|
Summary of Security Items from March 30 through April 5, 2005
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Adaptive Hosting Solutions
ProductCart 2.7 |
Multiple vulnerabilities have been reported that could let remote malicious users conduct Cross-Site Scripting and SQL injection attacks. This is due to improper input validation in 'advSearch_h.asp,' 'NewCust.asp,' 'storelocator_submit.asp,' 'techErr.asp,' and 'advSearch_h.asp.'
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
|
Adaptive Hosting Solutions
ProductCart
Cross-Site Scripting and SQL Injection Vulnerabilities |
High |
Secunia SA14833,
April 5, 2005 |
ArGo Software Design
FTP Server 1.4.2 .8 |
A buffer overflow vulnerability exists in the 'DELE' command, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
No workaround or patch available at time of publishing.
An exploit script has been published. |
ArGoSoft
FTP Server
'DELE' Command
Remote
Buffer Overflow
CAN-2005-0696
|
Low/ High
(High if arbitrary code can be executed)
|
Security Focus, 12755, March 8, 2005
PacketStorm, April 4, 2005 |
ASP-DEv
XM Forum RC3 |
A vulnerability has been reported that could let a remote malicious user conduct Cross-Site Scripting attacks. This is because of an input validation error in the 'posts.asp' script.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
ASP-DEv
XM Forum
Cross-Site Scripting Vulnerability |
High |
Hackers Center Security Group, Zinho's Security Advisory, March 30, 2005 |
BakBone
NetVault 7.3 and prior versions |
Two vulnerabilities have been reported that could let a local or remote malicious user execute arbitrary code on the target system. This is due to a vulnerability when processing the 'configure.cfg' file.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published. |
BakBone
NetVault Buffer Overflows Permit Remote Code Execution |
High |
Security Focus 12967, April 1, 2005 |
Bjørnar Henden
'Yet Another Forum.net' 0.9.9 |
An input validation vulnerability has been reported that could let a remote malicious user conduct Cross-Site Scripting attacks. The 'name,' 'location,' and 'subject' fields are not properly validated.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Bjørnar Henden 'Yet Another Forum.net' Input Validation Errors Permits Cross-Site Scripting
CAN-2005-0982
|
High |
Security Tracker Alert ID: 1013632, April 4, 2005 |
Comersus Open Technologies
Comersus 6 |
A input validation vulnerability has been reported in the 'username' field could let a remote malicious user conduct Cross-Site Scripting attacks.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Comersus Cross-Site Scripting Vulnerability |
High |
Hackers Center Security Group, Zinho's Security Advisory, April 3, 2005 |
FastStone Soft
FastStone 4in1 1.2 |
A directory traversal vulnerability has been reported that could let a remote malicious user view files on the target system. This is due to an input validation error.
Update to version 1.3: http://www.faststone.org/FSBrowserDetail.htm
A Proof of Concept exploit has been published. |
FastStone 4in1 Browser Information Disclosure Vulnerability
CAN-2005-0950
|
Medium |
Secunia SA14743, March 30, 2005
|
Iatek
SiteEnable |
Multiple input validation vulnerabilities have been reported that could let a remote malicious user issue SQL commands or conduct Cross-Site Scripting attacks. The 'content.asp' script does not properly validate user-supplied input in the 'sortby' parameter; the 'contenttype' parameter is not properly validated; the title and description fields in the 'Submit a Quote' page are not properly validated.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Iatek SiteEnable SQL Command Injection and Cross-Site Scripting Vulnerabilities |
High |
Hackers Center Security Group, Zinho's Security Advisory, April 1, 2005 |
Iatek
PortalApp |
An input validation vulnerability has been reported that could let a remote malicious user inject SQL commands and conduct Cross-Site Scripting attacks. The 'ad_click.asp' script does not correctly verify input to the 'banner_id' parameter. Also, the 'content.asp' script does not filter HTML code from user-supplied input in the 'contenttype' and 'keywords' parameters.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published. |
|
High |
Security Tracker Alert ID: 1013591, March 29, 2005 |
IVT Corporation
BlueSoleil Version PTP-1.4.9-Win2k/XP-04.08.27 with Stack Version 04.03.11.20040827
|
A vulnerability has been reported that could let a remote malicious user traverse the directory when sending files to the target device. This is because a user can exploit the Object Push Service.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
|
Medium |
Security Focus 12961, April 1, 2005 |
Kerio Technologies
Kerio Personal Firewall 4.1.2 and prior |
A vulnerability has been reported that could let local malicious users bypass the firewall rules by impersonating another process that is allowed to access the Internet.
Update to version 4.1.3: http://www.kerio.com/kpf_download.html
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Kerio Security Advisory KSEC-2005-03-30-01, March 30, 2004 |
MailEnable
MailEnable Professional 1.54; Enterprise 1.04 |
A vulnerability was reported in the IMAP and SMTP services that could let a remote malicious user cause a Denial of Service in the SMTP service to crash. The IMAP impact was not specified.
An update is available at: http://www.mailenable.com/hotfix/MEIMSM-HF050404.zip
An exploit script has been published. |
MailEnable Denial of Service Vulnerability |
Low |
Security Focus 12994 and 12995, April 5, 2005 |
MaxWebPortal.com
MaxWebPortal 1.33 |
Some input validation vulnerabilities have been reported that could let a remote malicious user issue SQL commands and conduct Cross-Site Scripting attacks. This is because the EVENT_ID parameter in the Update_Events function in 'events_functions.asp' is not properly validated.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
MaxWebPortal SQL Injection and Cross-Site Scripting Vulnerabilities |
High |
Security Tracker
Alert ID: 1013617, March 31, 2005 |
Microsoft Jet Database
msjet40.dll library version 4.00.8618.0 |
A vulnerability was reported that could let a remote malicious user cause arbitrary code to be executed. This is because the 'msjet40.dll' component does not properly validate user-supplied input when parsing database files.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Microsoft Jet Database Remote Code Execution Vulnerability
CAN-2005-0945
|
High |
Hexview Advisory, ID: HEXVIEW*
2005*03*31*1 |
Microsoft
Windows Explorer and Internet Explorer in Windows 2000 SP1 |
A vulnerability has been reported that could let remote malicious users cause a Denial of Service via a malformed Windows Metafile (WMF) file.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
Microsoft Windows Explorer and Internet Explorer Denial of Service Vulnerability
CAN-2005-0954
|
Low |
Bugtraq: 20050331, March 31, 2005 |
Microsoft
Microsoft Windows Server 2003 Datacenter Edition, Enterprise Edition, Standard Edition, Web Edition |
Multiple vulnerabilities have been reported that could let a local malicious users cause a Denial of Service. One vulnerability is caused due to an error when the SMB
redirector receives a browser announcement frame and tries to run code that is paged out. Another vulnerability is caused due to an error in the printer driver.
Update to Service Pack 1 for Windows Server 2003:
Windows Server 2003 SP1 (32-bit):
http://www.microsoft.com/downloads/
details.aspx?FamilyId=22CFC239-337C-
4D81-8354-72593B1C1F43
Windows Server 2003 SP1 (Itanium): http://www.microsoft.com/downloads/
details.aspx?FamilyId=890C5C44-815C-
45BD-8B08-4FE901BB8FDF
Currently we are not aware of any exploits for these vulnerabilities. |
Microsoft Windows Server 2003 Local Denial of Service Vulnerabilities |
Low |
Secunia SA14808,
April 5, 2005 |
NetManage
RUMBA 7.3 |
Multiple buffer overflow vulnerabilities have been reported when RTO and WPA profiles are loaded, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.
No workaround or patch available at time of publishing.
Proofs of Concept exploits have been published.
|
|
Low/ High
(High if arbitrary code can be executed)
|
Security Focus,
12965, April 1, 2005 |
Symantec
Norton System Works 2004 and 2005,
Norton Internet Security 2004 and 2005,
Norton AntiVirus 2004 and 2005 |
Two vulnerabilities were reported in the AutoProtect feature that could let a malicious user create a file or modify a filename to cause a Denial of Service. A user can create a special file of a specific file type that when scanned by the AutoProtect feature will cause a Denial of Service. Also, if a certain type of shared file has its filename modified, the SmartScan analysis of the filename modification may cause a Denial of Service.
A fix is available via LiveUpdate.
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low |
Symantec Advisory, SYM05-006
March 28, 2005
US-CERT
VU#146020
US-CERT
VU#713620 |
[back to
top]
UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
Andrew Church
IRC Services prior to 5.0.50 |
A vulnerability has been reported in NickServ LISTLINKS, which could let a remote malicious user obtain sensitive information.
Update available at:
http://www.ircservices.esper.net/
download.html
Currently, we are not aware of any exploits for this vulnerability. |
IRC Services LISTLINKS Information Disclosure
|
Medium |
Security Tracker
Alert, 1013622,
April 1, 2005 |
bzip2
bzip2 1.0.2 & prior |
A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions of target files.
No workaround or patch available at time of publishing.
There is no exploit code required. |
|
Medium |
Security Focus,
12954,
March 31, 2005 |
Carnegie Mellon University
Cyrus IMAP Server 2.x
|
Multiple vulnerabilities exist: a buffer overflow vulnerability exists in mailbox handling due to an off-by-one boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in the imapd annotate extension due to an off-by-one boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in 'fetchnews,' which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exist because remote administrative users can exploit the backend; and a buffer overflow vulnerability exists in imapd due to a boundary error, which could let a remote malicious user execute arbitrary code.
Update available at:
http://ftp.andrew.cmu.edu/pub/
cyrus/cyrus-imapd-2.2.11.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-29.xml
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/c/cyrus21-imapd/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
ALT Linux:
http://lists.altlinux.ru/pipermail/
security-announce/2005-March
/000287.html
OpenPKG:
ftp://ftp.openpkg.org/release/
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
Secunia Advisory,
SA14383,
February 24, 2005
Gentoo Linux Security Advisory, GLSA 200502-29,
February 23, 2005
SUSE Security Announcement,
SUSE-SA:2005:009, February 24, 2005
Ubuntu Security
Notice USN-87-1,
February 28, 2005
Mandrakelinux
Security Update Advisory,
MDKSA-2005:051, March 4, 2005
Conectiva Linux Security
Announcement,
CLA-2005:937,
March 17, 2005
ALTLinux Security Advisory,
March 29, 2005
OpenPKG Security Advisory,
OpenPKG-SA-2005.005,
April 5, 2005 |
Dnsmasq
Dnsmasq 2.0-2.20 |
Multiple vulnerabilities have been reported: a buffer overflow vulnerability has been reported due to an off-by-one error when reading the DHCP lease file, which could let a remote malicious user cause a Denial of Service; and a vulnerability has been reported when receiving DNS replies due to insufficient validation, which could let a remote malicious user poison the DNS cache.
Upgrades available at:
http://www.thekelleys.org.uk/dnsmasq/
dnsmasq-2.21.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-03.xml
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/ Medium
(Medium if the DNS cache can be poisoned)
|
Security Focus,
12897,
March 25, 2005
Gentoo Linux Security Advisory, GLSA 200504-03,
April 4, 2005 |
FreeBSD
FreeBSD 5.4 & prior |
A vulnerability has been reported in the 'sendfile()' system call due to a failure to secure sensitive memory before distributing it over the network, which could let a malicious user obtain sensitive information.
Patches available at:
ftp://ftp.FreeBSD.org/pub/FreeBSD/
CERT/patches/SA-05:02/
There is no exploit code required. |
|
Medium |
FreeBSD Security Advisory,
FreeBSD-SA-05:02, April 5, 2005 |
GNU
gzip 1.2.4, 1.3.3 |
A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions.
No workaround or patch available at time of publishing.
There is no exploit code required. |
GNU GZip File Permission Modification |
Medium |
Security Focus,
12996,
April 5, 2005 |
GNU
sharutils 4.2, 4.2.1 |
Multiple buffer overflow vulnerabilities exists due to a failure to verify the length of user-supplied strings prior to copying them into finite process buffers, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
Gentoo:
http://security.gentoo.org/
glsa/glsa-200410-01.xml
FedoraLegacy:
http://download.fedoralegacy.
org/fedora/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sharutils/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
We are not aware of any exploits for this vulnerability. |
|
Low/ High
(High if arbitrary code can be executed)
|
Gentoo Linux
Security Advisory, GLSA 200410-01, October 1, 2004
Fedora Legacy
Update Advisory, FLSA:2155,
March 24, 2005
Ubuntu Security
Notice, USN-102-1 March 29, 2005
Fedora Update Notifications,
FEDORA-2005-
280 & 281, April 1, 2005 |
GNU
sharutils 4.2, 4.2.1 |
A vulnerability has been reported in the 'unshar' utility due to the insecure creation of temporary files, which could let a malicious user create/overwrite arbitrary files.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sharutils/
There is no exploit code required. |
GNU Sharutils 'Unshar' Insecure Temporary File Creation |
Medium |
Ubuntu Security
Notice, USN-104-1, April 4, 2005 |
GNU
Xpdf prior to 3.00pl2 |
A buffer overflow vulnerability exists that could allow a remote user to execute arbitrary code on the target user's system. A remote user can create a specially crafted PDF file that, when viewed by the target user, will trigger an overflow and execute arbitrary code with the privileges of the target user.
A fixed version (3.00pl2) is available at:
http://www.foolabs.com/xpdf/
download.html
A patch is available:
ftp://ftp.foolabs.com/pub/xpdf/
xpdf-3.00pl2.patch
KDE:
http://www.kde.org/info/security/
advisory-20041223-1.txt
Gentoo:
http://security.gentoo.org/glsa
/glsa-200412-24.xml
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core
/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/
Mandrakesoft (update for koffice):
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2004:165
Mandrakesoft (update for kdegraphics):
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2004:163
Mandrakesoft (update for gpdf):
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2004:162
Mandrakesoft (update for xpdf):
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2004:161
Mandrakesoft (update for tetex):
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2004:166
Debian:
http://www.debian.org/
security/2004/dsa-619
Fedora (update for tetex):
http://download.fedora.redhat.
com/pub/fedora/linux/
core/updates/
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core/
updates/3/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-13.xml
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
SGI:
http://support.sgi.com/browse_
request/linux_patches_by_os
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
SuSE:
ftp://ftp.suse.com/pub/suse/
FedoraLegacy:
http://download.fedoralegacy.
org/fedora/1/updates/
FedoraLegacy:
http://download.fedoralegacy.
org/redhat/
SUSE:
ftp://ftp.SUSE.com
/pub/SUSE
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-026.html
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-354.html
Currently we are not aware of any exploits for this vulnerability. |
GNU Xpdf Buffer Overflow in doImage()
CAN-2004-1125 |
High |
iDEFENSE Security Advisory 12.21.04
KDE Security
Advisory,
December 23, 2004
Mandrakesoft,
MDKSA-2004:
161,162,
163,165, 166, December 29, 2004
Fedora Update Notification,
FEDORA-2004-585, January 6, 2005
Gentoo Linux
Security Advisory, GLSA 200501-13,
January 10, 2005
Conectiva Linux Security
Announcement,
CLA-2005:921,
January 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005
Avaya Security Advisory,
ASA-2005-027,
January 25, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Fedora Legacy
Update Advisory, FLSA:2353,
February 10, 2005
Fedora Legacy
Update Advisory, FLSA:2127,
March 2, 2005
SUSE Security Announcement,
SUSE-SA:2005
:015, March 14, 2005
RedHat Security Advisory,
RHSA-2005:026-15,
March 16, 2005
SuSE Security Summary Report, SUSE-SR:2005:008, March 18, 2005
RedHat Security Advisory, RHSA-2005:354-03,
April 1, 2005
|
Grip
Grip 3.1.2, 3.2 .0 |
A buffer overflow vulnerability has been reported in the CDDB protocol due to a boundary error, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core/
updates
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-21.xml
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-304.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Currently we are not aware of any exploits for this vulnerability. |
|
Low/
High
(High if arbitrary code can be executed)
|
Fedora Update Notifications,
FEDORA-2005-
202 & 203,
March 9, 2005
Gentoo Linux
Security Advisory,
GLSA 200503-21,
March 17, 2005
RedHat Security Advisory, RHSA-2005:304-08,
March 28, 2005
Mandrakelinux Security Update Advisory,
MDKSA-2005:066,
April 3, 2005 |
IBM
AIX 5.1 L, 5.1, 5.2 L, 5.2, 5.3 L, 5.3 |
A vulnerability has been reported in the '/SBIN/RC.BOOT' script due to the insecure creation of temporary files, which could let a malicious user corrupt arbitrary files with superuser privileges.
Updates available at:
http://www-912.ibm.com/
eserver/support/fixes/
Currently we are not aware of any exploits for this vulnerability. |
IBM AIX 'RC.BOOT' Insecure Temporary File Creation |
High |
Security Focus,
12992,
April 4, 2005 |
ImageMagick
ImageMagick 5.3.3, 5.3.8, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8 .2-1.1.0 , 5.4.8, 5.5.3 .2-1.2.0, 5.5.4, 5.5.6 .0-20030409, 5.5.6, 5.5.7, 6.0, 6.0.1 |
Several vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported in the decoder due to a failure to handle malformed TIFF tags; a remote Denial of Service vulnerability has been reported due to a failure to handle malformed TIFF images; a remote Denial of Service vulnerability has been reported due to a failure to handle malformed PSD files; and a buffer overflow vulnerability has been reported in the SGI parser, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://www.imagemagick.org/
script/download.php?
SuSE:
ftp://ftp.suse.com/pub/suse
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-070.html
Debian:
http://security.debian.org/pool/
updates/main/i/imagemagick/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/ High
(High if arbitrary code can be executed)
|
Security Tracker
Alert, 1013550,
March 24, 2005
Debian Security Advisory,
DSA 702-1,
April 1, 2005
Mandrakelinux Security Update Advisory,
MDKSA-2005:065, April 3, 2005 |
ImageMagick
ImageMagick 5.3.3, 5.4.3, 5.4.4.5, 5.4.7, 5.4.8 .2-1.1.0, 5.4.8,
5.5.3 .2-1.2.0, 5.5.6 .0-20030409, 5.5.7, 6.0, 6.0.1, 6.0.3-6.0.8 |
A buffer overflow vulnerability exists in the 'EXIF' parsing routine due to a boundary error, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://sourceforge.net/project/
showfiles.php?group_id=24099
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/i/imagemagick/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-11.xml
Debian:
http://security.debian.org/pool/
updates/main/i/imagemagick/
SUSE:
ftp://ftp.SUSE.com/pub/
SUSE/i386/update/
Mandrakesoft:
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2004:143
(Red Hat has re-issued it's update.)
http://rhn.redhat.com/errata/
RHSA-2004-480.html
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core/
updates/3/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Security Tracker
Alert ID, 1011946,
October 26, 2004
Gentoo Linux Security Advisory, GLSA 200411-11:01, November 6, 2004
Debian Security Advisory DSA 593-1, November 16, 2004
SUSE Security Announcement,
SUSE-SA:2004:041, November 17, 2004
SUSE Security Summary Report,
SUSE-SR:2004:001, November 24, 2004
Mandrakesoft
Security Advisory,
MDKSA-2004:143, December 6, 2004
Red Hat Security Advisory,
RHSA-2004:636-03, December 8, 2004
Turbolinux Security Advisory,
TLSA-2005-7,
January 26, 2005
Fedora Update Notification,
FEDORA-2005-221, March 15, 2005
Fedora Update Notifications,
FEDORA-2005-
234 & 235,
March 30, 2005 |
libexif
libexif 0.6.9, 0.6.11 |
A vulnerability exists in the 'EXIF' library due to insufficient validation of 'EXIF' tag structure, which could let a remote malicious user execute arbitrary code.
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/libe/libexif/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-17.xml
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-300.html
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Ubuntu Security
Notice USN-91-1, March 7, 2005
Fedora Update Notifications,
FEDORA-2005-
199 & 200,
March 8, 2005
Gentoo Linux
Security Advisory,
GLSA 200503-17, March 12, 2005
RedHat Security Advisory,
RHSA-2005:300-08, March 21, 2005
Mandrakelinux Security Update Advisory,
MDKSA-2005:064, March 31, 2005 |
libtiff.org
LibTIFF 3.6.1
Avaya MN100 (All versions), Avaya Intuity LX (version 1.1-5.x), Avaya Modular Messaging MSS (All versions)
|
Several buffer overflow vulnerabilities exist: a vulnerability exists because a specially crafted image file can be created, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a remote Denial of Service vulnerability exists in 'libtiff/tif_dirread.c' due to a division by zero error; and a vulnerability exists in the 'tif_next.c,' 'tif_thunder.c,' and 'tif_luv.c' RLE decoding routines, which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool/
updates/main/t/tiff/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200410-11.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/
linux/core/updates/2/
OpenPKG:
ftp://ftp.openpkg.org/release/
Trustix:
ftp://ftp.trustix.org/pub/trustix/updates/
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
SuSE:
ftp://ftp.suse.com/pub/suse/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-577.html
Slackware:
ftp://ftp.slackware.com/pub/slackware/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
KDE: Update to version 3.3.2:
http://kde.org/download/
Apple Mac OS X:
http://www.apple.com/swupdates/
Gentoo: KDE kfax:
http://www.gentoo.org/security
/en/glsa/glsa-200412-17.xml
Avaya: No solution but workarounds available at:
http://support.avaya.com/elmodocs2/
security/ASA-2005-002_RHSA-2004-577.pdf
TurboLinux:
http://www.turbolinux.com/update/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-354.html
Proofs of Concept exploits have been published.
|
|
Low/ High
(High if arbitrary code can be execute)
|
Gentoo Linux
Security Advisory,
GLSA 200410-11, October 13, 2004
Fedora Update Notification,
FEDORA-2004-334, October 14, 2004
OpenPKG Security Advisory,
OpenPKG-SA-2004.043,
October 14, 2004
Debian Security Advisory,
DSA 567-1,
October 15, 2004
Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, 2004
Mandrakelinux
Security Update Advisory, MDKSA-2004:109 &
MDKSA-2004:111, October 20 & 21,
2004
SuSE Security Announcement,
SUSE-SA:2004:038, October 22, 2004
RedHat Security Advisory,
RHSA-2004:577-16,
October 22, 2004
Slackware Security Advisory,
SSA:2004-305-02, November 1, 2004
Conectiva Linux Security
Announcement,
CLA-2004:888, November 8, 2004
US-CERT
Vulnerability Notes VU#687568 & VU#948752,
December 1, 2004
Gentoo Linux Security Advisory, GLSA 200412-02,
December 6, 2004
KDE Security
Advisory,
December 9, 2004
Apple Security
Update
SA-2004-12-02
Gentoo Security Advisory, GLSA 200412-17 / kfax, December 19, 2004
Avaya Advisory
ASA-2005-002,
January 5, 2005
Conectiva Linux Security
Announcement,
CLA-2005:914,
January 6, 2005
Turbolinux Security Announcement,
January 20, 2005
Mandrakelinux
Security Update Advisory,
MDKSA-2005:052, March 4, 2005
RedHat Security Advisory,
RHSA-2005:354-03,
April 1, 2005 |
Mailreader.com
Mailreader.com 2.3.29 |
A vulnerability has been reported in 'network.cgi' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML code.
Debian:
http://security.debian.org/pool/
updates/main/m/mailreader/
There is no exploit code required. |
|
High |
Debian Security Advisory DSA 700-1, March 30, 2005 |
Multiple Vendors
Carnegie Mellon University Cyrus IMAP Server 2.1.7, 2.1.9, 2.1.10, 2.1.16, 2.2 .0 ALPHA, 2.2.1 BETA, 2.2.2 BETA, 2.2.3-2.2.8; Trustix Secure Enterprise Linux 2.0, Secure Linux 2.0-2.2;
Ubuntu Linux 4.1 ppc, 4.1 ia64, 4.1 ia32 |
Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'PROXY' and 'LOGIN' commands if the 'IMAPMAGICPLUS' option is enabled, which could let a remote malicious user execute arbitrary code; an input validation vulnerability exists in the argument parser for the 'PARTIAL' command, which could let a remote malicious user execute arbitrary code; an input validation vulnerability exists in the argument handler for the 'FETCH' command, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the handler for the 'APPEND' command, which could let a remote malicious user execute arbitrary code.
Carnegie Mellon University:
ftp://ftp.andrew.cmu.edu/
pub/cyrus/
Debian:
http://security.debian.org/
pool/updates
/main/c/cyrus-imapd/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-34.xml
Mandrake:
http://www.mandrakesecure.
net/en/ftp.php
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main
/c/cyrus21-imapd/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
Fedora:
http://download.fedora.redhat.
com/pub
/fedora/linux/core/updates/
OpenPKG:
ftp://ftp.openpkg.org/release/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE/
Apple:
http://www.apple.com/support/
downloads/securityupdate
2005003client.html
An exploit script has been published. |
|
High |
Securiteam,
November 23, 2004
Debian Security Advisory, DSA 597-1, November 25, 2004
Gentoo Linux Security Advisory, GLSA 200411-34,
November 25, 2004
Mandrakelinux
Security Update Advisory,
MDKSA-2004:139, November 26, 2004
Trustix Secure Linux Advisory,
TSL-2004-0063. November 29, 2004
OpenPKG Security Advisory,
OpenPKG-SA-2004.051,
November 29, 2004
Conectiva Linux Security
Announcement,
CLA-2004:904, December 1, 2004
Fedora Update Notifications,
FEDORA-2004-
487 & 489,
December 1, 2004
SUSE Security Announcement,
SUSE-SA:2004:043, December 3, 2004
Apple Security
Update, APPLE-SA-2005-03-21,
March 21, 2005
PacketStorm,
March 30, 2005 |
Multiple Vendors
FreeNX 0.2 -0-0.2 -3, 0.2.4-0.2.7 |
A vulnerability exists in the 'XAUTHORITY' environment variable, which could let a malicious user bypass authentication.
Update available at:
http://debian.tu-bs.de/knoppix/
nx/freenx-0.2.8.tar.gz
SuSE:
ftp://ftp.suse.com/pub/suse/
Upgrade available at:
http://debian.tu-bs.de/knoppix/
nx/freenx-0.2.8.tar.gz
There is no exploit code required. |
|
Medium |
SUSE Security Summary Report, ID: SUSE-SR:2005:006, February 25, 2005
Security, 12663,
April 1, 2005 |
Multiple Vendors
ht//Dig Group ht://Dig 3.1.5 -8, 3.1.5 -7, 3.1.5, 3.1.6, 3.2 .0, 3.2 0b2-0b6; SuSE Linux 8.0, i386, 8.1, 8.2, 9.0, 9.0 x86_64, 9.1, 9.2 |
A Cross-Site Scripting vulnerability exists due to insufficient filtering of HTML code from the 'config' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
SuSE:
ftp://ftp.suse.com/pub/suse/
Debian:
http://security.debian.org/pool/
updates/main/h/htdig/
Gentoo:
http://security.gentoo.org/glsa/
glsa-200502-16.xml
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Proof of Concept exploit has been published. |
|
High |
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Debian Security Advisory ,DSA 680-1, February 14, 2005
Gentoo Linux Security Advisory, GLSA 200502-16,
February 14, 2005
Mandrakelinux Security Update Advisory,
MDKSA-2005:063, March 31, 2005 |
Multiple Vendors
Linux kernel 2.4 .0-test1-test12, 2.4-2.4.29, 2.6, 2.6-test1-test11, 2.6.1-2.6.11 |
Multiple vulnerabilities have been reported in the ISO9660 handling routines, which could let a malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/linux-source-2.6.8.1/
Currently we are not aware of any exploits for these vulnerabilities. |
Linux Kernel
Multiple ISO9660 Filesystem
Handling Vulnerabilities
CAN-2005-0815
|
High |
Security Focus,
12837,
March 18, 2005
Fedora Security
Update Notification,
FEDORA-2005-262, March 28, 2005
Ubuntu Security Notice, USN-103-1, April 1, 2005 |
Multiple Vendors
RedHat Fedora Core3 & Core 2;
Sylpheed Sylpheed 0.8, 0.8.11, 0.9.4-0.9.12, 0.9.99, 1.0 .0-1.0.3, 1.9-1.9.4 |
A buffer overflow vulnerability has been reported when handling email messages that contain attachments with MIME-encoded file names, which could let a remote malicious user execute arbitrary code.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Sylpheed:
http://sylpheed.good-day.net/
sylpheed/v1.0/sylpheed-1.0.4.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200504-02.xml
Currently we are not aware of any exploits for this vulnerability. |
Sylpheed MIME-Encoded
Attachment Name Buffer Overflow
CAN-2005-0926
|
High |
Fedora Update Notifications,
FEDORA-2005-
263 & 264,
March 29, 2005
Gentoo Linux Security Advisory, GLSA 200504-02,
April 2, 2005 |
Multiple Vendors
Squid Web Proxy Cache 2.5 .STABLE9, .STABLE8, .STABLE7 |
A vulnerability exists when using the Netscape Set-Cookie recommendations for handling cookies in caches due to a race condition, which could let a malicious user obtain sensitive information.
Patches available at:
http://www.squid-cache.org/Versions
/v2/2.5/bugs/squid-2.5.STABLE9-setcookie.patch
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/s/squid/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
There is no exploit code required.
|
Squid Proxy Set-Cookie Headers Information Disclosure
CAN-2005-0626
|
Medium |
Secunia Advisory, SA14451,
March 3, 2005
Ubuntu Security
Notice,
USN-93-1
March 08, 2005
Fedora Update Notifications,
FEDORA-2005-
275 & 276,
March 30, 2005 |
Multiple Vendors
Daniel Stenberg curl 6.0-6.4, 6.5-6.5.2, 7.1, 7.1.1, 7.2, 7.2.1, 7.3, 7.4, 7.4.1, 7.10.1, 7.10.3-7.10.7, 7.12.1 |
A buffer overflow vulnerability exists in the Kerberos authentication code in the 'Curl_krb_kauth()' and 'krb4_auth()' functions and in the NT Lan Manager (NTLM) authentication in the 'Curl_input_ntlm()' function, which could let a remote malicious user execute arbitrary code.
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/c/curl/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Updates available at:
http://curl.haxx.se/download/
curl-7.13.1.tar.gz
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-20.xml
Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/
ALT Linux:
http://lists.altlinux.ru/pipermail/
security-announce/2005-March
/000287.html
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-340.html
Currently we are not aware of any exploits for these vulnerabilities. |
Multiple Vendors cURL / libcURL Kerberos Authentication & 'Curl_input_ntlm()' Remote Buffer Overflows
CAN-2005-0490
|
High |
iDEFENSE
Security Advisory ,
February 21, 2005
Mandrakelinux
Security Update Advisory, MDKSA-2005:048, March 4, 2005
Gentoo Linux
Security Advisory, GLSA 200503-20,
March 16, 2005
Conectiva Linux Security
Announcement,
CLA-2005:940,
March 21, 2005
ALTLinux Security Advisory, March 29, 2005
RedHat Security Advisory,
RHSA-2005:340-09,
April 5, 2005 |
Multiple Vendors
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
Easy Software Products CUPS 1.0.4 -8, 1.0.4, 1.1.1, 1.1.4 -5, 1.1.4 -3, 1.1.4 -2, 1.1.4, 1.1.6, 1.1.7, 1.1.10, 1.1.12-1.1.20;
Gentoo Linux;
GNOME GPdf 0.112;
KDE KDE 3.2-3.2.3, 3.3, 3.3.1, kpdf 3.2;
RedHat Fedora Core2;
Ubuntu ubuntu 4.1, ppc, ia64, ia32, Xpdf Xpdf 0.90-0.93; 1.0.1, 1.0 0a, 1.0, 2.0 3, 2.0 1, 2.0, 3.0, SUSE Linux - all versions |
Several integer overflow vulnerabilities exist in 'pdftops/Catalog.cc' and 'pdftops/XRef.cc,' which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool
/updates/main/c/cupsys/
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/
core/updates/2/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200410-20.xml
KDE:
ftp://ftp.kde.org/pub/kde/
security_patches/
post-3.3.1-kdegraphics.diff
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/c/cupsys/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Debian:
http://security.debian.org/pool/
updates/main/t/tetex-bin/
SUSE: Update:
ftp://ftp.SUSE.com/pub/SUSE
Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-31.xml
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
FedoraLegacy:
http://download.fedoralegacy.org/
fedora/1/updates/
RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-132.html
FedoraLegacy:
http://download.fedoralegacy.
org/redhat/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-213.html
SGI:
ftp://patches.sgi.com/support/
free/security/advisories/
SUSE:
ftp://ftp.suse.com/pub/suse/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-354.html
Currently we are not aware of any exploits for these vulnerabilities. |
Multiple Vendors Xpdf PDFTOPS Multiple Integer Overflows
CAN-2004-0888
CAN-2004-0889 |
High |
Security Tracker
Alert ID, 1011865, October 21, 2004
Conectiva Linux Security
Announcement,
CLA-2004:886, November 8, 2004
Debian Security Advisory, DSA 599-1, November 25, 2004
SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004
Gentoo Linux Security Advisory,
GLSA 200501-31,
January 23, 2005
Fedora Update Notifications,
FEDORA-2005-122, 123, 133-136,
February 8 & 9, 2005
Fedora Legacy
Update Advisory, FLSA:2353,
February 10, 2005
Mandrakelinux
Security Update Advisories,
MDKSA-2005:
041-044,
February 18, 2005
RedHat Security Advisory,
RHSA-2005:132-09,
February, 18. 2005
Fedora Legacy
Update Advisory,
FLSA:2127,
March 2, 2005
Mandrakelinux
Security Update Advisory, MDKSA-2005:052, March 4, 2005
RedHat Security Advisory, RHSA-2005:213-04,
March 4, 2005
SGI Security
Advisory,
20050204-01-U,
March 7, 2005
SUSE Security Summary Report, SUSE-SR:2005:008, March 18, 2005
RedHat Security Advisory,
RHSA-2005:354-03,
April 1, 2005 |
Multiple Vendors
Enlightenment Imlib2 1.0-1.0.5, 1.1, 1.1.1;
ImageMagick ImageMagick 5.4.3, 5.4.4 .5, 5.4.8 .2-1.1.0 , 5.5.3 .2-1.2.0, 5.5.6 .0- 2003040, 5.5.7,6.0.2;
Imlib Imlib 1.9-1.9.14 |
Multiple buffer overflow vulnerabilities exist in the Iimlib/Imlib2 libraries when handling malformed bitmap images, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
lmlib:
http://cvs.sourceforge.net/
viewcvs.py/enlightenment/e17/
ImageMagick:
http://www.imagemagick.org/
www/download.html
Gentoo:
http://security.gentoo.org/
glsa/glsa-200409-12.xml
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Fedora:
http://download.fedora.redhat.com/pub/
fedora/linux/core/updates/
Debian:
http://security.debian.org/pool/
updates/main/i/imagemagick/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-465.html
SUSE:
ftp://ftp.SUSE.com/pub/SUSE/
TurboLinux:
ftp://ftp.turbolinux.com/pub/TurboLinux/
TurboLinux/ia32/Desktop/
Conectiva:
ftp://atualizacoes.conectiva.com.br/
Sun:
http://sunsolve.sun.com/search/document.do?
assetkey=1-26-57648-1&searchclause=
http://sunsolve.sun.com/search/document.do?
assetkey=1-26-57645-1&searchclause=
TurboLinux:
ftp://ftp.turbolinux.com/pub/
TurboLinux/TurboLinux/ia32/
RedHat:
http://rhn.redhat.com/errata/RHSA-2004-480.html
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/i/imagemagick/i
RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-636.html
SUSE:
ftp://ftp.SUSE.com/pub/SUSE/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Currently we are not aware of any exploits for these vulnerabilities.
|
IMLib/IMLib2 Multiple BMP Image
Decoding Buffer Overflows
CAN-2004-0817
CAN-2004-0802 |
Low/ High
(High if arbitrary code can be executed)
|
Security Focus, September 1, 2004
Gentoo Linux Security Advisory, GLSA 200409-12,
September 8, 2004
Mandrakelinux Security Update Advisory, MDKSA-2004:089, September 8, 2004
Fedora Update Notifications,
FEDORA-2004-300 &301, September 9, 2004
Turbolinux Security Advisory,
TLSA-2004-27, September 15, 2004
RedHat Security Advisory, RHSA-2004:465-08, September 15, 2004
Debian Security Advisories,
DSA 547-1 & 548-1, September 16, 2004
Conectiva Linux Security
Announcement,
CLA-2004:870, September 28, 2004
Sun(sm) Alert Notifications,
57645 & 57648,
September 20, 2004
Turbolinux Security Announcement,
October 5, 2004
RedHat Security Update, RHSA-2004:480-05,
October 20, 2004
Ubuntu Security
Notice USN-35-1, November 30, 2004
RedHat Security Advisory, RHSA-2004:636-03, December 8, 2004
SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005
Fedora Update Notifications,
FEDORA-2005-
234 & 235,
March 30, 2005 |
Multiple Vendors
GNOME GdkPixbuf 0.22
GTK GTK+ 2.4.14
RedHat Fedora Core3
RedHat Fedora Core2 |
A remote Denial of Service vulnerability has been reported due to a double free error in the BMP loader.
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-344.html
http://rhn.redhat.com/
errata/RHSA-2005-343.html
Currently we are not aware of any exploits for this vulnerability. |
GDK-Pixbuf BMP Image Processing Double Free Remote Denial of Service
CAN-2005-0891
|
Low |
Fedora Update Notifications,
FEDORA-2005-
265, 266, 267 & 268,
March 30, 2005
RedHat Security Advisories,
RHSA-2005:344-03 & RHSA-2005:343-03, April 1 & 4, 2005 |
Multiple Vendors
ImageMagick 5.3.3, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8 .2-1.1.0, 5.4.8, 5.5.3 .2-1.2.0, 5.5.6 .0-20030409, 5.5.7, 6.0-6.0.8, 6.1-6.1.7, 6.2 |
A format string vulnerability exists when handling malformed file names, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
Update available at:
http://www.imagemagick.org/script/
downloads.php
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/i/imagemagick/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-11.xml
SUSE:
ftp://ftp.suse.com/pub/suse/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-320.html
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Debian:
http://security.debian.org/pool
/updates/main/i/imagemagick/
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Currently we are not aware of any exploits for this vulnerability. |
ImageMagick File Name Handling Remote Format String
CAN-2005-0397
|
Low/ High
(High if arbitrary code can be executed)
|
Secunia Advisory,
SA14466, March 4, 2005
Ubuntu Security
Notice, USN-90-1, March 3, 2004
SUSE Security Announcement,
SUSE-SA:2005:017, March 23, 2005
RedHat Security Advisory, RHSA-2005:320-10,
March 23, 2005
Fedora Update Notifications,
FEDORA-2005-
234 & 235,
March 30, 2005
Debian Security Advisory,
DSA 702-1 ,
April 1, 2005
Mandrakelinux Security Update Advisory,
MDKSA-2005:065, April 3, 2005 |
Multiple Vendors
IPsec-Tools IPsec-Tools 0.5; KAME Racoon prior to 20050307 |
A remote Denial of Service vulnerability has been reported when parsing ISAKMP headers.
Upgrades available at:
http://www.kame.net/snap-users/
Fedora:
http://download.fedora.redhat.
com/pub/fedora/linux/core/
updates/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-232.html
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-30.xml
ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/i/ipsec-tools/
Currently we are not aware of any exploits for this vulnerability. |
KAME Racoon Malformed ISAKMP Packet Headers Remote Denial of Service
CAN-2005-0398
|
Low |
Fedora Update Notifications,
FEDORA-2005-
216 & 217,
March 14, 2005
RedHat Security Advisory,
RHSA-2005:232-10, March 23, 2005
Gentoo Linux
Security Advisory, GLSA 200503-33,
March 25, 2005
ALTLinux Security Advisory,
March 29, 2005
SUSE Security Announcement, SUSE-SA:2005:020, March 31, 2005
Ubuntu Security Notice, USN-107-1, April 05, 2005 |
Multiple Vendors
Linux kernel 2.4-2.4.29, 2.6 .10, 2.6-2.6.11 |
A vulnerability has been reported in the 'bluez_sock_create()' function when a negative integer value is submitted, which could let a malicious user execute arbitrary code with root privileges.
Patches available at:
http://www.kernel.org/pub/linux/
kernel/v2.4/testing/patch-2.4.30-rc3.bz2
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Trustix:
http://http.trustix.org/pub/
trustix/updates/
A Proof of Concept exploit script has been published. |
|
High |
Security Tracker
Alert, 1013567,
March 27, 2005
SUSE Security Announcement, SUSE-SA:2005
:021, April 4, 2005
Trustix Secure
Linux Security Advisory,
TSLSA-2005-0011, April 5, 2005
US-CERT
VU#685461 |
Multiple Vendors
Linux kernel 2.4-2.4.30, 2.6-2.6.11 |
A vulnerability has been reported due to insufficient access control of the 'N_MOUSE' line discipline, which could let a malicious user inject mouse and keyboard events into an alternate X session or console.
Patches available at:
http://www.securityfocus.com/data
/vulnerabilities/patches/serport.patch
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/
Currently we are not aware of any exploits for this vulnerability.
|
Linux Kernel Serial Driver Mouse And Keyboard Event Injection
CAN-2005-0839
|
Medium |
Security Focus,
12971,
April 1, 2005 |
Multiple Vendors
Linux kernel 2.4-2.4.30, 2.6-2.6.11; Ubuntu Linux 4.1 ppc, ia64, ia32 |
A Denial of Service vulnerability has been reported in the 'TmpFS' driver due to insufficient sanitization of the 'shm_nopage()' argument.
Patch available at:
http://www.securityfocus.com/data/
vulnerabilities/patches/shmem.patch
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Security Focus,
12970
April 1, 2005 |
Multiple Vendors
Linux kernel 2.5.0-2.5.69, 2.6-2.6.11 |
A Denial of Service vulnerability has been reported in 'kernel/futex.c.'
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Security Tracker
Alert, 1013616,
March 31, 2005 |
Multiple Vendors
Linux kernel 2.6 .10,
Linux kernel 2.6 -test1-test11, 2.6-2.6.8 |
A Denial of Service vulnerability has been reported in the Netfilter code due to a memory leak.
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/linux-
source-2.6.8.1/
SuSE:
ftp://ftp.suse.com/pub/suse/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/
Currently we are not aware of any exploits for this vulnerability. |
Linux Kernel
Netfilter Memory Leak
Denial of Service
CAN-2005-0210
|
Low |
Ubuntu Security
Notice, USN-95-1 March 15, 2005
SUSE Security Announcement,
SUSE-SA:2005:
018, March 24, 2005
Fedora Security
Update Notification,
FEDORA-2005-262, March 28, 2005
Conectiva Linux Security Announcement,
CLA-2005:945,
March 31, 2005 |
Multiple Vendors
Linux Kernel 2.6.10, 2.6 -test1-test11, 2.6-2.6.11 |
A Denial of Service vulnerability has been reported in the 'load_elf_library' function.
Patches available at:
http://www.kernel.org/pub/
linux/kernel/v2.6/patch-2.6.11.6.bz2
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Fedora Security
Update Notification,
FEDORA-2005-262, March 28, 2005
Trustix Secure
Linux Security Advisory,
TSLSA-2005-0011, April 5, 2005 |
Multiple Vendors
Linux kernel 2.6.10, 2.6 -test9-CVS, 2.6-test1- -test11, 2.6, 2.6.1-2.6.11 ; RedHat Desktop 4.0, Enterprise Linux WS 4, ES 4, AS 4 |
Multiple vulnerabilities exist: a vulnerability exists in the 'shmctl' function, which could let a malicious user obtain sensitive information; a Denial of Service vulnerability exists in 'nls_ascii.c' due to the use of incorrect table sizes; a race condition vulnerability exists in the 'setsid()' function; and a vulnerability exists in the OUTS instruction on the AMD64 and Intel EM64T architecture, which could let a malicious user obtain elevated privileges.
RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/linux-source-2.6.8.1/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low/ Medium
(Low if a DoS)
|
Ubuntu Security
Notice, USN-82-1, February 15, 2005
RedHat Security Advisory,
RHSA-2005:092-14, February 18, 2005
SUSE Security Announcement,
SUSE-SA:2005:018, March 24, 2005
Fedora Security
Update Notification,
FEDORA-2005-262, March 28, 2005
Conectiva Linux Security Announcement,
CLA-2005:945,
March 31, 2005 |
Multiple Vendors
Linux kernel 2.6.10, 2.6, -test1-test 11, 2.6.1- 2.6.11;
RedHat Fedora Core2 |
A vulnerability has been reported in the EXT2 filesystem handling code, which could let malicious user obtain sensitive information.
Patches available at:
http://www.kernel.org/pub/linux/
kernel/v2.6/patch-2.6.11.6.bz2
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/2/
Trustix:
http://http.trustix.org/pub/
trustix/updates/
Currently we are not aware of any exploits for this vulnerability. |
|
Medium |
Security Focus,
12932,
March 29, 2005
Trustix Secure
Linux Security Advisory,
TSLSA-2005-0011, April 5, 2005 |
Multiple Vendors
Linux kernel 2.6.8 rc1-rc3, 2.6.8, 2.6.11 -rc2-rc4, 2.6.11
|
A Denial of Service vulnerability has been reported due to an error in the AIO (Asynchronous I/O) support in the "is_hugepage_only_range()" function.
No workaround or patch available at time of publishing.
Currently, we are not aware of any exploits for this vulnerability. |
Linux Kernel Asynchronous Input/Output Local Denial Of Service
CAN-2005-0916
|
Low |
Secunia Advisory, SA14718,
April 4, 2005 |
Multiple Vendors
RedHat Fedora Core3, Core2;
Rob Flynn Gaim 1.2; Ubuntu Linux 4.1 ppc, ia64, ia32 |
Two vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported due to a buffer overflow in the
'gaim_markup_strip_html()' function; and a vulnerability has been reported in the IRC protocol plug-in due to insufficient sanitization of the 'irc_msg' data, which could let a remote malicious user execute arbitrary code.
Update available at:
http://gaim.sourceforge.net
/downloads.php
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gaim/
Currently we are not aware of any exploits for these vulnerabilities. |
Gaim 'Gaim_Markup_
Strip_HTML()' Function Remote
Denial of Service & IRC Protocol Plug-in Arbitrary Code Execution
CAN-2005-0965
CAN-2005-0966
|
Low/ High
(High if arbitrary code can be executed)
|
Fedora Update Notifications,
FEDORA-2005
-298 & 299,
April 5, 2005
Ubuntu Security
Notice, USN-106-1
April 05, 2005 |
Multiple Vendors
RedHat Fedora Core3, Core2;
Rob Flynn Gaim 1.2 |
A remote Denial of Service vulnerability has been reported when an unspecified Jabber file transfer request is handled.
Upgrade available at:
http://gaim.sourceforge.net/
downloads.php
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
There is no exploit code required. |
Gaim Jabber File Request Remote Denial of Service |
Low |
Fedora Update Notifications,
FEDORA-2005-
298 & 299,
April 5, 2005 |
Multiple Vendors
Samba 2.2.9, 3.0.8 and prior |
An integer overflow vulnerability in all versions of Samba's smbd 0.8 could allow an remote malicious user to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges.
Patches available at:
http://www.samba.org/samba/ftp/patches/
security/samba-3.0.9-CAN-2004-1154.patch
Red Hat:
http://rhn.redhat.com/errata/
RHSA-2004-670.html
Gentoo:
http://www.gentoo.org/security/
en/glsa/glsa-200412-13.xml
Trustix:
http://www.trustix.net/errata/2004/0066/
Red Hat (Updated):
http://rhn.redhat.com/errata/
RHSA-2004-670.html
Fedora:
http://download.fedora.redhat.com/pub
/fedora/linux/core/updates/
SUSE:
http://www.novell.com/linux/security/
advisories/2004_45_samba.html
Mandrakesoft:
http://www.mandrakesoft.com/security/
advisories?name=MDKSA-2004:158
Conectiva:
ftp://atualizacoes.conectiva.com.br/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-020.html
HP:
http://software.hp.com
TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/
SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.17
Debian:
http://security.debian.org/pool/
updates/main/s/samba/
Currently we are not aware of any exploits for this vulnerability. |
|
|
iDEFENSE Security Advisory 12.16.04
Red Hat Advisory, RHSA-2004:670-10, December 16, 2004
Gentoo Security Advisory, GLSA 200412-13 / Samba, December 17, 2004
US-CERT,
Vulnerability Note VU#226184,
December 17, 2004
Trustix Secure Linux Advisory #2004-0066, December 17, 2004
Red Hat, RHSA-2004:670-10, December 16, 2004
SUSE, SUSE-SA:2004:045, December 22, 2004
RedHat Security Advisory, RHSA-2005:020-04,
January 5, 2005
Conectiva Linux Security
Announcement,
CLA-2005:913,
January 6, 2005
Turbolinux Security Announcement, February 7, 2005
HP Security Advisory, HPSBUX01115, February 3, 2005
SCO Security
Advisory, SCOSA-2005.17,
March 7, 2005
Debian Security Advisory,
DSA 701-1,
March 31, 2005 |
Multiple Vendors
X.org X11R6 6.7.0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0, 4.0.1, 4.0.2 -11, 4.0.3, 4.1.0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1, 4.3.0.2, 4.3.0.1, 4.3.0 |
An integer overflow vulnerability exists in 'scan.c' due to insufficient sanity checks on on the 'bitmap_unit' value, which could let a remote malicious user execute arbitrary code.
Patch available at:
https://bugs.freedesktop.org/
attachment.cgi?id=1909
Gentoo:
http://security.gentoo.org/glsa/
glsa-200503-08.xml
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/l/lesstif1-1/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-15.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/x/xfree86/
ALTLinux:
http://lists.altlinux.ru/
pipermail/security-announce/
2005-March/000287.html
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-331.html
Currently we are not aware of any exploits for this vulnerability. |
|
High |
Security Focus,
12714,
March 2, 2005
Gentoo Linux
Security Advisory,
GLSA 200503-08, March 4, 2005
Ubuntu Security
Notice, USN-92-1 March 07, 2005
Gentoo Linux
Security Advisory, GLSA 200503-15,
March 12, 2005
Ubuntu Security
Notice, USN-97-1
March 16, 2005
ALTLinux Security Advisory, March 29, 2005
Fedora Update Notifications,
FEDORA-2005
-272 & 273,
March 29, 2005
RedHat Security Advisory,
RHSA-2005:
331-06,
March 30, 2005 |
OpenBSD
OpenBSD 3.5, 3.6 |
Multiple remote Denials of Service vulnerabilities has been reported in 'tcp_input.c' and 'tcp_usrreq.c' when a malicious user submits TCP packets with invalid SACK options.
Patches available at:
ftp://ftp.openbsd.org/pub/OpenBSD
/patches/3.5/common/030_sack.patch
ftp://ftp.openbsd.org/pub/OpenBSD/
patches/3.6/common/013_sack.patch
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low |
Security Tracker
Alert, 1013611,
March 30, 2005 |
PHP Arena
paFileDB 1.1.3, 2.1.1, 3.0 Beta 3.1, 3.0, 3.1 |
Two vulnerabilities have been reported: a vulnerability has been reported in 'pafiledb.php' due to insufficient sanitization of the 'sortby' parameter, which could let a remote malicious user inject arbitrary SQL commands; and a Cross-Site Scripting vulnerability has been reported in 'pafiledb.php' due to insufficient sanitization of the 'id' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
|
High |
Dcrab 's Security Advisory,
March 30, 2005 |
phpMyAdmin
phpMyAdmin 2.0-2.0.5, 2.1- 2.1.2, 2.2, pre 1&pre2, rc1-rc3, 2.2.2-2.2.6, 2.3.1, 2.3.2, 2.4.0, 2.5.0-2.5.2, 2.5.4-2.5.7, 2.6.0pl1-2.6.0pl3, 2.6.1, pl1&pl3, 2.6.1 -rc1 |
A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'convcharset' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrades available at:
http://prdownloads.sourceforge.net
/phpmyadmin/phpMyAdmin-2.6.2-rc1.
tar.gz?download
There is no exploit code required; however, a Proof of Concept exploit has been published. |
phpMyAdmin 'convcharset' Cross-Site Scripting |
High |
phpMyAdmin
Security
Announcement, PMASA-2005-3,
April 3, 2005 |
Remstats
Network Analysis Utility 1.0 a4-1.0.13 a |
Several vulnerabilities have been reported: a vulnerability has been reported due to the creation of insecure files, which could let a remote malicious user create/overwrite arbitrary files; and a vulnerability has been reported due to insufficient sanitization of user-supplied input before carrying out critical functionality, which could let a remote malicious user execute arbitrary code.
Debian:
http://security.debian.org/pool/
updates/main/r/remstats/
There is no exploit code required. |
|
High |
Debian Security Advisory,
DSA 704-1,
April 4, 2005 |
SCO
Open Server 5.0.7 |
A buffer overflow vulnerability has been reported in 'nwprint' due to insufficient bounds checking, which could let a malicious user obtain elevated privileges.
No workaround or patch available at time of publishing.
An exploit script has been published. |
SCO OpenServer NWPrint Command Buffer Overflow |
Medium |
Bugtraq, 394864,
April 4, 2005 |
YepYep
mtftpd .1a, 0.2, 0.3 |
Two vulnerabilities have been reported: a format string vulnerability has been reported if the FTP server is compiled with the MT_DEBUG option (which is not the default configuration) because the 'log_do()' function in 'log.c' contains a syslog call without a format string specifier, which could let a remote malicious user execute arbitrary code; and a buffer overflow vulnerability has been reported in the 'mt_do_dir function,' which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Exploit scripts have been published. |
|
High |
Securiteam,
March 31, 2005 |
[back to
top]
Multiple Operating Systems - Windows / UNIX / Linux / Other |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name /
CVE Reference |
Risk |
Source |
AlstraSoft
EPay Pro 2.0 |
Several vulnerabilities have been reported: a vulnerability has been reported in 'index.php' due to insufficient verification of the 'view' parameter, which could let a remote malicious user execute arbitrary files; and a Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'payment' and 'send' parameters, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proofs of Concept exploits have been published. |
|
High |
Dcrab 's Security Advisory, April 2, 2005 |
Bay Technical Associates
RPC3 Telnet F 3.05 |
A vulnerability has been reported in the telnet daemon which could let a remote malicious user bypass authentication.
No workaround or patch available at time of publishing.
There is no exploit code required. |
Bay Technical Associates RPC3 Telnet Daemon Authentication Bypass
CAN-2005-0957
|
Medium |
Security Focus, 12955, April 1, 2005 |
Cisco Systems
Cisco VPN 3000 Concentrator, VPN 3002 Hardware Client 3.x, 4.x
|
A remote Denial of Service vulnerability has been reported due to an unspecified error in the SSL handling.
Update available at:
http://www.cisco.com/warp/
public/707/cisco-sa-20050330
-vpn3k.shtml
Currently we are not aware of any exploits for this vulnerability. |
Cisco VPN 3000 Concentrator Remote Denial of Service
CAN-2005-0943
|
Low |
Cisco Security Advisory, 64347, March 30, 2005 |
Cisco Systems
IOS 12.2 ZA, SY, SXB, SXA, (17a) SXA, (14)ZA2, (14)ZA, (14)SY |
A remote Denial of Service vulnerability exists when processing Internet Key Exchange (IKE) packets.
Revision 1.2: Updated the 12.2(14)SY03 Release Notes URL in the Software Fixes and Versions section.
Revision 2.0: Updated the advisory to reflect devices without the VPNSM may be affected. Added 12.2(17d)SX as an affected release train. Added information for determining the presence of the crypto feature set.
Updates available at:
http://www.cisco.com/warp/public/707/cisco-sa-20040408-vpnsm.shtml
Currently we are not aware of any exploits for this vulnerability.
|
Cisco IOS Malformed IKE Packet Remote
Denial of Service
|
Low |
Cisco Security Advisory 50430, April 8, 2004
Cisco Security Advisory 50430 Rev. 1.2, January 5, 2005
Cisco Security Advisory 50430 Rev. 2.0, March 30, 2005 |
Early Impact
ProductCart 2.7 |
Multiple input validation vulnerabilities have been reported: a Cross-Site Scripting vulnerability has been reported in the 'NewCust.asp,' 'storelocator_submit.asp,' 'techErr.asp,' and the 'advSearch_h.asp' scripts due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and SQL injection vulnerabilities have been reported in the 'advSearch_h.asp,' and 'tarinasworld_butterflyjournal.asp' scripts, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Proofs of Concept exploits have been published. |
Early Impact ProductCart Multiple Input Validation
|
High |
Security Focus, 12990, April 4, 2005 |
Francisco Burzi
PHP-Nuke 6.0, 6.5, RC1-RC3, 6.5 FINAL, BETA 1, 6.6, 6.7, 6.9, 7.0 FINAL, 7.0-7.3, 7.6 |
Multiple Cross-Site Scripting vulnerabilities have been reported in various modules including the 'Search,' 'FAQ,' and 'Encyclopedia,' modules and the 'banners.php' script, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proofs of Concept exploits have been published. |
PHPNuke Multiple Module Cross-Site Scripting |
High |
SecurityReason-2005-SRA#04, April 3, 2005 |
Horde Project
Horde 3.0.4 -RC 2 |
A Cross-Site Scripting vulnerability has been reported due to insufficient validation of the page title in a parent frame window, which could let a remote malicious user execute arbitrary HTML and script code.
Update available at:
http://ftp.horde.org/pub/horde/
horde-latest.tar.gz
There is no exploit code required. |
|
High |
Secunia Advisory: SA14730, March 29, 2005 |
InterAKT Online
MX Kart 1.1.2, MX Shop 1.1.1 |
Multiple SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of various id parameters, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
|
|
High |
Secunia Advisory: SA14793, April 1, 2005 |
Lighthouse Development
Squirrelcart |
A vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'crn' and 'rn' parameters, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit script has been published. |
|
High |
Dcrab 's Security Advisory, March 30, 2005 |
Logics Software
LOG-FT
|
A vulnerability has been reported due to an access validation error, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Logics Software LOG-FT Information Disclosure |
Medium |
Bugtraq, 394969, April 5, 2005 |
LucasArts
Star Wars Jedi Knight: Jedi Academy 1.0.11 |
A buffer overflow vulnerability has been reported in the 'G_Printf()' function, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
An exploit script has been published. |
Star Wars Jedi Knight: Jedi Academy Buffer Overflow
CAN-2005-0984
|
High |
Secunia Advisory, SA14809, April 4, 2005 |
Mozilla.org
Mozilla Browser 1.7.6, Firefox 1.0.1, 1.0.2; K-Meleon K-Meleon 0.9; Netscape 7.2 |
A vulnerability has been reported in the javascript implementation due to improper parsing of lamba list regular expressions, which could a remote malicious user obtain sensitive information.
The vendor has issued a fix, available via CVS.
There is no exploit code required; however, a Proof of Concept exploit has been published. |
Mozilla Suite/Firefox JavaScript Lambda Information Disclosure |
Medium |
Security Tracker Alert, 1013635, April 4, 2005 |
Mozilla.org
Mozilla Browser Suite prior to 1.7.6 ; Thunderbird prior to 1.0.2 ; Firefox prior to 1.0.2
|
A buffer overflow vulnerability has been reported due to a boundary error in the GIF image processing of Netscape extension 2 blocks, which could let a remote malicious user execute arbitrary code.
Mozilla Browser Suite;
http://www.mozilla.org/products/
mozilla1.x/
Thunderbird:
http://download.mozilla.org/?
product=thunderbird-1.0.2&
os=win〈=en-US
Firefox:
http://www.mozilla.org/products/
firefox/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/
Gentoo:
http://security.gentoo.org/glsa/
Slackware:
http://slackware.com/security/
viewer.php?l=slackware-security
&y=2005&m=slackware-security.
000123
Currently we are not aware of any exploits for this vulnerability.
|
Mozilla Suite/ Firefox/ Thunderbird GIF Image Processing Remote
Buffer Overflow
CAN-2005-0399
|
High |
Mozilla Foundation Security Advisory 2005-30, March 23, 2005
US-CERT VU#557948 |
Multiple Vendors
Activision Call of Duty 1.4, 1.5 b, Call of Duty United Offensive 1.5.1 b, 1.41, Return to Castle Wolfenstein 1.0, 1.1, Wolfenstein: Enemy Territory 1.0.2, 2.56;
id Software Quake 3 Arena 1.1.7, 1.16 n,
1.31, Quake 3 Arena Server 1.29 g, 1.29 f;
LucasArts Star Wars Jedi Knight II: Jedi Outcast 1.0.4, Star Wars Jedi Knight: Jedi Academy 1.0.11;
Raven Software Soldier Of Fortune 2 1.0 3, 1.0 2 |
A remote Denial of Service vulnerability has been reported when a malicious user submits a long message that is not properly truncated.
Wolfenstein: Enemy Territory version 2.60 is not vulnerable.
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Securiteam, April 5, 2005 |
Multiple Vendors
ALT Linux Compact 2.3, Junior 2.3; Apple Mac OS X 10.0-10.0.4, 10.1-10.1.5, 10.2-10.2.8, 10.3-10.3.8, Mac OS X Server 10.0, 10.1-10.1.5, 10.2-10.2.8, 10.3-10.3.8; MIT Kerberos 5 1.0, 5 1.0.6, 5 1.0.8, 51.1-5 1.4; Netkit Linux Netkit 0.9-0.12, 0.14-0.17, 0.17.17; Openwall GNU/*/Linux (Owl)-current, 1.0, 1.1; FreeBSD 4.10-PRERELEASE, 2.0, 4.0 .x, -RELENG, alpha, 4.0, 4.1, 4.1.1 -STABLE, -RELEASE, 4.1.1, 4.2, -STABLEpre122300, -STABLEpre050201, 4.2 -STABLE, -RELEASE,
4.2, 4.3 -STABLE, -RELENG, 4.3 -RELEASE-p38, 4.3 -RELEASE, 4.3, 4.4 -STABLE, -RELENG, -RELEASE-p42, 4.4, 4.5 -STABLEpre2002-03-07, 4.5 -STABLE,
-RELENG, 4.5 -RELEASE-p32, 4.5 -RELEASE, 4.5, 4.6 -STABLE, -RELENG, 4.6 -RELEASE-p20, 4.6 -RELEASE, 4.6, 4.6.2, 4.7 -STABLE, 4.7 -RELENG, 4.7 -RELEASE-p17, 4.7 -RELEASE, 4.7, 4.8 -RELENG,
4.8 -RELEASE-p7, 4.8 -PRERELEASE, 4.8, 4.9 -RELENG, 4.9 -PRERELEASE, 4.9, 4.10 -RELENG, 4.10 -RELEASE,
4.10, 4.11 -STABLE, 5.0 -RELENG, 5.0, 5.1 -RELENG, 5.1 -RELEASE-p5, 5.1 -RELEASE, 5.1, 5.2 -RELENG, 5.2 -RELEASE, 5.2,
5.2.1 -RELEASE, 5.3 -STABLE, 5.3 -RELEASE, 5.3, 5.4 -PRERELEASE; SuSE Linux 7.0, sparc, ppc, i386, alpha, 7.1, x86, sparc, ppc, alpha, 7.2, i386
|
Two buffer overflow vulnerabilities have been reported in Telnet: a buffer overflow vulnerability has been reported in the 'slc_add_reply()' function when a large number of specially crafted LINEMODE Set Local Character (SLC) commands is submitted, which could let a remote malicious user execute arbitrary code; and a buffer overflow vulnerability has been reported in the 'env_opt_add()' function, which could let a remote malicious user execute arbitrary code.
ALTLinux:
http://lists.altlinux.ru/pipermail
/security-announce/2005-
March/000287.html
Apple:
http://wsidecar.apple.com/cgi-bin/
nph-reg3rdpty1.pl/product=05529&
platform=osx&method=sa/SecUpd
2005-003Pan.dmg
Debian:
http://security.debian.org/pool/
updates/main/n/netkit-telnet/
Fedora:
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/
FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:01/
MIT Kerberos:
http://web.mit.edu/kerberos/|
advisories/2005-001-patch
_1.4.txt
Netkit:
ftp://ftp.uk.linux.org/pub/linux/
Networking/netkit/
Openwall:
http://www.openwall.com/Owl/
CHANGES-current.shtml
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-327.html
Sun:
http://sunsolve.sun.com/search/
document.do?assetkey=
1-26-57755-1
SUSE:
ftp://ftp.SUSE.com/pub/SUSE
Ubuntu:
http://security.ubuntu.com/ubuntu/
pool/main/n/netkit-telnet/
OpenBSD:
http://www.openbsd.org/
errata.html#telnet
Mandrake:
http://www.mandrakesecure.net/
en/ftp.php
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-36.xml
http://security.gentoo.org/
glsa/glsa-200504-01.xml
Debian:
http://security.debian.org/
pool/updates/main/k/krb5/
Currently we are not aware of any exploits for these vulnerabilities. |
|
High |
iDEFENSE Security Advisory, March 28, 2005
US-CERT VU#291924
Mandrakelinux Security Update Advisory, MDKSA-2005:061, March 30, 2005
Gentoo Linux Security Advisories, GLSA 200503-36 & GLSA 200504-01, March 31 & April 1, 2005
Debian Security Advisory, DSA 703-1, April 1, 2005
US-CERT VU#341908 |
MySQL AB
MySQL 4.0.23, and 4.1.10
and prior |
A vulnerability was reported in the CREATE FUNCTION command that could let an authenticated user gain mysql user privileges on the target system and permit the user to execute arbitrary code.
A fixed version (4.0.24 and 4.1.10a) is available at:
http://dev.mysql.com/
downloads/index.html
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-19.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/
mysql-dfsg/
Mandrake:
http://www.mandrakesecure.net
/en/ftp.php
Trustix:
http://http.trustix.org/pub/
trustix/updates/
ALT Linux:
http://lists.altlinux.ru/pipermail/
security-announce/2005-March
/000287.html
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-334.html
SuSE:
ftp://ftp.suse.com/pub/suse/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
A Proof of Concept exploit has been published. |
MySQL CREATE FUNCTION Remote
Code Execution Vulnerability
CAN-2005-0709
|
High |
Security Tracker Alert ID: 1013415, March 11, 2005
Gentoo Linux Security Advisory, GLSA 200503-19, March 16, 2005
Ubuntu Security Notice, USN-96-1 March 16, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:060, March 21, 2005
Trustix Secure Linux Security Advisory, TSL-2005-0009, March 21, 2005
SUSE Security Announcement, SUSE-SA:2005:019, March 24, 2005
RedHat Security Advisory, RHSA-2005:334-07, March 28, 2005
ALTLinux Security Advisory, March 29, 2005
Conectiva Linux Security Announcement, CLA-2005:946, April 4, 2005 |
MySQL AB
MySQL 4.0.23, and 4.1.10
and prior |
A vulnerability has been reported that could let local malicious users gain escalated privileges. This is because the "CREATE TEMPORARY TABLE" command can create insecure temporary files.
The vulnerabilities have been fixed in version 4.0.24 (when available):
http://dev.mysql.com/downloads/
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-19.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/
mysql-dfsg/
Mandrake:
http://www.mandrakesecure.net
/en/ftp.php
Trustix:
http://http.trustix.org/pub/
trustix/updates/
ALT Linux:
http://lists.altlinux.ru/pipermail/
security-announce/2005-March
/000287.html
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-334.html
SuSE:
ftp://ftp.suse.com/pub/suse/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
A Proof of Concept exploit has been published. |
MySQL Escalated Privilege Vulnerabilities
CAN-2005-0711
|
Medium |
Secunia SA14547, March 11, 2005
Gentoo Linux Security Advisory, GLSA 200503-19, March 16, 2005
Ubuntu Security Notice, USN-96-1 March 16, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:060, March 21, 2005
SUSE Security Announcement, SUSE-SA:2005:019, March 24, 2005
Trustix Secure Linux Security Advisory, TSL-2005-0009, March 21, 2005
RedHat Security Advisory, RHSA-2005:334-07, March 28, 2005
ALTLinux Security Advisory, March 29, 2005
Conectiva Linux Security Announcement, CLA-2005:946, April 4, 2005 |
MySQL AB
MySQL 4.0.23, and 4.1.10
and prior |
An input validation vulnerability was reported in udf_init() that could let an authenticated user with certain privileges execute arbitrary library functions on the target system. The udf_init() function in 'sql_udf.cc' does not properly validate directory names.
A fixed version (4.0.24 and 4.1.10a) is available at:
http://dev.mysql.com/
downloads/index.html
Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-19.xml
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/m/
mysql-dfsg/
Mandrake:
http://www.mandrakesecure.net
/en/ftp.php
Trustix:
http://http.trustix.org/pub/
trustix/updates/
ALT Linux:
http://lists.altlinux.ru/pipermail/
security-announce/2005-March
/000287.html
RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-334.html
SuSE:
ftp://ftp.suse.com/pub/suse/
Conectiva:
ftp://atualizacoes.conectiva.
com.br/
A Proof of Concept exploit has been published. |
|
High |
Security Tracker Alert ID: 1013414, March 11, 2005
Gentoo Linux Security Advisory, GLSA 200503-19, March 16, 2005
Ubuntu Security Notice, USN-96-1 March 16, 2005
SUSE Security Announcement, SUSE-SA:2005:019, March 24, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:060, March 21, 2005
Trustix Secure Linux Security Advisory, TSL-2005-0009, March 21, 2005
RedHat Security Advisory, RHSA-2005:334-07, March 28, 2005
ALTLinux Security Advisory, March 29, 2005
Conectiva Linux Security Announcement, CLA-2005:946, April 4, 2005 |
PHP Group
PHP prior to 5.0.4 |
Multiple Denial of Service vulnerabilities have been reported in 'getimagesize().'
Upgrade available at:
http://ca.php.net/get/php-4.3.11.tar.gz/from/a/mirror
Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/p/php4/
Currently we are not aware of any exploits for these vulnerabilities. |
|
Low |
iDEFENSE Security Advisory, March 31, 2005
Ubuntu Security Notice, USN-105-1 April 05, 2005 |
ProfitCode Software
PayProCart 3.0 |
Several vulnerabilities have been reported: a Directory Traversal vulnerability has been reported in the 'ftoedit' parameter, which could let a remote malicious user obtain sensitive information; and a Cross-Site Scripting vulnerability has been reported in the 'usrdetails.php' script due to insufficient validation of the 'sgnuptype' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Proofs of Concept exploit has been published. |
ProfitCode Software PayProCart Directory Traversal & Cross-Site Scripting |
Medium/ High
(High if arbitrary code can be executed)
|
Dcrab 's Security Advisory, April 4, 2005 |
Samsung
ADSL Modem
|
A vulnerability has been reported because common default accounts and passwords are used, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
Proofs of Concept exploits have been published. |
|
Medium |
Security Tracker Alert, 1013615, March 31, 2005 |
SonicWALL
SOHO 5.1.7 .0 |
Multiple input validation vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proofs of Concept exploits have been published. |
SonicWALL SOHO Web Interface Multiple Remote Input Validation |
High |
Security Focus, 12984, April 4, 2005 |
Stalker Software, Inc.
Communigate Pro 4.3 c2, 4.3 c1 |
A Denial of Service vulnerability has been reported when a malicious user submits multipart messages to a list.
Upgrades available at:
http://www.stalker.com/Communi
GatePro/default.html#Current
Currently we are not aware of any exploits for this vulnerability. |
CommuniGate Pro LIST Denial of Service |
Low |
Secunia Advisory,
SA14604, April 5, 2005 |
Toshiba
ACPI 1.60 BIOS; possibly 1.7 and 1.8 |
A Denial of Service vulnerability has been reported in the ACPI BIOS due to a coding error. NOTE: it has been debated as to whether or not this issue poses a security vulnerability, since administrative privileges would be required, and other DoS attacks are possible with such
privileges.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability. |
|
Low |
Portcullis Security Advisory, March 29, 2005 |
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
Date of Script
(Reverse Chronological Order) |
Script name |
Workaround or Patch Available |
Script Description |
April 5, 2005 |
x0n3-h4ck_MailEnable_Imapd.c |
Yes |
Script that exploits the MailEnable IMAP Authenticate Request Buffer Overflow vulnerability. |
April 4, 2005 |
argo.c |
No |
Script that exploits the ArGoSoft FTP Server
'DELE' Command Remote Buffer Overflow vulnerability. |
April 4, 2005 |
nwprintex.c
|
No |
Script that exploits the SCO OpenServer NWPrint Command Buffer Overflow vulnerability. |
April 2, 2005 |
codmsgboom.cfg |
No |
Script that exploits the Call of Duty / Call of Duty: United Offensive Denial of Service vulnerability. |
April 2, 2005 |
jamsgbof.cfg |
No |
Script that exploits the Star Wars Jedi Knight: Jedi Academy Buffer Overflow vulnerability. |
April 1, 2005 |
101_netv.cpp
101_netvault.cpp |
No |
Exploit scripts for the BakBone NetVault Configure.CFG Local Buffer Overflow & Heap Overflow vulnerabilities. |
April 1, 2005 |
snip-of-foo.WPA-profile-file
snip-of-foo.RTO-profile-file |
No |
Proofs of Concept exploit scripts for the RUMBA Profile Handling Multiple Buffer Overflow Vulnerabilities. |
March 31, 2005 |
0x666-ftpd.c
mtftpdx.c
|
No |
Scripts that exploit the YepYep MTFTPD Remote Format String vulnerability. |
March 30, 2005 |
897.cpp |
No |
Exploit for the phpBB versions 2.0.12 and below Change User Rights authentication bypass vulnerability. |
March 30, 2005 |
Absinthe-1.3-Linux.tar.gz |
N/A |
A gui-based Linux version tool that automates the process of downloading the schema and contents of a database that is vulnerable to Blind SQL Injection. |
March 30, 2005 |
Absinthe-1.3-MacOSX.tar.gz |
N/A |
A gui-based Mac OSX version tool that automates the process of downloading the schema and contents of a database that is vulnerable to Blind SQL Injection. |
March 30, 2005 |
Absinthe-1.3-Windows.zip |
N/A |
A gui-based Windows version tool that automates the process of downloading the schema and contents of a database that is vulnerable to Blind SQL Injection. |
March 30, 2005 |
n-lkernel2.6.10.c |
Yes |
Denial of Service exploit for Linux kernel versions 2.6.10 and below. |
March 30, 2005 |
r57punbb.pl.txt |
No |
Exploit for the PunBB versions 1.2.2 and below authentication bypass vulnerability. |
March 30, 2005 |
squirrelSQL.txt |
No |
Sample exploitation for the Lighthouse Development Squirrelcart SQL Injection vulnerability. |
March 30, 2005 |
unrealmagic.c |
Yes |
Script that exploits the Cyrus IMAPD Multiple Remote Vulnerabilities. |
March 29, 2005 |
AspApp.txt |
No |
Sample exploitation for the Multiple SQL injection and Cross-Site Scripting vulnerabilities. |
March 29, 2005 |
portalApp.txt |
No |
Sample exploitation for the Iatek PortalApp SQL Injection and Cross-Site Scripting Vulnerabilities. |
[back to
top]
Trends
- Pharming attacks against domain: A warning was issued by the SANS Institute's Internet Storm Center (ISC) regarding new attacks that corrupt some Domain Name System (DNS) servers so that requests for .com sites sent to those servers connect users instead to Web sites maintained by the attackers. At 1,300 Internet domains were redirected to compromised Web servers in a similar attack in early March. Source: http://www.computerworld.com/securitytopics/security/hacking/
story/0,10801,100813,00.html?source=NLT_PM&nid=100813.
- ISPs, telecoms join to 'fingerprint' Internet attacks: According to a statement published by a new group called the Fingerprint Sharing Alliance which is made up of leading global telecommunications companies, Internet service providers and network operators, they will begin sharing information on Internet attacks. The companies, including EarthLink Inc., Asia Netcom, British Telecommunications PLC and MCI Inc., will share detailed profile information on attacks launched against their networks. Source: http://www.computerworld.com/printthis/2005/0,4814,100695,00.html.
- Internet aids access to sensitive identity data: Want someone else's Social Security number?
Social Security numbers are one of the most powerful pieces of personal information an identity thief can possess and are widely available and inexpensive despite public outcry and the threat of a congressional crackdown after breaches at large information brokers. Social Security numbers can be purchased for $35 at www.secret-info.com, and $45 at www.Iinfosearch.com, where users can also sign up for a report containing an individual's credit-card charges, as well as an e-mail with other "tips, secrets & spy info!" The Web site Gum-shoes.com promises that "if the information is out there, our licensed investigators can find it." Source: http://www.washingtonpost.com/wp-dyn/articles/A23686-2005Apr3.html
- Hackers Write Spyware For Cash, Not Fame: More than 70 percent of virus writers are now writing spyware under contract, one more piece of evidence that hacking has evolved from mischievous hobby to money-making criminal venture, a security firm reported Monday, April 4. Aladdin Knowledge Systems said its analysis showed that spyware is the favorite among malware writers, since it lets them re-wrap their own "technology" and sell it, or even introduce their own money-making ventures. Source: http://www.techweb.com/wire/security/160403632.
- Sybase, NGSSoftware near agreement on publishing vulnerabilities: Database maker Sybase will likely drop legal threats against a U.K.-based security company this week, allowing the company to publish details on six flaws, a source familiar with the negotiations said. Despite the probable resolution, attorneys and software-security experts warn that the recent legal attacks on vulnerability researchers could signal a resurgence of corporate interest in using the law to silence critical software reports. Source: http://www.securityfocus.com/news/10821.
[back to top]
Viruses/Trojans
Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
Rank |
Common Name |
Type of Code |
Trends |
Date |
1 |
Netsky-P |
Win32 Worm |
Stable |
March 2004 |
2 |
Netsky-Q |
Win32 Worm |
Increase |
March 2004 |
3 |
Zafi-D |
Win32 Worm |
Stable |
December 2004 |
4 |
Bagle.BJ |
Win32 Worm |
Decrease |
January 2005 |
5 |
Zafi-B |
Win32 Worm |
Stable |
June 2004 |
6 |
Netsky-D |
Win32 Worm |
Stable |
March 2004 |
7 |
Netsky-B |
Win32 Worm |
Slight Increase |
February 2004 |
8 |
Netsky-Z |
Win32 Worm |
Slight Decrease |
April 2004 |
9 |
Bagle-AU |
Win32 Worm |
Stable |
October 2004 |
10 |
Sober-I |
Win32 Worm |
Return to Table |
November 2004 |
Table Updated April 5, 2005
Viruses or Trojans Considered to be a High Level of Threat
The following table provides, in alphabetical order, a list of new viruses, variations of previously encountered viruses, and Trojans that have been discovered during the period covered by this bulletin. This information has been compiled from the following anti-virus vendors: Sophos, Trend Micro, Symantec, McAfee, Network Associates, Central Command, F-Secure, Kaspersky Labs, MessageLabs, Panda Software, Computer Associates, and The WildList Organization International. Users should keep anti-virus software up to date and should contact their anti-virus vendors to obtain specific information on the Trojans and Trojan variants that anti-virus software detects.
NOTE: At times, viruses and Trojans may contain names or content that may be considered offensive.
Name |
Aliases |
Type |
Backdoor.Fivsec |
|
Trojan |
Backdoor.Lateda.C |
|
Trojan |
BackDoor-CHC |
|
Trojan |
Beliu.A |
Bck/Beliu.A
|
Trojan |
Downloader-LG |
|
Trojan |
Downloader-MP |
|
Trojan |
Mabir.A |
SymbOS/Mabir.A
SymbOS.Mabir |
Symbian OS Worm |
Mydoom.BN |
W32/Mydoom.BN.worm |
Win32 Worm |
Mytob.P |
W32/Mytob.P.worm |
Win32 Worm |
Mytob.S |
W32/Mytob.S.worm
|
Win32 Worm |
Mytob.U |
Net-Worm.Win32.Mytob.p
W32/Mytob.U.worm |
Win32 Worm |
Mytob.V |
Net-Worm.Win32.Mytob.r
W32/Mytob.V.worm |
Win32 Worm |
Mytob.W |
W32/Mytob.W.worm |
Win32 Worm |
PP97M.Xjan.dr |
|
MS Powerpoint Virus |
PWSteal.Lemir.H |
|
Trojan |
PWSteal.Reanet.C |
|
Trojan |
Skulls.G |
SymbOS.Skulls.G
SymbOS/Skulls.G |
Symbian OS Worm |
SymbOS.Skulls.H |
|
Symbian OS Worm |
SYMBOS_CABIR.E
|
|
Symbian OS Worm |
Troj/Agent-CZ |
Trojan-Proxy.Win32.Small.bh |
Trojan |
Troj/Bancos-BY |
Trojan-Spy.Win32.Bancos.u
PWS-Banker.gen.i trojan |
Trojan |
Troj/BankAsh-F |
Trojan-Spy.Win32.Banker.mg
PWS-Banker.j.dll
|
Trojan |
Troj/Bdoor-ZAT |
|
Trojan |
Troj/PcClient-D |
|
Trojan |
Troj/StartPa-FM |
Trojan.Win32.StartPage.sr
Trojan.Startpage-220
|
Trojan |
TROJ_ANICMOO.C |
Exploit-ANIfile
Trojan.Moo
Win32.MS05-002!exploit |
Trojan |
TROJ_ASH.D |
PWSteal.Bankash.E
Troj/BankAsh-D
Win32.Bankash.F |
Trojan |
Trojan.Ascetic.B |
|
Trojan |
Trojan.Littlog |
|
Trojan |
Trojan.Pim |
|
Trojan |
VBS.Haster@mm |
|
Visual Basic Worm |
VBS.Kuullio@mm |
Email-Worm.BAT.Hobat.a
|
Visual Basic Worm |
VBS.Ypsan.B@mm |
|
Visual Basic Worm |
W32.AllocUp.A |
|
Win32 Worm |
W32.Envid.O@mm |
Email-Worm.Win32.Envid.e
|
Win32 Worm |
W32.Kelvir.K |
|
Win32 Worm |
W32.Kelvir.M |
|
Win32 Worm |
W32.Mydoom.BI@mm |
|
Win32 Worm |
W32.Mytob.AA@mm |
|
Win32 Worm |
W32.Mytob.U@mm |
|
Win32 Worm |
W32.Serflog.C |
W32/Crog.worm
W32/Sumom-C
Win32.Sumom.C
Worm:Win32/Fatso.C
WORM_FATSO.C |
Win32 Worm |
W32.Sory.A |
Worm.Win32.Soriw |
Win32 Worm |
W32.Zori.B |
|
Win32 Worm |
W32/Ahker-F |
WORM_AHKER.F
Email-Worm.Win32.Anker.g |
Win32 Worm |
W32/Codbot-Gen
|
|
Win32 Worm |
W32/Elitper-E |
WORM_ELITPER.E |
Win32 Worm |
W32/Forbot-Gen |
|
Win32 Worm |
W32/Mytob-C |
|
Win32 Worm |
W32/Mytob-O
|
|
Win32 Worm |
W32/Mytob-Q
|
WORM_MYTOB.Q |
Win32 Worm |
W32/Mytob-R |
Net-Worm.Win32.Mytob.p
Net-Worm.Win32.Mytob.q
Worm.Mytob.H-3 |
Win32 Worm |
W32/Rbot-APR
|
WORM_RBOT.APR
Backdoor.Win32.Rbot.gen
W32/Sdbot.worm.gen.g
W32.Spybot.Worm |
Win32 Worm |
W32/Rbot-ZN |
Backdoor.Win32.Rbot.gen |
Win32 Worm |
W32/Rbot-ZP
|
|
Win32 Worm |
W32/Rbot-ZQ
|
Backdoor.Win32.Rbot.gen |
Win32 Worm |
W32/Sdbot-WN |
Backdoor.Win32.IRCBot.ak
W32/Sdbot.worm.gen.t |
Win32 Worm |
W32/Sdbot-WQ |
|
Win32 Worm |
W32/Sdbot-WS
|
Trojan.SdBot-447
W32/Sdbot.worm.gen.y |
Win32 Worm |
W32/Stubbot-A
|
Backdoor.Win32.Stub.b |
Win32 Worm |
Win32.Ahker.G |
|
Win32 Worm |
Win32.Bropia.W |
|
Win32 Worm |
Win32.Clspring Family |
|
Win32 Worm |
Win32.Inservice.T |
|
Win32 Worm |
Win32.Mytob.O |
|
Win32 Worm |
Win32.Mytob.S |
|
Win32 Worm |
Win32.Mytob.W |
WORM_MYTOB.W |
Win32 Worm |
WORM_AHKER.F |
Email-Worm.Win32.Anker.f
Email-Worm.Win32.Anker.g
W32.Ahker.F@mm
W32/Ahker-F
W32/Generic.m
Win32.Ahker.G
|
Win32 Worm |
WORM_CHOD.B |
W32.Chod.B@mm
Win32.Nochod.B
|
Win32 Worm |
WORM_ELITPER.E |
W32.Elitper.E@mm
W32/Elitper-E
W32/Generic.m
Win32.Elitper.E
Win32/Unknown!P2P!Worm
Worm:Win32/Elitper.E |
Win32 Worm |
WORM_KELVIR.G |
W32.Bropia
W32/Kelvir.worm
Win32.Bropia.W
|
Win32 Worm |
WORM_MYDOOM.AI |
W32.Mydoom.BI@mm
W32/Mydoom
|
Win32 Worm |
WORM_MYTOB.T |
W32.Mytob.U@mm
W32/Mytob-O
W32/Mytob.gen@MM
Win32.Mytob.U
|
Win32 Worm |
WORM_MYTOB.V |
Net-Worm.Win32.Mytob.c
W32.Mytob.V@mm |
Win32 Worm |
WORM_MYTOB.X |
|
Win32 Worm |
WORM_MYTOB.Y |
|
Win32 Worm |
WORM_MYTOB.Z |
|
Win32 Worm |
WORM_SOBER.M |
|
Win32 Worm |
X97M.Grazz.A |
Excel97Macro/Crazz.A
IRC-Worm.MSExcel.Grazz
X97M/Crazz.A
X97M_CRAZZ.A |
MS Excel Virus |
[back to
top]
|
|
|
Last updated
February 13, 2008
|
|