Microsoft warns of flaw in Windows ASN.1 library

Today’s bug patches and security alerts:

Microsoft security hole stretches wide

Microsoft Tuesday released a critical software update to patch a security hole in a common Windows component that could allow malicious hackers to place and run their own code on machines running the Windows operating system. IDG News Service, 02/10/04.

https://www.nwfusion.com/news/2004/0210mssec.html?nl

Microsoft advisory:

https://microsoft.com/technet/security/bulletin/MS04-007.asp

Related Microsoft Knowledgebase article:

https://support.microsoft.com/default.aspx?scid=252648

US-CERT Technical Cyber Security Alert:

https://www.us-cert.gov/cas/techalerts/TA04-041A.html

ISS advisory:

https://xforce.iss.net/xforce/alerts/id/164

**********

Conectiva patches libtool

A flaw in the way Conectiva’s libtool handles temporary files could be exploited by an attacker to change or delete arbitrary files on the infected machine. For more, go to:

https://www.nwfusion.com/go2/0209bug2a.html

Conectiva releases gaim fix

Twelve vulnerabilities have been found in Gaim, a cross platform, multi-protocol instant messaging application. While some of the flaws are minor a few could be exploited to gain root privileges on the affected machine. For more, go to:

https://www.nwfusion.com/go2/0209bug2b.html

Conectiva issues fix for vim

A flaw in the vim text editor could be exploited to execute arbitrary commands on the affected machine. The targeted user would have to open a file sent from the attacker in order for this vulnerability to be exploited. For more, go to:

https://www.nwfusion.com/go2/0209bug2c.html

**********

Debian patches mailman flaw

A new patch for mailman fixes a cross-site scripting vulnerability in the mailing list application. For more, go to

https://www.debian.org/security/2004/dsa-436

**********

Red Hat releases patch for mutt

According to an alert from Red Hat, “A bug was found in the index menu code in versions of mutt, [a text-mode mail user agent]. A remote attacker could send a carefully crafted mail message that can cause mutt to segfault and possibly execute arbitrary code as the victim.” For more, go to:

https://rhn.redhat.com/errata/RHSA-2004-051.html

**********

SGI Advanced Linux Environment security update #10

SGI’s latest security update fixes flaws in slocate, util-linux, mc, NetPBM, Gaim and mailman. For more, go to:

https://www.nwfusion.com/go2/0209bug2d.html

**********

Gentoo issues patch for XFree86 Font vulnerability

A flaw in the way font aliases are handled by Gentoo’s XFree86 Window System could be exploited by an attacker to gain root privileges on the affected machine. For more, go to:

https://forums.gentoo.org/viewtopic.php?t=135482

**********

Today’s roundup of virus alerts:

New version of MyDoom appears

Internet security companies said Monday that they discovered a new version of the MyDoom e-mail worm circulating on the Internet. IDG News Service, 02/09/04.

https://www.nwfusion.com/news/2004/0209newversi.html?nl

Virus-like game annoying AOL IM users

A new Web-based game that lets players pretend to catch Osama bin Laden is annoying AOL’s Instant Messenger users with its virus-like self promotion, according to reports from users. IDG News Service, 02/11/04.

https://www.nwfusion.com/news/2004/0211virusgame.html?nl

W32/Doomjuice-B – Spreads to machines already infected with MyDoom-A and Doomjuice-A, installing backdoor functionality on the infected machine. On February 13, the Doomjuice-B launches a denial-of-service attack against microsoft.com. (Sophos)

W32/Deadhat-A – This virus preys on machines infected with MyDoom-A as well as spreads via the Soulseek file sharing network. The virus terminates a number security-related applications and attempts to install a backdoor to allow attackers access to the machine. (Sophos)

Troj/Myss-C – A simple Trojan horse that attempts to overwrite the “Hosts.sam” file in the Windows directory and attempts to download a file from a remote Web site. (Sophos)

W32/Wukill-B – An e-mail virus that opens the File Manager application on the 28th of the month and displays a message on the infected machine’s screen. (Sophos)

W32/Nachi-B – Another virus that attempts to follow the trail of MyDoom. This virus overwrites certain file types and puts messages on the infected machine. (Sophos)

**********

From the interesting reading department:

Cracks appear in Bluetooth security

Be careful the next time you turn on your Bluetooth-enabled phone: You could unknowingly be opening the door to a nasty intruder who could steal confidential information such as your address book or even use your phone to make expensive calls. IDG News Service, 02/11/04.

https://www.nwfusion.com/news/2004/0211cracksappear.html?nl

House builder chooses SSL for net access

When national home builder The Ryland Group chose Secure Sockets Layer remote-access equipment to let more workers tie into corporate resources, it also found a way to give business partners restricted access to the network. Network World, 02/09/04.

https://www.nwfusion.com/news/2004/0209whale.html?nl

Check Point users urged to patch firewall gaps

Check Point customers have been plugging two vulnerabilities discovered last week in the company’s firewall and VPN software that could compromise the networks the products are designed to protect. Network World, 02/09/04.

https://www.nwfusion.com/news/2004/0209checkpoint.html?nl

Another window for spim

Instant-messaging systems aren’t the only way spammers can splash unwanted messages across PC users’ screens. Network World, 02/09/04.

https://www.nwfusion.com/news/2004/0209carrspecialbar.html?nl

Wireless Wizards:  Why does a wireless system need extra VPNs?

My current LAN contains VPNs at various locations throughout the enterprise. Why does our wireless infrastructure need to incorporate additional VPN functionality? Network World Fusion, 02/09/04.

https://www.nwfusion.com/columnists/2004/0209wizards.html?nl