Americas

  • United States

NGSSoftware warns of IBM AIX flaws

Opinion
Dec 19, 20054 mins
NetworkingSecurity

* Patches from IBM, Debian, SuSE, others * Beware worm called Dasher

Today’s bug patches and security alerts:

NGSSoftware warns of IBM AIX flaws

NGSSoftware is warning of multiple high-risk buffer overflow vulnerabilities in the IBM AIX operating system. The flaws could be exploited to gain elevated privileges and shell access on the infected machine. For more, go to:

https://www.databasesecurity.com/dbsec/aix-heap.pdf

IBM patches:

http://www.networkworld.com/go2/1219bug1a.html

**********

Debian, SuSE release Linux kernel updates

A number of vulnerabilities in earlier releases of the Debian and SuSE Linux kernels have been patched in these latest update. Most of the flaws could be exploited to crash the affected machine. For more, go to:

Debian:

https://www.debian.org/security/2005/dsa-922

SuSE:

http://www.networkworld.com/go2/1219bug1b.html

**********

iDefense warns of Citrix Program Neighborhood Name heap corruption vulnerability

A heap overflow in the Citrix Program Neighborhood could be exploited to run arbitrary malicious code on the affected machine. For more, go to:

http://www.networkworld.com/go2/1219bug1c.html

Citrix update:

https://support.citrix.com/kb/entry.jspa?externalID=CTX108354

**********

Recent updates from Gentoo:

Ethereal (buffer overflow, code execution):

https://security.gentoo.org/glsa/glsa-200512-06.xml

OpenLDAP, Gauche (escalated privileges):

https://security.gentoo.org/glsa/glsa-200512-07.xml

Xpdf, GPdf, CUPS, Poppler (multiple flaws):

https://security.gentoo.org/glsa/glsa-200512-08.xml

cURL (code execution):

https://security.gentoo.org/glsa/glsa-200512-09.xml

**********

Recent patches from Mandriva:

Ethereal (buffer overflow, code execution):

https://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:227

xine-lib (denial of service):

https://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:228

xmovie (denial of service):

https://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:229

mplayer (denial of service):

https://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:230

ffmpeg (denial of service):

https://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:231

gstreamer-ffmpeg (denial of service):

https://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:232

**********

Recent fix from Ubuntu:

ffmpeg/xine-lib (denial of service):

http://www.networkworld.com/go2/1219bug1d.html

**********

Today’s roundup of virus alerts:

On Dasher! New malware targets Microsoft users

Just in time for the holidays, a worm called Dasher has hit the Internet. The malicious software, which primarily targets Windows 2000 systems, is one of three new attacks targeting Microsoft’s software that has emerged in the last 24 hours. Two other recently posted attacks can crash or gum up the Internet Explorer (IE) browser. IDG News Service, 12/15/05.

http://www.networkworld.com/news/2005/121505-dasher-worm.html?nl

Sophos advisory on Dasher:

https://www.sophos.com/virusinfo/analyses/w32dasherc.html

Troj/Bancban-LZ — A Trojan that sends notification messages to a remote server, most likely to alert the author of its presence. The virus is installed as “wupdmgr.exe” in the Windows System folder. (Sophos)

Troj/BagleDl-AN and AO — Two new Bagle variants that opens up an image of the Windows logo when it infects a host. Both are installed as “anti_troj.exe” in the Windows System folder. (Sophos)

W32/Bagle-AX — This Bagle variant spreads through an infected e-mail attachment, usually a ZIP file. The infected message is usually titled with a Happy New Year message and the virus installs “re_file.exe” in the Windows System directory. (Sophos)

Troj/Nuclear-O — A backdoor Trojan that copies itself to “nrMy FileHugeLongPathexample.exe”. No word on how the remote user would access the Trojan. (Sophos)

Troj/Zapchas-AF — A new backdoor Trojan that allows access to the infected host through an IRC channel. It drops a number of files in the “System>driversnVIDIAymsg” directory, including “svchost.exe” and “sup.bat”. (Sophos)

Troj/PcClien-IJ — A keystroke grabber that sends its bounty to a remote server via HTTP. It drops “nzspfrwy.sys” and two other similarly named files in the Windows Program Files directory. (Sophos)

Troj/Dloadr-ACM — A downloader Trojan that attempts to grab more malicious code from remotes sites. It drops a number of files in the Windows System directory including “svcclient.exe” and “svcctl32.exe”. (Sophos)

Troj/Bckdr-E — As the name implies, this is a backdoor Trojan. It is installed as “Server2.0.exe” in the Windows folder. (Sophos)