RealNetworks patches four flaws

Opinion
Jun 27, 20054 mins

* Patches from RealNetworks, Gentoo, OpenPKG, others * Beware Trojan that targets Brazilian banking Web sites

Today’s bug patches and security alerts:

RealNetworks patches four flaws

RealNetworks has issued patches for its RealPlayer media client that fixes four vulnerabilities in older versions. The flaws could be exploited to install spyware or to take control of the affected machine. For more, go to:

https://service.real.com/help/faq/security/050623_player/EN/

Related iDefense advisory:

http://www.networkworld.com/go2/0627bug1a.html

**********

Security firm warns of flaws in Veritas Backup Exec

SecurityTracker is reporting it has found a number of vulnerabilities in Veritas’ Backup Exec line for Windows. Hackers could exploit the flaws in a denial-of-service attack or to potentially run malicious code. For more, go to:

SecurityTracker advisory:

https://securitytracker.com/alerts/2005/Jun/1014273.html

Veritas advisory:

https://seer.support.veritas.com/docs/276533.htm

Related iDefense advisories:

Veritas Backup Exec Server Remote Registry Access Vulnerability:

http://www.networkworld.com/go2/0627bug1b.html

Veritas Backup Exec Agent Error Status Remote DoS Vulnerability:

http://www.networkworld.com/go2/0627bug1c.html

Veritas Backup Exec Agent CONNECT_CLIENT_AUTH Buffer Overflow Vulnerability:

http://www.networkworld.com/go2/0627bug1d.html

**********

Gentoo patches SpamAssassin 3 and Vipul’s Razor

An attacker could send malformed messages through SpamAssassin or Vipul’s Razor, causing the filtering applications to crash. For more, go to:

https://security.gentoo.org/glsa/glsa-200506-17.xml

**********

OpenPKG, SuSE release sudo fix

A race condition in Sudo could be exploited to run applications with the privileges on another user. Fixes are available. For more, go to:

OpenPKG:

https://www.openpkg.org/security/OpenPKG-SA-2005.012-sudo.html

SuSE:

https://www.novell.com/linux/security/advisories/2005_36_sudo.html

**********

iDefense warns of flaws in Cacti

Security researches at iDefense are warning of a number of flaws in Cacti, a Web front end for rrdtool. The most serious of the flaws could be exploited to run malicious code on the affected machine. For more, go to:

Cacti Remote File Inclusion Vulnerability:

http://www.networkworld.com/go2/0627bug1e.html

Cacti config_settings.php Remote Code Execution:

http://www.networkworld.com/go2/0627bug1f.html

Cacti Multiple SQL Injection Vulnerabilities:

http://www.networkworld.com/go2/0627bug1g.html

Related fix from Gentoo:

https://security.gentoo.org/glsa/glsa-200506-20.xml

**********

Today’s roundup of virus alerts:

W32/Agobot-SE – An Agobot network worm that attempts to exploit a number of known Windows vulnerabilities. It installs itself as “system.exe” in the Windows System folder and can allow backdoor access through IRC. (Sophos)

Troj/Banker-DJ – Another Trojan that targets Brazilian banking Web sites. This variant installs “csrss.exe” and “lsass.dll” on the affected machine. It may also attempt to shutdown anti-virus products running on the infected system. (Sophos)

W32/Rbot-AFV – A new Rbot variant that exploits many well-known Windows flaws as it spreads through network shares. It uses a random file name as its infection point and can be used for a number of malicious applications, including downloading additional code and stealing information from the infected machine. (Sophos)

W32/Rbot-AGG – Another IRC Trojan bot that attempts to spread through network shares by exploiting known Windows vulnerabilities. This variant installs itself as “winsound.exe” in the Windows System directory. (Sophos)

W32/Appflet-A – A mass-mailing worm that arrives in a message claiming to be salacious photos and with an attachment called “ActorsGallery.zip”. (Sophos)

W32/Sdbot-ZO – An IRC Trojan that spreads through network shares, dropping “burndl32.exe” in the infected machine’s Windows System directory. (Sophos)

W32/Nanpy-A – A virus that attempts to redirect traffic from banking sites to a malicious IP address by modifying the Windows HOSTS file. It spreads by exploiting the Windows RPC-DCOM vulnerability, dropping “mmsvc32.exe” on the infected machine. (Sophos)

W32/Mytob-EA – What would a newsletter be without at least one Mytob variant? This version spreads through a message that looks like an account warning or password update. It installs itself as “skybot.exe”, disables security applications and access to related sites, and provides backdoor access through IRC. (Sophos)

W32/Mytob-BS – Another Mytob e-mail worm variant. This one drops “logitechwls.exe” on the infected machine. It also tries to exploit the RPC-DCOM and LSASS vulnerabilities as a way into a potential host. (Sophos)

W32/Mytob-BU – Yet another Mytob variant that acts in similar ways as many of its predecessors. This particular version drops “windsns.exe” on its target. (Sophos)

Troj/Psyme-BY – A Trojan that attempts to exploit the Windows ADODB flaw. If successful, it tries to download additional malicious code from remote Web sites. (Sophos)

W32/Kelvir-AP – A Windows Messenger worm that spreads through an instant message reading “hahaaaa you are in the weebs picture!!” followed by a link to a remote site. It looks as if the downloaded file only contains text at this point. (Sophos)