 |
Summary of Security Items from January 21 through February 3, 2004
Publications by US-CERT | Publications by Vendors | Publications by Third Parties
Publications by US-CERT
Vulnerabilities in Microsoft Internet Explorer
Microsoft Security Bulletin MS04-004 describes three vulnerabilities
in Internet Explorer that have impacts ranging from disguising the
true location of a URL to executing arbitrary commands or code.
W32/MyDoom.B Virus
A variant of the W32/MyDoom (W32/Novarg.A) virus, W32/MyDoom.B infects
Microsoft Windows systems. Like its predecessor, W32/MyDoom.B
propagates via email and P2P networks and requires that a user
intentionally run an executable file in order to infect a system. This
virus may be designed to cease functioning on March 1, 2004.
VU#434566: Apache
mod_rewrite vulnerable to buffer overflow via crafted regular
expression
A vulnerability in a supplementary module to the Apache HTTP server
could allow an attacker to execute arbitrary code on an affected web
server under certain circumstances.
VU#549142: Apache
mod_alias vulnerable to buffer overflow via crafted regular
expression
A vulnerability in a supplementary module to the Apache HTTP server
could allow an attacker to execute arbitrary code on an affected web
server under certain circumstances.
VU#602734: Cisco
default install of IBM Director agent fails to authenticate users for
remote administration
Cisco IBM Director agent fails to authenticate users for remote
administration.
VU#721092: Cisco IBM
Director agent does not properly handle arbitrary TCP packets to port
14247/tcp
Cisco IBM Director agent does not properly handle arbitrary TCP
packets to port 14247/tcp.
VU#509454: HP-UX shar
utility creates files with predictable names in "/tmp" directory
The shar program distributed with some versions of the HP-UX operating
system creates files insecurely. This vulnerability could allow local
users to gain escalated privilege on the system.
VU#820798: KDE
Personal Information Management suite "kdepim" contains a buffer
overflow vulnerability in VCF information reader
KDE Personal Information Management suite "kdepim" contains a buffer
overflow vulnerability. Exploitation of this vulnerability could lead
to the arbitrary execution of commands.
VU#530660: Microsoft
Exchange Server 2003 fails to assign user credentials to proper
mailbox
A flaw in the authentication mechanism that Microsoft Exchange Server
2003 uses for Outlook Web Access users in some configurations could
expose another user's mailbox.
VU#927630:
NetScreen-Security Manager fails to encrypt communications with
managed devices
A vulnerability in the NetScreen-Security Manager software could
expose sensitive information in cleartext over the network.
VU#702526: Sun
Solaris allows unprivileged local user to load arbitrary kernel
modules
Sun Solaris allows an unprivileged local user to load arbitrary kernel
modules.
Back to top
Publications by Vendors
The Apache Software Foundation released information regarding a
vulnerability in mod_python. For more information, see
Apple released security updates to MacOS X and MacOS X Server. For
more information, see
Cisco Systems released updates for vulnerabilities related to certain
problems in Cisco 6000/6500/7600 series systems and incorrectly formed
layer 2 frames, vulnerabilities in Microsoft Windows which affect
certain Cisco products, and certain Cisco voice products installed on
the IBM platform. For more information, see
Debian released updates to crawl, perl, trr19, and gnupg. For more
information, see
FreeBSD released information regarding vulnerabilities in
mksnap_ffs. For more information, see
Gentoo released updates related to GAIM, mod_python, and
Honeyd. For more information, see
Hewlett Packard released a security update describing a problem in
Bind 8 for OpenVMS. Hewlett Packard has also revised previous
bulletins describing problems in BIND 8 for OpenVMS, OpenSSH, a system
service in OpenVMS Alpha, OpenSSL and TLS on Tru64 UNIX, and the way
various programs handle certain types of network traffic. For more
information, see
Macromedia released two updates related to Coldfusion MX. For more
information, see
Mandrake released updates to gaim, php-ini, tcpdump, mc, jabber,
slocate, mrproject, dhcp, and qt3. For more information, see
Microsoft released two security updates to Windows, and a security
update to Microsoft Exchange and IAServer.
Novell issued updates to HTTPSTK.NLM , iChain 2.2, and eDirectory
prior to 8.7.3. For more information, see
Red Hat released updates related to NetPBM, mc, an updated kernel
that address a number of issues, util-linux, Gaim, and slocate. Note
that the origianl bulletin regarding mc was superceded. Additionally,
Red Hat released an update to Fedora Core regarding slocate. For more
information, see
SGI released updates related to do_mremap(), kmod, frm (part of
elm), CVS, tcpdump, Ethereal, html2ps, Safe.pm, gzexe and gznew,
libdesktopicon.so, and gr_osview. For more information, see
Slackware has released information regarding GAIM. for more
information, see
Sun Microsystems released security updates describing problems in Sun ONE/iPlanet
Webserver, in.named (BIND), the tcsetattr(3C) library function, the
pfexec command, Solaris IKE, SunForum, OpenSSL and TLS on SunPlex
systems, Safe.pm and CGI.pm perl modules, and Loadable Kernel
Modules. Additionally, Sun withdrew two patches previously released
for the Basic Security Module. For more information, see
SUSE Linux has released inforamtion regarding gaim. for more
information, see
Trustix released an update regarding slocate. For more information,
please see
Turbolinux released updates regarding tcpdump and lftp. For more
information see
Back to top
Publications by Third Parties
AusCERT released a varety of bulletins and alerts. For more
information, see
F-Secure released information about Lovsan.H, Mydoom, Mydoom.B,
Lasku, Needy.C, Mimail.S, Swen, Dumaru.AA, Dumaru.Z, Mimail.Q,
UrlSpoof.E, Dumaru.Y, and Bagle.
Of these, the variants of Mydoom and Dumaru, Swen, and Bagle
received high alert levels under the "F-Secure Radar."
ISS released an alert regarding MyDoom, as well as several summary
documents. For more information, see
Network Associates has released information on MS Vulnerabilities,
Proxy-Agent, W32/Anig.worm, W32/Mimail.s@MM, W32/Mydoom.b@MM, Ntpass
application, W32/Mydoom@MM, W32/Mimail.q@MM, VBS/Braco@MM, and
W32/Dumaru.y@MM. For more information, see
SANS has released two version of the Consensus Security Alert. For
more information, please see
Sophos released information about W32/Agobot-CS, W32/Spybot-AF,
WM97/Ortant-A, W32/Agobot-CO, Troj/Chapter-A, Troj/Control-E,
Troj/Daemoni-B, Troj/Daemoni-C, W32/Agobot-P, Troj/Volver-A,
W32/Agobot-CK, W32/Agobot-AD, W32/Agobot-CL, W32/Agobot-CN,
W32/SdBot-W, Troj/SdBot-AP, Troj/Flood-DZ, Troj/ByteVeri-E,
Troj/NoCheat-B, W32/Carpeta-C, W32/RpcSdbot-B, W32/MyDoom-B,
W32/Eyeveg-B, Troj/Femad-B, W32/Agobot-CM, Troj/Winpup-C,
Troj/IRCBot-U, Troj/Hidemirc-A, Troj/Ircfloo-A, W32/Mimail-S,
VBS/Inor-C, W32/Dumaru-Z, W32/Argdoor-A, W32/Spybot-CJ, W32/Apsiv-A,
Troj/Digits-B, Troj/AdClick-Y, Troj/Stawin-A, W32/MyDoom-A,
W32/Mimail-Q, W32/Dumaru-K, Troj/Small-AW, Troj/Mahru-A, W32/Dumaru-Y,
W32/Flopcopy-A, W32/Randon-AC, and W32/Randex-Z.
Symantec released information on W32.Hostidel.Trojan.C,
W32.HLLW.Chemsvy, W32.Dumaru.AD@mm, W32.Galil.F@mm, VBS.Shania,
Keylogger.Stawin, W32.Randex.FC, W32.HLLW.Anig, PWSteal.Olbaid,
W32.Mimail.S@mm, Backdoor.Aphexdoor, W32.IRCBot.C, W32.Mydoom.B@mm,
Trojan.Bookmarker.E, W32.HLLW.Pokibat, W32.Mydoom.A@mm,
W32.Mimail.Q@mm, W32.Dumaru.Z@mm, W32.Dumaru.Y@mm,
Trojan.Bookmarker.D, W32.HLLW.Sanker, and Backdoor.OptixPro.13b.
Of these, W32.Dumaru.AD@mm, W32.Galil.F@mm, W32.Mydoom.B@mm,
W32.Mydoom.A@mm, W32.Mimail.Q@mm, W32.Dumaru.Z@mm, and W32.Dumaru.Y@mm
are rated as "High" distribution, which is an indication of how
quickly a threat is able to spread.
Trend Micro released information on WORM_AGOBOT.RW, WORM_MSBLAST.H,
WORM_DUMARU.AB, WORM_RANDEX.FC, WORM_SDBOT.GO, WORM_SDBOT.K,
WORM_AGOBOT.O, WORM_ANIG.A, WORM_MIMAIL.S, WORM_MYDOOM.B,
WORM_MYDOOM.A, WORM_AGOBOT.U, WORM_MIMAIL.Q, WORM_DUMARU.Z,
WORM_AGOBOT.DG, WORM_AGOBOT.FQ, WORM_DUMARU.Y, WORM_AGOBOT.W,
HTML_VISAFRAUD.A, and WORM_AGOBOT.FX.
Of these, WORM_AGOBOT.FX, WORM_DUMARU.Y, WORM_AGOBOT.W,
WORM_AGOBOT.FQ, WORM_DUMARU.Z, WORM_MIMAIL.Q, WORM_MYDOOM.B,
WORM_MYDOOM.A, WORM_AGOBOT.U, WORM_MIMAIL.S, WORM_ANIG.A,
WORM_AGOBOT.O, WORM_SDBOT.K, WORM_SDBOT.GO, WORM_RANDEX.FC,
WORM_DUMARU.AB , WORM_MSBLAST.H, and WORM_AGOBOT.RW are rated as
having "high" distribution potential. For more information, see
UNIRAS issued a variety of bulletins and alerts. for more
information, see
Copyright 2004 Carnegie Mellon University. Terms of use
|
|
|
| Last
updated
February 15, 2008
|
|
Get Adobe Reader
US-CERT is part of the Department of Homeland Security