• United States

Patches for Macromedia JRun and ColdFusion MX

Sep 27, 20047 mins

* Patches from Macromedia, Conectiva, Gentoo, others * Beware peer-to-peer and e-mail worm * Whitepaper: The Phishing Guide - Understanding & Preventing Phishing Attacks, and other interesting reading

Today’s bug patches and security alerts:

Macromedia releases cumulative patches for JRun and ColdFusion MX

The JRun patch covers everything released to date for versions 4.0, 3.1 and 3.0. The ColdFusion MX update covers all previous bug fixes for versions 6.0, 6.1, and 6.1 J2EE. For more, go to:


ColdFusion MX:


@Stake warns of flaw in JumpDrive Secure 1.0 and Lexar Safe Guard software

The USB drive is supposed to protect data files using a password. But @Stake says there is a means of accessing the protected data without knowing the password. For more, go to:

@Stakes issues advisory on Pingtel Xpressa

According to @Stake, “The Pingtel Xpressa handset [a SIP phone] can be administered over a variety of interfaces (console, telnet and http).  A vulnerability exists in the HTTP server which enables a remote authenticated attack to cause the underlying VxWorks operating system to stop.” For more, go to:


Conectiva, Gentoo patch Apache

Version 2.0.51 of the popular Web server is available for Conectiva and Gentoo users. This is a bug fix release that repairs problems in IPv6, configuration file parsing, mod_ssl, and mod_dav_fs. For more, go to:




Mandrake Linux patches ImageMagick

A buffer overflow in imagemagick could be exploited by a specially crafted image or movie file. An attacker could use this in a denial-of-service attack or to potentially run commands on the affected machine. For more, go to:


Gentoo, Mandrake Linux patch mpg123

A buffer overflow in the mpg123 multimedia player could be exploited to crash the application and allow an attacker to run their own code on the affected machine. For more, go to:


Mandrake Linux:


Gentoo releases SUS fix

SUS allows regular users to execute certain commands with root privileges. A string format flaw in the utility could be exploited by a local user to gain elevated privileges. For more, go to:

Gentoo patches cdrtools

The cdrtools package for Gentoo, used for burning CDs, contains a flaw that could allow a local user to gain root privileges on the affected machine. For more, go to:


iDefense warns of flaw in GNU RADIUS

A vulnerability in the asn_decode_string() of the GNU RADIUS server could be exploited in a denial-of-service attack. For more, go to:

Related fix from Gentoo:


Debian patches imlib

According to Debian, a heap overflow error in imlib, an imaging library for X and X11, could be abused by an attacker to execute arbitrary code on the victim’s machine. For more, go to:


Today’s roundup of virus alerts:

W32/Forbot-Gen – Not much is known about this bot, other than it allows backdoor access via IRC. (Sophos)

W32/Forbot-AG – Another Forbot variant that spreads via network shares and infects “IEXPLORE.EXE” in the Windows System directory. It uses IRC to allow backdoor access and can be used to launch denial-of-service attacks or as a proxy server. (Sophos)

W32/Forbot-AJ – Similar to Forbot-AG in capability. This variant uses an infected file called “videosd32.exe”. (Sophos)

W32/Rbot-KJ – A variant of Rbot that spreads through network shares and infects the file “Msloader32.exe” in the Windows System folder. The worm can be used for a number of tasks including turning a Webcam on. (Sophos)

W32/Zusha-A – A virus that exploits the Windows LSASS vulnerability to spread between machines. It infects the file “aux32.exe” in the Windows System folder. (Sophos)

W32/Agobot-MX – This Agobot variant installs itself as “services21.exe” in the Windows System folder, steals game CD keys and disables security-related applications. (Sophos)

Rayl.A – A virus that spreads via MSN Messenger by getting users to click on an image. The virus will attempt to download malware from a remote site. (Panda Software)

W32/Mexer-E – A peer-to-peer and e-mail worm that creates a directory called “sysnet” and installs itself as “RUBY13.EXE”. (Sophos)

W32/Myfip-C – A worm that spreads via network shares, infecting machines with the filename “txt.exe” or “dfsvc.exe”. The virus seems to collect information about certain files and sends it back to the author. (Sophos)


From the interesting reading department:

Whitepaper: The Phishing Guide – Understanding & Preventing Phishing Attacks

This paper covers the technologies and security flaws Phishers exploit to conduct their attacks, and provides detailed vendor-neutral advice on what organizations can do to prevent future attacks. Security professionals and customers can use this comprehensive analysis to arm themselves against the next phishing scam to reach their in-tray. Next Generation Security Software, 09/04.

Buzz: Security in a world without borders

As the perimeter loses ground in the battle for secure networks, some security executives want to do away with perimeter security altogether. But others aren’t so sure. Network World, 09/27/04.

Security vendors harden products

Security companies this week are trotting out intrusion-prevention system and vulnerability-assessment products that not only widen customer choice but also indicate growing multi-vendor collaboration. Network World, 09/27/04.

Cisco offerings target small firms

Cisco this week will release products it says will help small companies deal with the complexities of LAN switch security, convergence and network management. Network World, 09/27/04.

Authentication services on tap

VeriSign last week began offering a managed authentication service based on two-factor hardware tokens that online businesses can use as an alternative to hosting their own authentication servers or depending on less-secure, reusable passwords. Network World, 09/27/04.

Symantec report: E-comm attacks on rise

Symantec last week issued its biannual Internet threat report, which notes, among other trends, that e-commerce sites were the most targeted by hackers in the first six months of this year.  Network World, 09/27/04.

New, dangerous Microsoft JPEG exploit released

New computer code that exploits a recently disclosed hole in Microsoft’s Internet Explorer Web browser is circulating on the Internet and could allow remote attackers to take full control of vulnerable Windows machines, according to warnings from anti-virus companies and Internet security experts. IDG News Service, 09/23/04.

E-business sites hit with attacks, extortion threats

A distributed denial-of-service attack that disrupted Web-based systems at credit card payment processing firm Authorize.Net earlier this week is indicative of a sharp increase in the number of cyberattacks being targeted at specific companies and driven by profit motives on the part of the hackers who launch them. Computerworld, 09/24/04.

Nokia adds anti-virus protection to new smart phone

Finnish mobile phone manufacturer Nokia will offer mobile anti-virus software through F-Secure as one of the features in its new Nokia 6670 smart phone when it is released in October, the companies announced Thursday. IDG News Service, 09/23/04.