* Patches from Red Hat, Mandriva, SuSE, others * Beware network worm that tries to exploit a number of known Windows vulnerabilities * Patching day still a work in progress, and other interesting reading
Today’s bug patches and security alerts:
Attacks reported for critical Veritas Backup Exec flaw
Attackers are reported to be exploiting an unpatched vulnerability in Symantec’s Veritas Backup Exec Agent for Windows software, according to an alert published Friday by Symantec. IDG News Service, 08/15/05.
http://www.networkworld.com/news/2005/081305-vertitas-flaw.html
CERT advisory:
https://www.us-cert.gov/cas/techalerts/TA05-224A.html
ISS alert:
https://xforce.iss.net/xforce/alerts/id/204
**********
Exploits on the loose for latest Microsoft bugs
Just days after the release of Microsoft’s latest security patches, security researchers have begun publishing software that could be used to seize control of unpatched Windows computers. IDG News Service, 08/12/05.
http://www.networkworld.com/news/2005/081205-microsoft-bugs.html
**********
Red Hat, Ubuntu patch gaim
A new update for Gaim, an open source instant messaging client, fixes a potential denial-of-service vulnerability. For more, go to:
Red Hat:
https://rhn.redhat.com/errata/RHSA-2005-627.html
Ubuntu:
https://www.ubuntulinux.org/support/documentation/usn/usn-168-1
**********
Mandriva, Ubuntu patch heartbeat
Heartbeat, a sub-system for High-Availability Linux, does not create temporary files in a secure fashion. An attacker could exploit this using a symlink attack. For more, go to:
Mandriva:
https://www.mandriva.com/security/advisories?name=MDKSA-2005:132
Ubuntu:
https://www.ubuntulinux.org/support/documentation/usn/usn-165-1
**********
Ubuntu releases patch for Evolution
Flaws in the Evolution e-mail client could be exploited in a denial-of-service attack or to potentially run malicious code on the affected system. For more, go to:
https://www.ubuntulinux.org/support/documentation/usn/usn-166-1
Ubuntu fixes netpbm
A flaw in one of the conversion tool attributes could be exploited by an attacker to run malicious commands on the affected system. For more, go to:
https://www.ubuntulinux.org/support/documentation/usn/usn-164-1
**********
SuSE patches multiple flaws
A new update from SuSE fixes flaws in mozilla, Mozilla Firefox, epiphany and galeon. Most of the vulnerabilities could leak sensitive system information. For more, go to:
http://www.networkworld.com/go2/0815bug1a.html
**********
Debian releases new AMD64 packages
A new update to Debian Linux implementation for the AMD64 platform fixes several flaws found in previous releases. For more, go to:
https://www.debian.org/security/2005/dsa-773
Debian patches fetchmail
According to an alert from Debian, “Edward Shornock discovered a bug in the UIDL handling code of fetchmail, a common POP3, APOP and IMAP mail fetching utility. A malicious POP3 server could exploit this problem and inject arbitrary code that will be executed on the victim host. If fetchmail is running as root, this becomes a root exploit.” For more, go to:
https://www.debian.org/security/2005/dsa-774
**********
Mandriva patches xpdf, gpdf
A bug in the xpdf and gpdf PDF document view applications could cause all system resources to be consumed, resulting in a denial of service. For more, go to:
xpdf:
https://www.mandriva.com/security/advisories?name=MDKSA-2005:134
gpdf:
https://www.mandriva.com/security/advisories?name=MDKSA-2005:136
**********
Today’s round up of virus alerts:
W32/Zotob-A — A new worm that seems to be spreading more quickly than most others. It’s a backdoor Trojan that allows access via IRC and modifies to the Windows HOSTS file to limit access to security related Web sites. It drops “botzor.exe” on the infected host after exploiting one of a number of known Windows flaws. (Sophos)
W32/Zotob-B — Another Zotob variant with a minor change: It uses “csm.exe” as its infection point. (Sophos)
W32/Mytob-JM — This latest Mytob variant spreads through e-mail messages that look like account security warnings. The message prompts users to open the attached file, which usually has a double extension. The virus installs itself as “Lien Van de Kelder.exe” and disables access to security related Web sites by modifying the Windows HOSTS file. (Sophos)
W32/Mytob-HM — Another new Mytob variant uses messages that look like a bounced e-mail. Mytob-HM has similar functionality as Mytob-JM above, except it uses the file “yahooicons.exe” as its infection point. (Sophos)
Troj/Weasyw-B — This virus can be used to download additional code from a remote Web site. It uses a randomly named file to infect a machine. (Sophos)
W32/Tilebot-E — A network worm that tries to exploit a number of known Windows vulnerabilities. It drops “vsmom.exe” and “msvnc.sys” on the infected machine and call allow backdoor access via IRC. (Sophos)
Troj/Bancban-EG — This Trojan steals username and password information for Brazilian banking sites. It installs “cssrs.exe” in the Windows System folder. (Sophos)
Troj/Litebot-B — A Trojan horse that provides backdoor access via IRC. It drops “uninst.bat” on the infected machine. (Sophos)
Troj/Nailpol-A — A virus that injects its code into other applications to remain active. It can also change file names in order to avoid detection. (Sophos)
Troj/ServU-BC — A modified FTR server that runs continuously on port 43958. It also reads from the file “chkdrv.vxd”. (Sophos)
**********
From the interesting reading department:
Patching day still a work in progress
In what has become the technology equivalent of a monthly tetanus shot, IT administrators wait for the second Tuesday of the month knowing that what doesn’t kill them will make their networks stronger. Network World, 08/15/05.
http://www.networkworld.com/news/2005/081505-patch.html
Technology Insider: E-mail encryption
Encryption won’t solve all your security problems, but these days there’s no excuse for not protecting sensitive data whether it’s in e-mail, sitting in a database or on a backup tape on the way to your offsite storage facility. Network World, 08/15/05.
http://www.networkworld.com/techinsider/2005/081505techinsider.html
Mobile viruses could score big at soccer World Cup
Next year’s FIFA World Cup soccer tournament in Germany could be fertile ground for mobile phone viruses if the World Athletics Championships in Finland, which ended Sunday, are any indication, security experts warn. IDG News Service, 08/15/05.
http://www.networkworld.com/news/2005/081505-mobile-viruses.html




