Updates

A compilation of the latest information about Virus, Security and Patches which could be vital for your system

IE buffer overflow vulnerability

Microsoft’s Internet Explorer browser is vulnerable to a buffer overflow via FRAME and IFRAME elements. The vulnerability can be exploited to execute arbitrary code with the privileges of the user running IE. By convincing a user to view a specially-crafted HTML document (e.g. a web page or an HTML e-mail message), an attacker could execute arbitrary code with the privileges of the user. The attacker could also cause IE (or the programme using the WebBrowser control) to crash. Other programmes (e.g. Outlook, Outlook Express, AOL, Lotus Notes) that use the WebBrowser ActiveX control could be affected by this vulnerability.

There is no complete solution to this problem. Those running Windows XP are advised to install Service Pack 2 (SP2) as Windows XP SP2 does not appear to be affected by this vulnerability.

Disabling Active scripting makes it tougher for an attacker to easily execute arbitrary code. At a minimum, disable Active scripting in the Internet zone and the zone used by Outlook, Outlook Express, or any other software that uses the WebBrowser ActiveX control. Do not follow unsolicited links and do not click on unsolicited URLs received in e-mail, instant messages, web forums, or internet relay chat (IRC) channels. Configure your e-mail software to display e-mail messages in plain text.

Source: CERT

Phoney Linux patch

ELF_FAKEPATCH.A is an executable that runs on Linux. It arrives attached to an e-mail message that’s designed to make users think that it is a legitimate e-mail sent by the RedHat Security Team regarding critical security patches that must be downloaded. The e-mail includes links to downloadable files, and encourages the recipients to click the links to download the patches. When a file mentioned in the e-mail is downloaded, two files are found—Inst.c, source code of this malware, and Makefile, that is used to compile inst.c. When this Elf executable is already compiled, it produces the shell code that first checks whether it is executed by root (the administrator). If not, it displays a message that ‘This patch must be applied as “root”, and you are: %User% (Note: %User% is the currently logged-on user)’. Afterwards, it adds a user named “bash” with a null password and creates the file “mama” inside the temporary folder. It then obtains network configuration and system information, and saves it in the file mama. Next, it sends this file to the e-mail address root@addlebrain.com. It then deletes the file from the system and starts SSHD (Secure Shell Server) that lets users connect to a system from another system via TCP/IP, obtain a shell prompt, issue commands and view output.