* Patches from Microsoft, Cisco, Gentoo, others * Beware Trojan targeting user's financial information * Microsoft, under attack, aims to offer security, and other interesting reading Today’s bug patches and security alerts:New IE patch disables ADODB.Stream ActiveX controlThe ADODB.Stream ActiveX control may be exploited to run malicious scripts from a domain to be run in the local machine zone, basically allowing access to the affected machine. For more, go to:CERT advisory: https://www.us-cert.gov/cas/techalerts/TA04-163A.htmlMicrosoft advisory: https://support.microsoft.com/default.aspx?kbid=870669**********Cisco patches Cisco Collaboration ServerAn advisory from Cisco warns, “Cisco Collaboration Server (CCS) versions earlier than 5.0 ship with ServletExec versions that are vulnerable to attack where unauthorized users can upload any file and gain administrative privileges.” For more, go to:https://www.cisco.com/warp/public/707/cisco-sa-20040630-CCS.shtml********** Gentoo, Mandrake Linux patch Apache2 denial-of-service vulnerabilityA flaw in the Apache2 Web server software could result in the httpd process consuming all of the system memory, resulting in a denial of service. For more, go to:Gentoo:https://forums.gentoo.org/viewtopic.php?t=193898 Mandrake Linux:https://www.nwfusion.com/go2/0705bug1a.html**********Mandrake Linux releases Apache updateA buffer overflow in the Apache mod_proxy module could be exploited by a remote user to run arbitrary code on the affected server. This only impacts Apache servers that are using mod_proxy. For more, go to:https://www.nwfusion.com/go2/0705bug1b.htmlMandrake Linux updates libpngAccording to an alert from Mandrake Linux, “A buffer overflow vulnerability was discovered in libpng due to a wrong calculation of some loop offset values. This buffer overflow can lead to denial-of-service or even remote compromise.” For more, go to:https://www.nwfusion.com/go2/0705bug1c.html**********FreeBSD patches Linux binaryThe binary module that makes FreeBSD compatible with Linux contains an input validation error that could allow a local attacker to overwrite kernel memory, which could cause a system panic. For more, go to:https://www.nwfusion.com/go2/0705bug1d.html**********nCipher warns of netHSM pass phrase vulnerabilitynCipher is warning customers: “Pass phrases entered by means of the nCipher netHSM front panel, either using the built in thumbwheel or using a directly attached keyboard, are exposed in the netHSM system log.” For more, go to:https://www.ncipher.com/support/advisories/advisory10.htm**********SuSE release kernel updateA new kernel update from SuSE fixes a number of vulnerabilities found in previous releases. The most serious of the flaws could be exploited by a local user to gain root privileges. For more, go to:https://www.suse.com/de/security/2004_20_kernel.html**********Today’s roundup of virus alerts:Trojan targets user’s financial informationThe Trojan horse file poses as an image file named “img1big.gif” but is actually an executable that installs a malicious add-on to Microsoft’s Internet Explorer browser. The add-on, known as a BHO, or browser helper object, then monitors for and records outbound data to the Web sites of several dozen financial institutions, according to an analysis posted on the SANS Institute’s Internet Storm Center Web site. IDG News Service, 06/30/04.https://www.nwfusion.com/news/2004/0630trojatarge.html?nlW32/Rbot-CA – Like many of its predecessor, this Rbot variant spreads via network shares and uses IRC to allow backdoor access to the infected machine. Rbot-CA uses a random filename and hides itself in the Windows System directory. (Sophos)W32/Rbot-CC – This Rbot variant uses the name “goawv.exe” as its infection point in the Windows System directory. IRC is used to allow backdoor access to the infected machine. (Sophos)W32/Rbot-CG – Similar to Rbot-CC except this variant uses an infected file called “USWTME.EXE”. (Sophos)W32/Spybot-CW – A virus that uses peer-to-peer networks, Kazaa mostly, to spread. This virus installs itself in the Windows System directory as “Navapsvcc.exe” and allows backdoor access via IRC. (Sophos) W32/Agobot-KE – Another virus that spreads via network shares with weak passwords. Agobot-KE installs itself as “VDISP.EXE” in the Windows System directory and disables security-related applications and access to similar sites. (Sophos)W32/Agobot-KG – This Agobot variant spreads vie network shares and uses the filename “ASP-SRVC.EXE” to infect the Windows System folder. In addition to providing backdoor access via IRC, the virus also terminates security-related applications and may harvest e-mail addresses from the infected machine. (Sophos)W32/Sdbot-JF – A new Sdbot variant that spreads via weakly protected network shares and installs itself in the Windows System directory as “AOLMSNGR.EXE”. The virus provides backdoor access through an IRC channel, terminates security-related applications and may try to delete network shares. (Sophos)W32/Sdbot-JG – This Sdbot variant uses the same methods as Sdbot-JF to spread, installing itself as “MSEXPLORE.EXE” in the Windows System folder. The added wrinkle is that it tries to steal CD keys for popular games. (Sophos)W32/Sdbot-JP – Very similar to Sdbot-JG, with the added twist of a keystroke logger. (Sophos)W32/Lovgate-AD – A multifaceted worm that spreads via e-mail, network shares and peer-to-peer networks. The virus overwrites .exe files with copies of itself and adds the extension .ZMX. It also allows backdoor access through specific ports. (Sophos)**********From the interesting reading department:Rx for patching mired in red tapeThe epidemic of Windows-based worms and viruses in the past year has put hospital IT administrators on a state of high alert to protect patient-care systems that have become reliant on Microsoft operating systems. Network World, 07/05/04.https://www.nwfusion.com/news/2004/070504hospitalpatch.html?nlMicrosoft, under attack, aims to offer securityTwo and a half years after launching its Trustworthy Computing initiative Microsoft is finding its products the target of escalating attacks, to the extent that some security experts are even warning that the company’s Internet Explorer browser is simply not safe to use. IDG News Service, 07/05/04.https://www.nwfusion.com/news/2004/0705microunder.html?nlNetwork Associates changes name back to McAfeeMcAfee is McAfee once again. After a seven-year stint doing business under the name Network Associates Inc., the company formerly known as McAfee Associates Inc. has readopted its founder’s name and will be known as McAfee Inc., effective Wednesday. IDG News Service, 07/01/04.https://www.nwfusion.com/news/2004/0701netwoassoc.html?nl Related content news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Cloud Computing Networking news Gartner: Just 12% of IT infrastructure pros outpace CIO expectations Budget constraints, security concerns, and lack of talent can hamstring infrastructure and operations (I&O) professionals. By Denise Dubie Dec 07, 2023 4 mins Network Security Data Center Industry feature Data centers unprepared for new European energy efficiency regulations Regulatory pressure is driving IT teams to invest in more efficient servers and storage and improve their data-center reporting capabilities. By Maria Korolov Dec 07, 2023 7 mins Enterprise Storage Enterprise Storage Enterprise Storage news analysis AMD launches Instinct AI accelerator to compete with Nvidia AMD enters the AI acceleration game with broad industry support. First shipping product is the Dell PowerEdge XE9680 with AMD Instinct MI300X. By Andy Patrizio Dec 07, 2023 6 mins CPUs and Processors Generative AI Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe