* Patches from Apple, FreeBSD, others * Beware next e-mail greeting card you get * Microsoft to acquire FrontBridge for e-mail security
Today’s bug patches and security alerts:
Security firm details unpatched Oracle flaws
A German security firm has published details of six security vulnerabilities in Oracle ‘s software, three of them high-risk, that it says were not fixed in an Oracle security update earlier this month. The decision to publish the vulnerabilities, which affect Oracle Reports, Oracle Forms, and indirectly some other Oracle products, raises again the issue of whether security experts should disclose holes in products before vendors have patched them. IDG News Service, 07/20/05.
http://www.networkworld.com/news/2005/072005-oracle-flaws.html?nl
Oracle alerts from Red Database Security:
http://www.networkworld.com/go2/0718bug2b.html
**********
Microsoft warns of remote access protocol flaw
A flaw in the software used to remotely access computers running Microsoft’s Windows operating system could leave users vulnerable to a denial-of-service attack, the company said in a security advisory issued Friday. IDG News Service, 07/18/05.
http://www.networkworld.com/news/2005/071805-remote-flaw.html?nl
Related Secunia advisory:
https://secunia.com/advisories/16071/
**********
Apple patches AirPort 4.2
According to an alert from Apple, “When not connected to a known or trusted network, the AirPort card “parks” on a randomly generated network with a default WEP key. This can allow parked AirPort cards to automatically connect to malicious networks without warning.” For more, go to:
https://docs.info.apple.com/article.html?artnum=301988
**********
Buffer overflow in WinAmp
Security researchers have found a buffer overflow in the MP3 meta data information is handled by WinAmp, a popular media player. An attacker may be able to exploit this to run malicious code on the affected machine. For more, go to:
https://www.securiteam.com/windowsntfocus/5KP0H2AGAQ.html
**********
FreeBSD patches devfs
According to a FreeBSD advisory, “Due to insufficient parameter checking of the node type during device creation, any user can expose hidden device nodes on devfs mounted file systems within their jail. Device nodes will be created in the jail with their normal default access permissions.” For more, go to:
http://www.networkworld.com/go2/0718bug2a.html
**********
Today’s roundup of virus alerts:
Zombie makers turning to fake greeting cards
The next e-mail greeting card you get may come with a nasty surprise. According to Internet security vendor SurfControl, attackers are increasingly using fake e-mail greeting cards as a way of getting malicious software installed on computers. IDG News Service, 07/19/05.
http://www.networkworld.com/news/2005/071905-zombie-cards.html?nl
W32/Mytob-DS — A new Mytob e-mail variant that allows backdoor access via IRC. It spreads through a message that starts with “Here are your banks documents.” and drops “taskgmr.exe” on the infected machine. It prevents access to security related Web sites by modifying the Windows HOSTS file. (Sophos)
W32/Sdbot-ZO — This worm spreads through network shares, dropping “burndl32.exe” on the infected machine and allowing backdoor access via IRC. (Sophos)
W32/Sdbot-AAZ — Another Sdbot IRC backdoor. This one installs itself as “xmconfig.exe” in the Windows System folder. (Sophos)
Troj/Torpig-A — A keystroke logging Trojan that creates a “services” directory in the Windows System folder that contains three files, including “explorer.exe”. The keystroke data is sent by HTTP to a remote site. The virus also has download/install capabilities. (Sophos)
Troj/BesTof-C — Interesting, its a Trojan with an uninstall feature that can be found in the Control Panel Add/Remove Programs option. It installs itself as “Best Search Engine!!!” It initially spreads through e-mail with a random message set. (Sophos)
Troj/Prorat-O — A Trojan that attempts to download and run additional malicious code from remote sites. When this virus first executes it displays a picture called “lncom_.jpg”, which is a close-up of someone’s teeth. (Sophos)
Troj/Bancos-DH — A Trojan that displays fake banking Web sites as a means of gathering username and password data. It drops “comdlg32.ocx” in the Windows System directory. (Sophos)
**********
From the interesting reading department:
Microsoft to acquire FrontBridge for e-mail security
Microsoft Wednesday announced its intent to acquire FrontBridge Technologies, a provider of online service for securing and archiving e-mail. NetworkWorld.com, 07/20/05.
http://www.networkworld.com/news/2005/072005-frontbridge.html?nl




