New Firefox update fixes flaws

Opinion
Sep 22, 20055 mins

* Patches from Sun, Fedora, Mandriva, others * Beware new Bagle variants

Today’s bug patches and security alerts:

New Firefox 1.0.7 release fixes critical security bugs

The Mozilla Foundation has released a new version of its Firefox browser that contains fixes for two critical security bugs in the software that were reported over the past week. The most widely reported flaw concerns the IDN (International Domain Name) feature that Mozilla products use to process Web pages that do not use the Latin alphabet. IDG News Service, 09/21/05.

http://www.networkworld.com/news/2005/092105-firefox-fix.html

Download 1.0.7 here:

https://www.mozilla.org/products/firefox/

**********

Sun releases fix for Xsun and Xorg servers

An integer overflow in XPM image format routine for the Sun Xsun and Xorg servers could be exploited by a local user to run arbitrary commands on the affected machine. For more, go to:

http://www.networkworld.com/go2/0919bug2a.html

**********

Fedora, Mandriva, Ubuntu patch cups

A flaw in the CUPS “Location directive” could be exploited by an attacker to bypass access control lists and gain access to an affected system. For more, go to:

Fedora:

http://www.networkworld.com/go2/0919bug2b.html

Mandriva:

https://www.mandriva.com/security/advisories?name=MDKSA-2005:165

Ubuntu:

http://www.networkworld.com/go2/0919bug2c.html

**********

Trustix patches multiple flaws

A new “multi” update from Trustix fixes flaws in its kernel, util-linux and xorg-x11. The most serious of the flaws could be exploited to run malicious code with elevated privileges. For more, go to:

https://www.trustix.org/errata/2005/0049/

**********

SCO releases LibTIFF fix for UnixWare

A buffer overflow error in LibTIFF could be exploited to run malicious code on the affected machine. A patch is available. For more, go to:

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34

**********

SuSE releases Squid update

Two denial-of-service vulnerabilities have been found in the Squid open source proxy server. SuSE has released an update for its implementation:

http://www.networkworld.com/go2/0919bug2d.html

SuSE patches evolution

A number of format string vulnerabilities, which can be exploited to run malicious code, have been found in SuSE’s implementation of evolution. For more, go to:

http://www.networkworld.com/go2/0919bug2e.html

**********

Gentoo, Mandriva update ClamAV

A buffer overflow has been found in the process that scans UPX-packed executables. There’s also a denial-of-service flaw in the way FSG-packed executables are processed. For more, go to:

Gentoo:

https://security.gentoo.org/glsa/glsa-200509-13.xml

Mandriva:

https://www.mandriva.com/security/advisories?name=MDKSA-2005:166

**********

Gentoo, Mandriva patch util-linux

Util-linux, a suite of tools for managing Linux, is vulnerable to a command validation error that could be exploited to gain elevated privileges on the affected machine. For more, go to:

Gentoo:

https://security.gentoo.org/glsa/glsa-200509-15.xml

Mandriva:

https://www.mandriva.com/security/advisories?name=MDKSA-2005:167

**********

Today’s roundup of virus alerts:

New Bagle variants dominate the week

F-Secure is reporting 10 new Bagle variants battling for attention this week. Looks like most of them spread through an e-mail message with an executable attachment. As an F-Secure statement put it: “Bottom line: if your organization is still, in year 2005, accepting incoming executable attachments in email, now might be a good time to rethink your strategy. Because it looks like these guys won’t be stopping any time soon.”

Troj/Nshadow-B — A backdoor Trojan that installs itself as “winlog.exe” in the Windows system folder and can be used to log keystrokes. (Sophos)

Troj/Haxdoor-AJ — Another backdoor Trojan that can be used to download additional malicious code and run commands on the affected machine. It spreads via network shares, installing “msrdr2.sys” and “rdrVR2.dll” in the Windows System directory. (Sophos)

W32/Bobax-S — Bobax spreads through e-mail with an attachment that exploits the Windows PnP vulnerability. The infected attachment will have a pif, exe, scr and zip. (Sophos)

Troj/Lmir-AKV — A Trojan that tries to change certain Windows settings on the infected machine. It drops a number of files on the host including “iexplore.pif” in the  Common Files folder. (Sophos)

Troj/LegMir-JB  — A password stealing Trojan that installs “fsdll.dll” in the Windows System directory. It also disables certain security applications that may be running on the infected host. (Sophos)

W32/Rbot-AOD — A new Rbot variant that exploits a number of known Windows vulnerabilities as it spreads through network shares, dropping “jview.exe” in the Windows System folder. It can be used to log keystrokes, launch DoS attacks and terminate security related applications. (Sophos)

W32/Rbot-ANP — Another similar Rbot variant. This one installs itself as “sdktemp.exe” in the Windows System directory. (Sophos)

W32/Rbot-AOH — A third new Rbot variant acts in a similar manner, exploiting Windows flaws to spread through a network share. It drops “updates.pif” in the Windows System folder. (Sophos)

Troj/Bancban-FD — This Trojan targets information entered into Internet banking sites. It drops “AntiVirus.exe” in the Windows System folder. (Sophos)

Troj/Bancban-FG — A second Internet banking Trojan. This one drops “csrss.exe” in the Windows System folder. (Sophos)