• United States

Linux vendors patch critical KDE security hole

Jan 23, 20064 mins

* Patches from Red Hat, SuSE, F-Secure, others * Beware three Trojan horses hitting certain mobile phones

Today’s bug patches and security alerts:

Red Hat, SuSE patch critical KDE security hole

Red Hat and SuSE have released patches for a critical security hole in their Linux distributions that stem from a vulnerability in the KDE desktop environment. IDG News Service, 01/23/06.

KDE advisory:


F-Secure patches anti-virus software

Anti-virus software vendor F-Secure issued a patch for a wide range of its products Thursday after a security researcher in Luxembourg reported vulnerabilities to the company. IDG News Service, 01/20/06.

F-Secure advisory:


Cisco product flaws affect VoIP gear, routers

A triad of Cisco product vulnerabilities could cause problems for users of the company’s IP PBXs and certain routers, Cisco warned this week., 01/19/06.

Cisco Call Manager privilege escalation advisory:


HP patches ftpd for HP-UX

A remote denial-of-service vulnerability has been found in the FTP Daemon (ftpd) for HP-UX. Patches have been released and can be downloaded by logging into the HP IT Resource Center:


Gentoo patches Sun and Blackdown Java

According to Gentoo, “Sun’s and Blackdown’s JDK or JRE may allow untrusted applets to elevate their privileges.” Fixes are available. For more, go to:


Recent updates from Debian:

sudo (code execution):

ClamAV (heap overflow, code execution):

crawl (privilege escalation):


New updates from Mandriva:

mod_auth_ldap (code execution):

kernel (multiple flaws):


Today’s roundup of virus alerts:

New Trojan horses threaten cell phones

Three new malicious programs are hitting certain mobile phones, anti-virus companies have warned. The Trojan horses, or programs that are disguised as legitimate applications, spread via Bluetooth or multimedia messages and can affect phones running the Symbian operating system. IDG News Service, 01/23/06.

Nyxem worm programmed to overwrite data files on Feb. 3

Anti-virus vendors are warning of a rapidly-spreading worm that is carrying a potentially destructive set of instructions. The Nyxem worm – also nicknamed the Kama Sutra worm – is programmed to overwrite all of the files on computers it infects on Feb. 3, said Mikko Hypponen, chief research officer at F-Secure. IDG News Service, 01/23/06.

W32/Zotob-K — A mass mailing worm that masquerades as a message warning of a password or account expiration. It will usually come with a double-extension attachment. It drops “wininit.exe” in the Windows System folder and can allow backdoor access via IRC. (Sophos)

W32/Kookoo-A — This Trojan spreads through network shares and allows backdoor access to the infected machine. It drops “oledsp32.dll” in the Windows System folder and can be used as a proxy server. (Sophos)

Troj/Brospy-K — A Trojan that monitors Web activity, looking for password and other user data. It’s installed as “msnscps.dll” in the Windows System folder. (Sophos)

Troj/Clagger-D — An e-mail worm that spreads through a message claiming to be a credit card overdraft notice. It will have an attachment called “file1185.exe”. It is used to bypass the Windows Firewall and download additional malicious code. (Sophos)

W32/Rbot-LT — Yet another Rbot variant that exploits known Windows flaws as it spreads through network shares and allows backdoor access via IRC. It is installed as “LSSRV.EXE” in the Windows System folder. It also captures keystrokes to “KEY32.TXT”. (Sophos)

Troj/QQRob-CY — A Trojan that drops two files in the Windows System folder: “svchsot.exe” and “check.dll”. It can be used to drop additional code on the infected host. (Sophos)