Lucky seven patches from Microsoft

Today’s bug patches and security alerts:

Microsoft releases seven software patches

Microsoft released seven software patches on Tuesday, including fixes for critical security flaws in Internet Explorer and WindowsMedia Player. IDG News Service, 02/14/06.

Microsoft advisories:

Cumulative Security Update for Internet Explorer

Vulnerability in Windows Media Player Could Allow Remote Code Execution

Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution

Vulnerability in TCP/IP Could Allow Denial of Service

Vulnerability in Web Client Service Could Allow Remote Code Execution

Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege

Vulnerability in PowerPoint 2000 Could Allow Information Disclosure

Related iDefense advisory:

Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability

Also:

Microsoft patch fails to install for some users

Microsoft has reported a problem with one of its security patches released Tuesday that requires some users to take additional steps to ensure it installs properly. IDG News Service, 02/15/06.

**********

Cisco warns of TACACS Authentication Bypass

According to a Cisco advisory, “A vulnerability in Versions 5.0(1) and 5.0(3) of the software used in Cisco Anomaly Detection and Mitigation appliances and service modules may allow unauthorized users to get unauthorized access to the devices and/or escalate their privileges if Terminal Access Controller Access Control System Plus (TACACS+) is incompletely configured.” A free update is available to fix the problem.

**********

Apple releases Mac OS X v10.4.5

A new update from Apple for Mac OS X and Mac OS X Server fix a flaw in the operating system’s kernel that could be exploited to crash an affected machine.

**********

NGSSoftware warns of vulnerability in Lexmark Printer Sharing service

A flaw in the Lexmark Printer Sharing service could be exploited by a remote user to run malicious code with local privileges on an affected system, according to security experts at NGSSoftware. They do offer a potential workaround for the vulnerability as well.

**********

PostgreSQL flaws fixed

Two flaws in the PostgreSQL database system that could be exploited by a remote attacker have been patched. Attackers could login to the database with the privileges of any other user if the proper updates are not applied.

**********

Mandriva patches gnutls

According to a Mandriva advisory, “Evgeny Legerov discovered cases of possible out-of-bounds access in the DER decoding schemes of libtasn1, when provided with invalid input. This library is bundled with gnutls.”

**********

New updates from Debian:

libast, libast1 (buffer overflow)

nfs-user-server (buffer overflow)

gpdf (multiple buffer overflows)

OTRS (multiple vulnerabilities)

pdfkit.framework (multiple buffer overflows)

xpdf (buffer overflow)

kronolith (multiple cross scripting flaws

scponly (malicious code execution)

noweb (poorly secured temp files)

**********

The latest alerts from Gentoo:

Sun JDK/JRE (privilege escalation)

ImageMagick (Format string vulnerability)

KPdf (Heap overflow)

Xpdf, Poppler (Heap overflow)

**********

Latest patches from Ubuntu:

unzip (buffer overflow, regression error)

xpdf, poppler, kdegraphics (Heap overflow)

Linux Kernel (Denial of service)

**********

Today’s roundup of virus alerts:

Love is in the air

Two days ago we got Bagle.FY that arrives in e-mail messages related to the Olympic games in Torino. Yesterday one more variant Bagle.FZ appeared – similar to an older version. Today one more just arrived – one late Bagle for Valentine’s day. F-Secure, 02/15/06.

SymbOS/Commwarrior.B found from Palm Treo 700W phone

A couple days ago we encountered an interesting case involving Commwarrior.B and Palm Treo 700w smartphone. F-Secure, 02/16/06.

Troj/Danmec-G — A Trojan that can be used to route HTTP traffic through the infected host. It’s installed as “checkreg.exe” in the Windows System folder and displays the fake error message “Application can not run because vbrun64.dll not found”. (Sophos)

Troj/Cimuz-U — A password stealing Trojan that installs itself as “msnscps.dll” in the Windows System folder and registers as a Browser Helper Object. (Sophos)

W32/Sality-I — A keylogging Trojan that sends its bounty to a remote site. It places “wmimgr32.dll” in the Windows System folder. (Sophos)

Troj/Teros-A — A downloader Trojan that spreads through a Spam message titled “New act of terrorism in London” and drops “svclocal.exe” and “svclocal2.exe” in the Temp directory. (Sophos)

Troj/Haxdoor-AT — A backdoor Trojan that drops a number of files on the infected host, including “server.exe” in the Windows temporary folder and “kednl6.sys” in the System folder. (Sophos)

W32/Bagle-CM — A new Bagle variant that spreads through e-mail and peer-to-peer networks. The infected messages will be titled “FREE OLYMPIC TICKETS LOTTERY!”, “2006 Winter Games in Torino” or “2006 Torino Winter Games FREE Tickets” and will come with an attachment named “Generated_bill.exe”, “Order_details.exe” or “Service_receipt.exe”. (Sophos)

W32/Bagle-CO — Another Bagle variant that plays off the Valentine’s Day theme. All the infected attachments will have an .exe extension. (Sophos)

Troj/Dloadr-LI — Another downloader Trojan that is designed to grab executables from a remote site and install them on the infected host. This variant drops “lovecalculator1.exe” in the Temp directory and “msx.dll” in the System folder. (Sophos)

W32/Mytob-GW — A new Mytob variant that spreads through e-mail and network shares. It allows backdoor access through IRC after dropping “win32pnp.exe” in the Windows System folder. (Sophos)

Troj/Spammit-A — A Trojan that turns the infected host into a Spam sending engine. It’s installed as a randomly named executable. (Sophos)

Troj/Bancban-OE — This Trojan targets data (username and password most likely) entered into specific banking Web sites. It is installed as “winzip32.exe” in the System and Startup folders. (Sophos)

Troj/BagleDl-BI — This BagleD1 variant allows backdoor access through HTTP communications. It is installed as “wintems.exe” in the Windows System directory. (Sophos)

OSX/Leap-A — An instant messaging worm that targets Mac users. It tries to get the target user to click on a link, which will download “latestpics.tgz”. No word on any permanent damage caused by the worm. (Sophos)

**********

From the interesting reading department:

Network security is the key to keeping VoIP secure

Despite warnings that VoIP is vulnerable to a new breed of attacks, the biggest threat to VoIP remains weaknesses in general network security, according to a vendor presentation at the RSA Security Conference 2006. Network World, 02/15/06.

Gates says security boils down to four focus areas

Bill Gates Tuesday opened the annual RSA Security Conference with an overview on the state of security that was long on vision and broad with its details. Network World, 02/14/06.

RSA: FBI director says cyber threats are ‘fluid and far-reaching’

Hacker hunters need to develop new techniques to take on the latest generation of sophisticated and better-organized cyber criminals. That’s what FBI Director Robert Mueller told attendees of the RSA Conference 2006 in San Jose Wednesday. IDG News Service, 02/15/06.