Microsoft, Apple, Cisco and Oracle fixes

Today’s bug patches and security alerts:

Microsoft warns of gaming security hole; issues monthly updates

Microsoft released software updates for versions of Windows XP and Windows Server 2003 and warned customers about a security vulnerability in a Windows component called IDirectPlay4, which is used to support multiplayer network games. IDG News Service, 06/08/04.

https://www.nwfusion.com/news/2004/0608updatmic.html?nl

Crystal Reports Web viewer flaw advisory:

https://www.microsoft.com/technet/security/Bulletin/MS04-017.mspx

DirectPlay advisory:

https://www.microsoft.com/technet/security/Bulletin/MS04-016.mspx

**********

New Apple patch warns of malicious applications

A new Apple security update warns users when a downloaded file tries to open an application that’s never been used before. This is protects against malicious code being downloaded and run in association with a document or other data file. For more, go to:

https://docs.info.apple.com/article.html?artnum=25785

**********

Cisco patches CatOS

The Telnet, HTTP and SSH service in Cisco CatOS is vulnerable to a TCP-ACK denial-of-service attack, which could cause an affected device to stop responding. The Catalyst 4000, 4500, 5000 and 6000 series are impacted. For more, go to:

https://www.cisco.com/warp/public/707/cisco-sa-20040609-catos.shtml

**********

CERT warns of flaw in Oracle E-Business Suite

A SQL injection vulnerability in the Oracle E-Business Suite could be exploited by a remote user to run arbitrary code on the affected machine. By exploiting this, an attacker could compromise the underlying database. For more, go to:

CERT advisory:

https://www.us-cert.gov/cas/techalerts/TA04-160A.html

Oracle patch:

https://www.nwfusion.com/go2/0607bug2a.html

**********

Search finds more holes in open source tool

A close investigation of a common open source tool has uncovered more critical security holes in software used by developers to track and manage changes in computer code. Six vulnerabilities were discovered in the Concurrent Versions System, which is used to manage code on a number of leading open source software development projects. IDG News Service, 06/09/04.

https://www.nwfusion.com/news/2004/0609searcfinds.html?nl

Related:

SuSE:

https://www.suse.com/de/security/2004_15_cvs.html

e-Matters security advisory:

https://security.e-matters.de/advisories/092004.html

**********

FreeBSD patches jail

A flaw in jail, which allows system administrators to lock a process (and it’s related processes) in a closed environment, could be exploited to manipulate routing tables. For more, go to:

https://www.nwfusion.com/go2/0607bug2b.html

**********

Today’s roundup of virus alerts:

W32/Sdbot-DB – A Sdbot variant that spreads via network shares and uses IRC to allow backdoor access to the infected machine. It also tries to steal CD keys for some popular games. (Sophos)

W32/Spybot-BZ – Spybot spreads via network shares, copying itself into CRCSSV.EXE in the Windows System folder. It listens for commands via IRC and terminates certain anti-virus applications. (Sophos)

W32/Spybot-CC – Another Spybot variant. This one spreads via network shares and peer-to-peer networks such as Kazaa. It copies itself to “sysreq.exe” in the Windows System folder and attempts to connect to an IRC server to listen for instructions. (Sophos)

W32/Spybot-CG – Yet another Spybot variant that uses peer-to-peer systems and network shares to spread. This one installs itself as “Winhub.exe” in the Windows System folder and can be used to log a number of system events. (Sophos)

Cult.J – An e-mail virus that spreads in a message titled “Hello, I sent you a beautiful love card. ^_*” and has an attachment called “BEAUTIFULLOVE.PIF”. It tries to allow backdoor access via IRC and download files from a remote site. (Panda Software)

Troj/StartPa-AE – This virus changes the Internet Explorer start page each time the computer is started. No word on how it spreads between targets. (Sophos)

W32/Korgo-G – A Korgo variant that spreads by exploiting the Windows LSASS vulnerability, for which there is a patch available. The virus scans a random range of IP addresses looking for additional targets, reporting the findings back to an IRC server. (Sophos)

W32/Korgo-H – Another Korgo variant what uses the LSASS flaw to spread. This variant tries to delete “ftpupd.exe” and certain registry entries from the infected machine. It may also try to block a system shutdown. (Sophos)

W32/Dumaru-AK – A multi-part virus that uses a number of different e-mail charateristics to spread. It installs itself as UPU.EXE in the Windows System folder and tries to prevent access to anti-virus sites by modifying the Hosts file. It listens on port 1250 for potential updates to its code. (Sophos)

W32/Rbot-AA – A virus that spreads via network shares and also attempts to delete network connections from the infected machine. It installs itself as “SCRGRD.EXE” in the Windows System folder. (Sophos)

**********

From the interesting reading department:

Confusion surrounds Cisco-Linksys wireless hole

A report last week about a security hole in a wireless broadband router made by Cisco’s Linksys division overstated the severity of the vulnerability, according to the man who first warned of the problem. IDG News Service, 06/07/04.

https://www.nwfusion.com/news/2004/0607confuse.html?nl

The Witty worm: A new chapter in malware

While press reports downplayed Witty, Bruce Schneier says, “Witty was a big deal. It represented some scary malware firsts and is likely a harbinger of worms to come. IT professionals need to understand Witty and what it did.” Computerworld, 06/02/04.

https://www.nwfusion.com/go2/0607bug2c.html

Microsoft research targets security, searching

Microsoft Wednesday showed off some forward-looking technologies during a research road show, including new ways to protect users from worms and to identify “Web spam.” IDG News Service, 06/10/04.

https://www.nwfusion.com/news/2004/0610microresea.html?nl

Gartner Summit: RSA focuses anew on the password problem

RSA Security is renewing its focus on improving the security of user passwords. The company Monday plans to announce RSA Sign-On Manager, a rebranded version of its SecurID Passage product that the company says will make it easier for enterprises to manage user passwords. IDG News Service, 06/07/04.

https://www.nwfusion.com/news/2004/0607gartnsummi.html?nl

Man pleads guilty to wireless hack into stores

A Michigan man pleaded guilty on Friday to four counts of wire fraud and unauthorized access to a computer after he and two accomplices used a vulnerable wireless network at a Lowe’s Companies store in Michigan to attempt to steal credit card numbers from the company’s main computer systems in North Carolina and other Lowe’s stores in the U.S. IDG News Service, 06/07/04.

https://www.nwfusion.com/news/2004/0607manplead.html?nl

Cybersecurity: Too important to leave in private hands?

The cybersecurity of the U.S. is too important to leave to the chance that marketplace incentives will lead to more secure software, a liberal commentator and a cybersecurity analyst argued Monday at the Gartner IT Security Summit. IDG News Service, 06/07/04.

https://www.nwfusion.com/news/2004/0607cybertooi.html?nl