10 fixes coming from Microsoft this week

Opinion
Jun 13, 20055 mins

* Patches from Microsoft, SuSE, Gentoo, others * Beware latests variants of the Banker worm * Not all agree on 'overhyped' security threats

Tuesday will be a busy day this week:

Microsoft security updates to cover Windows, Exchange

Microsoft  plans to release a total of 10 security fixes, including “critical” Windows updates, during its Monthly Security Bulletin release, scheduled for next Tuesday. The company also plans to release an updated version of its Microsoft Windows Malicious Software Removal Tool, Microsoft said Thursday. IDG News Service, 06/09/05.

http://www.networkworld.com/news/2005/060905-microsoft-patches.html?nl

Today’s bug patches and security alerts:

Cisco warns of 802.1x flaw in CallManager

A flaw in the way the Cisco Discovery Protocol handles authentication of voice devices could be exploited by an attacker to gain access to the network, even if 802.1X is implemented. For more, go to:

http://www.networkworld.com/go2/0613bug1e.html

**********

SuSE patches kernel

SuSE has released an update to its Linux kernel that fixes a number of flaws in previous releases. The most serious of the vulnerabilities could be exploited to gain root access on the affected machine. For more, go to:

http://www.networkworld.com/go2/0613bug1d.html

**********

Mandriva fixes wget

Two vulnerabilities have been found in Mandriva’s implementation of wget. One could allow an attacker to get an unauthorized view of the affected system’s directories. Another could be used to overwrite user configuration files. For more, go to:

https://www.mandriva.com/security/advisories?name=MDKSA-2005:098

**********

Gentoo, Ubuntu release patch for gedit

A format string vulnerability in gedit could be exploited by when a specially crafted file is called by the application. An attacker could use this to run malicious code on the affected machine. For more, go to:

Gentoo:

https://security.gentoo.org/glsa/glsa-200506-09.xml

Ubuntu:

https://www.ubuntulinux.org/support/documentation/usn/usn-138-1

**********

FreeBSD patches tcpdump

A number of the tcpdump protocol decoders contain flaws that could send the network monitoring application into an infinite loop, resulting in a denial of service. For more, go to:

http://www.networkworld.com/go2/0613bug1c.html

FreeBSD fixes gzip flaws

Two vulnerabilities in gzip, an open source compression/decompression utility, could be exploited by an attacker to overwrite arbitrary files on the affected machine. For more, go to:

http://www.networkworld.com/go2/0613bug1b.html

FreeBSD issues fix for bind9

A flaw Bind 9 DNS systems with DNSSEC enabled could be exploited to crash the name server. An attacker would have to send a specially-crafted packet to cause the system crash. For more, go to:

http://www.networkworld.com/go2/0613bug1a.html

**********

Today’s roundup of virus alerts:

Troj/Banker-HC – Another information stealing worm that targets Brazilian banking Web sites. It uses a random filename as its infection point. (Sophos)

Troj/Banker-DV – This variant of the Banker worm family installs itself as “winlogin.exe”. (Sophos)

Troj/Banker-DB – Another banker variant. This one attempts to mail stolen info to a predefined e-mail address. (Sophos)

W32/Chode-C – A worm that spreads through MS Messenger with a message “hey, is this you?” followed by a link to the virus itself. If executed, the virus will display a fake error message. It can be used for a number of malicious applications such as sending e-mail, participating in DoS attacks and steal passwords. (Sophos)

W32/Rbot-AEJ – A new Rbot variant that spreads by exploiting a number of known Windows vulnerabilities. It can be used for malicious function such as HTTP proxying, downloading code, stealing local information and participating in DoS attacks. It installs itself as “system.exe”. (Sophos)

W32/Mytob-BD – A new Mytob mass-mailing and backdoor Trojan that drops “test2.exe” on the infected machine. The malicious e-mail looks like an account validation or system warning message. It prevents access to security-related sites by modifying Windows HOSTS file. (Sophos)

W32/Mytob-U – This Mytob variant is similar to its predecessors in the way it spreads. It drops “LienVdK.exe” on the infected machine. (Sophos)

W32/Mytob-AO – A Mytob variant that exploits the Windows LSASS flaw to infect the machine. It installs “taskgm.exe” on the host. (Sophos)

W32/Mytob-AP – This variant spreads through an attachment with a double extension or as a ZIP. It can provide backdoor access through IRC and limit access to certain Web sites by modifying the Windows HOSTS file. (Sophos)

W32/Mytob-AQ – This variant is similar to the others. It drops “Lien Vande Kelder.exe” on the infected machine. (Sophos)

W32/Tirbot-G – A network worm that exploits the Windows LSASS vulnerability to infect a machine. It installs “mssvp.exe” on the host and can be used to download additional malicious code. (Sophos)

Troj/Lineage-O – A password stealing Trojan that targets the game “Lineage”. It copies two files to the infected machine: “explorer.exe” and “htdll.dll”. (Sophos)

W32/Francette-S – A Windows worm that exploits the RPC-DCOM vulnerability in infect a machine. It provides backdoor access via IRC and modifies the HOSTS file to prevent access to certain sites. (Sophos)

Troj/Puppet-A – Another IRC backdoor worm that spreads through network shares. This one drops “boot.exe” on the infected machine. (Sophos)

W32/Kelvir-AE – A Windows Messenger worm that spreads through a message “ahahhaa :p” followed by a URL. (Sophos)

Smitfraud – A new Spyware application that infects system files. The application installs an anti-spyware program, then tries to get users to pay for it when it finds an “infection.” (Panda Software)

Skulls.L – A Trojan that infects Symbian phones. What makes it different than most of the previous variants is that it pretends to be an F-Secure anti-virus update. (F-Secure)

**********

From the interesting reading department:

Not all agree on ‘overhyped’ security threats

Two Gartner analysts released their list of the five most overhyped IT security threats, with IP telephony and malware for mobile devices making the list, but not all IT security vendors agreed with the analysts’ assessment. IDG News Service, 06/10/05.

http://www.networkworld.com/news/2005/061005-gartner-threats.html?nl