US-CERT Cyber Security Bulletin SB04-049 -- Summary of Security Items from February 4 through February 17, 2004

National Cyber Alert System

Cyber Security Bulletin SB04-049

Summary of Security Items from February 4 through February 17, 2004

Publications by US-CERT | Publications by Vendors | Publications by Third Parties

Publications by US-CERT

Vulnerabilities in Microsoft ASN.1 Library
Multiple integer overflow vulnerabilities in the Microsoft Windows ASN.1 parser library could allow an unauthenticated, remote attacker to execute arbitrary code with SYSTEM privileges.

TA04-041A: Multiple Vulnerabilities in Microsoft ASN.1 Library

VU#216324: Microsoft ASN.1 Library improperly decodes malformed ASN.1 length values

VU#583108: Microsoft ASN.1 Library improperly decodes constructed bit strings

Vulnerabilities in Check Point Firewall-1
Both the AI and HTTP Security Server features of Firewall-1 contain an HTTP parsing vulnerability that is triggered by sending an invalid HTTP request through the firewall. This vulnerability allows remote attackers to execute arbitrary code on affected firewalls with administrative privileges, typically "SYSTEM" or "root".

TA04-036A: HTTP Parsing Vulnerabilities in Check Point Firewall-1

VU#790771: HTTP Parsing Vulnerabilities in Check Point Firewall-1

VU#277396: GNU Radius accounting service fails to properly handle exceptional Acct-Status-Type and Acct-Session-Id attributes
The GNU Radius accounting service fails to properly handle packets with exceptional Acct-Status-Type and Acct-Session-Id attributes.
VU#473814: Multiple Real media players vulnerable to buffer overflow when parsing crafted media files
Multiple Real media players vulnerable to buffer overflow when parsing certain media files which may permit an attacker to execute arbitrary code on the user's system.
VU#473902: Multiple Real media players fail to properly validate SMIL files
Multiple Real media players fail to properly validate synchronized multimedia integration language (SMIL) files which may permit a remote attacker to gain sensitive information.
VU#514734: Multiple Real media players fail to properly validate RMP files
Multiple Real media players fail to properly validate RealJukebox Metadata Package (RMP) files which may permit an attacker to download and execute arbitrary code on the user's system.
VU#873334: Check Point ISAKMP vulnerable to buffer overflow via Certificate Request
A buffer overflow vulnerability exists in the Internet Security Association and Key Management Protocol (ISAKMP) implementation used in Check Point VPN-1, SecuRemote, and SecureClient products. An unauthenticated, remote attacker could execute arbitrary code with the privileges of the ISAKMP process, typically root or SYSTEM.

Publications by Vendors

Conectiva

vim - Arbitrary commands execution through modelines (02-10-04)
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000812

Gaim - Several remote vulnerabilities (02-10-04)
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000813

Libtool - Insecure handling of temporary files (02-05-04)
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000811

Debian

DSA-433-1 kernel-patch-2.4.17-mips -- integer overflow (02-04-04)
http://www.debian.org/security/2004/dsa-433

DSA-434-1 gaim -- several vulnerabilities (02-05-04)
http://www.debian.org/security/2004/dsa-434

DSA-435-1 mpg123 -- heap overflow (02-06-04)
http://www.debian.org/security/2004/dsa-435

DSA-436-1 mailman -- several vulnerabilities (02-08-04)
http://www.debian.org/security/2004/dsa-436

DSA-437-1 cgiemail -- open mail relay (02-11-04)
http://www.debian.org/security/2004/dsa-437

Fedora

Fedora Security Update Notification netpbm-9.24-12.1.1 (02-06-04)
http://www.redhat.com/archives/fedora-announce-list/2004-February/msg00003.html

Fedora Core 1 Update: mc-4.6.0-8.4 (02-09-04)
http://www.redhat.com/archives/fedora-announce-list/2004-February/msg00006.html

Updated kernel packages. (02-11-04)
http://www.redhat.com/archives/fedora-announce-list/2004-February/msg00011.html

Fedora Core 1 Update: mutt-1.4.1-5 (02-11-04)
http://www.redhat.com/archives/fedora-announce-list/2004-February/msg00015.html

Fedora Core 1 Update: XFree86-4.3.0-55 (02-13-04)
http://www.redhat.com/archives/fedora-announce-list/2004-February/msg00018.html

FreeBSD

shmat reference counting bug (02-05-04)
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.a

Gentoo

Gallery <= 1.4.1 remote exploit vulnerability (02-04-04)
http://forums.gentoo.org/viewtopic.php?t=135484

phpMyAdmin < 2.5.6-rc1 directory traversal attack (02-05-04)
http://forums.gentoo.org/viewtopic.php?t=137978

Linux kernel AMD64 ptrace vulnerability (02-06-04)
http://forums.gentoo.org/viewtopic.php?t=137979

Hewlett Packard

HPSBUX0311-294 SSRT3656 rev.1 NLSPATH may contain any path (02-10-04)
http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0311-294

HPSBUX0310-290 SSRT3622 rev. 1 Bind v920 (02-08-04)
http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0310-290

Mandrake

Updated glibc packages fix resolver vulnerabilities (02-04-04)
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:009

Updated nautilus package fix crash (02-11-04)
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKA-2004:010

Updated mutt packages fix remote crash (02-11-04)
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:010

Updated NetPBM packages fix a number of temporary file bugs (02-11-04)
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:011

Updated XFree86 packages fix buffer overflow vulnerabilities (02-13-04)
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:012

Updated mailman packages close various cross-site scripting vulnerabilities (02-13-04)
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:013

Microsoft

Vulnerability in Virtual PC for Mac could lead to privilege elevation (02-10-04)
http://www.microsoft.com/security/security_bulletins/20040210_virtualpcmac.asp

ASN.1 Vulnerability Could Allow Code Execution (02-10-04)
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-007.asp

Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (02-10-04)
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-006.asp

Novell

iChain 2.2 Field Patch 3b (02-05-04)
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968107.htm

OpenBSD

Several buffer overflows exist in the code parsing font.aliases files in XFree86. Thanks to ProPolice, these cannot be exploited to gain privileges, but they can cause the X server to abort (02-14-04)
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/012_font.patch

An IPv6 MTU handling problem exists that could be used by an attacker to cause a denial of service attack against hosts with reachable IPv6 TCP ports (02-08-04)
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/011_ip6.patch

A reference counting bug exists in the shmat(2) system call that could be used by an attacker to write to kernel memory under certain circumstances. (02-05-04)
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/010_sysvshm.patch

Red Hat

Updated NetPBM packages fix multiple temporary file vulnerabilities (02-05-04)
https://rhn.redhat.com/errata/RHSA-2004-030.html

Updated mailman packages close cross-site scripting vulnerabilities (02-05-04)
https://rhn.redhat.com/errata/RHSA-2004-020.html

Updated mutt packages fix remotely-triggerable crash (02-11-04)
https://rhn.redhat.com/errata/RHSA-2004-051.html

Updated XFree86 packages fix privilege escalation vulnerability (02-13-04)
https://rhn.redhat.com/errata/RHSA-2004-059.html

Updated PWLib packages fix protocol security issues (02-13-04)
https://rhn.redhat.com/errata/RHSA-2004-048.html

SGI

userland binary vulnerabilities update (02-05-04)
ftp://patches.sgi.com/support/free/security/advisories/20040104-02-P.asc

SGI Advanced Linux Environment security update #10 (02-11-04)
ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc

Slackware

XFree86 security update (SSA:2004-043-02) (02-12-04)
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053

mutt security update (SSA:2004-043-01) (02-12-04)
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405607

Sun Microsystems

Buffer Overflow Vulnerability in the CDE DtHelp Library May Allow Unauthorized "root" Access (02-06-04)
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57414&zone_32=category%3Asecurity

Security Issue with kcms_server Daemon (02-10-04)
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50104&zone_32=category%3Asecurity

Security Vulnerability in the Apache Web Server "mod_alias" and "mod_rewrite" Modules (02-10-04)
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57496&zone_32=category%3Asecurity

Security Issue Involving the Solaris sadmind(1M) Daemon (02-11-04)
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F56740&zone_32=category%3Asecurity

SunPlex (Sun Cluster) Multiple Security Vulnerabilities in OpenSSL Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Protocols (02-12-04)
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57475&zone_32=category%3Asecurity

Trustix

Mutt Remote Crash (02-13-04)
http://www.trustix.org/errata/misc/2004/TSL-2004-0006-mutt.asc.txt

Turbolinux

The KDE team has found a buffer overflow in the file information reader of VCF files (02-05-04)
http://www.turbolinux.com/security/2004/TLSA-2004-4.txt

Font file buffer overlows (02-17-04)
http://www.turbolinux.com/security/2004/TLSA-2004-5.txt

Two buffer overflow vulnerabilities were found in slocate (02-17-04)
http://www.turbolinux.com/security/2004/TLSA-2004-6.txt

Publications by Third Parties

AusCERT

SunPlex (Sun Cluster) Multiple Security Vulnerabilities in OpenSSL Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Protocols (02-16-04)
http://www.auscert.org.au/render.html?it=3857&cid=1

New gnupg packages fix cryptographic weakness (02-16-04)
http://www.auscert.org.au/render.html?it=3856&cid=1

Updated PWLib packages fix protocol security issues (02-16-04)
http://www.auscert.org.au/render.html?it=3852&cid=1

Updated XFree86 packages fix privilege escalation vulnerability (02-16-04)
http://www.auscert.org.au/render.html?it=3851&cid=1

Updated XFree86 packages fix privilege escalation vulnerability (02-16-04)
http://www.auscert.org.au/render.html?it=3850&cid=1

Updated XFree86 packages fix privilege escalation vulnerability (02-16-04)
http://www.auscert.org.au/render.html?it=3849&cid=1

Updated mutt packages fix remotely-triggerable crash (02-16-04)
http://www.auscert.org.au/render.html?it=3848&cid=1

Updated mutt packages fix remotely-triggerable crash (02-16-04)
http://www.auscert.org.au/render.html?it=3847&cid=1

Police investigation" Fraudulent E-mail and Malicious Web Site (02-16-04)
http://www.auscert.org.au/render.html?it=3858&cid=1

Security Vulnerability in the Apache Web Server "mod_alias" and "mod_rewrite" Modules (02-13-04)
http://www.auscert.org.au/render.html?it=3845&cid=1

Security Issue with kcms_server Daemon (02-13-04)
http://www.auscert.org.au/render.html?it=3844&cid=1

New cgiemail packages fix open mail relaying (02-13-04)
http://www.auscert.org.au/render.html?it=3843&cid=1

SunPlex (Sun Cluster) Multiple Security Vulnerabilities in OpenSSL SSL and TLS Protocols (02-11-04)
http://www.auscert.org.au/render.html?it=3840&cid=1

Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (02-11-04)
http://www.auscert.org.au/render.html?it=3837&cid=1

Vulnerability in Virtual PC for Mac Could Lead to Privilege Elevation (02-11-04)
http://www.auscert.org.au/render.html?it=3836&cid=1

Samba 3.0.2 Security Bug-Fixes (02-11-04)
http://www.auscert.org.au/render.html?it=3839&cid=1

XFree86 Font Information File Buffer Overflow (02-11-04)
http://www.auscert.org.au/render.html?it=3838&cid=1

Multiple Vulnerabilities in Microsoft ASN.1 Library (02-11-04)
http://www.auscert.org.au/render.html?it=3835&cid=1

Updated Gaim packages fix security vulnerabilities (02-10-04)
http://www.auscert.org.au/render.html?it=3833&cid=1

Buffer Overflow Vulnerability in the CDE DtHelp Library (02-10-04)
http://www.auscert.org.au/render.html?it=3832&cid=1

Multiple Vulnerabilities in RealOne Player and RealPlayer (02-09-04)
http://www.auscert.org.au/render.html?it=3831&cid=1

Updated NetPBM packages fix multiple temporary file vulnerabilities (02-09-04)
http://www.auscert.org.au/render.html?it=3830&cid=1

Updated mailman packages close cross-site scripting vulnerabilities (02-09-04)
http://www.auscert.org.au/render.html?it=3829&cid=1

Userland Binary Vulnerabilities Update (02-09-04)
http://www.auscert.org.au/render.html?it=3828&cid=1

New mailman packages fix several vulnerabilities (02-09-04)
http://www.auscert.org.au/render.html?it=3827&cid=1

New mpg123 packages fix heap overflow (02-09-04)
http://www.auscert.org.au/render.html?it=3826&cid=1

IPv6 MTU handling problem (02-09-04)
http://www.auscert.org.au/render.html?it=3825&cid=1

Reference counting bug in shmat(2) (02-06-04)
http://www.auscert.org.au/render.html?it=3824&cid=1

Updated NetPBM packages fix multiple temporary file vulnerabilities (02-06-04)
http://www.auscert.org.au/render.html?it=3823&cid=1

Updated mailman packages close cross-site scripting vulnerabilities (02-06-04)
http://www.auscert.org.au/render.html?it=3822&cid=1

shmat reference counting bug (02-06-04)
http://www.auscert.org.au/render.html?it=3821&cid=1

HTTP Parsing Vulnerabilities in Check Point Firewall-1 (02-06-04)
http://www.auscert.org.au/render.html?it=3819&cid=1

GNU Radius Remote Denial of Service Vulnerability (02-05-04)
http://www.auscert.org.au/render.html?it=3818&cid=1

Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities (02-05-04)
http://www.auscert.org.au/render.html?it=3815&cid=1

Basic Security Module (BSM) Functionality is Impaired on Solaris Systems Which Have Removed The SUNWscpu Package (02-05-04)
http://www.auscert.org.au/render.html?it=3814&cid=1

New Linux 2.4.17 packages fix local root exploit (mips+mipsel) (02-05-04)
http://www.auscert.org.au/render.html?it=3813&cid=1

Multiple Vulnerabilities in Microsoft Internet Explorer (02-05-04)
http://www.auscert.org.au/render.html?it=3812&cid=1

Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow (02-05-04)
http://www.auscert.org.au/render.html?it=3816&cid=1

Sun ONE/iPlanet Web Server Enable HTTP TRACE Method by Default (02-04-04)
http://www.auscert.org.au/render.html?it=3811&cid=1

Updated kernel packages resolve minor security vulnerabilities (02-04-04)
http://www.auscert.org.au/render.html?it=3810&cid=1

Updated util-linux packages fix information leak (02-04-04)
http://www.auscert.org.au/render.html?it=3809&cid=1

Updated mc packages resolve buffer overflow vulnerability (02-04-04)
http://www.auscert.org.au/render.html?it=3808&cid=1

Cisco 6000/6500/7600 Crafted Layer 2 Frame Vulnerability (02-04-04)
http://www.auscert.org.au/render.html?it=3807&cid=1

F-Secure

Bagle.B (02-17-04)
http://www.f-secure.com/v-descs/bagle_b.shtml

MyDoom.E (02-17-04)
http://www.f-secure.com/v-descs/mydoom_e.shtml

Moodown (02-17-04)
http://www.f-secure.com/v-descs/moodown.shtml

Lasku (02-16-04)
http://www.f-secure.com/v-descs/lasku.shtml

Welchi.B (02-16-04)
http://www.f-secure.com/v-descs/welchi_b.shtml

Mydoom (02-12-04)
http://www.f-secure.com/v-descs/novarg.shtml

Mitglieder.H (02-12-04)
http://www.f-secure.com/v-descs/mitglieder_h.shtml

Doomjuice.B (02-12-04)
http://www.f-secure.com/v-descs/doomjuiceb.shtml

Doomjuice (02-11-04)
http://www.f-secure.com/v-descs/doomjuice.shtml

Vesser (02-09-04)
http://www.f-secure.com/v-descs/vesser.shtml

Cardown.B (02-06-04)
http://www.f-secure.com/v-descs/cardown_b.shtml

Needy.C (02-06-04)
http://www.f-secure.com/v-descs/needy_c.shtml

Mimail.T (02-05-04)
http://www.f-secure.com/v-descs/mimail_t.shtml

Lovsan.H (02-04-04)
http://www.f-secure.com/v-descs/lovsanh.shtml

ISS

Microsoft ASN.1 Integer Manipulation Vulnerabilities (02-11-04)
http://xforce.iss.net/xforce/alerts/id/164

Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities (02-04-04)
http://xforce.iss.net/xforce/alerts/id/162

Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow (02-04-04)
http://xforce.iss.net/xforce/alerts/id/163

AS04-07 (02-16-04)
http://xforce.iss.net/xforce/alerts/id/AS04-07

AS04-06 (02-09-04)
http://xforce.iss.net/xforce/alerts/id/AS04-06

Network Associates

W32/Bagle.b@MM (02-17-04)
http://vil.nai.com/vil/content/v_101030.htm

W32/Nodoom.a@MM (02-17-04)
http://vil.nai.com/vil/content/v_101029.htm

Phish-Potpor (02-16-04)
http://vil.nai.com/vil/content/v_101028.htm

W32/Netsky.a@MM (02-16-04)
http://vil.nai.com/vil/content/v_101027.htm

Exploit-MS04-007 (02-14-04)
http://vil.nai.com/vil/content/v_101026.htm

W32/Mydoom.e@MM (02-13-04)
http://vil.nai.com/vil/content/v_101024.htm

W32/Mimail.u@MM (02-13-04)
http://vil.nai.com/vil/content/v_101021.htm

W32/Doomhunter.worm (02-12-04)
http://vil.nai.com/vil/content/v_101022.htm

Kurda joke (02-12-04)
http://vil.nai.com/vil/content/v_101020.htm

VBS/Lucave (02-12-04)
http://vil.nai.com/vil/content/v_101017.htm

W32/Vesser.worm.b (02-12-04)
http://vil.nai.com/vil/content/v_101015.htm

Exploit-Mydoom (02-12-04)
http://vil.nai.com/vil/content/v_101014.htm

W32/Nachi.worm.b (02-11-04)
http://vil.nai.com/vil/content/v_101013.htm

W32/Doomjuice.worm.b (02-10-04)
http://vil.nai.com/vil/content/v_101012.htm

Adware-BuddyLinks application (02-10-04)
http://vil.nai.com/vil/content/v_101007.htm

W32/Yenik.worm (02-10-04)
http://vil.nai.com/vil/content/v_101005.htm

W32/Dumaru.ad@MM (02-10-04)
http://vil.nai.com/vil/content/v_101004.htm

MS Vulnerabilities MS04-005-007 (02-10-04)
http://vil.nai.com/vil/content/v_101003.htm

W32/Doomjuice.worm.a (02-09-04)
http://vil.nai.com/vil/content/v_101002.htm

QReg-9 (02-08-04)
http://vil.nai.com/vil/content/v_101011.htm

W32/Vesser.worm.a (02-07-04)
http://vil.nai.com/vil/content/v_101000.htm

W32/Holar.r@MM (02-06-04)
http://vil.nai.com/vil/content/v_100999.htm

VBS/Qoma@MM (02-06-04)
http://vil.nai.com/vil/content/v_100998.htm

W32/Mimail.t@MM (02-05-04)
http://vil.nai.com/vil/content/v_100996.htm

SANS

SANS NewsBites #6 (02-11-04)
http://www.sans.org/newsletters/newsbites/newsbites.php?vol=6&issue=6

SANS NewsBites #5 (02-04-04)
http://www.sans.org/newsletters/newsbites/newsbites.php?vol=6&issue=5

@RISK: The Consensus Security Vulnerability Alert #6 (02-12-04)
http://www.sans.org/newsletters/risk/vol3_6.php

@RISK: The Consensus Security Vulnerability Alert #5 (02-05-04)
http://www.sans.org/newsletters/risk/vol3_5.php

Sophos

W32/Tanx-A (02-17-04)
http://www.sophos.com/virusinfo/analyses/w32tanxa.html

W32/Agobot-CW (02-17-04)
http://www.sophos.com/virusinfo/analyses/w32agobotcw.html

Dial/PVM-A (02-17-04)
http://www.sophos.com/virusinfo/analyses/dialpvma.html

Troj/Gina-F (02-17-04)
http://www.sophos.com/virusinfo/analyses/trojginaf.html

W32/Lohav-D (02-17-04)
http://www.sophos.com/virusinfo/analyses/w32lohavd.html

Troj/Digarix-B (02-17-04)
http://www.sophos.com/virusinfo/analyses/trojdigarixb.html

W32/Mylab-A (02-17-04)
http://www.sophos.com/virusinfo/analyses/w32mylaba.html

Troj/Chkmail-A (02-17-04)
http://www.sophos.com/virusinfo/analyses/trojchkmaila.html

Troj/Format-CK (02-17-04)
http://www.sophos.com/virusinfo/analyses/trojformatck.html

W32/Deadhat-B (02-16-04)
http://www.sophos.com/virusinfo/analyses/w32deadhatb.html

W32/Sdbot-AE (02-16-04)
http://www.sophos.com/virusinfo/analyses/w32sdbotae.html

W32/Agobot-CY (02-16-04)
http://www.sophos.com/virusinfo/analyses/w32agobotcy.html

W32/Agobot-CZ (02-16-04)
http://www.sophos.com/virusinfo/analyses/w32agobotcz.html

W32/Agobot-AP (02-16-04)
http://www.sophos.com/virusinfo/analyses/w32agobotap.html

Troj/Bckdr-ATR (02-16-04)
http://www.sophos.com/virusinfo/analyses/trojbckdratr.html

Troj/Mirseed-A (02-16-04)
http://www.sophos.com/virusinfo/analyses/trojmirseeda.html

W32/Dumaru-AH (02-16-04)
http://www.sophos.com/virusinfo/analyses/w32dumaruah.html

W32/MyDoom-E (02-16-04)
http://www.sophos.com/virusinfo/analyses/w32mydoome.html

Troj/Pinbol-A (02-13-04)
http://www.sophos.com/virusinfo/analyses/trojpinbola.html

W32/DoomHunt-A (02-13-04)
http://www.sophos.com/virusinfo/analyses/w32doomhunta.html

W32/Nachi-B (02-12-04)
http://www.sophos.com/virusinfo/analyses/w32nachib.html

W32/Doomjuice-B (02-11-04)
http://www.sophos.com/virusinfo/analyses/w32doomjuiceb.html

W32/Zryks-A (02-11-04)
http://www.sophos.com/virusinfo/analyses/w32zryksa.html

Dial/HotKiss-A (02-11-04)
http://www.sophos.com/virusinfo/analyses/dialhotkissa.html

Troj/Aladinz-B (02-11-04)
http://www.sophos.com/virusinfo/analyses/trojaladinzb.html

Troj/PcGhost-E (02-11-04)
http://www.sophos.com/virusinfo/analyses/trojpcghoste.html

W32/Order-A (02-11-04)
http://www.sophos.com/virusinfo/analyses/w32ordera.html

W32/Protoride-C (02-11-04)
http://www.sophos.com/virusinfo/analyses/w32protoridec.html

W32/Yenik-A (02-11-04)
http://www.sophos.com/virusinfo/analyses/w32yenika.html

W32/Deadhat-A (02-10-04)
http://www.sophos.com/virusinfo/analyses/w32deadhata.html

W32/Wukill-B (02-10-04)
http://www.sophos.com/virusinfo/analyses/w32wukillb.html

XM97/Likin-C (02-10-04)
http://www.sophos.com/virusinfo/analyses/xm97likinc.html

W32/Agobot-CX (02-10-04)
http://www.sophos.com/virusinfo/analyses/w32agobotcx.html

Troj/SdBot-CA (02-10-04)
http://www.sophos.com/virusinfo/analyses/trojsdbotca.html

W32/SdBot-AQ (02-10-04)
http://www.sophos.com/virusinfo/analyses/w32sdbotaq.html

Troj/WrmDrop-A (02-10-04)
http://www.sophos.com/virusinfo/analyses/trojwrmdropa.html

VBS/Qoma-A (02-10-04)
http://www.sophos.com/virusinfo/analyses/vbsqomaa.html

Troj/Sdbot-FN (02-10-04)
http://www.sophos.com/virusinfo/analyses/trojsdbotfn.html

W32/Doomjuice-A (02-09-04)
http://www.sophos.com/virusinfo/analyses/w32doomjuicea.html

Troj/Myss-C (02-09-04)
http://www.sophos.com/virusinfo/analyses/trojmyssc.html

Troj/Startpg-BS (02-09-04)
http://www.sophos.com/virusinfo/analyses/trojstartpgbs.html

Troj/Regldr-A (02-09-04)
http://www.sophos.com/virusinfo/analyses/trojregldra.html

Troj/Kifer-B (02-09-04)
http://www.sophos.com/virusinfo/analyses/trojkiferb.html

Bat/Macdwarf-A (02-09-04)
http://www.sophos.com/virusinfo/analyses/batmacdwarfa.html

Troj/PWSSagi-B (02-09-04)
http://www.sophos.com/virusinfo/analyses/trojpwssagib.html

Troj/Sdbot-HE (02-09-04)
http://www.sophos.com/virusinfo/analyses/trojsdbothe.html

W32/SdBot-AD (02-09-04)
http://www.sophos.com/virusinfo/analyses/w32sdbotad.html

Troj/Sdbot-FM (02-06-04)
http://www.sophos.com/virusinfo/analyses/trojsdbotfm.html

W32/MyDoom-Dam (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32mydoomdam.html

Troj/Spooner-D (02-06-04)
http://www.sophos.com/virusinfo/analyses/trojspoonerd.html

W32/Agobot-CV (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32agobotcv.html

Troj/Ranky-B (02-06-04)
http://www.sophos.com/virusinfo/analyses/trojrankyb.html

W32/Agobot-RW (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32agobotrw.html

Troj/Median-A (02-06-04)
http://www.sophos.com/virusinfo/analyses/trojmediana.html

Bat/Botsecure-A (02-06-04)
http://www.sophos.com/virusinfo/analyses/batbotsecurea.html

W32/Agobot-CP (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32agobotcp.html

W32/Agobot-O (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32agoboto.html

W32/Anig-A (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32aniga.html

W32/Anig-B (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32anigb.html

W32/Agobot-CQ (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32agobotcq.html

W32/Agobot-CR (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32agobotcr.html

W32/Agobot-CT (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32agobotct.html

W32/Agobot-CU (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32agobotcu.html

W32/Randex-FC (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32randexfc.html

Symantec

W32.Beagle.B@mm (02-17-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.b@mm.html

X97M.Ellar.F (02-16-04)
http://securityresponse.symantec.com/avcenter/venc/data/x97m.ellar.f.html

W32.Kifer.B (02-16-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.kifer.b.html
W32.Netsky@mm (02-16-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky@mm.html

W32.HLLW.Cult.M@mm (02-15-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cult.m@mm.html

W32.Rusty@m (02-15-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.rusty@m.html

W32.Welchia.C.Worm (02-15-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.c.worm.html

VBS.Laske@mm (02-13-04)
http://securityresponse.symantec.com/avcenter/venc/data/vbs.laske@mm.html

W32.Doomhunter (02-12-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.doomhunter.html

W32.HLLW.Deadhat.B (02-12-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deadhat.b.html

X97M.Esab (02-12-04)
http://securityresponse.symantec.com/avcenter/venc/data/x97m.esab.html

Trojan.Bansap (02-12-04)
http://securityresponse.symantec.com/avcenter/venc/data/trojan.bansap.html

Trojan.PWS.QQPass.F (02-12-04)
http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.f.html

W32.HLLP.Shodi (02-11-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.shodi.html

W32.Welchia.B.Worm (02-11-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.b.worm.html

W32.HLLW.Doomjuice.B (02-11-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.b.html

W32.Dumaru.AH@mm (02-10-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.ah@mm.html

VBS.Bootconf.B (02-10-04)
http://securityresponse.symantec.com/avcenter/venc/data/vbs.bootconf.b.html

W32.Kifer (02-10-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.kifer.html

W32.HLLP.Yero.Worm (02-10-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.yero.worm.html

W32.HLLW.Moega.AG (02-10-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.moega.ag.html

W32.Yenik.A@mm (02-10-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.yenik.a@mm.html

Trojan.Gutta (02-09-04)
http://securityresponse.symantec.com/avcenter/venc/data/trojan.gutta.html

W32.HLLW.Doomjuice (02-09-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.html

Backdoor.IRC.Aladinz.J (02-08-04)
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.j.html

W32.HLLW.Deadhat (02-06-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deadhat.html

W32.Dinfor.Worm (02-06-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.dinfor.worm.html

Backdoor.Domwis (02-06-04)
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.domwis.html

Backdoor.OptixPro.13.C (02-06-04)
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.optixpro.13.c.html

W32.Mimail.T@mm (02-05-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.t@mm.html

W32.HLLW.Gaobot.JB (02-05-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.jb.html

Microsoft Windows ASN.1 Library Integer Handling Vulnerability (02-10-04)
http://securityresponse.symantec.com/avcenter/security/Content/9626.html

Microsoft Windows Internet Naming Service Buffer Overflow Vulnerability (02-10-04)
http://securityresponse.symantec.com/avcenter/security/Content/9624.html

Trend Micro

WORM_NODOOM.A (02-17-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NODOOM.A

WORM_BAGLE.B (02-17-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.B

WORM_NACHI.B (02-16-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NACHI.B

WORM_DEADHAT.C (02-16-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DEADHAT.C

WORM_NETSKY.A (02-16-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DEADHAT.C

WORM_NETSKY.A (02-16-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.E

PHP_BIZAI.A (02-14-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PHP_BIZAI.A

WORM_NACHI.C (02-13-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NACHI.C

WORM_DOOMHUNTR.A (02-13-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOOMHUNTR.A

WORM_DEADHAT.B (02-12-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DEADHAT.B

WORM_AGOBOT.JB (02-12-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.JB

WORM_DUMARU.AC (02-11-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DUMARU.AC

WORM_DOOMJUICE.B (02-11-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOOMJUICE.B

ASN_1.2_VULNERABILITY (02-11-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=ASN_1.2_VULNERABILITY

WORM_REDWA.A (02-09-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_REDWA.A

BAT_REDWA.A (02-09-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_REDWA.A

WORM_DOOMJUICE.A (02-09-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOOMJUICE.A

WORM_DEADHAT.A (02-08-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DEADHAT.A

WORM_AGOBOT.AL (02-07-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AL

WORM_AGOBOT.CT (02-07-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.CT

WORM_AGOBOT.CX (02-07-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.CX

VBS_QOMA.A (02-06-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_QOMA.A

WORM_HOLAR.F (02-05-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.F

HTML_SWENFRAUD.A (02-05-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=HTML_SWENFRAUD.A

WORM_MIMAIL.T (02-05-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.T

WORM_SDBOT.EW (02-04-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.EW

WORM_KWBOT.E (02-04-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KWBOT.E

UNIRAS

Malicious Software Report - W32/Bagle.b@MM (02-17-04)
http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-0504.txt

NISCC Assessment of Microsoft ASN.1 Library Vulnerabilities (02-11-04)
http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-0404.txt

AusCERT Updates: 1. Microsoft Product Support Services - Update released to address SSL issues. 2. Microsoft Product Support Services - Mydoom/Doomjuice Cleaner Tool Available (02-16-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-7904.txt

Sun Microsystems Security Bulletin: Multiple Security Vulnerabilities in OpenSSL Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Protocols. (02-16-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-7804.txt

Debian Security Bulletin: New gnupg packages fix cryptographic weakness. (02-16-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-7704.txt

Red Hat Security Bulletins: 1. Updated mutt packages fix remotely-triggerable crash. 2. Updated XFree86 packages fix privilege escalation vulnerability. 3. Updated PWLib packages fix protocol security issues. (02-16-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-7604.txt

Exploit Code For Microsoft Windows ASN.1 Vulnerabilities (02-14-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-7504.txt

Mandrake Linux Security Bulletins: 1. Temporary file bugs in versions of NetPBM. 2. A bug in mutt could allow a remote attacker to send a carefully crafted mail message. (02-13-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-7404.txt

Update to address issues related to SSL in Internet Explorer 6.0 Service Pack 1 after applying Microsoft Security Update MS04-004 (02-13-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-7304.txt

SGI Advanced Linux Environment security update #10 20040201-01-U (02-12-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-7204.txt

Red Hat Security Advisory Updated mutt packages fix remotely-triggerable crash RHSA-2004:051-01 (02-12-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-7104.txt

Red Hat Security Advisory Updated Gaim packages fix security vulnerabilities RHSA-2004:045-01 (02-11-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-7004.txt

Red Hat Security Advisory Updated mailman packages close DoS vulnerability RHSA-2004:019-01 (02-11-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-6904.txt

Debian Security Advisory DSA 436-1 - mailman (02-11-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-6804.txt

Microsoft Windows Security Bulletin Summary for February 2004 (02-11-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-6704.txt

Microsoft Macintosh Products Security Bulletin Summary for February, 2004 (02-11-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-6604.txt

Hewlett Packard Advisories: SSRT3622 rev. 1 Bind v920 SSRT3656 rev.1 NLSPATH may contain any path (02-11-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-6504.txt

SUN(SM) ALERT WEEKLY SUMMARY REPORT (02-11-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-6404.txt

Multiple Vulnerabilities in Microsoft ASN.1 Library (02-11-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-6304.txt

Debian Security Advisory mpg123 - heap overflow (02-09-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-6204.txt

OpenBSD Security Advisory IPv6 MTU handling problem (02-09-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-6104.txt

Mandrake Linux Security Update Advisory: MDKSA-2004:009 - glibc (02-09-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-6004.txt

Conectiva Security Bulletin: Insecure handling of temporary files. (02-06-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-5904.txt

SGI Security Bulletin: Userland binary vulnerabilities update. (02-06-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-5804.txt

US-CERT Security Bulletin: HTTP Parsing Vulnerabilities in Check Point Firewall-1 (02-06-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-5704.txt

Debian Security Bulletin: New gaim packages fix several vulnerabilities (02-06-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-5604.txt

FreeBSD Security Bulletin: shmat reference counting bug (02-06-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-5504.txt

Red Hat Security Bulletins: 1. Updated NetPBM packages fix multiple temporary file vulnerabilities. 2. Updated mailman packages close cross-site scripting vulnerabilities. (02-06-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-5404.txt

OpenBSD Security Bulletin: Reference counting bug in shmat(2) (02-06-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-5304.txt

Debian Security Bulletin: New Linux 2.4.17 packages fix local root exploit (mips+mipsel) (02-05-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-5204.txt

RealOne Player / RealPlayer Multiple Vulnerabilities (02-05-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-5104.txt

Sun Alert ID:57483 Basic Security Module (BSM) Functionality is Impaired on Solaris Systems Which Have Removed The SUNWscpu Package (02-05-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-5004.txt

iDEFENSE Security Advisory 02.04.04 GNU Radius Remote Denial of Service Vulnerability (02-05-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4904.txt

Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow (02-05-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4804.txt

Check Point FireWall-1 HTTP Parsing Format String Vulnerabilities (02-05-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4704.txt

FreeBSD Security Bulletin: ESB-2004.0081 -- FreeBSD-SA-04:01.mksnap_ffs mksnap_ffs clears file system options (02-04-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4604.txt

Check Point Security Bulletin: ESB-2004.0082 -- Check Point Firewall-1 H.323 Vulnerability (02-04-04)
>http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4504.txt

Sun Security Bulletin: Sun ONE/iPlanet Web Server Enable HTTP TRACE Method by Default (02-04-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4404.txt

Cisco 6000/6500/7600 Crafted Layer 2 Frame Vulnerability (02-04-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4304.txt

Three RedHat Security Advisories: 1. Updated kernel packages resolve minor security vulnerabilities. 2. Updated util-linux packages fix information leak. 3. Updated mc packages resolve buffer overflow vulnerability (02-04-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4204.txt

userland binary vulnerabilities (02-04-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4104.txt

Last updated February 15, 2008

US-CERT: United States Computer Emergency Readiness Team

Summary of Security Items from February 4 through February 17, 2004

Publications by US-CERT

Vulnerabilities in Microsoft ASN.1 Library

Vulnerabilities in Check Point Firewall-1

Publications by Vendors

Publications by Third Parties