• United States

Mozilla not without flaws

Jul 12, 20045 mins

* Patches from HP, Gentoo, others * Beware Lovegate variant * CyberGuard makes bid for Secure Computing, and other interesting reading

Today’s bug patches and security alerts:

Mozilla moves to fix security vulnerability

The Mozilla Foundation has urged users of its open-source Mozilla Application Suite, Firefox browser and Thunderbird e-mail client to download a small patch to work around a security vulnerability discovered Thursday. IDG News Service, 07/09/04.

Mozilla advisory:


HP patches HP-UX operating system

According to an HP alert, “A potential vulnerability has been identified in the HP-UX ARPA Transport which could be exploited by a local user to create a denial of service.” For more, log in to the HP support center:

HP patches ntp

A flaw in the network time protocol (ntp) implementation for HP-UX could result in the wrong date and time being set on connected clients. For more, go to:


Gentoo patches Pure-FTPd

A potential denial-of-service vulnerability has been found in Gentoo’s Pure-FTPd implementation. When the maximum number of connections is reached, the service may crash. For more, go to:


Password bypass in MySQL

NGSSoftware is warning of two flaws in the popular MySQL database system that could be exploited to bypass the database’s authentication system. To fix the problem, users should upgrade to Version 4.1.3. For more, go to:

Related white paper – “Hack Proofing MySQL”:


Eudora attachment spoof fixed

The latest version of the Eudora e-mail client for Windows (Version 6.1.2) contains a number of security fixes, including one that deals with file attachments that come without an extension. For more, go to:


Ethereal patches from Gentoo, Mandrake Linux

A number of flaws have been found in the Ethereal network monitoring tool. The vulnerabilities could be exploited to crash the system or potentially run the attacker’s code of choice on the machine. For more, go to:


Mandrake Linux:


Today’s roundup of virus alerts:

W32/Lovgate-AH – Using a variety of infected file names and message types, this virus spreads via e-mail, peer-to-peer networks and network shares with weak passwords. The virus infects all .exe files on the target machines. (Sophos)

W32/Lovgate-AG – This Lovegate variant is similar to AH above, but also exploits the Windows RPC vulnerability as a means of spreading.  (Sophos)

W32/Sdbot-JY – A Sdbot variant that spreads via network shares and installs itself in the Windows System folder as “IEXPLORE32.EXE”. The virus provides backdoor access via IRC and attempts to terminate security-related applications. (Sophos)

W32/Rbot-CZ – This pesk spreads via network shares, installing a backdoor utility in the file “WINSYS32.EXE”. It tried to terminate network shares and security-related applications. (Sophos)

W32/Rbot-DE – Looks to be the same as Rbot-CZ above. (Sophos)

W32/Rbot-AS – Similar to the above Rbot variants, except AS installs itself as “LSAS.EXE” in the Windows System folder. (Sophos)

W32/Agobot-KM – An Agobot variant that exploits various security vulnerabilities and networks shares to spread between machines. It installs itself as “MSVSRV32.EXE” in the Windows System directory and allows backdoor access via IRC. It also redirects URLs for anti-virus sites to the localhost. (Sophos)

Troj/Legmir-K – A passwords-stealing Trojan horse. No word on how it spreads. (Sophos)

Troj/Padodo-Fam – A family of Trojan horse programs that provide backdoor access via IRC and steal system passwords. (Sophos)

Troj/HacDef-F — A Trojan targeting Windows NT, 2000 and XP that changes Internet Explorer settings and gathers system information. (Sophos)


From the interesting reading department:

Has IE dug itself a hole?

When another security hole was uncovered in Microsoft Internet Explorer last week, the U.S. Computer Emergency Readiness Team issued six workarounds to minimize vulnerability, including a suggestion to switch to another browser. Network World, 07/12/04.

Review: Pedestal aids in security enforcement

Pedestal Software’s SecurityExpressions 3.1 is an agentless product that audits systems based on a pre-defined set of rules, letting organizations easily identify computers and other devices that do not conform to a defined corporate security policy. Network World, 07/12/04.

Web servers still doling out ‘Scob’ code

More than 100 Web servers are still distributing the “Scob” malicious code, first identified two weeks ago as code used in a widespread attack to plant Trojan horse programs on vulnerable computers, according to one computer security company. That attack used compromised Microsoft Internet Information Services Web servers to distribute the Trojan horse programs. IDG News Service, 07/08/04.

Symantec opens its security center

Some say that protecting companies and governments from unanticipated cyberattacks is similar to finding a needle in a haystack. But at Symantec’s Security Operating Center in Alexandria, Va., protecting clients from worms, viruses, and other computer-related threats is more like plucking a specific needle from a mound of needles in a haystack. PC World, 07/09/04.

Microsoft to pitch security as ‘competitive advantage’

Microsoft will pitch security as a “competitive advantage” at its worldwide partner conference in Toronto next week, but it may be a tough sell to attendees who are still waiting for the software maker to deliver on some of last year’s security-related promises. IDG News Service, 07/08/04.

CyberGuard makes bid for Secure Computing

Network security provider CyberGuard has made an unsolicited offer for rival Secure Computing in a move aimed at filling out its product suite and slashing costs. IDG News Service, 07/12/04.