News Stay informed about the latest enterprise technology news and product updates.

Security Bytes: Linux kernel flaw; Nick Berg latest Trojan lure

In addition to Linux, Mozilla and Netscape have new flaws, as do StackDefender and Debian.

Linux kernel flaw fixed
Linux users are advised to go to for an update that fixes a vulnerability attackers could exploit to access sensitive information in kernel memory. Paul Starzetz, a researcher with Polish firm iSEC Security, found the glitch, outlined in iSEC's advisory. He said the vulnerability is due to race conditions and conversion errors when handling 64-bit file offset pointers. The problem was found in version 2.4.26 and prior and in version 2.6.7 and prior. Starzetz said the best protection is for users to go to for the update.

Trojan hides in message claiming Nick Berg is alive
It has tried to rope in victims with phony messages claiming that Osama Bin Laden and Arnold Schwarzenegger had been found dead. Now, the Trojan horse known as Hackarmy-A is hiding in a fake message claiming to contain video footage showing that American hostage Nick Berg is alive and well in Iraq. The latest message, posted to tens of thousands of Internet newsgroups, claims that Aljazeera has released video footage of Berg alive and well, Lynnfield, Mass.-based antivirus firm Sophos said. The message reads: "Conspiracy theories of Nick Berg being alive and well in Iraq have today been proven true. Aljazeera has released video footage of the supposedly beheaded American captive. The clip was first 'discovered' on an Islamic Web site in Malaysia and has now been released by American journalists collaborating with Aljazeera. The evidence speaks for itself and viewed firsthand here." Nick Berg was beheaded by Iraqi insurgents earlier this year who said they were avenging the Iraqi prisoners abused at Abu Ghraib jail by American soldiers. A video of Berg's horrific death was broadcast on an Arabic Web site.

More flaws in Mozilla, Netscape
Mozilla users are advised to visit and download the latest version of the browser to fix a vulnerability an attacker could use to execute arbitrary code. Reston, Va.-based antivirus firm iDefense said in an advisory that improper input validation to the SOAPParameter object constructor in Netscape and Mozilla allows execution of arbitrary code. "The SOAPParameter object's constructor contains an integer overflow which allows controllable heap corruption," the advisory said. "A Web page could be constructed to leverage this into remote execution of arbitrary code." Netscape 7.0 and 7.1 have been confirmed to be vulnerable. Mozilla 1.6 is also vulnerable, and iDefense suspects earlier versions of both browsers may also be vulnerable. "Netscape 7.1 is the latest version of Netscape available. Netscape has not released any information indicating they are intending to release future versions of the Netscape browser, and no longer have any developers working on this project," the advisory said. The latest release of the Mozilla browser is not affected by this vulnerability. The company said users could also disable Javascript in the browser as a workaround.

Vulnerability in StackDefender
Reston, Va.-based security firm iDefense is warning users of a vulnerability in StackDefender that could be exploited to crash a system. The advisory said the intrusion prevention system for Win32 platforms, produced by Madrid-based Next Generation Security (NGSEC), can be exploited by an attacker who specifies an invalid address for 'ObjectAttributes.' Exploitation requires that an attacker has an exploitation vector to the system that StackDefender attempts to block. iDefense has confirmed the vulnerability in StackDefender 1.10. iDefense said it is unaware of any workarounds, that NGSEC has discontinued support for StackDefender 1.10 and recommended users upgrade to StackDefender 2.10.

Debian fixes SquirrelMail flaws
Debian recommends users update to the latest version of SquirrelMail to guard against multiple vulnerabilities. Its advisory described "multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 that "allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php." Other flaws were described as a cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 that allows remote attackers to insert arbitrary html and script via the content-type mail header and multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier that allow remote attackers to inject arbitrary html or script. Also, a SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements with unknown impact (probably via abook_database.php).

Dig Deeper on Alternative operating system security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.