Search This Blog

Thursday, June 30, 2005

Backdoor password in Enterasys Vertical Horizon switches


NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
06/30/05
Today's focus: Backdoor password in Enterasys Vertical Horizon
switches

Dear security.world@gmail.com,

In this issue:

* Patches from Gentoo, OpenPKG, Mandriva, others
* Beware new bot,Codbot, that can be used to log keystrokes and
  download malware
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Nokia
Empower Your Mobile Enterprise

Nokia believes that business mobility will fundamentally change
the way work gets done-and for the better. To allow the entire
organization to get the most from this paradigm shift in
productivity, Nokia Enterprise Solutions focuses on delivering
increased efficiency through enhanced mobility. Learn more by
downloading this white paper today!
http://www.fattail.com/redir/redirect.asp?CID=107233
_______________________________________________________________
WHITE HAT HACKERS

Can hackers be ethical? Should you hire a hacker? Many security
experts advise organizations to hire ethical hackers - aka white
hat hackers - as consultants to carry out penetration testing of
their networks. But what are the risks? How would you even go
about hiring a hacker? Find out what NW says:
http://www.fattail.com/redir/redirect.asp?CID=107365
_______________________________________________________________

Today's focus: Backdoor password in Enterasys Vertical Horizon
switches

By Jason Meserve

Today's bug patches and security alerts:

Backdoor password in Enterasys Vertical Horizon switches

Jacek Lipkowski is reporting an undocumented system account
(user is "tiger", password is "tiger123") has been found in the
Vertical Horizon VH-2402S with firmware 02.05.00 or 02.05.09.07.
Enterasys seems to have released a fix for the problem:
<http://www.enterasys.com/download/download.cgi?lib=vh>
**********

Gentoo patches flaw in Trac

A flaw in Trac, a Web-based management system for bug tracking
and wiki projects, could allow an attacker to run malicious
applications on the affected machine. For more, go to:
<http://security.gentoo.org/glsa/glsa-200506-21.xml>

Gentoo releases fix for Tor

A flaw in Tor, a second-generation version of Onion Routing,
could be exploited by an attacker to view certain system memory
segments. For more, go to:
<http://security.gentoo.org/glsa/glsa-200506-18.xml>
**********

iDefense warns of flaws in IpSwitch WhatsUp Professional 2005

According to an advisory from iDefense, "Remote exploitation of
a SQL injection vulnerability in IpSwitch Inc.'s WhatsUp
Professional 2005 Service Pack 1 could allow a remote attacker
to gain administrative access to the application." For more, go
to:

iDefense advisory:
<http://www.networkworld.com/go2/0627bug2a.html>

IpSwitch fix:
<http://www.networkworld.com/go2/0627bug2b.html>
**********

OpenPKG fixes shtool

The shtool utility creates temporary files in a non-secure
manner, leaving them exploitable to a symlink attack. A hacker
could use this to potentially run malicious code on the affected
machine. For more, go to:
<http://www.openpkg.org/security/OpenPKG-SA-2005.011-shtool.html>
**********

Trustix releases "multi" update

A new update from Trustix fixes flaws in cpio, razor-agents,
sudo and telnet. The most serious of these could be exploited to
run malicious applications on the affected machine. For more, go
to:
<http://www.trustix.org/errata/2005/0030/>
**********

Mandriva patches squid

According to an alert from Mandriva, "A bug was found in the way
that Squid handles DNS replies. If the port Squid uses for DNS
requests is not protected by a firewall, it is possible for a
remote attacker to spoof DNS replies, possibly redirecting a
user to spoofed or malicious content." For more, go to:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:104>

Mandriva fixes dbus

A flaw in the way dbus messages are sent between applications
could be exploited by another user to view the data being sent.
For more, go to:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:105>
**********

Today's roundup of virus alerts:

W32/Rbot-AGH - An Rbot variant that exploits the Windows LSASS
and RPC-DCOM vulnerabilities as it spreads through network
shares. It installs "LimeWire.exe" on the infected machine and
allows backdoor access through IRC. (Sophos)

W32/Sdbot-ZM - This Sdbot variant exploits a number of known
Windows flaws in its attempt to infect a machine. If successful,
it drops "nawdll32.exe" in the Windows System directory and it
can allow backdoor access via IRC. (Sophos)

Troj/Drivol-A - A Trojan that attempts to download and run
malicious code from a remote Web site. It initially installs
"fvek.exe" on the infected machine. (Sophos)

W32/Mytob-BV - Wow, another Mytob variant. Again, it spreads
through e-mail and network shares, providing backdoor access to
the infected machine through IRC. This particular variant drops
"TimeManager.exe" on the infected machine. (Sophos)

Troj/Pyfls-A - Another Trojan that tries to download additional
malicious code from a preconfigured site. It drops "b.tmp" on
the infected host. (Sophos)

W32.Codbot.AL - A new bot that can be used to log keystrokes and
download malware. It spreads by exploiting some well-known
Windows vulnerabilities and provides unauthorized access through
IRC. (Panda Software)

W32.Semapi.A - An e-mail worm that uses variable message
attributes when it spreads. Fortunately, it does display the
message "semapi.dll" cannot be found. (Panda Software)
_______________________________________________________________
To contact: Jason Meserve

Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>

Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Nokia
Empower Your Mobile Enterprise

Nokia believes that business mobility will fundamentally change
the way work gets done-and for the better. To allow the entire
organization to get the most from this paradigm shift in
productivity, Nokia Enterprise Solutions focuses on delivering
increased efficiency through enhanced mobility. Learn more by
downloading this white paper today!
http://www.fattail.com/redir/redirect.asp?CID=107232
_______________________________________________________________
ARCHIVE LINKS

Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html

Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
FOCUS ON RECOVERY

IT professionals are changing the way they back up and recover
data, experts say, with new emphasis on the speedier fetching of
data made possible by advancing technologies. At a recent
storage conference in Orlando, disk-based backup solutions were
touted - find out if attendees agreed and if faster storage
solutions will soon be available. Click here:
<http://www.networkworld.com/news/2005/062005-data-recovery.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

No comments: