Security

Yahoo! IM, Kerberos, Firefox, and Kaspersky AV vulnerabilities


This week, we will see five or more Microsoft security bulletins, which I will cover in my monthly IT Locksmith column as well as the newsletter. There is no real word yet as to the content except that there will be one or more security patches and some non-security patches.

But, while we are waiting for those to be released on Tuesday, we have several other things to worry about -- starting off with a new Kerberos vulnerability for UNIX systems. (Microsoft uses a proprietary version of Kerberos.)

Kerberos 

The MIT krb5 Telnet daemon reportedly has a vulnerability that would allow a remote attacker to gain root access without a password (CVE-2007-0956). The details had not been posted when I last checked.

FrSIRT's list of advisories connected with CVE-2007-0956, http://www.frsirt.com/english/CVE-2007-0956.php, includes: Mandriva, Turbolinux, Ubuntu, Red Hat, Fedora, Debian, Gentoo, and more.

Kasperski antivirus product threats

A number of vulnerabilities have been discovered in Kaspersky products, including:

  • Anti-Virus for Windows Workstation version 6.0 and earlier
  • Anti-Virus for Windows Server version 6.0 and earlier
  • Internet Security version 6.0 and earlier
  • Anti-Virus version 6.0 and earlier

Those using Kasperski products should note that the worst of the four newly reported vulnerabilities are remote code execution threats and should update to the latest version (6.0.2.614): http://www.kaspersky.com/productupdates

Also, see:

Firefox

There is a remote code execution vulnerability in versions of Firebug prior to 1.01. The fix is to update to Firebug version 1.02: https://addons.mozilla.org/en-US/firefox/addon/1843

Yahoo! Messenger

The popular IM service has a buffer overflow vulnerability in an ActiveX control used in versions 5.x through 8.x of Yahoo! Messenger that can let an attacker run arbitrary code on users' systems if the innocently surf past malicious HTML code on a Web site while IM is loaded. See:
http://messenger.yahoo.com/security_update.php?id=031207

This affects any Yahoo! Messenger version installed prior to March 13, 2007, and users must update their program to protect against this critical threat in the ActiveX Audio system.

So, I guess it's all quiet while we await the big bombs this month from Microsoft (AHH... sarcasm). 

11 comments
tundraroamer
tundraroamer

Last fall, When I changed out my Trend Server products in favor of Kaspersky, part of my requirements were that it work in everything from NT to W2K3 Terminal Servers. Assured that it was, I began the conversion. In February, I brought on the remaining NT servers including a NT Terminal Server. The transition was not as smooth as I had planned. Most of the NT servers went OK but the W2K3 Terminal Servers (TS) are bit iffy but appear to be working. Now I am told they don't support TS with this version but will in the next. Just checking this morning, the update ETA projected in February has now slipped to ??? instead of "shortly". With the announcement of these problems, delayed updates and outright misinformation as far as TS goes, is Kaspersky showing signs of falling of the rails? I should mention that I am also pursuing a network slowdown and have been suspecting Kaspersky AV as part of the cause. I have been turning things down or adjusting some of the settings on Kaspersky advice to see if there is any improvement. The slowdown started shortly after I moved all the servers to Kaspersky. It may not be related as we are also finally upgrading the network to depart from NT. On the other hand, it did detect and properly notify me just this morning of a virus from one of the few PC's (we use thin clients) we have that it found when it was booted up. And it wasn't even associated with the user booting it up (it's a shared resource). How did it get on the PC without being detected you ask? My question too. It appears to have been a Java script downloaded from a website so it had to pass through a web filter as well. That will be my next stop. Ahhh, must be Monday...

william.bondy
william.bondy

When thinking about deploying Anti Virus within your company of any size you need to consider 2 types of software one for servers and another for PC?s. I find it very Effective to use Trend Office for the PC's and Norton For the servers mixing your environment will give you a better chance to detect virus. I would never put my trust into one product. I know this doesn?t help your currant situation but these should be things you can consider for future products

tundraroamer
tundraroamer

I have longed used multiple layers of AV protection. I also use Trend Office. Both Trend products failed me. Hence the move to Kaspersky. Monday's issue turned out to be Malware not a virus. Thanks Yahoo. Personally, I would never use or recommend a Norton (unless it was still from Peter) product. And I'm not too happy with Kaspersky at the moment either...

tburns
tburns

A couple of years ago we were running sophos and noticed a change in our network speed. Turns out it was an issue with how it was trying to download the updates. Maybe you are have a similar issue with Kaspersy. But I am also wondering of the specific reasons for switching from TREND. We are running Trend office scan. It seems to run quite well. There are a few things that I dont like about it, 1 MAIN reason is running office scan in safe mode is basicly not an option. I will say 1 reason for not making a move is that we get a huge discount because they are state contract. We also recently switched to one of their anti-spam products, which seems to be working VERY well. This is not on contract and was double the price of what we were running (symantec email gateway), but well worth it.

william.bondy
william.bondy

What product of Trend were you using?? was it a corporate version like Office scan??? Norton Corporate was very eazy to use and deploy much like Trend was. I would hate to go to each machine to install hehehehe. So people in the past got a back taste from Norton and i don't blame them but like most software the next version redeems them. Norton 95 and 98 were a flop but the last half dozen years it has been solid and not a CPU hog like people think considering you can throttle the amount of cpu committed. Are you going to go back to Trend or Stick with Kaspersky??? I am curious to know what spyware detected you use??

Neon Samurai
Neon Samurai

On desktops anyhow. I can't comment on how the server product may work (if one exists). On the *nix side, I have ClamAV just incase I need it when interacting with Windows machines.

Neon Samurai
Neon Samurai

I just pulled two bugs substantial bugs out of my reporting templates; yup, must be Monday.

Dumphrey
Dumphrey

but I spent all day yesterday fixing a windows install that had been virii infected. I would have preferd to just wipe n load, but we no longer have program disks for some of the label and shipping programs on the computer. Needless to say, this morning I will be Ghosting it, befor I go fix the computer that got infected off this one........odly enough, the 2 users on the network who should know better.

Neon Samurai
Neon Samurai

For some larva or cracker to salivate over; business hardware limited to specific and intermitant tasks with little or no user intervention. That sucks though with the log analysis and record keeping paperwork that usually goes along with documenting an intrussion. You get a new hole to learn about and close at the expense of beurocracy.

Neon Samurai
Neon Samurai

The glaring duplicate word mistake in my previous post is more obvious. Tuesday; it's like Monday all over a gain but with more coffee.

tundraroamer
tundraroamer

I left the Trend Admin server running in case I needed to go back to it. Last week, the virus updates for it starting failing. In checking my iPrisim logs yesterday, it appears that the link has been hijacked to a porn site! This is a machine that is not used except for backups and Trend and has little user intervention.

Editor's Picks