July 2005 - Posts
CERT: CISCO IPv6 vulnerability VU#930892
Cisco Systems devices running IOS that are configured to handle Internet Protocol version 6 (IPv6) traffic may not properly handle a specially-crafted packet sent from the local network segment. This improper packet handling may result in a denial-of-service condition or in the execution of arbitrary code on the device running IOS.
The specific nature of the crafted packets exploiting this vulnerability is not known.
Only devices configured to handle IPv6 traffic are vulnerable to this flaw. Any logical or physical interface that handles the crafted packet is vulnerable to the flaw. In addition, the attacker must send the crafted packet on the local network segment. Packets sent one or more hops away from the device will not affect the vulnerable device in a negative manner.
For details on fixes, updates, and workarounds, please see
Cisco Security Advisory 65783: IPv6 Crafted Packet Vulnerability.
Summary
Affected Products
Details
Impact
Software Versions and Fixes
Obtaining Fixed Software
Workarounds
Exploitation and Public Announcements
Status of This Notice: INTERIM
Distribution
Revision History
Cisco Security Procedures
NIST has developed a report on minimum security requirements for federal information systems. This planning study might be valuable for companies to look at for ways and priorities associated with strengthening their security during the coming year.
NIST: Minimum Security Requirements for Federal Information Systems
PC Magazine provides an in-depth report on the first beta of Windows Vista
http://www.pcmag.com/article2/0,1895,1840816,00.asp
|
WHAT'S TO COME... 2006 |
|
[2005]
July 27: Vista beta 1 ships
Mid-September: Beta 1 Refresh at Microsoft
Professional Developers Conference
[2006]
First half: Vista beta 2
Q2/Q3: Vista release to manufacturing
Holiday season: Vista retail release | |
This site has a number of “free for personal use” and “trial versions” of spyware.
Malek Tips - Spyware and Adware Info and Removal Tips
Kaspersky documents a new combined risk of a downloader, adware agent, and file infector all combined into a single attack. It's important to be careful with email and URLs or attachments that might be in untrusted messages.
Downloader.Win32.VB.JL + Parite File Infector
http://www.viruslist.com/en/weblog?calendar=2005-07
QUOTE: A few days ago we got another Trojan-Dropper. When we analyzed it, we found out that it installs 4 files to the system. Nothing out of the ordinary for a dropper. But then we discovered that while one of the files it drops is detected as Trojan-Downloader.Win32.VB.jl, our scanner told us that the other three are infected with Virus.Win32.Parite.b
What's all this about? Someone is trying to spread Parite? We've known about this virus for a number of years, and it's still one of the most widespread classic file viruses found in the wild. But we haven't seen it being deliberately spread for a long time.
The answer was simple, and unexpected. When we cleaned the virus from the infected files, we discovered that underneath the Parite infection, the files were infected with three other Trojan-Downloaders - WinAD.c, IstBar.is and Small.aqt, which Kaspersky Anti-Virus has detected for a long time.
All of these programs are designed to download adware onto the victim machine. So it seems likely that whoever created the original dropper didn't know that the machine he used was infected with Parite. On the other hand, it could just be another attempt on the part of virus writers to prevent their creations being detected by dedicated anti-adware and anti-spyware solutions, which can't detect standard file viruses.
Version 8.02 of Opera addresses three security advisories as well as providing functional improvements to the browser.
Opera 8.02 Download Site
Changelog for Opera 8.02 for Windows
Security Enhancements
Additional Enhancements
- Improved default handling of encodings in spelling checker.
- Multiple stability fixes.
- When an installed plug-in is available, use as default handler rather than display download dialog.
- Fixed issue where search.ini could be picked up from wrong location.
- Improved support for XMLHttpRequest.
- Fixed download handling when closing originating page..
The following link provides publicly announced information by Microsoft on the first beta release for IE 7 which will be oriented for the XP SP2 and Vista Beta platforms.
Internet Explorer 7 Beta 1 - Technology Overview
An excellent example of why you should never click on a URL in a spam email message.
Kaspersky Weblog: Why Unsubscribing from spam is not a good idea
QUOTE: Today I ran across an interesting piece of spam. The ending contained an offer to unsubscribe by clicking "here". Naturally, I clicked and landed on a web page (HTML) that supposedly checked my name against a database. The page then showed me the following message: "your address has been removed from the mailing list".
Sounds reasonable, doesn't it? But ... the end of the HTML file contains Exploit.HTML.Mht which uses the MHTML URL Processing Vulnerability to download malware: in my case it was Trojan-Dropper.Win32.Small.gr and Trojan-Spy.Win32.Banker.s.
Good reminder - never, ever unsubscribe from spam. At best you let the spammer know your address is live, and at worst you end up with an infected computer. Read more:
Malware Evolution: January to March 2005
Microsoft Security Bulletin MS04-013
I've personally used Zone Alarm for years starting with the first version when the company was new. Version 6.0 has been released and I plan to update and test this new version.
Zone Alarm 6.0 - Home Page
Zone Alarm 6.0 - What's New
Zone Alarm 6.0 - FAQs
Zone Alarm 6.0 - Download Center
A new variant of the Bagle.BD virus has just emerged and the following email messages should be blocked or avoided.
Bagle.BD Information - Trend Micro
Bagle.BD Information - Secunia
From: {Spoofed email address}
Subject: Foto
Message body: (any of the following)
• Foto
• Pass - {password of the attachment}
• Password - {password of the attachment}
• Password: {password of the attachment}
• The password is {password of the attachment}
Attachment: (any of the following)
• Foto.zip
• fotos.zip
US-Cert has highlighted a number of new vulnerabilities in Oracle and DBAs or system administrators should apply the latest security updates.
US-CERT Oracle Vulnerability Advisories
Red Hat Oracle Security Alerts - Published Oracle Security Alerts
19-jul-2005 - Advisory: Various Cross-Site-Scripting Vulnerabilities in Oracle Report - [Various CSS in Oracle Reports] (Not fixed after 718 days)
19-jul-2005 - Advisory: Read parts of any XML-file on the application server via Oracle Report - [Read parts of any XML file via Oracle Reports](Not fixed after 693 days)
19-jul-2005 - Advisory: Read parts of any file on the application server via Oracle Report - [Read parts of any file via Oracle Reports] (Not fixed after 692 days)
19-jul-2005 - Advisory: Overwrite any file on the application server via Oracle Report - [Overwrite files via Oracle Reports] (Not fixed after 706 days)
19-jul-2005 - Advisory: Run any OS Command via uploaded Oracle Report from any directory- [Run any OS command via Oracle Reports] (Not fixed after 663 days)
19-jul-2005 - Advisory: Run any OS Command via uploaded Oracle Forms from any directory- [Run any OS command via Oracle Forms] (Not fixed after 664 days)
Latest Oracle Security Updates - July 2005
As CERT has been a favorite resource for security news and information, this new link discovered provides a summary of key items and is beneficial to bookmark:
http://www.us-cert.gov/current/current_activity.html
This new Trojan Horse takes advantage of an IE vulnerability patched by Microsoft during April 2005.
MS05-020: Trojan.Helemoo - Symantec Description
Trojan.Helemoo is a back door Trojan that exploits the Microsoft Internet Explorer DHTML Object Race Condition Memory Corruption Vulnerability (described in Microsoft Security Bulletin MS05-020).
Kaspersky Labs documents the first return of a classical parasitic file infector virus in about two years. Like the CIH virus, it will attempt to infect as many EXE files as possible on the PC, plus download secondary viruses which can spread rapidly throughout an unpatched network. A single PC can have hundreds or even thousands of copies of this virus as it self replicates on the PC.
Kaspersky Labs - Analyst's Commentary
Kaspersky Labs - Tenga.A Description
McAfee - Gael Description
Symantec - Licum Description
Trend - Tenga.A Description
Tenga is a good old classic virus, where the main goal is to self-replicate as much as possible. Once your machine is infected, you can end up with hundreds of infected files, all of which will then attempt to download Trojan-Downloader.Win32.Small.bdc
When run, the worm infects .EXE files on the local system, appending itself to host files. 10 threads are created to search for infectable computers on the Internet, SYN packets are sent to random IP addresses on TCP 139 (netbios). The worm then attempts to connect to responding systems via the IPC$ and open shares to parasitically infect files remotely.
A new critical security patch to address buffer overflow vulnerabilities in ZLIB library processing. This update should be processed promptly to ensure applications are properly protected.
MySQL Reference Manual :: D.2.2 Changes in release 4.1.13
Security improvement: Applied a patch that addresses a zlib data vulnerability that could result in a buffer overflow and code execution. (CAN-2005-2096) (Bug #11844)
MySQL Multiple Vulnerabilities
Secunia Advisory: SA16170
Release Date: 2005-07-22
Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: MySQL 4.x
CERT Advisory on ZLIB Compression Library Vulnerability
Microsoft Press Announcement - Windows Vista
Tech Republic Article - Windows Vista
REDMOND, Wash., July 22, 2005 — Today Microsoft Corp. announced the official name of its next-generation Windows® client operating system, formerly code-named “Longhorn.” Vista's three design goals include better security, new ways to organize information, and seamless connectivity to external devices, the company said.
More Posts
Next page »