NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT 11/15/04 Today's focus: New Firefox browser fixes flaws in beta releases
Dear [EMAIL PROTECTED], In this issue: * Patches from Cisco, HP, Debian, others * Beware latest Rbot variants * Tool fights wireless, wired worm outbreaks, and other interesting reading * Links related to Virus and Bug Patch Alert * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Trend Micro Announcing a more effective approach to managing virus outbreaks. Trend Micro and Cisco Systems--working together. Imagine a network solution so advanced, so secure, so ingeniously Proactive, you may never have to worry about another outbreak again. http://www.fattail.com/redir/redirect.asp?CID=88472 _______________________________________________________________ IT SECURITY JOBS TO EXPLODE With an annual compound rate of nearly 14% from now until 2008, information security jobs are far outpacing IT jobs in general. For more results from this recent survey conducted by IDC of full-time security pros in 80 counties worldwide, click here: http://www.fattail.com/redir/redirect.asp?CID=88284 _______________________________________________________________ Today's focus: New Firefox browser fixes flaws in beta releases By Jason Meserve Today's bug patches and security alerts: New Firefox browser fixes flaws in beta releases The 1.0 of the Firefox browser fixes two vulnerabilities that were found in previous 0.x versions. The most serious flaw could hide the existence of files being download. For more, go to: <https://bugzilla.mozilla.org/show_bug.cgi?id=69070> ********** Patch available for Cisco Security Agent (CSA) A buffer overflow may be exploited to avoid the protection services offered by the Cisco Security Agent. Version 4.0 users get the update free of charge. For more, go to: http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml ********** New Sudo update available Version 1.6.8p2 fixes a flaw in the way "bash" functions are exported to other applications. A user could exploit the flaw to run arbitrary commands on the affected machine. For more, go to: <http://www.sudo.ws/sudo/alerts/bash_functions.html> ********** Debian update Continuing our trend of purging our queue of alerts, today we catch up with all the latest Debian alerts. Interestingly, Microsoft catches a lot of flak for having poor security in its operating systems (and rightly so), but some of the Unix/Linux flavors fly under the radar, despite a bevy of patches that are available for them on a weekly basis. Okay, end of rant, on with the Debian updates: netkit-telnet - An update for an update. The original update was supposed to fix a denial-of-service vulnerability, but didn't. This update supposedly makes the fix: <http://www.debian.org/security/2004/dsa-556> cyrus-sasl-mit - An environment variable is honored without any checks, allowing code to be run with root privileges: <http://www.debian.org/security/2004/dsa-568> netkit-telnet-ssl - A denial-of-service vulnerability has been found in this telnet daemon: <http://www.debian.org/security/2004/dsa-569> ecartis - A flaw could allow a user in the same domain as a the list administrator to gain administrator privileges: <http://www.debian.org/security/2004/dsa-572> cabextract - Attackers could exploit a flaw to overwrite arbitrary directories: <http://www.debian.org/security/2004/dsa-574> catdoc - The way temporary files are created by this application could be exploited in a symlink attack: <http://www.debian.org/security/2004/dsa-575> mpg123 - An attacker could use a playlist to embed malicious code: <http://www.debian.org/security/2004/dsa-578> abiword - A buffer overflow in the wv library for converting Word files could be exploited to run arbitrary code: <http://www.debian.org/security/2004/dsa-579> iptables - A flaw in iptables may result in firewall rules not being loaded on system start: <http://www.debian.org/security/2004/dsa-580> lvm10 - Creates non-secure temporary directories that are vulnerable to a symlink attack: <http://www.debian.org/security/2004/dsa-583> dhcp - A format string vulnerability could be exploited via a malicious DNS server: <http://www.debian.org/security/2004/dsa-584> shadow - A user with an expired password may still login and change their attributes: <http://www.debian.org/security/2004/dsa-585> ruby - Poorly secured temporary files are created by the application: <http://www.debian.org/security/2004/dsa-586> freeamp - A buffer overflow in the playlist feature could be exploited to run arbitrary code: <http://www.debian.org/security/2004/dsa-587> gzip - A flaw with the way temporary files are created could be exploited by local users in a symlink attack: <http://www.debian.org/security/2004/dsa-588> libgd - Multiple integer overflows could be exploited to run code on the affected machine: <http://www.debian.org/security/2004/dsa-589> libgd2 - Similar problems to libgd above: <http://www.debian.org/security/2004/dsa-591> gnats - A format string flaw could be exploited to run the code of choice: <http://www.debian.org/security/2004/dsa-590> ez-ipupdate - A format string flaw has been found when this application is run in certain modes: <http://www.debian.org/security/2004/dsa-592> ********** HP patches stmkfont A flaw in the HP-UX stmkfont program could be exploited by a remote attacker to access the resources owned by "bin". The update can be downloaded from the HP IT Resource Center: <http://itrc.hp.com/> ********** Today's roundup of virus alerts: W32/Rbot-PG - This Trojan variant installs itself as "wuanclt.exe" in the Windows System folder after spreading through a network share. It exploits a number of well-documented Windows vulnerabilities and allows backdoor access via IRC. (Sophos) W32/Rbot-PH - Similar to the Rbot-PG worm above, except this variant uses the filename "msnmsgr7.exe" and can be used for different application, including keystroke logging and CD key grabbing. (Sophos) W32/Rbot-PJ - Another Rbot variant. This one installs itself as "msn.exe". (Sophos) W32/Rbot-PS - This edition of Rbot copies itself to "rundll24.exe". If all the proper Windows patches have been applied, this pest shouldn't get through. (Sophos) Troj/StartPa-DO - A "start page" virus that resets Internet Explorer's start-up page to a file dropped by the Trojan horse. (Sophos) W32/Bofra-D - An e-mail virus that uses a number of various message characteristics, but the one consistent is the infected attachment will end in 32.exe. In addition to mass mailing itself, the virus listens on port 1639. (Sophos) W32/Bofra-E - Similar to Bofra-D with the added twist of an IRC accessible backdoor. (Sophos) Troj/Mastseq-H - A Trojan that adds its code to the Internet Explorer application. No word on how it spreads or what damage it may cause. (Sophos) Troj/Krepper-L - This Trojan tries to download code via Internet Explorer and may display pop-ups on the infected machine. (Sophos) W32/Forbot-CI - A new Forbot variant that spreads via network shares and installs itself as "svshost.exe" in the Windows System folder. It allows backdoor access via IRC and can be used for a number of malicious applications. (Sophos) Troj/Banker-FA - Another virus that displays a faked bank login page in order to steal user credentials. (Sophos) ********** >From the interesting reading department: Desktop search engines threaten SSL VPN security New PC indexing tools such as Google Desktop Search pose security risks to businesses that use SSL remote access because the tools copy material accessed during SSL sessions and make it available to unauthorized people who later use the same PC. Network World, 11/12/04. <http://www.nwfusion.com/news/2004/111504googledesktop.html?nl> Apple Mac OS X v10.3.x "Panther": Security Configuration Guide The purpose of this guide is to provide an overview of Mac OS X v10.3.x "Panther" operating system security and recommendations for configuring the security features. This guide provides recommended settings to secure systems using this operating system, and points out problems that could cause security concerns in systems using this operating system. National Security Agency. <http://www.nsa.gov/snac/os/applemac/osx_client_final_v.1.pdf> Stop! Access restricted You can make your extended enterprise constituents take security as seriously as you do. Here's how. Network World, 11/15/04. <http://www.nwfusion.com/ee/2004/111504security.html?nl> Vendors back Web app security testing Debate over what protections a Web application firewall is supposed to provide reached a head last week as four security vendors rallied around a common product-testing regimen. Network World, 11/15/04. <http://www.nwfusion.com/news/2004/111504firewalls.html?nl> Vendors uncrate single sign-on software Imprivata and RSA Security each announced client/server products this week for bringing single sign-on authentication to corporate networks. Network World, 11/15/04. <http://www.nwfusion.com/news/2004/1115impriviata.html?nl> Tool fights wireless, wired worm outbreaks Trend Micro last week announced an appliance intended to help users monitor for computer worm outbreaks across wired and wireless LAN segments. Network World, 11/15/04. <http://www.nwfusion.com/news/2004/111504trendmicro.html?nl> _______________________________________________________________ To contact: Jason Meserve Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at <mailto:[EMAIL PROTECTED]>. Check out his Multimedia Exchange weblog at: <http://www.nwfusion.com/weblogs/multimedia/> _______________________________________________________________ This newsletter is sponsored by Trend Micro Announcing a more effective approach to managing virus outbreaks. Trend Micro and Cisco Systems--working together. Imagine a network solution so advanced, so secure, so ingeniously Proactive, you may never have to worry about another outbreak again. http://www.fattail.com/redir/redirect.asp?CID=88470 _______________________________________________________________ ARCHIVE LINKS Virus and Bug Patch Alert archive: http://www.nwfusion.com/newsletters/bug/index.html Breaking security news, updated daily http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE NEW! Website dedicated to Networking for Small Business now available The editors of NW Fusion and PC World have combined all their expert advice, authority, and know-how into a powerful new tool for small businesses, the new Networking for Small Business website. Get news, how-to's, product reviews, and expert advice specifically tailored to your small business needs. Find help with Security, Broadband, Networking, Hardware, Software, and Wireless & Mobile technology at: <http://www.networkingsmallbusiness.com/> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
