iDefense warns of multiple xpdf flaws

Today’s bug patches and security alerts:

iDefense warns of multiple xpdf flaws

A number of heap overflow vulnerabilities have been found in the open source PDF viewer application xpdf, according to advisories from iDefense. The flaws could be exploited to run arbitrary code on an affected system. For more, go to:

xpdf StreamPredictor Heap Overflow Vulnerability:

http://www.networkworld.com/go2/1205bug2a.html

xpdf JPX Stream Reader Heap Overflow Vulnerability:

http://www.networkworld.com/go2/1205bug2b.html

xpdf DCTStream Progressive Heap Overflow:

http://www.networkworld.com/go2/1205bug2c.html

xpdf DCTStream Baseline Heap Overflow Vulnerability:

http://www.networkworld.com/go2/1205bug2d.html

Related advisory from KDE:

https://www.kde.org/info/security/advisory-20051207-1.txt

**********

SuSE releases kernel update

Various flaws and bugs have been fixed in a new kernel update from SuSE. Most of the flaws could be exploited to crash an affected machine. For more, go to:

http://www.networkworld.com/go2/1205bug2e.html

**********

Debian, Ubuntu release new Inkscape updates

Two vulnerabilities have been found in Inkscape, a vector-based drawing program. The most serious of the flaws could be exploited to run malicious code on the affected system. For more, go to:

Debian:

https://www.debian.org/security/2005/dsa-916

Ubuntu:

http://www.networkworld.com/go2/1205bug2f.html

**********

Ubuntu patches Kerberos4, Kerberos5 flaws

A couple of issues have been found in the Ubuntu implementations of Kerberos4 and 5. New updates are available:

http://www.networkworld.com/go2/1205bug2g.html

Ubuntu releases fix for Apache 2

A memory leak found in an Apache 2 module could be exploited in a denial-of-service attack against the Web server. For more, go to:

http://www.networkworld.com/go2/1205bug2h.html

**********

Gentoo patches Webmin, Usermin

Both Webmin and Usermin are vulnerable to a format string vulnerability that could be used by an attacker to install and run malicious code on the affected machine. For more, go to:

https://security.gentoo.org/glsa/glsa-200512-02.xml

Gentoo issues Perl update

A format string flaw in the Perl printf function could be exploited to run malicious code on an affected machine. For more, go to:

https://security.gentoo.org/glsa/glsa-200512-01.xml

**********

Fedora releases PHP update

A number of vulnerabilities have been found in Fedora’s implementation of the popular PHP scripting language. The most serious of the vulnerabilities could be exploited to run malicious code on the affected machine. For more, go to:

http://www.networkworld.com/go2/1205bug2i.html

**********

HP patches IPSec, TCP/IP for HP-UX

Flaws have been found in the IPSec and TCP/IP implementations for the HP-UX operating system. The IPSec flaw could be exploited to gain unauthorized access to the affected machine. The TCP/IP flaw could be used in a denial-of-service attack. Both fixes can be downloaded from the HP IT Resource Center:

http://itrc.hp.com

**********

Today’s roundup of virus alerts:

New IM bug chats with you

A new breed of malicious instant-message bots is on the loose, according to IMlogic, the developer of enterprise IM security applications. IDG News Service, 12/07/05.

http://www.networkworld.com/news/2005/120705-im-bug.html

W32/Poebot-T — A worm that spreads through network shares, dropping “lssas.exe” in the Windows System folder. It allows backdoor access via IRC and can be used for a number of malicious purposes, including allowing shell access, acting as a SOCKS proxy and downloading additional code. (Sophos)

Troj/Zlob-O — A Trojan that tries to download more malicious code from remote sites. It is installed as “mscornet.exe” in the Windows System folder. (Sophos)

W32/Rbot-BAL — An Rbot variant that runs in the background, allowing backdoor access via IRC. It’s installed in the Windows System folder as “svshost.exe”. (Sophos)

W32/Rbot-BAM — This Rbot variant spreads via network shares, exploiting known Windows vulnerabilities and hitting machines already infected with the Sasser worm. It is installed as “system08.exe” in the Windows System folder and can allow backdoor access through an IRC channel. (Sophos)

W32/Rbot-BAN — A third Rbot variant that acts similar to Rbot-BAM above. This one drops “RANDOM.exe” in the Windows System folder. (Sophos)

W32/Spybot-EL — Another continuously running Trojan that allows backdoor access through an IRC channel. This miscreant installs itself as “clmss.exe”  in the Windows System folder. (Sophos)

Troj/Brepbot-B — A Trojan that allows backdoor access to the infected machine, can download additional code from remote sites and disable security applications on its host. It is installed as “csrcmd.exe” in the Windows System directory. (Sophos)

Troj/Stinx-H — This worm tries to circumvent the Windows Firewall. It is installed as “smszac32.exe” in the Windows System folder and can be used to download additional code from remote sites. (Sophos)

Troj/Bancban-JX — A worm that monitors Brazilian Internet banking Web sites looking for user credentials. It drops “system32.exe” in the Windows System and Startup folders. (Sophos)

Troj/Bancban-KB — A second worm that targets Brazilian banking sites. This variant installs “imgrt.scr” in the Windows System folder. (Sophos)

Troj/Danmec-E — A Trojan that can be used to route HTTP traffic through the infected host. It installs a number of files on the infected machine including “checkreg.exe” in the Windows System folder. (Sophos)

Troj/Danmec-F — A second Danmec variant that works similar to the first. A few of the ancillary files are named differently, but the main executable installed is the same. (Sophos)

W32/Tilebot-BY — A bot that spreads through network shares by exploiting a number of known Windows flaws. It is installed as a service called “WinMan” with a start-up setting of automatic. It can allow backdoor access through IRC. (Sophos)