Patch Tuesday cancelled

Opinion
Sep 12, 20054 mins

* Patches from Gentoo, HP, 3Com, others * Beware Tilebot that spreads through network shares by exploiting the Windows LSASS vulnerability

Today’s bug patches and security alerts:

Microsoft scraps September security update

Microsoft has decided not to go ahead with its monthly security update after encountering an unspecified quality issue with the software patch it had planned to release next Tuesday. This Thursday, Microsoft said it would be offering a patch to a critical flaw in its Windows operating system next week. The next day, however, company representatives said that the company had changed its mind and would not be releasing any security patches this month after all. IDG News Service, 09/09/05.

http://www.networkworld.com/go2/0912bug1e.html

**********

Firefox flaw found: Remote exploit possible

Computers running the Firefox browser could be open to remote attack as a result of a buffer overflow vulnerability reported Friday by security researcher Tom Ferris. Vulnerable versions of Firefox include all those up to 1.06, and even Version 1.5 Beta 1 (Deer Park Alpha 2), released on Thursday, he wrote in a posting to his Web site, Security Protocols, and to the Full Disclosure security mailing list just after 6 a.m. GMT Friday. IDG News Service, 09/09/05.

http://www.networkworld.com/news/2005/090905-firefox-flaw.html?nl

Note: No patch has been provided as noon today.

**********

DoS flaw found in Squid

A denial-of-service vulnerability has been found in the open source Squid proxy server. Specifically, the flaw is in the “store.c” code library. A fix is available:

http://www.networkworld.com/go2/0912bug1d.html

Related Gentoo patch:

https://security.gentoo.org/glsa/glsa-200509-06.xml

**********

HP patches ProLiant DL585 access flaw

A flaw in the HP ProLiant DL585 server could be exploited to take control of the system, but only when it is being powered down. For more, go to:

https://www.securityfocus.com/archive/1/409673/30/90/threaded

**********

3Com patches Network Supervisor

3Com has released an update for its Network Supervisor monitoring product after iDefense reported a directory traversal flaw in the application. An attacker could exploit this to view nearly any file on the affected machine. For more, go to:

http://www.networkworld.com/go2/0912bug1c.html

**********

Flaw in Novell’s NetMail IMAP daemon

According to an alert from security researchers at iDefense, “Remote exploitation of a heap overflow vulnerability in Novell’s NetMail IMAP daemon allows unauthenticated attackers to execute arbitrary code with the privileges of the underlying user.” For more, go to:

http://www.networkworld.com/go2/0912bug1b.html

iDefense advisory:

http://www.networkworld.com/go2/0912bug1a.html

**********

Debian patches polygen

A flaw in the way the polygen application creates certain files could be exploited by an attacker to fill the entire filesystem. For more, go to:

https://www.debian.org/security/2005/dsa-794

Debian issues fix for webcalendar

According to a Debian advisory, “A trivially-exploitable bug was discovered in webcalendar that allows an attacker to execute arbitrary code with the privileges of the HTTP daemon on a system running a vulnerable version.” For more, go to:

https://www.debian.org/security/2005/dsa-799

**********

Today’s roundup of virus alerts:

W32/Tilebot-P — Tilebot spreads through network shares by exploiting the Windows LSASS vulnerability. It drops “msconfig32.exe” in the root directory and can be used to download code from a remote site via HTTP. (Sophos)

Troj/Zapchas-T — Another Trojan that tries to communicate with remote servers via HTTP. This one drops “svchost.exe” in the Windows System fodler and can allow backdoor access via IRC. (Sophos)

Troj/Iyus-N — A downloader Trojan that pulls code from a remote server and executes it on the infected machine. It drops “install.exe” in the Windows System directory and disables security related applications. (Sophos)

W32/Forbot-FO — A new Forbot variant that spreads via an e-mail attachment, exploiting the Windows LSASS and ASN.1 vulnerabilities. The infected message looks like an account warning and has a ZIP attachment. It drops “svchosts.exe” in the Windows system folder. (Sophos)

Troj/Dloader-TW — A Trojan horse application that can download malicious code via HTTP (meaning it’s firewall friendly) from a remote site. (Sophos)

W32/Bobax-S — An e-mail worm that attempts to exploit the Windows PnP vulnerability. It spreads through a message titled “Cool” and injects its payload into the Windows Explorer process to evade detection. (Sophos)

W32/Bobax-R — A similar Bobax variant with the added ability to modify the Windows HOSTS file to prevent access to security related Web sites. (Sophos)

Troj/Domwis-O — A Trojan that allows backdoor access to the infected machine via an unspecified means. It installs itself as “syscfg16.exe” in the Windows folder. (Sophos)

W32/Zotob-D — A new variant of the Zotob worm, which exploits the Windows PnP vulnerability has it spreads through network shares. It can be used to allow backdoor access to the infected machine and modify the Windows HOSTS file to limit access to security related Web sites. (Sophos)