JASON MESERVE VIRUS AND BUG PATCH ALERT
09/29/05
Today's focus: New DirectX update fixes flaws
In this issue:
* Patches from Sun, Novell, SuSE, others
* Beware backdoor worm that exploits a number of known Windows
vulnerabilities as it spreads through network shares
* Novell server hacked, and other interesting reading
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Nokia
Empower Your Mobile Enterprise
Nokia believes that business mobility will fundamentally change
the way work gets done-and for the better. To allow the entire
organization to get the most from this paradigm shift in
productivity, Nokia Enterprise Solutions focuses on delivering
increased efficiency through enhanced mobility. Learn more by
downloading this white paper today!
http://www.fattail.com/redir/redirect.asp?CID=116009
_______________________________________________________________
This newsletter is sponsored by Trend Micro
The Trend Micro Threat Map dynamically displays real-time data
to show worldwide trends in virus and content security threats
as they happen. Collected from actual computer infections, the
Threat Map can be used to help determine appropriate security
policies, based on the prevalence of threats that can adversely
affect your business.
http://www.fattail.com/redir/redirect.asp?CID=115827
_______________________________________________________________
Today's focus: New DirectX update fixes flaws
By Jason Meserve
Today's bug patches and security alerts:
New DirectX update fixes flaws
Two buffer overflow in Microsoft's DirectX, a multimedia engine
for Windows, could be exploited to run malicious code on an
affected system. Microsoft has released an update to fix the
problems:
<http://www.networkworld.com/go2/0926bug2a.html>
**********
Sun patches Solaris flaw
A flaw in the Solaris operating system's Xsun() and Xprt()
commands could be exploited by a local user to run malicious
code with elevated privileges. A fix is available. For more, go
to:
<http://www.networkworld.com/nl7859>
**********
Novell patches Groupwise vulnerability
An integer overflow has been found in certain versions of the
Novell Groupwise client for Windows. A new update is available:
<http://www.networkworld.com/go2/0926bug2b.html>
**********
SuSE patches XFree86-server,xorg-x11-server
An integer overflow in XFree86 and the xorg-Xll servers' pixmap
implementation could be exploited to gain elevated privileges on
the affected machine. For more, go to:
<http://www.networkworld.com/go2/0926bug2c.html>
**********
SCO issues fix for UnZip
A flaw in the unzip tool for OpenServer could be exploited by a
local user to run commands and code with elevated privileges.
For more, go to:
<ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.39>
**********
Mandriva releases Mozilla related updates
A number of vulnerabilities have been found in the Mozilla
platform (including the Firefox browser). The most serious of
the flaws could be exploited to run arbitrary commands on the
affected machine. For more, go to:
Mozilla:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:170>
Mozilla Firefox:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:169>
**********
Ubuntu issues kernel updates
A couple of denial-of-service vulnerabilities have been found in
the Ubuntu Linux kernel. For more, go to:
<http://www.networkworld.com/go2/0926bug2d.html>
**********
Debian patches Python 2.3
We reported earlier this week that earlier version of Python are
vulnerable to an integer over flow in the PCRE library. Python
2.3 is vulnerable to the same issue. A fix is now available:
<http://www.debian.org/security/2005/dsa-821>
**********
Gentoo releases fix for PHP
The popular PHP scripting language is vulnerable to an integer
overflow in the PCRE code library. Gentoo has released an
update. For more, go to:
<http://security.gentoo.org/glsa/glsa-200509-19.xml>
Gentoo updates Qt
According to an alert from Gentoo, "Qt is vulnerable to a buffer
overflow which could potentially lead to the execution of
arbitrary code." For more, go to:
<http://security.gentoo.org/glsa/glsa-200509-18.xml>
**********
Today's roundup of virus alerts:
W32/Codbot-AB -- A backdoor worm that exploits a number of known
Windows vulnerabilities as it spreads through network shares. It
drops "dfrgfat32.exe" in the Windows System folder and it can be
used for a number of malicious purposes, such as logging
keystrokes and harvesting system information. (Sophos)
Troj/WinterLv-D -- A Trojan that provides backdoor access to the
infected Windows machine, allowing it to be used as an FTP or
HTTP server, a proxy server and to add/delete user accounts. It
driver names "RDPWD" and "TDTCP". (Sophos)
W32/Rbot-APA -- This new Rbot variant installs "msmgmctl.exe" in
the Windows System folder after spreading through a network
share and exploiting one of many known Windows vulnerabilities.
It allows backdoor access via IRC and can limit access to
security related Web sites by modifying the Windows HOSTS file.
(Sophos)
W32/Rbot-APC -- This Rbot variant spreads through a similar
fashion as Rbot-APA above. It drops "xpjava.exe" in the Windows
System folder. (Sophos)
W32/Rbot-APJ -- Yet another Rbot variant. This one installs
"mswin.pif" in the Windows System folder. (Sophos)
Troj/IRCBot-AG -- A bot worm that provides backdoor access
through IRC. It drops a randomly named file in the Windows
System directory. (Sophos)
Troj/BankDl-J -- A downloader Trojan that drops "dsd.scr" in the
C: root directory. It can spread via an e-mail message from "Big
Brother" and be used to download additional malicious code.
(Sophos)
Troj/Swizzor-Z -- A worm that can be used to communicate with a
remote site via HTTP. It drops "\Application Data\fast regs
great two\Bait Soft Start" in the active "user" directory.
(Sophos)
Troj/Lootbot-A -- A backdoor Trojan that drops a randomly named
.scr file in the Windows System folder. The backdoor connection
is established via an IRC channel. (Sophos)
**********
From the interesting reading department:
Novell server hacked
A company server that some workers at Novell apparently used for
gaming purposes was hacked into and then used to scan for
vulnerable ports on potentially millions of computers worldwide,
according to an Internet security consultant. Computerworld,
09/28/05.
<http://www.networkworld.com/news/2005/092805-novell-hack.html>
Destructive power of mobile viruses could rise fast
The dream of a connected world where PCs and mobile phones can
communicate with the digital home and other devices is supposed
to make life easier. But it could instead make life far more
dangerous if malware developers have their way. IDG News
Service, 09/28/05.
<http://www.networkworld.com/nl7860>
World soccer body warns of phishing scam
The world's governing soccer body, Federation Internationale de
Football Association (FIFA), is warning fans and others that its
name is being abused in a global phishing scam. Several lottery
companies are sending unsolicited, official-looking e-mail
around the globe, announcing that recipients have won a lottery
and requesting personal data, including bank account
information, for them to claim the prize money, FIFA said
Tuesday in a statement. IDG News Service, 09/28/05.
<http://www.networkworld.com/news/2005/092805-phishing-fifa.html>
_______________________________________________________________
To contact: Jason Meserve
Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>
Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Nokia
Empower Your Mobile Enterprise
Nokia believes that business mobility will fundamentally change
the way work gets done-and for the better. To allow the entire
organization to get the most from this paradigm shift in
productivity, Nokia Enterprise Solutions focuses on delivering
increased efficiency through enhanced mobility. Learn more by
downloading this white paper today!
http://www.fattail.com/redir/redirect.asp?CID=116008
_______________________________________________________________
FEATURED READER RESOURCE
The Trend Micro Threat Map
The Trend Micro Threat Map dynamically displays real-time data
to show worldwide trends in virus and content security threats
as they happen. Collected from actual computer infections, the
Threat Map can be used to help determine appropriate security
policies, based on the prevalence of threats that can adversely
affect your business.
<http://www.networkworld.com/go/trendmicro/trend_frr>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at <http://www.subscribenw.com/nl2>
International subscribers click here:
<http://nww1.com/go/circ_promo.html>
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment