• United States

NGSSoftware warns of flaws L-Soft’s ListServ

Mar 06, 20062 mins

* Patches from Mandriva, Debian, Gentoo, others * Beware latest Bagle variants * Colorado college warns 93,000 after laptop theft, and other interesting reading

Today’s bug patches and security alerts:

NGSSoftware warns of flaws L-Soft’s ListServ

NGSSoftware is warning of multiple flaws in the popular L-Soft LISTSERV list management system. The most serious of the flaws could be exploited to run malicious code on the affected machine. To fix the problems, users should download Version 14.5.


Mandriva releases update Mozilla Thunderbird package

According to an alert from Mandriva, “The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier allows user-complicit attackers to bypass JavaScript security settings and obtain sensitive information or cause a crash via an e-mail containing a JavaScript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.”


New updates from Debian:

xpdf (multiple flaws)

bmv (code execution)

tutos (multiple flaws)



Today’s roundup of virus alerts:

RedBrowser.A — A cell phone virus that “pretends to access WAP pages via free SMSs. But instead, it sends SMSs to a premium rate number, implying economic losses for the user,” according to Panda Software.

W32/Bagle-DS — A new Bagle variant that spreads through e-mail and peer-to-peer networks. Infected e-mail messages usually have a .exe attachment. The virus installs “vcremoval.dll” in the Windows System folder and allows backdoor access via IRC. (Sophos)

W32/Bagle-DO — Another similar Bagle variant that uses peer-to-peer networks and e-mail to spread. This variant drops “win32lib.exe” in the Windows System folder. (Sophos)

Troj/SysBDr-G — A Windows Trojan that can be used to download more malware to the infected host. The virus is installed as “ysbus32.sys” in the Windows System folder. (Sophos)


From the interesting reading department:

Colorado college warns 93,000 after laptop theft

A state college in Denver believes it may have lost sensitive information on more than 93,000 students after one of the school’s laptop computers was stolen from an employee’s home late last month. IDG News Service, 03/03/06.

F-Secure World Virus Map

Anti-virus vendor F-Secure now has a world map feature that allows users to see where viruses are hitting as well as historical data on infections.

Note, Trend Micro offers a similar service.