• United States

CERT warns of Mozilla problems

Sep 20, 20045 mins

* Patches from Apple, Debian, Trustix, others * Beware latest Lovegate variants * Feds eyeing one access model for all, and other interesting reading

Today’s bug patches and security alerts:

CERT warns of Mozilla problems

Looks like that problem with Mozilla was more serious than we thought. CERT has issued a warning to users: “Several vulnerabilities exist in the Mozilla web browser and derived products, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system.” Internet Explorer isn’t the only browser with problems.


Apple patches iChat

A flaw in iChat could allow an attacker to send a link that, when clicked, could launch local application on the affected machine. For more, go to:

(scroll down to “Security Update 2004-09-16”)


Debian, Mandrake Linux patch gdk-pixbuf

A flaw in one of the gdk-pixbuf code libraries could be exploited by a remote user to run any code on the affected machine. For more, go to:


Trustix releases two “service packs”

Two new updates available from Trustix fix flaws in a number of applications. The first patches fix issues in kernel, samba and swup. The second fixes problems in apache, cups, foomatic-filters, iptables and squid. For more, go to:

Patch set #1:

Patch set #2:


FreeBSD patches CVS

A number of flaws in the FreeBSD implementation of the CVS version control system have been patched. The most serious of the vulnerabilities could be exploited by an attacker to run their code on the affected machine. For more, go to:


OpenPKG releases SpamAssassin fix

A denial-of-service vulnerability has been found in SpamAssassin for OpenPKG. An attacker could send a malformed message through the system, causing it to crash. For more, go to:

OpenPKG patches aspell

A buffer overflow in the aspell spell check’s word-list-compression utility could be exploited to run malicious code on the affected machine. For more, go to:


Today’s roundup of virus alerts:

W32/Forbot-V – This Forbot variant installs itself as “wuaucls.exe” and allows backdoor access via IRC. The virus can act as a proxy server, spam relay and more. (Sophos)

W32/Forbot-W – A simpler Forbot variant that installs itself as “WINXPINIT.EXE” in the Windows System folder and allows backdoor access via IRC. No word on any other applications it may handle. (Sophos)

W32/Forbot-C – Another Forbot variant. This one uses the file “winitr32.exe” and can disable security-related applications running on the infected machine. (Sophos)

W32/Myfip-A – A worm that seems to collect file names from an infected system and mail the results to the virus author. The virus spreads via network shares and installs itself as “worm.txt.exe” or “dfsvc.exe” in the Windows System directory. (Sophos)

W32/Sdbot-PG – This Sdbot variant exploits the DCOM flaw in Windows as it tries to spread via network shares. It installs itself as “CASD.EXE” in th Windows System folder and can be used in denial-of-service attacks against third parties. (Sophos)

W32/Lovgate-X – This Lovegate variant spreads via e-mail (with random message attributes) and peer-to-peer networks. It starts a service called “NetMeeting Remote Sharing” on the infected machine and tries to terminate certain applications. (Sophos)

W32/Rbot-JR – One of those “fun” Rbot variants that can capture images from a Webcam attached to the infected machine. The virus spreads via networks shares, installing itself in the Windows System folder as “lshost.exe”. It provides backdoor access via IRC and terminates security-related applications. (Sophos)


From the interesting reading department:

Feds eyeing one access model for all

A mandate from President Bush has required the entire federal government to adopt common technology to be used to identify employees and contractors accessing federally controlled networks and buildings. Network World, 09/20/04.

Review: Endpoint security products aid in client defense

We test enterprise endpoint security products from nine vendors: eEye Digital Security, Finjan Software, F-Secure. InfoExpress, SecureWave, Sygate Technologies, Symantec, WholeSecurity and Zone Labs. Network World, 09/20/04.

Management Strategies: Security certification staples

Digest what some of the most popular IT credentials bring to the table. Network World, 09/20/04.

Netilla SSL device guards one application at a time

Netilla is introducing a line of Secure Sockets Layer gear that protects only one application at a time as remote users access servers across the Internet. Network World Fusion, 09/16/04.

Symantec to acquire security consultants @Stake

Symantec has agreed to acquire @Stake, a Cambridge, Mass.-based provider of IT security consulting services. IDG News Service, 09/16/04.

IBM fits PCs with new hardware-based security chip

IBM has begun using new security hardware from National Semiconductor in its desktop PCs in an effort to fend off viruses and hackers. IDG News Service, 09/16/04.