NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT 11/29/04 Today's focus: Java vulnerability fixed
Dear [EMAIL PROTECTED], In this issue: * Patches from Apple, Linux, Gentoo, others * Beware latest in peer-to-peer worms * Profiling cybercrime: Network threats and defense strategies, and other interesting reading * Links related to Virus and Bug Patch Alert * Featured reader resource _______________________________________________________________ This newsletter is sponsored By BMC Software Linking IT Priorities to Business Objectives, an IDC whitepaper. Get insights from IDC on aligning business goals and IT priorities. IDC offers practical, actionable information on how Business Service Management can help you reduce operating costs, improve service levels, respond faster to business needs and protect delivery of business-critical. Click here to download this whitepaper now. http://www.fattail.com/redir/redirect.asp?CID=88781 _______________________________________________________________ COMPREHENSIVE APPLICATIONS RESOURCE Go to NW Fusion's Research Center for detailed information on applications. Find the latest breaking news, case studies, white papers, commentary, reviews and more. Topics on how to rebuild Jboss from source code, how to build advanced forms, compartmentalizing the internet and more are all found in the Research Center. Click here: http://www.fattail.com/redir/redirect.asp?CID=89261 _______________________________________________________________ Today's focus: Java vulnerability fixed By Jason Meserve Today's bug patches and security alerts: Java vulnerability fixed Sun is reporting that a vulnerability has been found in the Java Run-Time Environment (JRE) and SDK. The flaw could be exploited to run an attacker's code of choice on the affected machine. Versions 1.3.1_13 and 1.4.12_06 have been released to fix the issue. For more, go to: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 Related advisories: Conectiva (Sun JRE): <http://www.nwfusion.com/go2/1129bug1a.html> iDefense alert: <http://www.nwfusion.com/go2/1129bug1b.html> ********** Citrix warns of keylogging vulnerability The debugging functionality in Citrix ICA Win32 version 8.0 and earlier could be used to log keystrokes on the affected machine. An attacker would need access to the system to access the function. Version 8.1 of the Citrix client has been released to fix this problem. For more, go to: <http://www.nwfusion.com/go2/1129bug1c.html> ********** Winamp buffer overflow patched A buffer overflow in the popular Winamp media player could be exploited by an attacker via a malicious playlist. The attack could be used to trick a user into loading playlists from a malicious site. The overflow than could be exploited to run code on the affected machine. Download version 5.0.6 to fix the problem: <http://www.winamp.com/player/> ********** Apple patches iCal A flaw in the way "alarms" are created in iCal could allow someone to create an alarm without the user's consent. Alarms can be used to send e-mail or open programs. Download version 1.5.4 to fix the problem: <http://www.apple.com/ical/download/> ********** Linux vendors patch cyrus-imapd A flaw in the Cyrus IMAP daemon (cyrus-imapd) commands parser could be exploited to access memory beyond the allocated limit. This could be used to run an attacker's code of choice on the affected machine. For more, go to: <http://security.e-matters.de/advisories/152004.html> Debian: <http://www.debian.org/security/2004/dsa-597> Gentoo: <http://security.gentoo.org/glsa/glsa-200411-34.xml> Mandrake Linux: <http://www.nwfusion.com/go2/1129bug1d.html> ********** Gentoo releases update for mtink Mtink, a utility for monitoring inkjet cartridges in an Epson printer, could be vulnerable to a symlink attack. A hacker could exploit this to run any malicious application on the affected machine. For more, go to: <http://security.gentoo.org/glsa/glsa-200411-17.xml> Gentoo patches zip ZIP archives are vulnerable to a buffer overflow when extremely long filenames are used. This overflow could be exploited to run code on the affected machine. For more, go to: <http://security.gentoo.org/glsa/glsa-200411-16.xml> Gentoo issues fix for ez-ipupdate A format string vulnerability that could be used to run malicious applications been patched. For more, go to: <http://security.gentoo.org/glsa/glsa-200411-20.xml> Gentoo fixes pavuk flaw Pakuk, a Web site spidering/mirroing tool, is vulnerable to multiple buffer overflows, which could be exploited by a remote user to run arbitrary code on the affected machine. For more, go to: <http://security.gentoo.org/glsa/glsa-200411-19.xml> Gentoo patches Davfs2, lvm-user According to a Gentoo alert, "Davfs2 and the lvmcreate_initrd script (included in the lvm-user package) are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running them." Gentoo releases a fix for BNC A buffer overflow in the BNC proxy server could be exploited in a denial-of-service attack or to run code on the affected machine. For more, go to: <http://security.gentoo.org/glsa/glsa-200411-24.xml> Gentoo issues patch for Ruby A buffer overflow in Ruby, a scripting language for object-oriented programming, could be exploited to send an application into an infinite loop, resulting in a denial of service. For more, go to: <http://security.gentoo.org/glsa/glsa-200411-23.xml> Gentoo releases fix for SquirrelMail Improperly sanitized user input could be exploited to compromise SquirrelMail user accounts. A fix is available. For more, go to: <http://security.gentoo.org/glsa/glsa-200411-25.xml> ********** Conectiva patches sasl2 A buffer overflow in sasl2 authentication system could be exploited by a remote attacker to run any code on the affected machine. For more, go to: <http://www.nwfusion.com/go2/1129bug1e.html> ********** Today's roundup of virus alerts: Troj/Banker-AM - A Trojan that steals banking information by looking for a specific set of bank-related URLs and copying all information input into the related pages. (Sophos) Troj/Swizzor-BQ - This Trojan horse installs itself as a Browser Help Object. It uses a random file name as its infection point. No word on the damage it may cause. (Sophos) W32/Favsin-A - A worm that spreads via peer-to-peer networks, installing the infected files "NvCpl.exe" and "Dong_Shi.exe" in the Windows System directory. It displays the message "No Windows. Yes doors and holes." in a pop-up window. W32/Anzae-A - A mass-mailing worm that spreads via messages written in Spanish. The virus installs "sw.exe", "sx.exe", "sz.exe" and "Inzax.exe" on the infected machine and attempts to delete a number of popular file types. (Sophos) W32/Anzae-C - Very similar to Anazae-A above, except the files "svchosl.pif" and "paula.pif" are installed in the Windows System director of the infected machine. (Sophos) W32/Agobot-OD - Very relevant name for this variant - OD = Over Dose on Agobot worms. This variant spreads via network shares, attempting to exploit the Windows DCOM RPC and the RPC locator vulnerabilities. The virus disables anti-virus and security-related applications on the infected machine and can be used to participate in DDoS attacks. (Sophos) W32/Tibick-A - A peer-to-peer worm that installs itself as "SVCNET.EXE" in the Windows System folder. It allows backdoor access via IRC and attempts to download code from a remote site. (Sophos) W32/Delf-IV - Peer-to-peer worms are popular this week. This one installs "Rundll~.exe" in the Windows System folder. It moves existing .exe files into the directory MouseMX and replaces the originals with copies of the virus. (Sophos) Skulls Trojan attacks Symbian mobile phones Users of Nokia's 7610 smart phone and possibly other phones running Symbian's Series 60 software should be aware of a new Trojan program on the Internet. IDG News Service, 11/22/04. <http://www.nwfusion.com/news/2004/1122skulltroja.html?nl> ********** >From the interesting reading department: No patching panacea The recent Network World Virtual Showdown, 'How best to patch,' drew six vendors together in a weeklong debate that ultimately concluded patch management is best viewed as one facet of a larger security strategy. Network World, 11/29/04. <http://www.nwfusion.com/news/2004/112904patch.html?nl> Profiling cybercrime: Network threats and defense strategies An inside look at the real problem, who's behind it, the legal machine fighting back and what you can do. Network World, 11/29/04. <http://www.nwfusion.com/supp/2004/cybercrime/?nl> Citrix buys into better SSL VPN support Looking to provide customers with more secure remote access to corporate resources and possibly catapult it to the top echelon of SSL VPN vendors, Citrix Systems last week said it would buy SSL VPN vendor Net6. Network World, 11/29/04. <http://www.nwfusion.com/news/2004/112904citrix.html?nl> Thomson, VeriSign to build content security service Thomson Tuesday said that it is teaming up with VeriSign to build a digital authorization and authentication service that promises to secure delivery of content such as movies, music and games. IDG News Service, 11/23/04. <http://www.nwfusion.com/news/2004/1123thomsveris.html?nl> _______________________________________________________________ To contact: Jason Meserve Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at <mailto:[EMAIL PROTECTED]>. Check out his Multimedia Exchange weblog at: <http://www.nwfusion.com/weblogs/multimedia/> _______________________________________________________________ This newsletter is sponsored By BMC Software Linking IT Priorities to Business Objectives, an IDC whitepaper. Get insights from IDC on aligning business goals and IT priorities. IDC offers practical, actionable information on how Business Service Management can help you reduce operating costs, improve service levels, respond faster to business needs and protect delivery of business-critical. Click here to download this whitepaper now. http://www.fattail.com/redir/redirect.asp?CID=88780 _______________________________________________________________ ARCHIVE LINKS Virus and Bug Patch Alert archive: http://www.nwfusion.com/newsletters/bug/index.html Breaking security news, updated daily http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE DOWNLOAD INDUSTRY WHITE PAPERS NOW NW Fusion's White Paper Library is your source for the latest industry white papers. Recent additions to the library include white papers on securing remote access, VOIP and productivity, domain name system best practices, WLAN security, IT documentation and much more. Click here to download: <http://www.nwfusion.com/vendorview/whitepapers.html> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
