Winamp flaw fixed Winamp users "must upgrade to Winamp 5.05 immediately" to patch a hole that would allow a zero-day exploit circulating in the wild to "forcefully install spyware and Trojans on unsuspecting victims who click on a Web site link," according to K-OTik Security. Nullsoft has issued a fix for this critical vulnerability affecting Winamp 3.0, 5.0 and 5.0 Pro or newer. IRC chat networks have been the main infection vector,...
but anyone visiting malicious Web sites hosting the "Skinhead" exploit could become infected. According to Nullsoft, Winamp will now prompt all users with a confirmation window before installing any skins and will now only extract files considered low risk before loading a Winamp skin. For additional details about the flaw, click here.
Samba 2.2.11 addresses DoS flaw
Samba recommends users upgrade to version 2.2.11 to fix a vulnerability that could be used for a denial-of-service attack. An error in how client printer change notification requests are handled can be used to crash "smbd" by sending a "FindNextPrintChangeNotify()" request without sending a "FindFirstPrintChangeNotify()" request first. Apparently, Windows XP SP2 clients are capable of triggering a denial of service, Samba's advisory said.
Vulnerability in zlib library
Linux distributors are updating their zlib libraries to fix a vulnerability that could be used to launch a denial-of-service attack. Researcher Johan Thelmen discovered the flaw and alerted Copenhagen, Denmark-based security firm Secunia, which issued an advisory describing it as a "moderately critical" problem. The zlib general-purpose data compression library "contains a bug in the handling of errors in the 'inflate()' and 'inflateBack()' functions," the advisory said. Users of the library are advised to upgrade to the latest version. Gentoo and OpenBSD have already issued updates. The vulnerability affects version 1.2.1. Secunia said other versions may also be affected.
Qt updated against vulnerabilities
Debian has updated its Qt graphic widget set against several exploitable vulnerabilities. The first flaw, discovered by researcher Chris Evans, is a heap-based overflow that occurs when handling eight-bit rle encoded bmp files. This could allow an attacker to execute arbitrary code. The others, a crash condition in the xpm and gif handling codes, was discovered by researcher Marcus Meissner. For the stable distribution, known as Woody, the problems have been fixed in version 3.0.3-20020329-1woody2. For the unstable distribution, known as Sid, the problems have been fixed in version 3.3.3-4 of qt-x11-free. Debian recommends users upgrade their Qt packages.
Man wanted for hiring hackers to launch DDoS attacks
Massachusetts businessman Jay Echouafni, 37, is wanted on charges of aiding and abetting computer intrusion for allegedly hiring cybercriminals to launch distributed denial-of-service attacks against three online stores, resulting in $2 million in losses, SecurityFocus reported. According to the charges, he paid Paul Ashley, 30, of Powell, Ohio, $1,000 to act as intermediary with the attackers, claiming that a competing company had stolen his content and launched DDoS attacks against him. Ashley hired Joshua "Emp" Schichtel, Jonathan "Rain" Hall, Lee "sorCe" Walker and Richard "Krashed" Roby to aim their armies of zombie computers against the targets.
On Oct. 6, 2003, the group attacked WeaKness.com, seller of digital video recorders with syn floods and then hypertext transfer protocol floods, keeping the site down for two weeks. An attack against RapidSatellite.com affected other sites hosted by the company's service provider, including Amazon.com and the Department of Homeland Security. In December, Echouafni purchased the CIT/FooNet Web host from Ashley, keeping him as network administrator with a $120,000 salary, SecurityFocus reported. Clues in the attacked sites' event logs led federal investigators to group members, culminating in arrests in "Operation Cyberslam." Echouafni is believed to have fled the United States for Morocco.