• United States

Cisco patches Aironet Wireless Access Points

Jan 16, 20065 mins

* Patches from Cisco, Debian, Fedora, others * Beware Tilebot variant that tries to exploit a number of well-known Windows flaws

Today’s bug patches and security alerts:

Cisco patches Aironet Wireless Access Points

According to a Cisco advisory, “A vulnerability exists in Cisco Aironet Wireless Access Points (AP) running IOS which may allow a malicious user to send a crafted attack via IP address Resolution Protocol (ARP) to the Access point which will cause the device to stop passing traffic and/or drop user connections. Repeated exploitation of this vulnerability will create a sustained DoS (denial of service).” For more, go to:


Recent updates from Debian:

Petris (buffer overflow, code execution):

smstools (format string, code execution):

xpdf, kpdf (multiple buffer overflows):

hylafax (code execution):

pound (multiple flaws):

libapache2 (code execution):

unzip (race condition):

libextractor (multiple buffer overflows):

tetex-bin (multiple buffer overflows):

koffice (multiple buffer overflows):

fetchmail (programming error – aren’t the all?):

gpdf (multiple buffer overflows):


Recent patches from Fedora:

gettext (file overwrite):

htdig (cross scripting, code execution):

ethereal (multiple flaws):

mozilla (multiple flaws):

lesstif (multiple flaws):


Recent fixes from FreeBSD:

texinfo (temp files, privilege escalation):

ee (temp files, privilege escalation):

cpio (multiple flaws):

core/ipfw (denial of service):


New alerts from Gentoo:

mod_auth_pgsql (multiple format string flaws):

ClamAV (buffer overflow, code execution):

Blender (heap overflow):

Wine (WMF handling):


New updates from Mandriva:

koffice (multiple flaws):

apache2-mod_auth_pgsql (multiple format strings):

cups (multiple overflows):


Recent patches from NetBSD:

Kernfs (kernel memory disclosure):

settimeofday (bug):


New advisories for Ubuntu:

libapache2-mod-auth-pgsql (multiple format strings):

xpdf (multiple flaws):

sudo (privilege escalation):

bogofilter (buffer overflow):

Apache (multiple flaws):


Today’s roundup of virus alerts:

Troj/Stinx-K — A backdoor Trojan that drops “smsogx32.exe” in the Windows System folder. No word on what an attacker could do with the backdoor. (Sophos)

W32/Sdbot-ALZ — Another backdoor worm that spreads through network shares and allows backdoor access through IRC. This variant installs itself as “svchosts.exe” in the Windows System folder. (Sophos)

W32/Tilebot-CX — This Tilebot variant tries to exploit a number of well-known Windows flaws as it spreads through network shares. It drops “shell32.exe” in the Windows System directory and can allow remote access via HTTP. (Sophos)

Troj/Bckdr-QF — This backdoor gives intruders access via IRC. It installs two files into the Windows System folder: “ctfmon.exe” and “userinit.exe”. (Sophos)

W32/Rbot-BJR — An Rbot variant that exploits weak passwords and known Windows flaws to spread through network shares. It drops “Firewall-UpdateV9.exe” in the Windows System folder, allows backdoor access through IRC and attempts to steal registration information for popular games. (Sophos)

W32/Rbot-BLC — Another Rbot variant. This one puts “Acrord32.exe” in the Windows System folder. (Sophos)

W32/Codbot-K — An IRC backdoor worm with the ability to sniff packets and download additional malicious code. It is installed as “SCardClnt.exe” in the Windows System folder. (Sophos)

W32/Antiman-A — A mass-mailing worm that spreads through a message written in Spanish. The infected attachment will have a “EXE” extension. It drops “funny.scr” to the Windows System folder and “startwin.exe” to the user’s Startup folder. (Sophos)

W32/Bobax-N — Another e-mail worm. This one purports to have pictures of Osama Bin Laden or Saddam Hussein’s capture/death. The infected attachment will have a pif, exe, scr or zip extension. (Sophos)

Troj/Bancban-NQ — A Trojan with the ability to send notification messages to a remote location. It places “system32x.exe” in the Startup and Windows System folders. (Sophos)

Mitglieder.HE — A Trojan that needs to be spread manually. It can open port 9031 and act as a proxy server. (Panda Software)

Spymaster.A — This virus spreads through e-mail with an attachment called “SERVER.EXE”. It can be used to steal passwords and monitor Web pages visited. (Panda Software)

Troj/Paymite-B — A Trojan that changes the Internet Explorer start page. It places “paytime.exe” in the Windows System directory. (Sophos)

Troj/Banload-IJ — A Windows Trojan that is used to download additional code. It’s installed as “spoolsv.exe” in the Windows folder. (Sophos)

W32/Mytob-GO — This Mytob worm spreads through an e-mail message that looks like an account suspension warning. It can be used to harvest e-mail addresses from the infect host. It drops “svchosts.exe” in the Windows System folder. (Sophos)