Latest Advisories

Live Virus Advisory Feeds
03-05-2004



*Live Feeds are from Panda, Trend Micro, and Symantec

Live Virus Advisory Feeds

National Cyber Alert System (US-Cert)


Secunia

Secunia Highlights:
ISS Multiple Products SMB Packet Handling Buffer Overflow Vulnerability
eEye Digital Security has discovered a vulnerability in multiple ISS products, which can be exploited by malicious people to compromise a vulnerable system.
WinZip MIME Archive Parsing Buffer Overflow Vulnerability
iDEFENSE has reported a vulnerability in WinZip, which potentially can be exploited by malicious people to compromise a user's system.

Latest 15 Secunia Security Advisories:
2004-03-05
- HP Tru64 UNIX Unspecified IPsec/IKE Vulnerabilities

- Cisco Content Services Switch 11000 Series Denial of Service

- Spider Sales SQL Injection and Weak Encryption

- SmarterMail Multiple Vulnerabilities

2004-03-04
- Debian update for libxml/libxml2

- GWeb Directory Traversal Vulnerability

- DAWKCo POP3 Server with WebMAIL Extension Session Reactivation

- ProFTPD ASCII File Translation Off-By-One Vulnerability

- OpenLinux update for CUPS

- Adobe Acrobat Reader XML Forms Data Format Buffer Overflow

- Mandrake update for pwlib

- Mandrake update for libxml2

2004-03-03
- Nortel WLAN Access Point 2200 Denial of Service

- OpenLinux update for gnupg

- OpenLinux update for tcpdump

Top 5 Most Read Secunia Security Advisories (Last 24 hours):
- ProFTPD ASCII File Translation Off-By-One Vulnerability

- Internet Explorer URL Spoofing Vulnerability

- Adobe Acrobat Reader XML Forms Data Format Buffer Overflow

- WinZip MIME Archive Parsing Buffer Overflow Vulnerability

- Cisco Content Services Switch 11000 Series Denial of Service

Security Tracker

HP Tru64 IPSec/IKE Flaw in Processing Certificates May Let Remote Users Access the System

A vulnerability was reported in the IPSec/IKE implementation in HP's Tru64 UNIX operating system. A remote user may be able to gain access to the system.

Impact: Root access via network, User access via network

Cisco Content Services Switch 11000 Series Can Be Reloaded By Remote Users

A vulnerability was reported in the Cisco Content Services Switch 11000 series. A remote user can cause the device to reload.

Impact: Denial of service via network

GNU coreutils Integer Overflow in 'dir' Command Lets Local Users Deny Service

A vulnerability was reported in the GNU Linux coreutils 'dir' command. A local user can cause denial of service conditions and may be able to execute arbitrary code.

Impact: Denial of service via local system

Adobe Acrobat Reader Buffer Overflow in Parsing XML Forms Lets Remote Users Execute Arbitrary Code

A buffer overflow vulnerability was reported in Adobe Acrobat Reader in the processing of XML Forms. A remote user can execute arbitrary code on a target user's system.

Impact: Execution of arbitrary code via network, User access via network

Spider Sales Shopping Cart Input Validation Flaws Permit SQL Injection and Remote Command Execution

Some vulnerabilities were rpeorted in the Spider Sales shopping cart software. A remote user can execute arbitrary operating system commands on the target system.

Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, User access via network


SecurityFocus Vulnerabilities

2004-03-01: Cisco Malformed SNMP Message Denial of Service Vulnerabilities
2004-03-01: phpBB Privmsg.PHP Cross-Site Scripting Vulnerability
2004-03-01: Software602 602Pro LAN Suite Web Mail Installation Path Disclosure Vulnerability
2004-03-01: Software602 602Pro LAN Suite Web Mail Directory Listing Disclosure Vulnerability
2004-03-01: Software602 602Pro LAN Suite Web Mail Cross-Site Scripting Vulnerability
2004-03-01: Motorola T720 Phone Denial Of Service Vulnerability
2004-03-01: Squid Proxy NULL URL Character Unauthorized Access Vulnerability
2004-03-01: Microsoft Windows Window Message Subsystem Design Error Vulnerability
2004-03-01: Calife Local Memory Corruption Vulnerability
2004-03-01: YABB SE Multiple Input Validation Vulnerabilities
2004-03-01: IGeneric Free Shopping Cart Cross-Site Scripting Vulnerability
2004-03-01: IGeneric Free Shopping Cart SQL Injection Vulnerability
2004-03-01: PSOProxy Remote Buffer Overflow Vulnerability
2004-03-01: Invision Power Board Multiple Cross-Site Scripting Vulnerabilities
2004-03-01: Invision Power Board Index.php Showtopic Cross-Site Scripting Vulnerability
2004-02-28: Invision Power Board Search.PHP st SQL Injection Vulnerability
2004-02-27: xboing Local Buffer Overflow Vulnerabilities
2004-02-27: RhinoSoft Serv-U FTP Server SITE CHMOD Buffer Overflow Vulnerability
2004-02-27: Calife Password Heap Overrun Vulnerability
2004-02-27: Apple Mac OS X Apple Filing Protocol Client Multiple Vulnerabilities
2004-02-27: FreeBSD Unauthorized Jailed Process Attaching Vulnerability
2004-02-27: Microsoft Internet Explorer Cross-Domain Event Leakage Vulnerability
2004-02-27: Sun Solaris conv_fix Unspecified File Overwrite Vulnerability
2004-02-27: Sun Solaris Unspecified Passwd Local Root Compromise Vulnerability
2004-02-27: Real Networks Helix Server/Gateway Administration Service HTTP Post System Compromise Vulnerability



Symantec SSR

W32.Netsky.H@mm March 5, 2004 March 5, 2004
W32.Netsky.G@mm
Win32.Netsky.G [Computer Associates], NetSky.G [F-Secure], W32/Netsky.g@MM [McAfee], WORM_NETSKY.G [Trend] March 4, 2004 March 5, 2004
X97M.Kbase
X97M/Generic (McAfee) March 3, 2004 March 4, 2004
W32.Mydoom.H@mm
W32/Mydoom.h@MM [McAfee], Win32.Mydoom.H [Computer Associates], WORM_MYDOOM.H [Trend] March 3, 2004 March 4, 2004
W32.Beagle.K@mm
Win32.Bagle.K [Computer Associates], Bagle.K [F-Secure], W32/Bagle.k@MM [McAfee], W32/Bagle.K.worm [Panda], W32/Bagle-K [Sophos], WORM_BAGLE.K [Trend Micro] March 3, 2004 March 3, 2004
W32.Netsky.F@mm
Win32.Netsky.F [Computer Associates], NetSky.F [F-Secure], W32/Netsky.f@MM [McAfee], WORM_NETSKY.F [Trend] March 3, 2004 March 3, 2004
W32.Beagle.J@mm
W32/Bagle.j@MM [McAfee], WORM_BAGLE.J [Trend], Win32.Bagle.J [Computer Associates], W32/Bagle-J [Sophos] March 2, 2004 March 2, 2004
W32.Hiton@mm
W32/Hiton.a@MM [McAfee], WORM_HITON.A [Trend], Win32.Hiton.A [Computer Associates] March 2, 2004 March 2, 2004
W32.Mydoom.G@mm
W32/Mydoom.g@MM [McAfee], WORM_MYDOOM.G [Trend], Win32.Mydoom.G [Computer Associates], W32/MyDoom-G [Sophos] March 2, 2004 March 2, 2004
W32.Beagle.I@mm
WORM_BAGLE.I [Trend], W32/Bagle-I [Sophos], Win32.Bagle.I [Computer Associates], W32/Bagle.i@MM [McAfee] March 1, 2004 March 2, 2004
W32.Beagle.H@mm
W32/Bagle.h@MM [McAfee], W32/Bagle-H [Sophos], I-Worm.Bagle.Gen [Kaspersky], WORM_BAGLE.H [Trend], Win32.Bagle.H [Computer Associates] March 1, 2004 March 1, 2004
W32.Netsky.E@mm
Win32.Netsky.E [Computer Associates], W32/Netsky.e@MM [McAfee], W32/Netsky-E [Sophos], WORM_NETSKY.E [Trend], I-Worm.Netsky.e [Kaspersky] March 1, 2004 March 1, 2004
W32.Netsky.D@mm
WORM_NETSKY.D [Trend], W32/Netsky.d@MM [McAfee], W32/Netsky.D.worm [Panda], W32/Netsky-D [Sophos], Win32.Netsky.D [Computer Associates], I-Worm.Netsky.d [Kaspersky] March 1, 2004 March 1, 2004
W32.Beagle.G@mm
W32/Bagle.g@MM [McAfee], WORM_BAGLE.G [Trend] February 29, 2004 February 29, 2004
W32.Beagle.F@mm
W32/Bagle.f@MM [McAfee], W32/Bagle-F [Sophos], Win32.Bagle.F [Computer Associates], WORM_BAGLE.F [Trend], I-Worm.Bagle.f [Kaspersky] February 29, 2004 February 29, 2004
W32.Cone.B@mm February 29, 2004 February 29, 2004
W32.HLLW.Cult.P@mm February 29, 2004 February 29, 2004
Trojan.Bookmarker.F February 29, 2004 February 29, 2004
W32.Beagle.E@mm
Bagle.E [F-Secure], I-Worm.Bagle.e [Kaspersky], WORM_BAGLE.E [Trend], Win32.Bagle.E [Computer Associates], W32/Bagle-E [Sophos] February 28, 2004 February 28, 2004
W32.HLLW.Evianc
Bloodhound.W32.5, Worm.P2P.gen [Kaspersky] February 28, 2004 February 28, 2004
W32.HLLW.Moega.AP February 28, 2004 February 28, 2004
W32.Beagle.C@mm
W32.Beagle.A@mm, W32/Bagle.c@MM [McAfee], WORM_BAGLE.C [Trend], Win32.Bagle.C [Computer Associates], W32/Bagle-C [Sophos], I-Worm.Bagle.c [Kaspersky] February 27, 2004 February 27, 2004
Trojan.Tilser February 27, 2004 February 27, 2004
PWSteal.Bancos.E February 26, 2004 February 27, 2004
Backdoor.IRC.Loonbot February 26, 2004 February 26, 2004
PWSteal.Tarno.B February 26, 2004 February 26, 2004
W32.Mockbot.A.Worm February 25, 2004 February 26, 2004
Backdoor.IRC.Aladinz.M February 25, 2004 February 26, 2004
W32.Netsky.C@mm
W32/Netsky.c@MM [McAfee], Win32.Netsky.C [Computer Associates], W32/Netsky-C [Sophos], WORM_NETSKY.C [Trend], I-Worm.Moodown.c [Kaspersky] February 24, 2004 February 25, 2004
W32.Bizex.Worm
Worm.Win32.Bizex [Kaspersky], W32/Bizex.worm [McAfee], W32/Bizex-A [Sophos] February 24, 2004 February 25, 2004
W32.Welchia.D.Worm February 23, 2004 February 23, 2004
Downloader.Botten February 23, 2004 February 23, 2004
W97M.Ortant@mm
WM97/Ortant-A (Sophos), W97M/Ortant (McAfee), W97M_ORTANT.A. (Trend) February 22, 2004 February 23, 2004
W32.Cone@mm February 22, 2004 February 23, 2004
Backdoor.IRC.Aladinz.L February 21, 2004 February 23, 2004
Java.StartPage
Trojan.Java.StartPage [Kaspersky], Exploit-ByteVerify [McAfee] February 20, 2004 February 23, 2004
W32.Mydoom.F@mm
W32/Mydoom.f@MM [McAfee], WORM_MYDOOM.F [Trend], W32/MyDoom-F [Sophos], I-Worm.Mydoom.f [Kaspersky], Win32.Mydoom.F [Computer Associates] February 20, 2004 February 23, 2004
Backdoor.Kaitex.E February 20, 2004 February 23, 2004
W97M.Saver.H
Macro.Word97.Saver [Kaspersky], W97M/Doccopy.A [F-Prot] February 19, 2004 February 20, 2004
Backdoor.IRC.Aladinz.K February 19, 2004 February 19, 2004
W32.Netsky.B@mm
W32/Netsky.b@MM [McAfee], W32/Netsky.B.worm [Panda], WORM_NETSKY.B [Trend Micro], Moodown.B [F-Secure], I-Worm.Moodown.b [Kaspersky] February 18, 2004 February 18, 2004
W32.Beagle.B@mm
W32.Alua@mm, Win32/Bagle.B.Worm [Computer Associates], Bagle.B [F-Secure], W32/Bagle.b@MM [McAfee], W32/Bagle.B@mm [Norman], WORM_BAGLE.B [Trend Mirco], W32/Bagle.B.worm [Panda], W32/Tanx-A [Sophos], I-Worm.Bagle.b [Kaspersky] February 17, 2004 February 17, 2004
W32.HLLW.Antinny.E February 17, 2004 February 17, 2004
X97M.Ellar.F February 16, 2004 February 16, 2004
W32.Kifer.B February 16, 2004 February 16, 2004
W32.Netsky@mm
WORM_NETSKY.A [Trend] February 16, 2004 February 16, 2004
W32.HLLW.Cult.M@mm February 15, 2004 February 16, 2004
W32.Rusty@m February 15, 2004 February 16, 2004
W32.Welchia.C.Worm
WORM_NACHI.C [Trend], W32/Nachi.worm.c [McAfee], W32/Nachi-C [Sophos], Win32.Nachi.C [Computer Associates], Worm.Win32.Welchia.c [Kaspersky] February 15, 2004 February 17, 2004
VBS.Laske@mm February 13, 2004 February 13, 2004
W32.Doomhunter February 12, 2004 February 13, 2004
W32.HLLW.Deadhat.B
W32/Deadhat.B.worm [Panda] February 12, 2004 February 13, 2004
X97M.Esab February 12, 2004 February 13, 2004
Trojan.Bansap February 12, 2004 February 12, 2004
Trojan.PWS.QQPass.F February 12, 2004 February 12, 2004
W32.HLLP.Shodi February 11, 2004 February 12, 2004
W32.Welchia.B.Worm
W32/Nachi.worm.b [McAfee], W32/Nachi-B [Sophos], Win32.Nachi.B [Computer Associates], WORM_NACHI.B [Trend], Worm.Win32.Welchia.b [Kaspersky] February 11, 2004 February 11, 2004
W32.HLLW.Doomjuice.B
W32/Doomjuice.worm.b [McAfee], W32/Doomjuice.worm.c [McAfee], WORM_DOOMJUICE.B [Trend], Win32.Doomjuice.B [Computer Associates], W32/Doomjuice-B [Sophos], Worm.Win32.Doomjuice.b [Kaspersky], Worm.Win32.Doomjuice.c [Kaspersky] February 11, 2004 February 11, 2004
W32.Dumaru.AH@mm
W32/Mimail.u@MM [McAfee], Win32.Mimail.U[Computer Associates] February 10, 2004 February 11, 2004
VBS.Bootconf.B February 10, 2004 February 11, 2004
W32.Kifer
TrojanDropper.Win32.Kifer [Kaspersky] February 10, 2004 February 10, 2004
W32.HLLP.Yero.Worm
W32.HLLP.Yero.Worm.dr, W32/Fesber.worm [McAfee] February 10, 2004 February 10, 2004
W32.HLLW.Moega.AG February 10, 2004 February 10, 2004
W32.Yenik.A@mm
W32/Yenik.worm [McAfee] February 10, 2004 February 10, 2004
Trojan.Gutta February 9, 2004 February 10, 2004
W32.HLLW.Doomjuice
W32/Doomjuice.worm.a [McAfee], WORM_DOOMJUICE.A [Trend], Win32.Doomjuice.A [Computer Associates], Worm.Win32.Doomjuice [Kaspersky], W32/Doomjuice-A [Sophos] February 9, 2004 February 9, 2004
Backdoor.IRC.Aladinz.J February 8, 2004 February 9, 2004
W32.HLLW.Deadhat
Vesser [F-Secure], W32/Deadhat.worm.a [McAfee], WORM_DEADHAT.A [Trend], Win32.Deadhat.A [Computer Associates], Worm.Win32.Vesser [Kaspersky] February 6, 2004 February 9, 2004
W32.Dinfor.Worm
WORM_SDBOT.FP [Trend] February 6, 2004 February 6, 2004
Backdoor.Domwis February 6, 2004 February 6, 2004
Backdoor.OptixPro.13.C February 6, 2004 February 6, 2004
W32.Mimail.T@mm
WORM_MIMAIL.T [Trend], W32/Mimail.t@MM [McAfee] February 5, 2004 February 6, 2004
W32.HLLW.Gaobot.JB February 4, 2004 February 5, 2004


NAV Daily Definitions (Go!)

*Note: The i32 Intelligent Updater package cannot be used to update Symantec AntiVirus Corporate Edition 8.0 servers or Norton AntiVirus Corporate Edition 7.6 servers, but can be used to update Corporate Edition clients. The x86 Intelligent Updater package can be used to update corporate Edition clients and servers.

National Cyber Alert System (US-Cert)


Latest version: March 4, 2004 11:52:45 EST
W32/Beagle.J-K Variants
W32/Netsky.D
W32/Beagle.C-G Variants
W32/Netsky.C
W32/Bizex
W32/Mydoom.F
W32/Welchia.D
IMail server exploitation
W32/Netsky.B
W32/Bagle.B
ASN.1 exploit code
W32/Mydoom.C or W32.HLLW.Doomjuice
W32/Mydoom or W32/Novarg
W32/Beagle or W32/Bagle Worm
Systems compromised via buffer overflow in DameWare

Technical Alerts
TA04-041A
Multiple Vulnerabilities in Microsoft ASN.1 Library
SB04-063
Summary of Security Items from February 18 through March 3, 2004
Non-technical Alerts
SA04-041A
Multiple Vulnerabilities in Microsoft Windows
ST04-003
Good Security Habits

New and Notable Vulnerabilities

BlackICE and RealSecure heap overflow vulnerability

Microsoft ASN.1 vulnerabilities

Vulnerabilities in H.323 messaging

Microsoft IE URL display vulnerability


Live Virus Advisory Feed