Patch Tuesday coming

Opinion
Aug 8, 20056 mins

* Patches from Microsoft, Mandriva, Gentoo, others * Beware new Bagle variant that spreads through e-mail and peer-to-peer file sharing networks * Google now a hacker's tool, and other interesting reading

Get ready for Patch Tuesday:

Microsoft to release ‘critical’ patches [this] week

Microsoft  will release six software patches [this] Tuesday covering flaws in its Windows operating system. The company also is planning to release an updated version of its Microsoft Windows Malicious Software Removal Tool, and a nonsecurity update for Windows, Microsoft said in a statement posted to its Web site Thursday. IDG News Service, 08/04/05.

http://www.networkworld.com/news/2005/080405-microsoft-patch.html

And if the monthly Microsoft patch cycle was not enough, the Cisco IOS story keeps getting better:

Questions dog Cisco routers

Heavy fallout continues on several fronts from a security researcher’s recent disclosure that unpatched Cisco routers can be subverted by buffer-overflow attacks and shell-code exploits. Network World, 08/08/05.

http://www.networkworld.com/news/2005/080805-cisco-routers.html

Today’s bug patches and security alerts:

Mandriva, Ubuntu releases fixes for Apache, Apache 2

A couple of flaws have been found in the popular Apache Web server software for Unix/Linux. The most serious of the vulnerabilities could be exploited to bypass firewall protection or used in cross-scripting attacks. For more, go to:

Mandriva (Apache):

https://www.mandriva.com/security/advisories?name=MDKSA-2005:130

Mandriva (Apache 2):

https://www.mandriva.com/security/advisories?name=MDKSA-2005:129

Ubuntu (Apache 2):

https://www.ubuntulinux.org/support/documentation/usn/usn-160-1

**********

Ubuntu patches bzip2

A flaw in the way bzip2 handles meta characters such as “|” and “&” could be exploited to run malicious code on the affected machine. For more, go to:

https://www.ubuntulinux.org/support/documentation/usn/usn-161-1

**********

Mandriva releases Ethereal fix

A number of buffer overflow and other vulnerabilities have been found in Ethereal, the popular network-monitoring tool. For more, go to:

https://www.mandriva.com/security/advisories?name=MDKSA-2005:131

**********

Trustix issues “multi”

The latest operating system update from Trustix patches flaws in bzip2, perl-compress-zlib, and proftp. The most serious of the vulnerabilities could be exploited to compromise the affected machine. For more, go to:

https://www.trustix.org/errata/2005/0040/

**********

SuSE releases kernel update

A new kernel update fixes a variety of security (and non-security) issues found in previous releases. For more, go to:

http://www.networkworld.com/go2/0808bug1a.html

**********

Gentoo patches AMD64 x86 emulation base libraries

A buffer overflow in the AMD64 x86 emulation base libraries for Gentoo could be exploited to run arbitrary code on the affected machine. For more, go to:

https://security.gentoo.org/glsa/glsa-200507-28.xml

Gentoo releases fix for ProFTPD

A buffer overflow in the ProFTPD FTP server could be exploited to run malicious code on the affected machine. For more, go to:

https://security.gentoo.org/glsa/glsa-200508-02.xml

Gentoo releases update for nbSMTP

A format string vulnerability in nbSMTP, an SMTP client, could be exploited by an attacker to run malicious applications on the affected server. For more, go to:

https://security.gentoo.org/glsa/glsa-200508-03.xml

Gentoo patches pstotext

Pstotext, a tool for extracting text from PostScript and PDA files, contains a vulnerability that is remotely exploitable. An attacker could use this to run arbitrary commands on the affected system. For more, go to:

https://security.gentoo.org/glsa/glsa-200507-29.xml

Gentoo issues patch for Netpbm

According to a Gentoo advisory, “The pstopnm utility, part of the Netpbm tools, contains a vulnerability which can potentially result in the execution of arbitrary code.” For more, go to:

https://security.gentoo.org/glsa/glsa-200508-04.xml

**********

Today’s roundup of virus alerts:

First family of Windows Vista viruses unleashed

An Austrian hacker earned the dubious distinction of writing what are thought to be the first known viruses for Microsoft’s Windows Vista operating system. Written in July, the viruses take advantage of a new command shell, codenamed Monad, that is expected to be included in future versions of the Windows operating system. IDG News Service, 08/04/05.

http://www.networkworld.com/news/2005/080405-vista-virus.html

Related:

No Monad scripting in first Windows Vista, 08/05/05.

http://www.networkworld.com/news/2005/080505-vista-monad.html

W32/Mytob-DZ — This latest Mytob e-mail worm provides backdoor access to the infected machine via IRC. It spreads through a message that looks like an account termination notice. The infected attachment will most likely have a double extension. (Sophos)

W32/Bagle-BW — A new Bagle variant that spreads through e-mail and peer-to-peer file sharing networks. The virus uses a variety of message characteristics in its attempt to infect through the mail. In either case, it will drop “winhost.exe” in the Windows System directory. In addition to providing backdoor access to the infected host, the virus will also terminate certain anti-virus and security-related applications. (Sophos)

W32/Sdbot-ABS — This Sdbot variant spreads through network shares and allows unauthorized access via IRC. It drops “windir32.exe” in the Windows System directory and can be used for a number of malicious applications. (Sophos)

W32/Sdbot-ABR — Another Sdbot backdoor worm. This strain drops “exbce.exe” in the Windows System directory. (Sophos)

W32/Rbot-AKA — A new Rbot variant that drops “tskmgr.exe” on the infected machine after spreading through a poorly protected network share connection. Rbot-AKA will provide backdoor access to intruders via IRC. (Sophos)

Troj/Nailpol-A — A virus that drops a randomly named file on the infected host. It can be used to download and execute additional code. (Sophos)

**********

From the interesting reading department:

Google now a hacker’s tool

Somewhere out on the Internet, an Electric Bong may be in danger. The threat: a well-crafted Google query that could allow a hacker to use Google’s massive database as a resource for intrusion. IDG News Service, 08/02/05.

http://www.networkworld.com/news/2005/080205-black-hat-google.html

Technology Update: DKIM fights phishing and e-mail forgery

DomainKeys Identified Mail is an e-mail authentication proposal that strengthens user protection from e-mail forgery, and increases accountability for spam and phishing scams. Network World, 08/08/05.

http://www.networkworld.com/news/tech/2005/080805techupdate.html

Anti-spyware firm warns of massive ID theft ring

Officials at Sunbelt Software, a Clearwater, Fla.-based vendor of anti-spyware tools, said the company stumbled upon a massive ID theft ring that is using a well-known spyware program to break into and systematically steal confidential information from an unknown number of computers worldwide. Computerworld, 08/05/05.

http://www.networkworld.com/news/2005/080505-id-theft.html

EMC stresses end-to-end security

EMC is looking to focus on providing end-to-end security for its customers and deliver more management capabilities in its software offerings, according to executives speaking at the company’s analyst day in New York on Thursday. IDG News Service, 08/04/05.

http://www.networkworld.com/news/2005/080405-emc-security.html

HP ports Virus Throttler to Linux

HP  next week plans to release Linux versions of its Virus Throttler security technology and ProLiant Essentials Intelligent Networking Pack, the company confirmed Friday. IDG News Service, 08/05/05.

http://www.networkworld.com/news/2005/080505-hp-linuxworld.html