Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
18 April 2005  
Untitled Document
Sections

Market
Management
Technology
Technology Life

Columns

Between The Bytes

Specials

HMA Bankbiz

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Network Magazine India
Exp. Hotelier & Caterer
Exp. Travel & Tourism
feBusiness Traveller
Exp. Pharma Pulse
Exp. Healthcare Mgmt.
Exp. Textile
Group Sites
ExpressIndia
Indian Express
Financial Express
Home - Technology - Article

Updates

A compilation of the latest information about viruses and worms, security issues and patches to rectify the same

Sun Solaris Telnet Client buffer overflow

Two vulnerabilities in the telnet client included with the Solaris operating system can potentially be exploited to compromise a vulnerable system. Sun has recommended that execute permissions be removed from the Solaris telnet utility.

Refer to: sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1

Cisco VPN vulnerability

A vulnerability has been reported in Cisco’s VPN Concentrator 3000 Series which can be exploited by hackers to cause a denial-of-service attack. This vulnerability can be exploited by sending specially-crafted HTTPS packets to this device which causes the device to reload. The vulnerability affects devices running software version 4.1.7.A and previous versions. Cisco recommends updating to version 4.1.7.B or later.

For more details refer to the advisory issued by the vendor at the URL :
www.cisco.com/warp/public/707/cisco-sa-20050330-vpn3k.shtml

New mass mailing worm discovered

A new mass mailing worm, W32.Mytob.AA@mm that uses its own SMTP engine to send e-mail to addresses that it gathers from infected computers has been reported by Symantec. Infected messages come with attachments that have a .bat, .cmd, .doc, .exe, .pif, .scr, .tmp, .txt or .zip extension. This worm has the ability to open a backdoor and spread through the network by exploiting system vulnerabilities. The same vendor has also reported another mass mailing worm, VBS.Haster@mm—a VBScript worm that uses Microsoft Outlook to send itself to all e-mail addresses in the local Microsoft Outlook address book. The e-mail comes with the subject ‘Windows Back ups’. Most security vendors have released patches for the worm.

Malware - Top 10

1. HTML_NETSKY.P

2. WORM_NETSKY.P

3. JAVA_BYTEVER.A

4. TROJ_DLOADER.DH

5. TROJ_SMALL.SN

6. TROJ_DLOADER.DG

7. SPYW_GATOR.D

8. TROJ_DFC.A

9. SPYW_GATOR.C

10. WORM_NETSKY.D

(From March 18 to March 24, 2005.

Source: Trend Micro)

JavaScript vulnerability in Firefox

A vulnerability in the Firefox browser can be exploited to capture sensitive information. This vulnerability is on account of an error in the JavaScript engine, as a ‘lambda’ replace exposes arbitrary amounts of heap memory after the end of a JavaScript string and it has been confirmed in versions 1.0.1 and 1.0.2. Disabling JavaScript is advised.

Refer to the advisory at:
bugzilla.mozilla.org/show_bug.cgi?id=288688

 


Untitled Document

UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.