Diperis-A targets Windows
A new macro virus is in the wild, targeting Microsoft Word documents and templates. Symantec, Computer Associates and Secunia all consider W97M.Diperis-A a low risk, however. The virus affects Windows 2000, 95, 98, ME, NT and XP. It doesn't affect Linux, Macintosh, Novell Netware, OS/2 or UNIX. Diperis deletes files associated with the O97M.Toraja virus family, modifies the Normal.dot file and lowers the Mircosoft Worm macro security settings. Symantec recommends users disable System Restore in Windows ME/XP, update virus definitions, run a full system scan and repair all files detected as W97M.Diperis-A.
For more information, click here for the Computer Associates advisory.
Debian fixes php4 flaws
Fixes have been issued for flaws in Debian GNU/Linux 3.0's php4 package attackers could use to execute arbitrary code. Coppenhagen, Denmark-based IT security firm Secunia called the flaws "highly critical." Debian issued an advisory describing two vulnerabilities. One is a memory_limit functionality problem in php4.x up to 4.3.7; and 5.x up to 5.0.0RC3. Under certain conditions, like when register_globals is enabled, remote attackers could execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. The other problem is that the strip_tags function in php4.x up to 4.3.7; and 5.x up to 5.0.0RC3, does not filter null characters within tag names when restricting input to allowed tags. This permits dangerous tags to be processed by Web browsers such as Internet Explorer and Safari, which ignore null characters, and facilitates the exploitation of cross-site scripting (XSS) vulnerabilities. For the stable distribution of the operating system, known as Woody, these problems have been fixed in version 4.1.2-7. For the unstable distribution, known as Sid, these problems have been fixed in version 4:4.3.8-1.
For more information, click here for the Debian advisory.
Opera flaws fixed
Gentoo has updated Opera to fix a vulnerability in the Linux 1.x program an attacker could exploit to impersonate legitimate Web sites with URI obfuscation or to spoof Web sites with frame injection, Gentoo said in its advisory. The program fails to remove illegal characters from a link URI and to check that the target frame of a link belongs to the same Web site as the link. It also updates the address bar before loading a page. Additionally, Opera contains a certificate verification problem. Users are advised to upgrade to the latest version of Opera. For more information, click here for the Gentoo advisory.
Cisco fixes DOS vulnerabilities
Cisco Systems has fixed multiple malformed packet vulnerabilities that could be exploited for a denial-of-service attack. The San Jose, Calif.-based network giant said in its advisory that the problems affect the TCP/IP stacks of its ONS 15327 Edge Optical Transport Platform, ONS 15454 Optical Transport Platform; ONS 15454 SDH Multiplexer Platform; and the ONS 15600 Multiservice Switching Platform. The advisory said the affected hardware is managed through the XTC, TCC/TCC+/TCC2, TCCi/TCC2 and TSC control cards, respectively. These control cards are usually connected to a network isolated from the Internet and local to the customer's environment. This limits users' exposure to any exploit of the vulnerabilities, Cisco said. The advisory described some of the problems this way: "On the ONS 15454, ONS 15327 and ONS 15454 SDH hardware, whenever both the active and standby control cards are rebooting at the same time, the synchronous data channels traversing the switch drop traffic until the card reboots. Asynchronous data channels traversing the switch are not impacted. Manageability functions provided by the network element using the TCC+/TCC2, XTC, and TCCi/TCC2 control cards are not available until the control card reboots."
For more information, click here for the Cisco advisory.