* Patches from Oracle, HP, Ubuntu, others * Three new Rbots circulate * How one school traps infected PCs in its web
Today’s bug patches and security alerts:
Exploit circulating for newly patched Oracle bug
Database administrators now have a little added incentive to install Oracle’s latest security patches, released last week. Malicious software is now circulating that can crash an unpatched database server, and one security expert predicted that more malware targeting the 89 recently patched vulnerabilities is on the way. IDG News Service, 10/20/05.
http://www.networkworld.com/news/2005/102005-oracle-bug.html
Exploit code:
http://www.networkworld.com/go2/1024bug1a.html
Oracle patches:
http://www.networkworld.com/go2/1024bug1b.html
**********
Debian, HP release Mozilla updates
Several flaws have been patched in Mozilla by Debian and HP. The most serious could be exploited in a denial-of-service attack or to potentially execute malicious code on the affected machine. For more, go to:
Debian:
https://www.debian.org/security/2005/dsa-866
HP:
https://www.securityfocus.com/archive/1/413288/30/90/threaded
**********
HP warns of DoS in HP-UX on Itanium
According to an alert from HP, “A potential security vulnerability has been identified with HP-UX running on Itanium platforms where, under certain conditions, a specific stack size prevents proper operation. This vulnerability could be exploited by a local authorized user to create a Denial of Service (DoS).”
https://www.securityfocus.com/archive/1/413298/30/90/threaded
HP releases Java Runtime Environment update for OpenView
A flaw in the Java Runtime Environment (JRE) for OpenView Operations and OpenView VantagePoint could be exploited by an applet to gain elevated privileges on the affected machine. For more, go to:
https://www.securityfocus.com/archive/1/413945/30/30/threaded
**********
Gentoo patches Runpath issues
A flaw in Runpath, which could allow a user to gain elevated privileges, impacts the Qt-UnixODBC, Perl and CMake packages. A fix is available. For more, go to:
https://security.gentoo.org/glsa/glsa-200510-14.xml
Gentoo issues fix for phpMyAdmin
According to an alert from Gentoo, “phpMyAdmin contains a local file inclusion vulnerability that may lead to the execution of arbitrary code.” For more, go to:
https://security.gentoo.org/glsa/glsa-200510-16.xml
**********
Gentoo, Mandriva, Ubuntu patch Lynx
A buffer overflow in the Lynx news reader could be exploited to redirect users to malicious Web sites. For more, go to:
Gentoo:
https://security.gentoo.org/glsa/glsa-200510-15.xml
Mandriva:
http://www.networkworld.com/go2/1024bug1c.html
Ubuntu:
http://www.networkworld.com/go2/1024bug1d.html
**********
Ubuntu patches SSH server
A flaw in the SSH server’s GSSAPI authentication module could allow users trying to enter using another authentication method to gain access. The default configuration of SSH is not affected. For more, go to:
http://www.networkworld.com/go2/1024bug1e.html
Ubuntu releases fix for PHP
A flaw in PHP’s open_basedir directive handling could allow unauthorized users to gain access to certain system directories. For more, go to:
http://www.networkworld.com/go2/1024bug1f.html
Ubuntu issues patch for graphviz
A flaw in graphviz’s “dotty” tool uses temporary files and could be exploited in a symlink attack to overwrite files on the affected machine. For more, go to:
http://www.networkworld.com/go2/1024bug1g.html
Ubuntu patches netpbm
A buffer overflow in one of netpbm’s conversion tools could be exploited to run malicious code on the affected machine. For more, go to:
http://www.networkworld.com/go2/1024bug1h.html
**********
SuSE patches OpenWBEM
During a SuSE security audit of OpenWBEM a number of integer and buffer-overflow vulnerabilities have been found. An attacker could exploit these flaws to gain root privileges on the affected machine. For more, go to:
http://www.networkworld.com/go2/1024bug1i.html
**********
Debian releases Mozilla Thunderbird update
According to an alert from Debian, “Several security-related problems have been discovered in Mozilla and derived programs. Some of the following problems don’t exactly apply to Mozilla Thunderbird, even though the code is present. In order to keep the codebase in sync with upstream it has been altered nevertheless.” For more, go to:
https://www.debian.org/security/2005/dsa-868
Debian patches module-assistant
Debian’s module-assistant application does not properly create temporary files, which could be exploited in an attack. For more, go to:
https://www.debian.org/security/2005/dsa-867
**********
Today’s roundup of virus alerts:
W32/Rbot-ANK — A Rbot worm variant that spreads through network shares by exploited weak passwords and known Windows flaws. It allows backdoor access via IRC and installs “mswinsck.exe” in the Windows System folder. (Sophos)
W32/Rbot-ASS — Another Rbot backdoor worm. This variant drops “psecure.exe” in the Windows System directory. (Sophos)
W32/Rbot-AST — Our third Rbot variant of the day spreads in a similar fashion as the previous two. This one installs itself as “wininit32.exe” in the Windows System folder. (Sophos)
Troj/Mitglie-CE — A backdoor worm that communicates with remote sites via HTTP. It drops “winudll.exe” in the Windows System folder. (Sophos)
Troj/Paymite-B — A virus that tries to change the Internet Explorer start page. It installs “paytime.exe” in the Windows System directory. (Sophos)
**********
From the interesting reading department:
School traps infected PCs in its web
A team of IT staffers at the University of Indianapolis last week showed off a bundle of open-source tools and scripts it uses to trap and isolate PCs infected by viruses or spyware. NetworkWorld.com, 10/20/05.
http://www.networkworld.com/news/2005/102005-shelob-security.html
Microsoft patch problems continue
Windows users are continuing to experience problems with Microsoft ‘s latest round of security patches. This time a problem with a critical patch relating to Microsoft’s DirectShow streaming media software is leaving some Windows 2000 users unprotected, even after they’ve installed a patch. IDG News Service, 10/21/05.
http://www.networkworld.com/news/2005/102105-microsoft-patch.html




