Today's bug patches and security alerts:
Microsoft在周二预期发布了其Exchange Messaging Server的一个关键安全更新,以及两个安全更新,其中一个是至关重要的。IDG新闻服务,05/09/06。
Related advisory:
**********
According to a Cisco advisory, "Cisco Application Velocity System's (AVS) default configuration allows transparent relay of TCP connections to any reachable destination TCP port if the receiving TCP service can process requests embedded in a HTTP POST method message. This issue does not require a software upgrade and can be mitigated by a configuration command for all affected customers. Fixed versions of the AVS software have been modified to provide a more secure default configuration." A free update is available.
**********
New patches from Debian:
cgiirc (multiple buffer overflows)
Mozilla (denial of service, code execution)
**********
New patches from Ubuntu:
Nagios (buffer overflow, code execution)
**********
Mandriva的新更新:
**********
New patches from Gentoo:
pdnsd (Denial of service, possible code execution)
Nagios (buffer overflow, code execution)
**********
Today's roundup of virus alerts:
W32/Kidala-A -- A mass-mailing worm that installs an IRC backdoor on the infected host. It spreads through a message the looks like a bounced-message error. The infected attachment will have a zip, cmd, pif, scr, exe or com extension. It drops "LCD32.exe" in the Windows System folder. (Sophos)
Troj/Baglet-F -- An e-mail harvesting worm that looks for addresses on an infected host and sends them to a pre-defined server. No word on any permanent damage caused. (Sophos)
Troj/WowPWS-E -- This Trojan installs itself as "svchs0t.exe" in the System\ShellExt\ folder. No word on any damage caused. (Sophos)
Troj/Nethell-B -- This virus can download and install additional malicious code from remote sites. Its main purpose is to steal login/password information for various Web sites. (Sophos)
Troj / Torpig-AP - 此信息窃取蠕虫在<常用文件> \ Microsoft Shared \ Web文件夹中删除了三个文件:IBM00001.dll,IBM00001.exe和IBM00002.dll。(Sophos)
W32/Mytob-HT -- A new Mytob variant that spreads through an e-mail claiming to be a warning about a suspended account. The infected attachment will have double extension ending in EXE, SCR or PIF. It drops "wupdate.exe" in the Windows System folder, can steal sensitive information and modifies the Windows HOSTS file to prevent access to certain security related Web sites. (Sophos)
Troj/Clagger-Q -- A Trojan that communicates with remote sites via HTTP. It is installed as "1.exe" in the Windows System directory. (Sophos)
Troj / Clagger-R - 此封信变体在Windows文件夹中将其自身安装为“Suhoy316.exe”。(Sophos)
W32 / Bobax-BV - 通过利用已知的Windows缺陷,此Bobax Variant通过网络共享传播。它还具有内置的SMTP引擎,用于发送受感染的电子邮件。(Sophos)
W32/Bagle-JE -- This Bagle variant tries to harvest e-mail addresses from the infected host. It is installed as "csrss.exe" in the System folder. (Sophos)
Troj/Dloadr-UZ -- A downloader app that is registered as a Browser Helper Object on the infected host. It is installed as "pio12.dll" in the System folder. (Sophos)
W32/Rbot-CHE -- An Rbot variant that drops "updatem.exe" in the Windows System folder and allows backdoor access through IRC. It spreads through network shares by exploiting known Windows vulnerabilities. (Sophos)
Troj/KillSec-D -- A Trojan that kills antivirus applications, modify the HOSTS file and steal information. It is installed as "winlogon.exe" in the Windows folder. (Sophos)
Troj/Danmec-G -- This Trojan turns the infected host into a proxy for HTTP traffic. It drops a number of files on the infected machine, including "checkreg.exe" in the System folder. (Sophos)
W32/Erkez-G -- A virus that spreads through an e-mail claiming to have photo attachments. It drops "AntiVirus Update.exe" in the Windows System folder. (Sophos)
Troj / Cashgrab-p - 密码窃取特洛伊木马,在受感染的主机上丢弃超过十几个文件,包括系统目录中的“msiesetup.exe”。(Sophos)
**********
From the interesting reading department:
Microsoft Vista安全系统的更改承诺Windows迁移头痛
根据独立的软件供应商和分析师,VPN等基于Windows的基于Windows的身份验证系统,如VPN的身份验证系统可能面临核心Windows登录体系结构的难以过渡。足球竞猜app软件网络世界,05/08/06。
Security Weblog: Botmaster goes to jail
Jaseason James Ancheta,这位21岁的罪犯曾经担任过财务收益的“机器人”帝国,昨天被判刑到57个月。Networkworld.com,05/10/06。
David Litchfield的Bugtraq邮件列表的一个有趣的帖子:几个人最近问我实际上是从Oracle寻找的东西。我有一个很好的小衣服清单的东西,但大多数人都在等待是听到甲骨文说,“我们承认我们对安全有问题,但这是我们的战略,我们要去让它变得更好。“