system." Internet Explorer isn't the only browser with problems. <http://www.us-cert.gov/cas/techalerts/TA04-261A.html> ********** Apple patches iChat A flaw in iChat could allow an attacker to send a link that, when clicked, could launch local application on the affected machine. For more, go to: <http://docs.info.apple.com/article.html?artnum=61798> (scroll down to "Security Update 2004-09-16") ********** Debian, Mandrake Linux patch gdk-pixbuf A flaw in one of the gdk-pixbuf code libraries could be exploited by a remote user to run any code on the affected machine. For more, go to: Debian: <http://www.debian.org/security/2004/dsa-549> Mandrake Linux: <http://www.nwfusion.com/go2/0920bug1a.html> ********** Trustix releases two "service packs" Two new updates available from Trustix fix flaws in a number of applications. The first patches fix issues in kernel, samba and swup. The second fixes problems in apache, cups, foomatic-filters, iptables and squid. For more, go to: Patch set #1: <http://www.trustix.org/errata/2004/0046/> Patch set #2: <http://www.trustix.org/errata/2004/0047/> ********** FreeBSD patches CVS A number of flaws in the FreeBSD implementation of the CVS version control system have been patched. The most serious of the vulnerabilities could be exploited by an attacker to run their code on the affected machine. For more, go to: <http://www.nwfusion.com/go2/0920bug1b.html> ********** OpenPKG releases SpamAssassin fix A denial-of-service vulnerability has been found in SpamAssassin for OpenPKG. An attacker could send a malformed message through the system, causing it to crash. For more, go to: <http://www.nwfusion.com/go2/0920bug1c.html> OpenPKG patches aspell A buffer overflow in the aspell spell check's word-list-compression utility could be exploited to run malicious code on the affected machine. For more, go to: <http://www.openpkg.org/security/OpenPKG-SA-2004.042-aspell.html> ********** Today's roundup of virus alerts: W32/Forbot-V - This Forbot variant installs itself as "wuaucls.exe" and allows backdoor access via IRC. The virus can act as a proxy server, spam relay and more. (Sophos) W32/Forbot-W - A simpler Forbot variant that installs itself as "WINXPINIT.EXE" in the Windows System folder and allows backdoor access via IRC. No word on any other applications it may handle. (Sophos) W32/Forbot-C - Another Forbot variant. This one uses the file "winitr32.exe" and can disable security-related applications running on the infected machine. (Sophos) W32/Myfip-A - A worm that seems to collect file names from an infected system and mail the results to the virus author. The virus spreads via network shares and installs itself as "worm.txt.exe" or "dfsvc.exe" in the Windows System directory. (Sophos) W32/Sdbot-PG - This Sdbot variant exploits the DCOM flaw in Windows as it tries to spread via network shares. It installs itself as "CASD.EXE" in th Windows System folder and can be used in denial-of-service attacks against third parties. (Sophos) W32/Lovgate-X - This Lovegate variant spreads via e-mail (with random message attributes) and peer-to-peer networks. It starts a service called "NetMeeting Remote Sharing" on the infected machine and tries to terminate certain applications. (Sophos) W32/Rbot-JR - One of those "fun" Rbot variants that can capture images from a Webcam attached to the infected machine. The virus spreads via networks shares, installing itself in the Windows System folder as "lshost.exe". It provides backdoor access via IRC and terminates security-related applications. (Sophos) ********** >From the interesting reading department: Feds eyeing one access model for all A mandate from President Bush has required the entire federal government to adopt common technology to be used to identify employees and contractors accessing federally controlled networks and buildings. Network World, 09/20/04. <http://www.nwfusion.com/news/2004/092004fedsmart.html?nl> Review: Endpoint security products aid in client defense We test enterprise endpoint security products from nine vendors: eEye Digital Security, Finjan Software, F-Secure. InfoExpress, SecureWave, Sygate Technologies, Symantec, WholeSecurity and Zone Labs. Network World, 09/20/04. <http://www.nwfusion.com/reviews/2004/0920rev.html?nl> Management Strategies: Security certification staples Digest what some of the most popular IT credentials bring to the table. Network World, 09/20/04. <http://www.nwfusion.com/careers/2004/0920man.html?nl> Netilla SSL device guards one application at a time Netilla is introducing a line of Secure Sockets Layer gear that protects only one application at a time as remote users access servers across the Internet. Network World Fusion, 09/16/04. <http://www.nwfusion.com/news/2004/0916netilla.html?nl> Symantec to acquire security consultants @Stake Symantec has agreed to acquire @Stake, a Cambridge, Mass.-based provider of IT security consulting services. IDG News Service, 09/16/04. <http://www.nwfusion.com/news/2004/0916symantoac.html?nl> IBM fits PCs with new hardware-based security chip IBM has begun using new security hardware from National Semiconductor in its desktop PCs in an effort to fend off viruses and hackers. IDG News Service, 09/16/04. <http://www.nwfusion.com/news/2004/0916ibmfits.html?nl> _______________________________________________________________ To contact: Jason Meserve Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at <mailto:[EMAIL PROTECTED]>. Check out his Multimedia Exchange weblog at: <http://www.nwfusion.com/weblogs/multimedia/> _______________________________________________________________ This newsletter is sponsored by Alterpoint Read the latest analyst report on Network Change and Configuration Management (NCCM) written by EMA's Dennis Drogseth. This report discusses the latest developments in the NCCM market, including an in-depth look at DeviceAuthority Suite, a comprehensive solution for configuring, changing, and controlling today's complex, multi-vendor IT network infrastructures. Download the report today to learn how you can leverage NCCM to reduce the cost and complexity of managing network change. http://www.fattail.com/redir/redirect.asp?CID=81346 _______________________________________________________________ ARCHIVE LINKS Virus and Bug Patch Alert archive: http://www.nwfusion.com/newsletters/bug/index.html Breaking security news, updated daily http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE ACCESS NW'S IN-DEPTH REPORT ON: BLADE SERVERS Available now is Network World's Technology Insider on: Blade Servers. Find out why early adopters of blade server technology say the benefits aren't science fiction, how blade servers differ by vendor, why blade servers are perfectly suited for today's data centers, review our extensive blade server buyer's guide and more. Click here: <http://www.nwfusion.com/nlvirusbug606> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
