NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT 12/16/04 Today's focus: Default passwords pose problems in Cisco gear
Dear [EMAIL PROTECTED], In this issue: * Patches from Debia, Mandrake Linux, OpenPKG, others * Advisories on tap from Cisco, Microsoft, iDefense, others * SSL VPN gear certified by VPN Consortium * Links related to Virus and Bug Patch Alert * Featured reader resource _______________________________________________________________ This newsletter is sponsored by SBC Dialing for Dollars CRATE & BARREL'S VOIP MOVE NETS SAVINGS AND FLEXIBILITY An apples-to-apples comparison showed that a centralized, software-based, IP-based platform could provide significant cost savings and productivity benefits over a comparable, traditional PBX system. Download whitepaper now, click here http://www.fattail.com/redir/redirect.asp?CID=91522 _______________________________________________________________ DOZENS OF NEW WHITE PAPERS NOW AVAILABLE Recent additions to Network World's White Paper Library focus on topics such as: safeguarding your Windows(R) environment from internal and external attacks, implementing SLAs, establishing an Internet usage policy for instant messaging, advantages of a 64-bit environment and more. Download your FREE white papers today at: http://www.fattail.com/redir/redirect.asp?CID=91364 _______________________________________________________________ Today's focus: Default passwords pose problems in Cisco gear By Jason Meserve Default passwords on Cisco messaging, security products could pose risks, vendor warns Cisco this week warned that default passwords on some of its unified messaging and attack-detection products could allow unauthorized users to gain administrative access to the respective devices. Network World Fusion, 12/15/04. <http://www.nwfusion.com/news/2004/1215ciscosecurity.html?nl> Related Cisco advisories: Cisco Unity Integrated with Exchange Has Default Passwords <http://www.nwfusion.com/nlvirusbug913> Default Administrative Password in Cisco Guard and Traffic Anomaly Detector <http://www.nwfusion.com/nlvirusbug914> ********** Microsoft issues five bulletins on Windows flaws Microsoft Tuesday released five Security Bulletins warning of several vulnerabilities that put computers running Windows at risk of attack. IDG News Service, 12/14/04. <http://www.nwfusion.com/news/2004/1214microissue.html?nl> Related Microsoft advisories MS04-041: Vulnerability in WordPad Could Allow Code Execution http://www.microsoft.com/technet/security/Bulletin/MS04-041.mspx MS04-042: Vulnerability in DHCP Could Allow Remote Code Execution and Denial Of Service http://www.microsoft.com/technet/security/Bulletin/MS04-042.mspx MS04-043: Vulnerability in HyperTerminal Could Allow Code Execution http://www.microsoft.com/technet/security/Bulletin/MS04-043.mspx MS04-044: Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege http://www.microsoft.com/technet/security/Bulletin/MS04-044.mspx MS04-045: Vulnerability in WINS Could Allow Remote Code Execution http://www.microsoft.com/technet/security/Bulletin/MS04-045.mspx iDefense advisory related to WordPad vulnerability: <http://www.nwfusion.com/go2/1213bug2a.html> ********** Linux vendors update nfs-utils A denial-of-service vulnerability has been found in the NFS statd server that is part of nfs-utils. A number of Linux vendors have released patches for the problem: Debian: <http://www.debian.org/security/2004/dsa-606> Gentoo: <http://security.gentoo.org/glsa/glsa-200412-08.xml> Mandrake Linux: <http://www.nwfusion.com/go2/1213bug2b.html> Trustix: <http://www.trustix.org/errata/2004/0065/> ********** iDefense warns of Adobe Acrobat flaws Security consultants at iDefense are warning of separate vulnerabilities in Adobe Acrobat 5.0 and 6.0. Version 5.0.9 is vulnerable to a buffer overflow in the mailListIsPdf() function. Version 6.0.2 contains a format string vulnerability that could be exploited to run any code on the affected machine. For more, go to: Adobe Acrobat Reader 5.0.9 mailListIsPdf() Buffer Overflow Vulnerability: <http://www.nwfusion.com/go2/1213bug2c.html> Adobe Reader 6.0 .ETD File Format String Vulnerability: <http://www.nwfusion.com/go2/1213bug2d.html> ********** Mandrake Linux patches rp-pppoe A flaw exists in the pppoe piece of rp-pppoe. When pppoe is run with root privileges, an attacker could overwrite any file on the affected system. For more, go to: <http://www.nwfusion.com/go2/1213bug2e.html> Mandrake Linux releases fix for lvm The lvm package creates temporary files in a non-secure manner. These files are vulnerable to symlink attach, which could be used to overwrite files on the system. For more, go to: <http://www.nwfusion.com/go2/1213bug2f.html> ********** Gentoo, OpenPKG patches Vim A patch is available for the popular Vim text editor. The modline command may be too liberal with its rights management. The patch corrects this problem. For more, go to: Gentoo: <http://security.gentoo.org/glsa/glsa-200412-10.xml> OpenPKG: <http://www.openpkg.org/security/OpenPKG-SA-2004.052-vim.txt> ********** Today's roundup of virus alerts: W32/Sdbot-SB -- A new bot that is dropped by another virus. It is used to provide backdoor access to the infected system. This variant installs a registry key that ends with "winprotect". (Sophos) W32/Sdbot-SG -- This worm provides backdoor access to the infected machine. It drops the file "dqddss.exe" after entering via a network share. (Sophos) W32/Rbot-RN -- An Rbot variant that spreads through network shares by exploiting the Windows LSASS, RPC-DCOM and WebDav security flaws. It creates the file "msctfg32.exe" in the Windows System folder and can be used for a number of malicious purposes. (Sophos) W32/Atak-G -- A new Atak e-mail worm variant. This has a variety of message types that attempt to look like an informal security warning, at best. All infected messages will have a zip attachment. (Sophos) W32/Zafi-D -- This Zafi worm spreads via e-mail and peer-to-peer networks. It copies itself to the infected system as "Norton Update.exe". The virus attempts to stop security-related applications running on the infected machine and harvests various files looking for e-mail addresses. (Sophos, Panda Software) W32/Agobot-DAA -- You know it's time to come up with a new naming convention when we've got triple letters after the virus root name. This variant drops the file "winhlpp32.exe" and modifies the Windows HOSTS file to limit access to security-related Web sites. W32/Forbot-CY -- This Forbot variant drops the file "NAVSSE.exe" in the Windows System directory. It spreads via network shares and can be used to allow backdoor access via IRC. (Sophos) ********** >From the interesting reading department: 3Com to acquire TippingPoint for $430 million 3Com Monday announced plans to acquire TippingPoint Technologies, a maker of intrusion-prevention systems, for approximately $430million in stock. Network World Fusion, 12/13/04. <http://www.nwfusion.com/news/2004/1213tp3c.html?nl> SSL VPN gear certified The VPN Consortium has certified that gear from nine SSL VPN vendors has passed two tests the consortium set up to assure customers that the equipment works as advertised. Network World Fusion, 12/15/04. <http://www.nwfusion.com/news/2004/1215vpnc.html?nl> _______________________________________________________________ To contact: Jason Meserve Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at <mailto:[EMAIL PROTECTED]>. Check out his Multimedia Exchange weblog at: <http://www.nwfusion.com/weblogs/multimedia/> _______________________________________________________________ This newsletter is sponsored by SBC Dialing for Dollars CRATE & BARREL'S VOIP MOVE NETS SAVINGS AND FLEXIBILITY An apples-to-apples comparison showed that a centralized, software-based, IP-based platform could provide significant cost savings and productivity benefits over a comparable, traditional PBX system. Download whitepaper now, click here http://www.fattail.com/redir/redirect.asp?CID=91521 _______________________________________________________________ ARCHIVE LINKS Virus and Bug Patch Alert archive: http://www.nwfusion.com/newsletters/bug/index.html Breaking security news, updated daily http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE THE EXTENDED ENTERPRISE: NW'S ANNUAL GUIDE Here we analyze the latest tools, techniques and strategies for extending your business reach. Find out how connecting to your business partners is influencing those relationships, how you can make your business partners take security issues as seriously as you do and more. Click here: <http://www.nwfusion.com/ee/2004/?ts> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
