* Patches from Gentoo, OpenPKG, Mandriva, others * Beware new bot,Codbot, that can be used to log keystrokes and download malware
Today’s bug patches and security alerts:
Backdoor password in Enterasys Vertical Horizon switches
Jacek Lipkowski is reporting an undocumented system account (user is “tiger”, password is “tiger123”) has been found in the Vertical Horizon VH-2402S with firmware 02.05.00 or 02.05.09.07. Enterasys seems to have released a fix for the problem:
https://www.enterasys.com/download/download.cgi?lib=vh
**********
Gentoo patches flaw in Trac
A flaw in Trac, a Web-based management system for bug tracking and wiki projects, could allow an attacker to run malicious applications on the affected machine. For more, go to:
https://security.gentoo.org/glsa/glsa-200506-21.xml
Gentoo releases fix for Tor
A flaw in Tor, a second-generation version of Onion Routing, could be exploited by an attacker to view certain system memory segments. For more, go to:
https://security.gentoo.org/glsa/glsa-200506-18.xml
**********
iDefense warns of flaws in IpSwitch WhatsUp Professional 2005
According to an advisory from iDefense, “Remote exploitation of a SQL injection vulnerability in IpSwitch Inc.’s WhatsUp Professional 2005 Service Pack 1 could allow a remote attacker to gain administrative access to the application.” For more, go to:
iDefense advisory:
http://www.networkworld.com/go2/0627bug2a.html
IpSwitch fix:
http://www.networkworld.com/go2/0627bug2b.html
**********
OpenPKG fixes shtool
The shtool utility creates temporary files in a non-secure manner, leaving them exploitable to a symlink attack. A hacker could use this to potentially run malicious code on the affected machine. For more, go to:
https://www.openpkg.org/security/OpenPKG-SA-2005.011-shtool.html
**********
Trustix releases “multi” update
A new update from Trustix fixes flaws in cpio, razor-agents, sudo and telnet. The most serious of these could be exploited to run malicious applications on the affected machine. For more, go to:
https://www.trustix.org/errata/2005/0030/
**********
Mandriva patches squid
According to an alert from Mandriva, “A bug was found in the way that Squid handles DNS replies. If the port Squid uses for DNS requests is not protected by a firewall, it is possible for a remote attacker to spoof DNS replies, possibly redirecting a user to spoofed or malicious content.” For more, go to:
https://www.mandriva.com/security/advisories?name=MDKSA-2005:104
Mandriva fixes dbus
A flaw in the way dbus messages are sent between applications could be exploited by another user to view the data being sent. For more, go to:
https://www.mandriva.com/security/advisories?name=MDKSA-2005:105
**********
Today’s roundup of virus alerts:
W32/Rbot-AGH – An Rbot variant that exploits the Windows LSASS and RPC-DCOM vulnerabilities as it spreads through network shares. It installs “LimeWire.exe” on the infected machine and allows backdoor access through IRC. (Sophos)
W32/Sdbot-ZM – This Sdbot variant exploits a number of known Windows flaws in its attempt to infect a machine. If successful, it drops “nawdll32.exe” in the Windows System directory and it can allow backdoor access via IRC. (Sophos)
Troj/Drivol-A – A Trojan that attempts to download and run malicious code from a remote Web site. It initially installs “fvek.exe” on the infected machine. (Sophos)
W32/Mytob-BV – Wow, another Mytob variant. Again, it spreads through e-mail and network shares, providing backdoor access to the infected machine through IRC. This particular variant drops “TimeManager.exe” on the infected machine. (Sophos)
Troj/Pyfls-A – Another Trojan that tries to download additional malicious code from a preconfigured site. It drops “b.tmp” on the infected host. (Sophos)
W32.Codbot.AL – A new bot that can be used to log keystrokes and download malware. It spreads by exploiting some well-known Windows vulnerabilities and provides unauthorized access through IRC. (Panda Software)
W32.Semapi.A – An e-mail worm that uses variable message attributes when it spreads. Fortunately, it does display the message “semapi.dll” cannot be found. (Panda Software)




