All quiet on the virus front...

It was a very quiet week on the virus front this week, with nothing of significance to report... On the security side of things, there are no really urgent issues either, unless you have outstanding Oracle database and application server patches or run VERITAS Cluster Server on the various Unix and Linux platforms. The same platforms may have libtiff and Squid web proxy cache issues too.

This issue's topics:

Introduction:

* VERITAS Cluster Server, libtiff, Squid updates

Virus News:

* All quiet on the virus front...

Security News:

* Remote root in VERITAS Cluster Server fixed

* Update fixes multiple libtiff remote code execution vulnerabilities

* Squid proxy cache update fixes DoS

* Install patches now; Exploits in the wild - Oracle

* Three years jail for Ministry of Health fraud

Introduction:

It was a very quiet week on the virus front this week, with nothing of significance to report...

On the security side of things, there are no really urgent issues either, unless you have outstanding Oracle database and application server patches or run VERITAS Cluster Server on the various Unix and Linux platforms. The same platforms may have libtiff and Squid web proxy cache issues too.

Virus News:

* All quiet on the virus front...

Well, not really, but there are no 'big stories' this week. There are many, many new variants of several of the most commonly seen bot-net agents such as SDBot, SpyBot, RBot, Agobot and so on, and these are probably actually out there in fairly serious numbers, but they either only hit machines that do not already have good firewall and/or virus scanning practices in place, or they hit machines where they can disable those popular security products and then continue more or less unnoticed.

As evidence of how quiet it is, we will look at the MessageLabs 'threat list'. Linked below, this is a listing of the top ten malware programs detected in e-mail scanned by the company in the last week. Note none of them have a shiny 'new' logo affixed to them? If you have good a memory, you will also recognize that only two of them were even written in this half of the year - Mydoom.M and (probably) Lovgate.W (inter-vendor naming confusion in that family and the recent 'updating' of MessageLabs' site and databases causing many of the details displayed in their virus information pages to be bogus make being sure of which virus MessageLabs means by 'Lovgate.W-mm', but way too many things in MessageLabs' information pages have 8 August this year as their 'first captured' date).

And, what is the most common thing MessageLabs intercepts? Still Netsky.P which is still clocking in at twice the rate of anything else and was, according to all other reputable sources I could find, first seen on 21 March this year.

Email Threats - messagelabs.com

Security News:

* Remote root in VERITAS Cluster Server fixed

VERITAS Cluster Server for Solaris, HP-UX, AIX, and Linux has been reported, by the vendors, to be vulnerable to remote root access by an unauthenticated, remote attacker. Obtaining, testing and installing the necessary updates to remove this vulnerability should be considered a high priority task in affected environments.

Note that the vendor claims the Windows version of the product is not affected and thus there is no update for the Windows version.

Potential unauthorized root access in Cluster Server - veritas.com

* Update fixes multiple libtiff remote code execution vulnerabilities

Chris Evans, who has recently shown himself as something of an expert at sniffing out heap and stack overflows in popularly used code, especially that handling graphics and other multimedia content, has done it again. From an admittedly constrained auditing of the source code of libtiff version 3.6.1, he found two readily exploitable heap overflows (and probably a third, although he did not fashion a suitably malformed TIFF file to test it). libtiff is widely included in popular Linux distributions and used by such popular applications as the GNOME and KDE web browsers, xv, various e-mail clients and so on.

Most of the larger distributions have now shipped update packages to address these vulnerabilities.

libtiff-3.6.1 image decoder parsing flaws - beasts.org

libtiff home page - libtiff.org

* Squid proxy cache update fixes DoS

Due to an ASN1 parsing flaw in its SNMP code, Squid proxy caching servers with SNMP support compiled in and enabled are potentially vulnerable to a denial of service vulnerability. A single UDP packet can potentially be crafted to cause the Squid server process to restart, killing all currently open connections. A fairly low bandwidth stream of such malicious packets could render the server effectively inoperable.

Most popular distributions have shipped update packages to address this issue, and more details can, including links to the official patches, can be found in the iDEFENSE security advisory, linked below.

Squid Web Proxy Cache Remote Denial of Service - idefense.com

* Install patches now; Exploits in the wild - Oracle

Oracle has been reported as warning users of its flagship database and application server products that they should apply the latest batch of updates and patches 'without delay'. Although not specifying precisely which of the many vulnerabilities were involved, Oracle warned that exploits of some of the vulnerabilities addressed in its 31 August patch release had been found in use in the wild, raising concern that unpatched Oracle installations are now at greater risk.

Oracle warns of exploits for latest DB flaws

* Three years jail for Ministry of Health fraud

An Australian IT expert working for the New Zealand Ministry of Health has been sentenced to three years jail for swindling more than NZ$2 million from his employer. According to some reports, John Denison may have planned to take up to NZ$25 million, and he attempted to use $800,000 of the initially defrauded amount as a payment on a luxury apartment in Sydney. Most reports fashion the fraud as a 'hack', but as all details of the 'hack' have been suppressed by the judge, it is difficult to tell if this was so much a computer security breach or 'only' a breach of trust.

NZ jails Aussie bank hacker - news.com.au

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about CacheHPKDEKDELinuxMessageLabsOracleSNMPVeritas

Show Comments
[]