RealNetworks patches four flaws

NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
06/27/05
Today's focus: RealNetworks patches four flaws

Dear security.world@gmail.com,

In this issue:

* Patches from RealNetworks, Gentoo, OpenPKG, others
* Beware Trojan that targets Brazilian banking Web sites
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Hewlett Packard
The Business Case for Adopting Blade Systems in the Data Center

HP ProLiant Blade Systems: The Business Case for Adopting Blade
Systems in the Data Center. When making a purchase decision,
blades should be considered as an integrated, consolidated
infrastructure-or a complete system-that includes servers,
storage, networking and power. Learn how HP's blade system
represents a new approach to infrastructure that can accelerate
the integration and transformation of your data center.
http://www.fattail.com/redir/redirect.asp?CID=107281
_______________________________________________________________
WHITE HAT HACKERS

Can hackers be ethical? Should you hire a hacker? Many security
experts advise organizations to hire ethical hackers - aka white
hat hackers - as consultants to carry out penetration testing of
their networks. But what are the risks? How would you even go
about hiring a hacker? Find out what NW says:
http://www.fattail.com/redir/redirect.asp?CID=107364
_______________________________________________________________

Today's focus: RealNetworks patches four flaws

By Jason Meserve

Today's bug patches and security alerts:

RealNetworks patches four flaws

RealNetworks has issued patches for its RealPlayer media client
that fixes four vulnerabilities in older versions. The flaws
could be exploited to install spyware or to take control of the
affected machine. For more, go to:
<http://service.real.com/help/faq/security/050623_player/EN/>

Related iDefense advisory:
<http://www.networkworld.com/go2/0627bug1a.html>
**********

Security firm warns of flaws in Veritas Backup Exec

SecurityTracker is reporting it has found a number of
vulnerabilities in Veritas' Backup Exec line for Windows.
Hackers could exploit the flaws in a denial-of-service attack or
to potentially run malicious code. For more, go to:

SecurityTracker advisory:
<http://securitytracker.com/alerts/2005/Jun/1014273.html>

Veritas advisory:
<http://seer.support.veritas.com/docs/276533.htm>

Related iDefense advisories:

Veritas Backup Exec Server Remote Registry Access Vulnerability:
<http://www.networkworld.com/go2/0627bug1b.html>

Veritas Backup Exec Agent Error Status Remote DoS Vulnerability:
<http://www.networkworld.com/go2/0627bug1c.html>

Veritas Backup Exec Agent CONNECT_CLIENT_AUTH Buffer Overflow
Vulnerability:
<http://www.networkworld.com/go2/0627bug1d.html>
**********

Gentoo patches SpamAssassin 3 and Vipul's Razor

An attacker could send malformed messages through SpamAssassin
or Vipul's Razor, causing the filtering applications to crash.
For more, go to:
<http://security.gentoo.org/glsa/glsa-200506-17.xml>
**********

OpenPKG, SuSE release sudo fix

A race condition in Sudo could be exploited to run applications
with the privileges on another user. Fixes are available. For
more, go to:

OpenPKG:
<http://www.openpkg.org/security/OpenPKG-SA-2005.012-sudo.html>

SuSE:
<http://www.networkworld.com/nlvirusbug2810>
**********

iDefense warns of flaws in Cacti

Security researches at iDefense are warning of a number of flaws
in Cacti, a Web front end for rrdtool. The most serious of the
flaws could be exploited to run malicious code on the affected
machine. For more, go to:

Cacti Remote File Inclusion Vulnerability:
<http://www.networkworld.com/go2/0627bug1e.html>

Cacti config_settings.php Remote Code Execution:
<http://www.networkworld.com/go2/0627bug1f.html>

Cacti Multiple SQL Injection Vulnerabilities:
<http://www.networkworld.com/go2/0627bug1g.html>

Related fix from Gentoo:
<http://security.gentoo.org/glsa/glsa-200506-20.xml>
**********

Today's roundup of virus alerts:

W32/Agobot-SE - An Agobot network worm that attempts to exploit
a number of known Windows vulnerabilities. It installs itself as
"system.exe" in the Windows System folder and can allow backdoor
access through IRC. (Sophos)

Troj/Banker-DJ - Another Trojan that targets Brazilian banking
Web sites. This variant installs "csrss.exe" and "lsass.dll" on
the affected machine. It may also attempt to shutdown anti-virus
products running on the infected system. (Sophos)

W32/Rbot-AFV - A new Rbot variant that exploits many well-known
Windows flaws as it spreads through network shares. It uses a
random file name as its infection point and can be used for a
number of malicious applications, including downloading
additional code and stealing information from the infected
machine. (Sophos)

W32/Rbot-AGG - Another IRC Trojan bot that attempts to spread
through network shares by exploiting known Windows
vulnerabilities. This variant installs itself as "winsound.exe"
in the Windows System directory. (Sophos)

W32/Appflet-A - A mass-mailing worm that arrives in a message
claiming to be salacious photos and with an attachment called
"ActorsGallery.zip". (Sophos)

W32/Sdbot-ZO - An IRC Trojan that spreads through network
shares, dropping "burndl32.exe" in the infected machine's
Windows System directory. (Sophos)

W32/Nanpy-A - A virus that attempts to redirect traffic from
banking sites to a malicious IP address by modifying the Windows
HOSTS file. It spreads by exploiting the Windows RPC-DCOM
vulnerability, dropping "mmsvc32.exe" on the infected machine.
(Sophos)

W32/Mytob-EA - What would a newsletter be without at least one
Mytob variant? This version spreads through a message that looks
like an account warning or password update. It installs itself
as "skybot.exe", disables security applications and access to
related sites, and provides backdoor access through IRC.
(Sophos)

W32/Mytob-BS - Another Mytob e-mail worm variant. This one drops
"logitechwls.exe" on the infected machine. It also tries to
exploit the RPC-DCOM and LSASS vulnerabilities as a way into a
potential host. (Sophos)

W32/Mytob-BU - Yet another Mytob variant that acts in similar
ways as many of its predecessors. This particular version drops
"windsns.exe" on its target. (Sophos)

Troj/Psyme-BY - A Trojan that attempts to exploit the Windows
ADODB flaw. If successful, it tries to download additional
malicious code from remote Web sites. (Sophos)

W32/Kelvir-AP - A Windows Messenger worm that spreads through an
instant message reading "hahaaaa you are in the weebs picture!!"
followed by a link to a remote site. It looks as if the
downloaded file only contains text at this point. (Sophos)
_______________________________________________________________
To contact: Jason Meserve

Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>

Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Hewlett Packard
The Business Case for Adopting Blade Systems in the Data Center

HP ProLiant Blade Systems: The Business Case for Adopting Blade
Systems in the Data Center. When making a purchase decision,
blades should be considered as an integrated, consolidated
infrastructure-or a complete system-that includes servers,
storage, networking and power. Learn how HP's blade system
represents a new approach to infrastructure that can accelerate
the integration and transformation of your data center.
http://www.fattail.com/redir/redirect.asp?CID=107280
_______________________________________________________________
ARCHIVE LINKS

Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html

Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
CALL FOR ENTRIES: 2005 ENTERPRISE ALL-STAR AWARDS

Network World is looking for entries for its inaugural
Enterprise All-Star Awards program. The Enterprise All-Star
Awards will honor user organizations that demonstrate
exceptional use of network technology to further business
objectives. Network World will honor dozens of user
organizations from a wide variety of industries, based on a
technology category. Deadline: July 8. Enter today:
<http://www.networkworld.com/survey/easform.html?net>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005