Cisco warns of flaw in Unity Express

Today’s bug patches and security alerts:

Cisco warns of flaw in Unity Express

According to an advisory from Cisco, “Cisco Unity Express (CUE) contains a vulnerability that might allow an authenticated user to change the password for another user by using the HTTP management interface, if the password for the user being modified is marked as expired. This can result in a privilege escalation attack and complete administrative control of a CUE module, if the password being changed belongs to an administrator.” A free update is available.

**********

Mozilla patches Firefox security bug

Mozilla has released an update to its Firefox browser, fixing a known security flaw in the open-source software. IDG News Service, 05/02/06.

Mozilla advisory

**********

Recent updates from Gentoo:

MPlayer (heap overflow)

X.Org (buffer overflow, code execution)

ClamAV (buffer overflow, code execution)

phpWebSite (code execution)

**********

New updates from Mandriva:

ClamAV (buffer overflow, code execution)

xorg-x11 (buffer overflow)

libtiff (denial of service)

**********

New patches from Debian:

resmgr (bypass access controls)

asterisk (multiple flaws)

ethereal (multiple flaws)

ClamAV (buffer overflow, code execution)

Mozilla Thunderbird (multiple flaws)

**********

New fixes from Ubuntu:

Mozilla Thunderbird (multiple flaws)

tiff (denial of service)

gdm (race condition, code execution)

libnasl/nessus (multiple flaws)

**********

Today’s roundup of virus alerts:

Trojan horse lurks in World Cup tournament e-mail

German fans have been complaining for sometime about a bug in their under performing national soccer team ahead of the World Cup soccer tournament, which begins next month in the country. Now they’re having to worry about a bug of a different kind, a Trojan horse, which is masquerading in a downloadable tournament game plan. IDG News Service, 05/04/06.

W32/Rbot-DDJ — This Rbot variant spreads through network shares and installs “runjava.exe” in the Windows System directory. It allows backdoor access through IRC. (Sophos)

Troj/Zapchas-BF — A backdoor Trojan that allows access to the infected host through IRC. It also has the ability to communicate with remote sites via HTTP. It drops a umber of files in the Windows System folder, including “svchost.exe”. (Sophos)

Troj/Dloadr-UP — A downloader Trojan that tries to install additional malicious code on the affected machine via HTTP. It drops “LoadService.exe” in the Windows System folder. (Sophos)

Troj/Bckdr-HPP — A backdoor Trojan that also opens the CD door and sends infected messages through AOL Instant Messenger. (Sophos)

W32/Mytob-HS — This Mytob variant spreads through e-mail, harvesting target addresses from infected hosts. The message will be from “Abuse@” and have a title similar to “Account Alert”. It drops “rundll.exe” in the Windows folder. (Sophos)

W32/Feebs-AA — An e-mail worm that arrives in a message titled “Protected Mail from user.” and with a ZIP attachment. No word on what kind of damage it may cause. (Sophos)

W32/Feebs-AB — This Feebs variant also spreads through e-mail, dropping “userinit.exe” in the Recycled folder. (Sophos)

W32/Bobax-BV — A worm that spreads through network shares by exploiting known Windows vulnerabilities. It can communicate with remote sites via HTTP and modifies the HOSTS file to block access to certain Web sites. (Sophos)

Troj/Zlob-IO — A downloader Trojan that grabs files from remote sites via HTTP. It’s initially installed as “regpref.exe” in the Windows System folder. (Sophos)

Troj/Banloa-CCC — A Trojan that downloads additional malicious code from remote sites via HTTP. No other details are given. (Sophos)

Troj/Harnig-S — This Trojan can be used to download additional code from remote sites over HTTP. It drops a number of files on the infected host, including “paytime.exe” in the Program Files directory. It can also disable the Windows Firewall. (Sophos)

W32/Bagle-IV — This mass-mailing worm installs itself as “csrss.exe” in the Windows folder. It harvests e-mail addresses from the infected host. (Sophos)

W32/Bagle-IW — A second new Bagle variant that drops “csrss.exe” in the Windows folder. It spreads through a message asking the recipient to check out the attachment. (Sophos)

W32/Tumbi-B — A network worm that spreads by exploiting known Windows flaws. It drops a randomly named executable in the Windows System folder. (Sophos)

W32/Sdbot-BMG — A new Sdbot variant that spreads through network shares by exploiting known Windows flaws. It drops “svchost.exe” in the Windows folder and allows backdoor access through IRC. It also communicates with remote sites via HTTP. (Sophos)

**********

From the interesting reading department:

Many Oracle users still waiting for April patches

Testing problems are forcing some Oracle users to wait a little longer than usual for the company’s latest round of security patches, the first of which were released last month. Though Oracle offered patches for a number of its most popular products as part of its April 18 Critical Patch Update, it had said that updates for many other versions of the products would not become available until May 1. Now the database vendor is saying that many of those critical updates may not be available until as late as May 15. IDG News Service, 05/02/06