Sun JSSE authentication flaw

Today’s bug patches and security alerts:

Sun JSSE authentication flaw

Versions 1.0.3, 1.0.3_01 and 1.0.3_02 of the Sun Java Secure Sockets Extension (JSSE) may improperly validate certain digital certificates. A fix is available:

https://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57560

Related Security Tracker advisory:

https://www.securitytracker.com/alerts/2004/May/1010193.html

**********

Potential flaw in Microsoft Visual Basic

A buffer overflow in the Visual Basic print statement could potentially be exploited by a local user to gain elevated privileges on the affected machine. Microsoft has not yet verified or patched this issue. For more, go to:

https://www.securitytracker.com/alerts/2004/May/1010175.html

**********

Linux vendors patch cvs

A programming error in cvs, a version control system for Linux, could be exploited to cause a heap overflow, which then could be used to overwrite certain areas of memory on the affected machine. For more, go to:

https://security.e-matters.de/advisories/072004.html

Debian:

https://www.debian.org/security/2004/dsa-505

FreeBSD:

https://www.nwfusion.com/go2/0517bug2a.html

Mandrake Linux:

https://www.nwfusion.com/go2/0517bug2b.html

OpenPKG:

https://www.openpkg.org/security/OpenPKG-SA-2004.022-cvs.html

Slackware:

https://www.nwfusion.com/go2/0517bug2c.html

SuSE:

https://www.suse.com/de/security/2004_13_cvs.html

**********

Four vendors patch neon

A buffer overflow has been found in the Neon HTTP and WebDav clients. Fixes are available. For more, go to:

https://security.e-matters.de/advisories/062004.html

Debian:

https://www.debian.org/security/2004/dsa-506

Gentoo:

https://forums.gentoo.org/viewtopic.php?t=171322

Mandrake Linux:

https://www.nwfusion.com/go2/0517bug2d.html

OpenPKG:

https://www.openpkg.org/security/OpenPKG-SA-2004.024-neon.html

**********

KDE URI handler flaw

According to an alert from kde.org, “A remote attacker could entice a user to open a carefully crafted telnet URI which may either create or truncate a file anywhere where the victim has permission to do so.” For more, go to:

https://www.kde.org/info/security/advisory-20040517-1.txt

Gentoo:

https://forums.gentoo.org/viewtopic.php?t=175306

Mandrake Linux:

https://www.nwfusion.com/go2/0517bug2e.html

Slackware:

https://www.nwfusion.com/go2/0517bug2f.html

**********

Slackware patches Midnight Commander

A number of vulnerabilities have been found in the file manager system Midnight Commander (mc). The flaws could be exploited by a local user to gain the privileges of the user running mc. For more, go to:

https://www.nwfusion.com/go2/0517bug2g.html

**********

Flaw in HP support libraries

According to an alert from HP, “A potential vulnerability has been identified with HP-UX running B6848AB GTK+ Support Libraries where a directory permissions issue could be exploited to allow a local authorized user to gain elevated privileges.” For more, go to:

https://www.nwfusion.com/go2/0517bug2h.html

Flaw in HP CDE dtlogin found

A vulnerability in the HP-UX CDE dtlogin software could be exploited in a denial-of-service attack against the affected machine. For more, go to:

https://www.nwfusion.com/go2/0517bug2i.html

**********

SCO updates X authorization for OpenServer

SCO has released an update that makes X authorization and X sessions more secure. For more, go to:

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.5

**********

OpenPKG patches subversion

A remotely exploitable flaw in the Subversion version control system could be used to execute commands on the affected machine. For more, go to:

https://www.nwfusion.com/go2/0517bug2j.html

**********

SGI releases fix for rpc.mountd

A flaw in rpc.mountd for IRIX could send the application into an infinite loop in certain circumstances. For more, go to:

https://www.nwfusion.com/go2/0517bug2k.html

**********

Today’s roundup of virus alerts:

W32/Cycle-A – This worm exploits the Microsoft LSASS vulnerability (patches have been available for a while) and terminates copies of Blaster and Sasser that may be running on the infected machine. The virus also may try to launch a denial-of-service against the affected machine. It also displays a message from “Cyclone”. (Sophos)

W32/Bobax-A – Another worm that attempts to exploit the LSASS vulnerability. It installs on a target machine then begins scanning random IP addresses looking for other non-patched targets. (Sophos)

Troj/Sdbot-BI – Another Sdbot variant that provides backdoor access to the infected machine via IRC. The virus displays the message “‘Error-38427 A valid dll file was not found, Windows is now deleting file.” when it first infects the target. (Sophos)

W32/Sdbot-MV – Yet another Sdbot variant that uses IRC to provide backdoor access to the infected machine. This variant spreads via weakly protected network shares and also has the ability to download malicious code from a remote site. (Sophos)

W32/Agobot-IK – An Agobot variant that listens via a variety of TCP ports for commands from a remote user. No word on how it spreads between machines. (Sophos)

W32/Agobot-IX – Like most Agobot variants, this version spreads via network shares and allows an attacker to run remote commands on the infected machine via an IRC channel. It also disables security-related applications. (Sophos)

W32/Lovgate-AB – An e-mail and network worm that exploits weakly protected network shares. It uses a variety of file names to spread through e-mail. Lovegate-AB overwrites .exe files, renaming the original with a .ZMX extension. (Sophos)

IRC/Krisworm-C – A Krisworm variant that uses MIRC to allow backdoor access to the infected machine. No word on how it spreads though. (Sophos)

Troj/Iyus-A – A password stealing Trojan that installs itself as IYUS in the Windows directory. It targets passwords used for specific banking sites. (Sophos)

W32/Rbot-M – A Trojan horse that spreads via network shares and uses IRC to allow backdoor access. The virus also tries to connect to the site host babe.thekiller.biz. (Sophos)

**********

From the interesting reading department:

Symantec snatches up anti-spam vendor

Symantec Wednesday signed an agreement to acquire anti-spam vendor Brightmail for $370 million to complement its lineup of gateway security software. Network World Fusion, 05/19/04.

https://napps.nwfusion.com/news/2004/0519symbright.html?nl

Transmeta targets Pentium M users with NX security bit

Upcoming versions of Transmeta’s Efficeon chips will support the NX (No Execute) feature enabled by Microsoft’s upcoming Windows XP Service Pack 2 release, but Intel’s Pentium M processor won’t be ready for NX technology until 2005, representatives from both companies confirmed Monday. IDG News Service, 05/17/04.

https://www.nwfusion.com/news/2004/0517transtarge.html?nl

EU seeks quantum cryptography response to Echelon

The European Union is to invest $11 million ($13 million) over the next four years to develop a secure communication system based on quantum cryptography, using physical laws governing the universe on the smallest scale to create and distribute unbreakable encryption keys, project coordinators said Monday. IDG News Service, 05/17/04.

https://www.nwfusion.com/news/2004/0517euseeks.html?nl