Today's bug patches and security alerts:
New update from Apple fixes numerous Mac OS X flaws
A new update from Apple fixes flaws in ImageIO, Mail, malloc, QuickDraw Manager, QuickTime for Java, Ruby, Safari, SecurityAgent and securityd. The most serious of the flaws could be exploited to gain elevated privileges and run arbitrary code on the affected machine. For more, go to:
http://docs.info.apple.com/article.html?artnum=302413
**********
Trustix patches ClamAV
A buffer overflow has been found in the process that scans UPX-packed executables. There's also a denial-of-service flaw in the way FSG-packed executables are processed. For more, go to:
http://www.trustix.org/errata/2005/0051/
**********
SCO patches TCP Remote ICMP Denial Of Service Vulnerabilities
A couple of denial-of-service vulnerabilities have been found in the ICMP implementation for SCO OpenServer. For more, go to:
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.38
**********
Mandriva patches masqmail
Two flaws have been found in masqmail. Both could be exploited to run arbitrary code on the affected machine. For more, go to:
http://www.mandriva.com/security/advisories?name=MDKSA-2005:168
Mandriva releases fix for XFree86
An integer overflow in XFree86's pixmap could be exploited to gain elevated privileges on the affected machine. For more, go to:
http://www.mandriva.com/security/advisories?name=MDKSA-2005:164
Mandriva issues MySQL update
A stack-based buffer overflow in one of the MySQL functions could be exploited to run arbitrary code on the affected machine. For more, go to:
http://www.mandriva.com/security/advisories?name=MDKSA-2005:163
**********
More Mozilla updates available
A number of vulnerabilities have been found in various Mozilla-based packages, including Firefox. The most serious of the flaws could be exploited to run arbitrary code. For more, go to:
Fedora (Mozilla):
http://www.networkworld.com/go2/0926bug1g.html
Gentoo:
http://security.gentoo.org/glsa/glsa-200509-11.xml
Ubuntu (Mozilla, Firefox):
http://www.networkworld.com/go2/0926bug1f.html
HP has also releases a fix for OpenVMS related to these Mozilla issues:
http://h71000.www7.hp.com/openvms/products/ips/cswb/cswb.html
**********
Ubuntu patches umount
A flaw in one of the umout options could be exploited by a local user to run malicious code on the affected machine. For more, go to:
http://www.networkworld.com/go2/0926bug1e.html
**********
Debian patches courier
According to an alert from Debian, "Jakob Balle discovered that with 'Conditional Comments' in Internet Explorer it is possible to hide javascript code in comments that will be executed when the browser views a malicious email via sqwebmail. Successful exploitation requires that the user is using Internet Explorer." For more, go to:
http://www.debian.org/security/2005/dsa-820
Debian releases Python updates
Both Version 2.1 and 2.2 of Debian's Python implementation are vulnerable to the integer over flow in the PCRE library. An attacker could exploit this to run arbitrary code on the affected machine. For more, go to:
Python 2.1:
http://www.debian.org/security/2005/dsa-819
Pythod 2.2:
http://www.debian.org/security/2005/dsa-817
Debian issues fix for kdeedu
The langen2kvhtml application from the kvoctrain package in kdeedu does not properly create temporary files. An attacker could exploit this in a symlink attack. For more, go to:
http://www.debian.org/security/2005/dsa-818
Debian patches kdebase
A lock file handling error in kcheckpass could be exploited to gain elevated privileges on the affected machine. For more, go to:
http://www.debian.org/security/2005/dsa-815
Debian issues patch for lm-sensors
The lm-sensors application creates temporary files with predictable names, which could be exploited in a symlink attack. For more, go to:
http://www.debian.org/security/2005/dsa-814
Debian patches centericq
Several flaws have been found in centericq, a text-mode multi-protocol instant messenger client. The flaws could be exploited to run arbitrary code on the affected machine. For more, go to:
http://www.debian.org/security/2005/dsa-813
Debian releases patch for turqstat
According to a Debian advisory, "Peter Karlsson discovered a buffer overflow in Turquoise SuperStat, a program for gathering statistics from Fidonet and Usenet, that can be exploited by a specially crafted NNTP server." For more, go to:
http://www.debian.org/security/2005/dsa-812
Debian patches common-lisp-controller
A flaw in the common-lisp-controller, a Common Lisp source and compiler manager, could be exploited by a local user to run malicious script. For more, go to:
http://www.debian.org/security/2005/dsa-811
**********
HP patches System Management Homepage
A flaw in the System Management Homepage could be exploited by a remote user in a denial-of-service or cross-scripting attack. For more, go to:
Windows:
http://www.networkworld.com/go2/0926bug1d.html
Linux:
http://www.networkworld.com/go2/0926bug1c.html
HP fixes Tru64 libXpm flaw
Multiple denial-of-service vulnerabilities have been found in the libXpm and dximageview module for Tru64. In some cases, an attacker could run malicious code on the affected machine. For more, go to:
http://www.securityfocus.com/archive/1/411324/30/30/threaded
HP patches ftp daemon for Tru64
A denial-of-service vulnerability has been found in the HP Tru64 FTP daemon. A fix is available. For more, go to:
http://www.securityfocus.com/archive/1/411225/30/30/threaded
**********
Fedora updates squirrelmail
A flaw in the way squirrelmail handles the $_POST could be exploited by an attacker using a malicious URL. If clicked, the flaw could be exploited to change squirrelmail preferences. For more, go to:
http://www.networkworld.com/go2/0926bug1b.html
Fedora releases update for Zlib
A buffer overflow flaw in Zlib could be exploited in a denial-of-service attack against the affected machine. For more, go to:
http://www.networkworld.com/go2/0926bug1a.html
**********
Gentoo issues patch for Webmin, Usermin
According to a Gentoo advisory, "If Webmin or Usermin is configured to use full PAM conversations, it is vulnerable to the remote execution of arbitrary code with root privileges." For more, go to:
http://security.gentoo.org/glsa/glsa-200509-17.xml
Gentoo patches Mantis
A SQL injection vulnerability could be exploited to access or change data in the database. For more, go to:
http://security.gentoo.org/glsa/glsa-200509-16.xml
Gentoo releases fix for Zebedee
A bug in Zebedee, an application for creating an encrypted TCP tunnel between two machines, is vulnerable to a denial-of-service attack. For more, go to:
http://security.gentoo.org/glsa/glsa-200509-14.xml
Gentoo issues fix for Apache, mod_ssl
Flaws in the Apache-mod_ssl tandem could be exploited to bypass the access control list and potentially gain elevated privileges on the affected machine. For more, go to:
http://security.gentoo.org/glsa/glsa-200509-12.xml
Gentoo patches mailutils
According to a Gentoo advisory, "An authenticated IMAP user could exploit the format string error in imap4d to execute arbitrary code as the imap4d user, which is usually root." For more, go to:
http://security.gentoo.org/glsa/glsa-200509-10.xml
Gentoo releases fix in Py2Play
A "design flaw" in Py2Play, a peer-to-peer network game engine written in Python, could be exploited to run malicious code on the affected machine. For more, go to:
http://security.gentoo.org/glsa/glsa-200509-09.xml
**********
Today's roundup of virus alerts:
Troj/GrayBird-X -- A backdoor Trojan that can connect with remote sites via HTTP. It drops "svchost.exe" in the Windows folder. (Sophos)
W32/Pegas-A -- A virus that spreads via e-mail and can be used to steal local information as well as delete files. It spreads through message that looks like Spanish and has an attachment called "bailando.vbe". (Sophos)
W32/Mytob-EL -- Another Mytob e-mail worm, which spreads through messages that look like an account or password warning. The message will have an attachment with a double extension. It drops "servicces.exe" in the Windows System folder. (Sophos)
W32/Mytob-CU -- This Mytob variant spreads in a similar fashion to Mytob-EL above. It drops "xxx.exe" in the Windows System folder. (Sophos)
VBS/Cazdeg-D -- A virus that attempts to infect VBScript, JavaScript, ZIP, HTML, Word Document and Excel Spreadsheet files. It spreads through peer-to-peer networks and can setup an IRC accessbile backdoor. (Sophos)
W32/Rbot-AJO -- An Rbot variant that spreads through network shares by exploiting a number of known Windows vulnerabilities. It drops a randomly named file in the Windows System folder. It can be used for a number of malicious applications and allows backdoor access via IRC. (Sophos)
W32/Rbot-SQ -- Another Rbot variant that targets Windows machines that do not have all the proper patches installed. This version drops "mcafeee.exe" in the Windows System folder. (Sophos)
Troj/Sharp-J -- A backdoor worm that can inject code into running processes and be used to download additional code from remote sites. It drops "win32.exe" and "winlog.exe" in the Windows System folder. (Sophos)
W32/Traxg-E -- A mass mailing worm that also can spread via network shares. It creates "FOLDER.HTT" in the root directory and attempts to add an "admin" account to the affected machine. (Sophos)
Troj/Whistler-F -- A Trojan that attempts to delete files from the infected host. It spreads through network shares, dropping "WXP" in the root directory with the message "You did a piracy, you deserve it". It also installs "whismng.exe" in the Windows System directory. (Sophos)
W32/Codbot-AA -- A backdoor Trojan that can be used to download additional code, run an FTP server and harvest system information. The bot can be controlled via an IRC channel. It drops "winjava.exe" in the Windows System folder. (Sophos)
W32/Wurmark-M -- A worm that targets Windows machines. It drops "MsUpdate.exe" in a similarly named directory off the Program Files folder. No work on what kind of damage it can cause. (Sophos)
Troj/Divo-B -- A password stealing Trojan that targets certain Internet banking sites. It displays a number of fake messages asking the user to " Please input your MEMORABLE INFORMATION." (Sophos)
Troj/Lecna-D -- A backdoor Trojan that communicates with a remote server via HTTP. It drops "WINDOWSUPDATE.EXE" in the Windows System folder. (Sophos)
W32/Sdbot-ADB -- An Sdbot IRC backdoor worm that drops "HeIp.exe" in the Windows System folder. It spreads via network shares. (Sophos)
W32/Zafi-E -- A worm that spreads via e-mail and peer-to-peer networks. When infecting a machine, it displays the message "Windows has blocked access to this image." The infected e-mail will have an attachment with CMD, SCR, PIF, COM, or ZIP as its extension. It harvests additional e-mail address from its host. (Sophos)