Oracle patches multiple flaws

According to the folks at F-Secure, today (January 19) marks the 20th anniversary of the first PC virus – Brain:

http://www.f-secure.com/news/items/news_2006011900.shtml

Today’s bug patches and security alerts:

Oracle patches multiple flaws

The new January patch update from Oracle fixes flaws in The Oracle Database, Oracle Application Server, Oracle Enterprise Manager Grid Control, Oracle Collaboration Suite, JD Edwards EnterpriseOne and OneWorld Tools, and PeopleSoft Enterprise Portal. Also, fixes are available for the Oracle E-Business Suite and Applications. Attackers could exploit the various flaws in denial-of-service attacks and to run malicious code on affected systems. For more, go to:

http://www.networkworld.com/go2/0116bug2a.html

CERT advisory:

http://www.us-cert.gov/cas/techalerts/TA06-018A.html

**********

Cisco warns of Call Manager DoS

All versions of Cisco Call Manager are vulnerable to a flaw that could be exploited to reboot the affected system, resulting in a denial-of-service. A free update is available from Cisco:

http://www.networkworld.com/go2/0116bug2b.html

Cisco patches IOS Stack Group Bidding Protocol Crafted Packet DoS

According to a Cisco advisory, “The Cisco IOS Stack Group Bidding Protocol (SGBP) feature in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable denial of service condition. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability.” For more, go to:

http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml

**********

Back-up software sees exploit, patches

EMC has issued patches for security problems with its data back-up software, while exploit code has been released targeting a flaw in back-up software from Veritas that the company patched last year. IDG News Service, 01/19/06.

http://www.networkworld.com/news/2006/011906-emc-patches.html

**********

FreeBSD patches 802.11 handling

According to an alert from FreeBSD, “An integer overflow in the handling of corrupt IEEE 802.11 beacon or probe response frames when scanning for existing wireless networks can result in the frame overflowing a buffer.” An attacker could exploit this to run malicious code in certain instances. For more, go to:

http://www.networkworld.com/go2/0116bug2c.html

**********

iDefense warns of Novell Remote Manager flaw

A flaw in the way HTTP header requests are processed by the Novell Remote Manager product could be exploited to cause a heap overflow and potentially run malicious code on the affected machine, according to iDefense. A fix is available from Novell. For more, go to:

http://www.networkworld.com/go2/0116bug2d.html

Novell/SuSE update:

http://www.networkworld.com/go2/0116bug2e.html

**********

Trustix releases ‘multi’ update

A new update from Trustix fixes flaws in clamav, cups, fetchmail, mod_auth_pgsql and sudo. The most serious of the vulnerabilities could be exploited to run malicious code on the affected machine. For more, go to:

http://www.trustix.org/errata/2006/0002/

Trustix patches postgresql

Multiple vulnerabilities have been found in the postgresql object-relational database system. An attacker could exploit this to modify the structure of the database. For more, go to:

http://www.trustix.org/errata/2006/0001/

**********

New updates from Debian:

tuxpaint (poor temp files):

http://www.debian.org/security/2006/dsa-941

albatross (code execution):

http://www.debian.org/security/2006/dsa-942

Perl (integer overflow):

http://www.debian.org/security/2006/dsa-943

mantis (multiple flaws):

http://www.debian.org/security/2006/dsa-944

antiword (poor temp files):

http://www.debian.org/security/2006/dsa-945

**********

New fixes from Mandriva:

tetex (multiple overflows):

http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:011

kdegraphics (multiple overflows):

http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:012

kolab (multiple flaws):

http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:013

wine (Windows Metafile flaw):

http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:014

hylafax (code execution):

http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:015

clamav (buffer overflow, code execution):

http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:016

**********

New patches from Ubuntu:

Kernel (multiple flaws):

http://www.networkworld.com/go2/0116bug2f.html

tuxpaint (poor temp files):

http://www.networkworld.com/go2/0116bug2g.html

mailman (denial of service):

http://www.networkworld.com/go2/0116bug2h.html

**********

Today’s roundup of virus alerts:

Troj/RuinDl-K — A Trojan that’s designed to download additional malicious code from remote Web sites. It is installed as “dmcoj.exe” in the Windows System folder. (Sophos)

Troj/FeebDl-A — This virus installs itself as “C:/recycled/userinit.exe” and can download more executables from a remote site. (Sophos)

Troj/Zlob-CN and CO — A Trojan that tries to kill security-related processes running on the infected machine and download additional malicious code. It drops three files in the Windows System folder: “hp.tmp”, “msvol.tlb” and “ncompat.tlb”. (Sophos)

Troj/RemLoad-B — This virus can be used to retrieve information about the infected host and communicate with remote hosts. It drops a number of files on the host, including “checkreg.exe” in the Windows System file. It may also display a fake error message about a missing DLL. (Sophos)

W32/Kelvir-BE — An instant messaging worm that spreads by sending a link to everyone listed in a Microsoft Messenger contact list. (Sophos)

W32/Nyxem-D — A virus that spreads through both network shares and e-mail (usually as a message that purports to be porn). It drops a number of files on the infected host in various directories: Rundll16.exe, scanregw.exe, Winzip.exe, Update.exe, WinZip_Tmp.exe, New WinZip File.exe, movies.exe and Zipped Files.exe. (Sophos)

W32/Agobot-VI — A typical Agobot variant that spreads through network shares by exploiting known Windows vulnerabilities and allows backdoor access to the infected host via an IRC channel. It places “Stney.exe” in the Windows System folder. (Sophos)

W32/Sdbot-ALZ — Another IRC backdoor/network worm. This one drops “svchosts.exe” in the Windows System folder. (Sophos)

Troj/Paymite-B — A worm that modifies the start page of Internet Explorer. It’s installed as “paytime.exe” in the Windows System directory. (Sophos)

W32/Codbot-L — This Trojan too provides backdoor access through IRC. It can be used to steal password information, sniff packets and download additional malicious code. It puts “rpcclient.exe” in the Windows System folder. (Sophos)

W32/Rbot-BMG — An Rbot variant that exploits a number of well-known Windows flaws as it spreads through network shares. It drops “CCapp1.exe” in the Windows System folder and allows backdoor access via IRC. (Sophos)

W32/Rbot-BLC — Another similar Rbot variant. This one installs “Acrord32.exe” in the Windows System folder after spreading through a network share. (Sophos)

W32/Loosky-AE — An e-mail worm that spreads through a message that looks like an eBay account suspension warning. The infected attachment is called “ebay_info.exe”. The virus can be used to record keystrokes and act as a proxy server. (Sophos)

Troj/Hupigon-CI — A backdoor Trojan for Windows that communicates with remote servers via HTTP. It is installed as “qq.exe” in the Windows directory. (Sophos)

W32/Tilebot-CZ — Yet another IRC backdoor Trojan that spreads through network shares with weak passwords or non-patched Windows vulnerabilities. This one drops “win32ssr.exe” in the Windows folder and “svkp.sys” in the Windows System directory. (Sophos)

Troj/YahooSpy-B — This virus can run programs, disable certain Windows tasks and create all-around havoc on the infected host. No word on what files it uses to infect the system. (Sophos)

Troj/Ooj-B — A data stealing Trojan that targets email account information, passwords and ICQ numbers, sending the data via e-mail to the virus author. (Sophos)

Troj/Vixup-BH — Another Trojan that can be used to download additional code and provide backdoor access. This one is installed as “kernels64.exe” in the Windows System folder. (Sophos)