• United States

Bug in Solaris Volume Manager

Jul 22, 20045 mins

* Patches from Gentoo, Debian, others * Beware new Bagle and MyDoom variants * Study: MasterCard, others unwittingly help 'phishers', and other interesting reading

Today’s bug patches and security alerts:

Bug in Solaris Volume Manager

A flaw in Sun’s Solaris Volume Manager, a tool for managing disk partitions and virtual drives, could be exploited to cause a system panic on the affected machine. Only Solaris 9 implementations running Volume Manager are impacted. For more, go to:

SPARC platform:

x86 platform:


Cross-scripting attack in Hotmail

SecurityTracker is reporting a potential cross-scripting vulnerability in the Hotmail service that could allow a malicious user to gain access to another user’s account. The flaw involves sending a message with some embedded code in it. No workaround is available at the moment, other than to not open message from questionable parties. For more, go to:


Gentoo patches rsync

The rsync incremental file transfer utility is vulnerable to a directory traversal attack. This could be used by a hacker to write files outside the directories that rsync has access to. For more, go to:

Gentoo patches MoinMoin

A bug in MoinMoin, a Python clone of WikiWiki, allows users to bypass access control lists. For more, go to:

Gentoo fixes buffer overflow in wv

A buffer overflow in wv, a tool for accessing Microsoft Word files, could be exploited to allow any code to be run on the affected machine. For more, go to:


Debian patches PHP

A flaw in the popular PHP server-side scripting language could be exploited remotely to cause a “memory_limit request termination” on the affected machine. An attacker could exploit this to take control of the machine and run any code they wanted. For more, go to:

Debian releases patch for Ethereal

A flaw in the Ethereal network monitoring package could be exploited by a invalid SNMP packet, which would cause the system to crash. For more, go to:


Today’s roundup of virus alerts:

New Bagle, MyDoom variants roil Internet

New versions of the Bagle and MyDoom worms surfaced on the Internet Monday, and appear to be spreading. Bagle.AI and MyDoom.N are both so-called “mass mailing” worms that use a built-in SMTP engine that sends e-mail messages carrying worm-infected file attachments from computer to computer on the Internet, both using faked (or “spoofed”) sender addresses, anti-virus companies said. IDG News Service, 07/20/04.

Anti-virus companies warn about Bagle.AG threat

Network administrators returning to work after the weekend can enjoy a fresh Bagle with their coffee – and no, it’s not that kind of bagel. On Monday, anti-virus companies warned of another virulent new version of the Bagle e-mail worm, dubbed Bagle.AG. IDG News Service, 07/19/04.

W32/Rbot-DX – Installing itself as “WUAMGRD.EXE” in the Windows System folder, this virus penetrates systems via poorly protected network shares. The virus accepts remote commands via IRC and disables anti-virus applications running on the infected machine. (Sophos)

W32/Lovgate-AJ – A member of the Lovegate family that spreads via e-mail, file sharing networks and network shares. No word on the damage it can cause, but it does infect a number of files in the Windows System directory. (Sophos)

W32/Sdbot-KK – This Sdbot variant copies itself into “VIDEONS32.EXE” in the Windows System directory. The virus spreads via network shares and will allow backdoor access to the infected machine via IRC.  The virus also terminates security applications and access to related sites. (Sophos)

Troj/Bancban-C – A password-stealing Trojan horse that targets customers of a Brazilian bank. No other characteristics given. (Sophos)


From the interesting reading department:

Study: MasterCard, others unwittingly help ‘phishers’

Leading financial institutions have adopted a more aggressive attitude toward online identity theft cons known as “phishing scams” in recent months. But companies, including MasterCard International, may be unwittingly helping phishers trick online shoppers, says a new report from a U.K. Web developer. IDG News Service, 07/19/04.

Tool nabs malware masked by SSL

Finjan Software Monday released a product that protects networks from malicious code trying to sneak into corporate networks as SSL traffic. Network World Fusion, 07/19/04.

‘Deceptive Duo’ hacker charged by U.S. government

A 20-year-old man from Pleasant Hill, Calif., suspected of being a hacker calling himself “the Deceptive Duo,” Monday will face a U.S. Magistrate Judge on charges that he hacked into government computers and defaced government Web sites. IDG News Service, 07/19/04.

Stolen code shop back in business – on Usenet

An online group claiming to have the source code for two popular computer programs for sale opened its doors for business again Saturday. IDG News Service, 07/19/04.

First Windows CE virus emerges

A virus designed to demonstrate security holes in Microsoft’s Windows CE operating system but not to cause damage was identified by security companies over the weekend. IDG News Service, 07/19/04.