New version of Asterisk fixes flaws

* Patches from Trustix, Debian, Mandriva, others * Beware Windows Trojan that claims is a new "Media-Codec" * Start-up adds archiving to e-mail security suite, and other interesting reading

In addition to writing this security-related newsletter, I also cover multimedia and conferencing technologies for Network World. One of the analyst firms that I rely on for information is conducting a survey on videoconferencing and IP communications usage. Here are the details:

We would like to encourage all of our readers to fill out the form, available online.

By telling Wainhouse Research about your current usage and your interest in new products and services, you will be helping set the direction of the conferencing and collaboration industry. To make this even more rewarding Wainhouse Research will be giving away 10 $50 gift certificates chosen at random from those completing the form as well as selected highlights of the survey results to all who complete the survey.

Please take 5-10 minutes and fill out the Wainhouse Research survey at the URL above. Your help is much appreciated.

Today's bug patches and security alerts:

New version of Asterisk fixes flaws

According to an advisory on the BugTraq mailing list, "The Asterisk Development Team today released Asterisk 1.2.9 and Asterisk 1.0.11 to address a security vulnerability in the IAX2 channel driver (chan_iax2). The vulnerability affects all users with IAX2 clients that might be compromised or used by a malicious user, and can lead to denial of service attacks and random Asterisk server crashes via a relatively trivial exploit."


Trustix releases "multi" update

The latest update from Trustix fixes flaws in the kernel and postgresql. The flaws could be exploited to reveal sensitive system information or to inject SQL code.


Debian patches SpamAssassin

A flaw in the Perl-based SpamAssassin anti-spam system could be exploited by a remote attacker to execute malicious code on the affected machine. A fix is available.


Mandriva patches libtiff

A flaw in one of libtiff's commands could be exploited to run malicious code on the affected machine. Mandriva has released an update.


Recent updates from Gentoo:

Opera (buffer overflow, code execution)

shadow (privilege escalation)

Dia (format string, code execution)

Tor (multiple flaws)

Pound (HTTP request smuggling - it's low priority)


New patches from Fedora:

Mozilla (multiple flaws)

Firefox (multiple flaws) (buffer overflow, code execution)

squirrelmail (multiple flaws)

ipsec-tools (denial of service)


Today's roundup of virus alerts:

W32/Rbot-DZX -- This Rbot spreads through backdoors left by MyDoom variants and by exploiting known Windows flaws. It drops "qopz.exe" in the Windows System directory and can be used to record keystrokes, act as an Internet proxy, steal CD game keys and kill security applications running on the infected host. (Sophos)

W32/Alcra-E -- This Trojan spreads through peer-to-peer networks. It pops a fake Windows Media Player error message on the screen claiming there's a problematic codec on the affected system. It drops a number of files in the Windows System folder, including "winlogi.ex". (Sophos)

Troj/Banker-BQH -- An online banking Trojan that tries to collect user credentials by displaying fake login screens. It drops "winctrg.sys" in the Windows System folder. (Sophos)

Troj/Zlob-QJ -- A Windows Trojan that claims is a new "Media-Codec". It drops a couple files on the infected host, including "regperf.exe" in the System directory. (Sophos)

Troj/Mailbot-AJ -- A Trojan that just seems to install and not cause any damage. It drops "helpermnew6win.exe" in the Windows System folder. (Sophos)

W32/Looked-A -- This Trojan is designed to download additional malicious code from remote sites. It is installed as "rundl132.exe" in the Windows directory. (Sophos)

Troj/WowPWS-K -- A Trojan that monitors system activity and can download additional malicious code. It drops multiple files on the infected host, including "<Program files>\Internet Explorer\signup\svchost.exe". (Sophos)

W32/Sdbot-BUQ -- A new Sdbot IRC backdoor worm that spreads through network shares by exploiting known Windows vulnerabilities. It installs "Mscfg.exe" in the Windows directory. (Sophos)


From the interesting reading department:

Start-up adds archiving to e-mail security suite

Start-up Privacy Networks this week is adding archiving capabilities to the newest version of its suite of e-mail security software., 06/07/06.

Sophos releases upgraded security software

Sophos has incorporated several new features in a security software package released Wednesday that allows network administrators to manage security for thousands of computers from a single console. IDG News Service, 06/07/06.

AOL to release security diagnostic tool

AOL plans to release on Thursday a free application that checks the security software and settings of PCs and home networks and lets users know about vulnerabilities it detects. IDG News Service, 06/07/06.

HP recalls digital cameras for fire hazard

HP has recalled more than half a million digital cameras, citing the risk of a fire hazard from an overheated battery. IDG News Service, 06/07/06.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2006 IDG Communications, Inc.

IT Salary Survey 2021: The results are in