Flaws in WinZip

Today’s bug patches and security alerts:

Flaws in WinZip

A number of buffer overflows have been found in WinZip, the popular compression software for Windows. One could exploit the flaws to run arbitrary code on the affected machine. Users can protect themselves by downloading WinZip Version 9.0 SR-1:

https://www.winzip.com/upgrade.htm

**********

NGSSoftware warns of flaws in IBM DB2

NGSSoftware released an alert saying they’ve found multiple flaws in IBM DB2, but have withheld the details until December 1st to give system administrators time install the available patches. Sounds like the clock is ticking.

NGSSoftware advisory:

https://www.nextgenss.com/advisories/db2-01.txt

IBM patches:

DB2 8.1:

https://www.nwfusion.com/go2/0906bug1a.html

DB2 v7.x:

https://www.nwfusion.com/go2/0906bug1b.html

**********

CERT issues advisory for MIT Kerberos 5

As we reported last week, a couple of vulnerabilities have been found in the MIT Kerberos 5 code. One flaw could be exploited to run code on an affected system, the other in a denial-of-service attack. CERT has issued a warning and more vendors have released related updates:

CERT advisory:

https://www.us-cert.gov/cas/techalerts/TA04-245A.html

Gentoo:

https://forums.gentoo.org/viewtopic.php?t=219216

Mandrake Linux:

https://www.nwfusion.com/go2/0906bug1c.html

Trustix:

https://www.trustix.org/errata/2004/0045

**********

Gentoo fixes

We’ve collected an assortment of advisories for Gentoo Linux and we present them here in condensed format:

Multi-gnome-terminal – An active keystroke logger could allow a local user to view password information:

https://forums.gentoo.org/viewtopic.php?t=219377

Ruby – When Ruby is used for CGI scripting it may create certain temporary files in a non-secure manner:

https://forums.gentoo.org/viewtopic.php?t=218293

XV – A buffer overflow has been found in the image handler:

https://forums.gentoo.org/viewtopic.php?t=218172

Mozilla, Firefox, Thunderbird, Galeon, Epiphany – New versions of these Mozilla-based browsers fix a buffer overflow that was found in previous releases:

https://forums.gentoo.org/viewtopic.php?t=218119

Squid – A denial-of-service vulnerability has been found and patched:

https://forums.gentoo.org/viewtopic.php?t=217932

Gallery – The image upload handling code does not properly deal with temporary files and could be exploited to run arbitrary code:

https://forums.gentoo.org/viewtopic.php?t=217933

eGroupWare – Multiple cross-scripting vulnerabilities have been found:

https://forums.gentoo.org/viewtopic.php?t=217934

Python 2.2 – A buffer overflow has been found in the getaddrinfo() function (only affects those running IPv6):

https://forums.gentoo.org/viewtopic.php?t=217931

vpopmail – A number of vulnerabilities have been found, including one that could allow for SQL injection:

https://forums.gentoo.org/viewtopic.php?t=217329

MySQL – The mysqlhotcopy utility creates poorly protected temporary files that could be exploited in a symlink attack:

https://forums.gentoo.org/viewtopic.php?t=217330

MoinMoin – An anonymous user could bypass the Access Control List:

https://forums.gentoo.org/viewtopic.php?t=214842

kdelibs – The cookie manager component is vulnerable to data injection:

https://forums.gentoo.org/viewtopic.php?t=213969

Cacti – There’s a potential for an attacker to be able to change passwords via a SQL injection:

https://forums.gentoo.org/viewtopic.php?t=213737

courier-imap – A format string vulnerability has been discovered:

https://forums.gentoo.org/viewtopic.php?t=212279

xine-lib – “xine-lib contains an exploitable buffer overflow in the VCD handling code,” according to Gentoo:

https://forums.gentoo.org/viewtopic.php?t=211481

glibc – An information leak vulnerability has been uncovered:

https://forums.gentoo.org/viewtopic.php?t=211363

Tomcat – “Improper file ownership may allow a member of the tomcat group to execute scripts as root,” according to Gentoo:

https://forums.gentoo.org/viewtopic.php?t=210518

GV – A buffer overflow could be exploited by an attack to run any code on the affected machine:

https://forums.gentoo.org/viewtopic.php?t=209419

Horde-IMP – An input validation vulnerability has been found:

https://forums.gentoo.org/viewtopic.php?t=208628

Nessus – A race condition could be exploited to gain elevated privileges:

https://forums.gentoo.org/viewtopic.php?t=209491

**********

Today’s roundup of virus alerts:

W32/Bagle-AT – Typical of many Bagle variants, this version spreads via e-mail (subject line of “foto” and attachment called “foto.zip”) and shared folders using a number of file names. It also drops a Trojan Horse application on the infected machine. (Sophos)

W32/Rbot-HT – This Rbot variant spreads via network shares, using random filenames as its infection point. It allows backdoor access via IRC. (Sophos)

W32/Rbot-MG – Very similar to Rbot-HT, except it uses the file name “WINu32.EXE” when it infects a system. (Sophos)

W32/Rbot-HU – Another run-of-the-mill Rbot variant. This one uses “servicz.exe” when it infects a machine. (Sophos)

W32/Rbot-KO – Same as the above listed Rbot variants with the only exception being the infected file: slserv32.exe. (Sophos)

W32/Rbot-IA – Of the Rbot variants we’ve covered so far, this is the most malicious. While it spreads via network shares (infecting “winxp43.exe”) and uses IRC for backdoor access, it can also be used a proxy, spam relay, FTP server and more. (Sophos)

W32/Forbot-M – This worm spreads via network shares, attempting to exploit the Windows LSASS vulnerability. It installs itself as “winusb32.exe” in the Windows System folder and tries to terminate security-related applications on the infected machine. (Sophos)

**********

From the interesting reading department:

Someone to watch over the ‘Net

A behind-the-scenes look as the Internet Storm Center’s Johannes Ullrich battles the MyDoom-O virus. Network World, 09/06/04.

https://www.nwfusion.com/research/2004/090604sans.html?nl

Research center plugs physical security into its network

Keeping its huge data center humming is vital at NASA Ames Research Center, where 4,000 scientists are working on aeronautics and biotechnology projects. When a new custom-built air conditioning system couldn’t keep the research outfit’s network equipment at the right temperature, it was the IT department’s equivalent of a space mission gone wrong. Network World, 09/06/04.

https://www.nwfusion.com/news/2004/090604nasaames.html?nl

Celestix improves all-in-one security packages

Celestix Networks this week is introducing a security appliance built on Microsoft’s Internet Security and Acceleration Server 2004 that is designed to give users firewall, VPN and Web caching capabilities in one box. Network World, 09/06/04.

https://www.nwfusion.com/news/2004/090604celestix.html?nl

Infonet VPN service to exploit the ‘Net

Infonet Services next week will announce a low-cost, managed VPN service that uses the popular Multi-protocol Label Switching protocol and rides over the Internet. Network World, 09/06/04.

https://www.nwfusion.com/news/2004/090604infonet.html?nl

New York presents wireless security challenge for RNC

Transportation Security Administration security checkpoints, hundreds of Secret Service agents, thousands of police on foot, horses and motorcycles, city blocks barricaded by dump trucks filled with tons of sand and an invisible wireless back door that is virtually impossible to monitor and control. That was a snapshot of the security situation at this week’s Republican National Convention (RNC) at New York’s Madison Square Garden. Computerworld, 09/02/04.

https://www.nwfusion.com/news/2004/0902rncwir.html?nl