• United States

Another IE patch

Aug 02, 20045 mins

* Patches from Conectiva, Gentoo, Debian others * More Rbot viruses run amuck * Gates: We'll make security our forte, and other interesting reading

Today’s bug patches and security alerts:

Latest patch for IE holes released by Microsoft

Microsoft Friday issued a much-anticipated patch for three vulnerabilities that have recently caused some havoc among users of its Internet Explorer browser. Network World Fusion, 07/30/04.

Microsoft advisory:

Debian patches courier

According to an alert from Debian, “A cross-site scripting vulnerability was discovered in sqwebmail, a web mail application provided by the courier mail suite, whereby an attacker could cause web script to be executed within the security context of the sqwebmail application by injecting it via an e-mail message.” For more, go to:

Debian updates mailreader

A directory traversal bug has been found in mailreader, which could be exploited to view files with the privileges of “www-data”. For more, go to:


Vendors release Sox patches

Nothing to do with the Red Sox trading deadline moves. Sox is a sound file conversion utility. Two buffer overflow flaws have been found in the code, which could be exploited with a specially crafted WAV file. For more, go to:



Mandrake Linux:


Conectiva, Gentoo patch Samba

A buffer overflow has been found in SWAT, the Samba Web Administration Tool. This flaw could be exploited prior to a user being authenticated and could allow an attacker to take control of the affected machine. For more, go to:




Conectiva patches kernel

Five different flaws have been patched in the latest kernel release from Conectiva. Most of the flaws are relatively obscure, but users are urged to upgrade. For more, go to:


Today’s roundup of virus alerts:

W32/Rbot-EW — Another bot Trojan that exploits network shares with weak passwords to spread between machines. It installs itself as “UPDATE_W.EXE” in the Windows System directory and allows backdoor access via IRC. (Sophos)

W32/Rbot-FC — This Rbot variant is similar to EW above, except it uses the infected file of “WINSYST32.EXE” and adds the twist of a file logger and CD key stealer. (Sophos)

W32/Rbot-DE — Another Rbot variant. It uses “WINSYS32.EXE” as its infection point and tries to kill certain network share connections. (Sophos)

W32/Sdbot-KU — A bot that spreads by exploiting machines infected with MyDoom or without the Windows DCOM patch. It installs itself as “PEREMPTION.EXE” and allows backdoor access via IRC. It can be used to launch SYN flood attacks against remote sites and also attempts to steal CD keys for popular games. (Sophos)

W32/Tompai-A — A backdoor Trojan that spreads via network shares and uses a variety of filename combinations to install itself in the Windows System folder. The virus has the text “phantompain” embedded in the code. (Sophos)

W32/Agobot-KM — Yet another bot that uses weakly protected network shares to spread between machines. This infects “MSVSRV32.EXE” in the Windows System directory, allows backdoor access via IRC, and modifies the Windows HOSTS file to block access to anti-virus sites. (Sophos)


From the interesting reading department:

Gates: We’ll make security our forte

Security will come to be seen as a Microsoft strength. So says Bill Gates, who raised the bar significantly last week when he told financial analysts that ongoing development projects will transform security “from a concern for us into something that’s a significant, unique asset as well as a business opportunity.” Network World, 08/02/04.

Feature: Practice safe chat

Unprotected messaging can cause serious security and compliance problems. Network World, 08/02/04.

Technology Update: ID management establishes trust

As businesses start deploying distributed federated models to solve identity management problems, the Liberty Alliance has developed the Liberty Identification Federation Framework 1.2 specification. Network World, 08/02/04.

NIST says DES encryption ‘inadequate’

The National Institute of Standards and Technology is proposing that the Data Encryption Standard, a popular encryption algorithm, lose its certification for use in software products sold to the government. IDG News Service, 07/29/04.

Glitch locks out Money users

It’s the end of the month – bill-paying time – and some Money 2004 users are wishing they’d kept their cash in an old mattress instead of relying on Microsoft’s financial software. A snafu with a couple of Microsoft servers has frozen users’ access to their own financial data, even though the encrypted files are on the hard drives of their own PCs. PC World, 07/30/04.