• United States

NGSSoftware warns of IBM AIX flaws

Dec 19, 20054 mins

* Patches from IBM, Debian, SuSE, others * Beware worm called Dasher

Today’s bug patches and security alerts:

NGSSoftware warns of IBM AIX flaws

NGSSoftware is warning of multiple high-risk buffer overflow vulnerabilities in the IBM AIX operating system. The flaws could be exploited to gain elevated privileges and shell access on the infected machine. For more, go to:

IBM patches:


Debian, SuSE release Linux kernel updates

A number of vulnerabilities in earlier releases of the Debian and SuSE Linux kernels have been patched in these latest update. Most of the flaws could be exploited to crash the affected machine. For more, go to:




iDefense warns of Citrix Program Neighborhood Name heap corruption vulnerability

A heap overflow in the Citrix Program Neighborhood could be exploited to run arbitrary malicious code on the affected machine. For more, go to:

Citrix update:


Recent updates from Gentoo:

Ethereal (buffer overflow, code execution):

OpenLDAP, Gauche (escalated privileges):

Xpdf, GPdf, CUPS, Poppler (multiple flaws):

cURL (code execution):


Recent patches from Mandriva:

Ethereal (buffer overflow, code execution):

xine-lib (denial of service):

xmovie (denial of service):

mplayer (denial of service):

ffmpeg (denial of service):

gstreamer-ffmpeg (denial of service):


Recent fix from Ubuntu:

ffmpeg/xine-lib (denial of service):


Today’s roundup of virus alerts:

On Dasher! New malware targets Microsoft users

Just in time for the holidays, a worm called Dasher has hit the Internet. The malicious software, which primarily targets Windows 2000 systems, is one of three new attacks targeting Microsoft’s software that has emerged in the last 24 hours. Two other recently posted attacks can crash or gum up the Internet Explorer (IE) browser. IDG News Service, 12/15/05.

Sophos advisory on Dasher:

Troj/Bancban-LZ — A Trojan that sends notification messages to a remote server, most likely to alert the author of its presence. The virus is installed as “wupdmgr.exe” in the Windows System folder. (Sophos)

Troj/BagleDl-AN and AO — Two new Bagle variants that opens up an image of the Windows logo when it infects a host. Both are installed as “anti_troj.exe” in the Windows System folder. (Sophos)

W32/Bagle-AX — This Bagle variant spreads through an infected e-mail attachment, usually a ZIP file. The infected message is usually titled with a Happy New Year message and the virus installs “re_file.exe” in the Windows System directory. (Sophos)

Troj/Nuclear-O — A backdoor Trojan that copies itself to “nrMy FileHugeLongPathexample.exe”. No word on how the remote user would access the Trojan. (Sophos)

Troj/Zapchas-AF — A new backdoor Trojan that allows access to the infected host through an IRC channel. It drops a number of files in the “System>driversnVIDIAymsg” directory, including “svchost.exe” and “sup.bat”. (Sophos)

Troj/PcClien-IJ — A keystroke grabber that sends its bounty to a remote server via HTTP. It drops “nzspfrwy.sys” and two other similarly named files in the Windows Program Files directory. (Sophos)

Troj/Dloadr-ACM — A downloader Trojan that attempts to grab more malicious code from remotes sites. It drops a number of files in the Windows System directory including “svcclient.exe” and “svcctl32.exe”. (Sophos)

Troj/Bckdr-E — As the name implies, this is a backdoor Trojan. It is installed as “Server2.0.exe” in the Windows folder. (Sophos)