Latest Advisories

Live Virus Advisory Feeds
03-11-2004



*Live Feeds are from Panda, Trend Micro, and Symantec

Live Virus Advisory Feeds

National Cyber Alert System (US-Cert)


Secunia

Secunia Highlights:
ISS Multiple Products SMB Packet Handling Buffer Overflow Vulnerability
eEye Digital Security has discovered a vulnerability in multiple ISS products, which can be exploited by malicious people to compromise a vulnerable system.
WinZip MIME Archive Parsing Buffer Overflow Vulnerability
iDEFENSE has reported a vulnerability in WinZip, which potentially can be exploited by malicious people to compromise a user's system.

Latest 15 Secunia Security Advisories:
2004-03-11
- Debian update for sysstat

- Sysstat Insecure Temporary File Creation Vulnerability

- Confixx db Parameter SQL Injection Vulnerability

- Fedora update for coreutils

- Debian update for kdelibs

- Mozilla / NSS S/MIME Implementation Vulnerability

- Courier Japanese Codeset Conversion Buffer Overflow Vulnerabilities

2004-03-10
- Mandrake update for kdelibs

- Mandrake update for gdk-pixbuf

- Red Hat update for kdelibs

- Red Hat update for gdk-pixbuf

- Apache mod_ssl HTTP Request Denial of Service Vulnerability

- F-Secure Anti-Virus for Linux Virus Detection Vulnerability

- Apache mod_access Rule Bypass Issue

- DB2 Remote Command Server Privilege Escalation Vulnerability

Top 5 Most Read Secunia Security Advisories (Last 24 hours):
- Multiple Browser Cookie Path Directory Traversal Vulnerability

- Norton AntiVirus 2002 Virus Detection Bypass Issue

- Sun Java System (Sun ONE) SSL Vulnerabilities

- Microsoft MSN Messenger Arbitrary File Retrieval Vulnerability

- Internet Explorer URL Spoofing Vulnerability


Security Tracker

Special Alerts - Symantec Norton Internet Security and Norton Personal Firewall have severe denial of service flaws.

Symantec Norton Internet Security Lets Remote Users Deny Service

An unspecified vulnerability was reported in Symantec's Norton Internet Security. A remote user can cause denial of service conditions on the target system.

Impact: Denial of service via network

Symantec Norton Personal Firewall Lets Remote Users Deny Service

An unspecified vulnerability was reported in Symantec's Norton Personal Firewall. A remote user can cause denial of service conditions on the target system.

Impact: Denial of service via network

Sysstat 'isag' Unsafe Temporary Files May Let Local Users Obtain Elevated Privileges

A vulnerability was reported in the sysstat isag utility. A local user may be able to gain elevated privileges on the target system.

Impact: Modification of system information, Modification of user information, Root access via local system, User access via local system

sysstat 'post' and 'trigger' Scripts on Red Hat Let Local Users Gain Elevated Privileges

A vulnerability was reported in the Red Hat Linux sysstat package in the post and trigger scripts. A local user may be able to gain elevated privileges.

Impact: Modification of system information, Root access via local system, User access via local system

Sun Solaris 'uucp' Has Unspecified Buffer Overflow That May Let Local Users Gain Elevated Privileges

A buffer overflow vulnerability was reported in 'uucp' on Sun Solaris. A local user may be able to gain elevated privileges.

Impact: Execution of arbitrary code via local system, Root access via local system, User access via local system


SecurityFocus Vulnerabilities
2004-03-07: Linux Kernel do_mremap Function VMA Limit Local Privilege Escalation Vulnerability
2004-03-07: Libxml2 Remote URI Parsing Buffer Overrun Vulnerability
2004-03-06: Apple Safari Large JavaScript Array Handling Denial Of Service Vulnerability
2004-03-06: SureCom Network Device Malformed Web Authorization Request Denial Of Service Vulnerability
2004-03-06: Norton AntiVirus 2002 Nested File AutoProtect Bypass Vulnerability
2004-03-05: Norton AntiVirus 2002 ASCII Control Character Denial Of Service Vulnerability
2004-03-05: Digital Reality Game Engine Remote Denial Of Service Vulnerability
2004-03-05: Linux Kernel NCPFS ncp_lookup() Unspecified Local Privilege Escalation Vulnerability
2004-03-05: GNU Mailman Admin Page Multiple Cross-Site Scripting Vulnerabilities
2004-03-05: Invision Power Board Error Message Path Disclosure Vulnerability
2004-03-05: Seattle Lab Software SLWebMail Multiple Buffer Overflow Vulnerabilities
2004-03-05: Seattle Lab Software SLMail Pro Remote Buffer Overflow Vulnerability
2004-03-05: Util-Linux Login Program Information Leakage Vulnerability
2004-03-04: Volition Red Faction Game Client Remote Buffer Overflow Vulnerability
2004-03-04: DAWKCo POP3 with WebMAIL Extension Session Timeout Unauthorized Access Vulnerability
2004-03-04: NetScreen SA 5000 Series delhomepage.cgi Cross-Site Scripting Vulnerability
2004-03-04: Cisco Content Service Switch Management Port UDP Denial Of Service Vulnerability
2004-03-04: Dell OpenManage Web Server POST Request Heap Overflow Vulnerability
2004-03-04: HP Tru64 UNIX Unspecified IPsec/IKE Remote Privilege Escalation Vulnerability
2004-03-04: Nullsoft SHOUTcast icy-name/icy-url Memory Corruption Vulnerability
2004-03-04: Multiple Vendor H.323 Protocol Implementation Vulnerabilities
2004-03-04: Multiple WFTPD Vulnerabilities
2004-03-04: Cups Internet Printing Protocol Job Loop Denial Of Service Vulnerability
2004-03-04: Microsoft Internet Explorer Script URL Cross-Domain Access Violation Vulnerability
2004-03-04: TCPDump Malformed RADIUS Packet Denial Of Service Vulnerability
2004-03-04: TCPDump ISAKMP Decoding Routines Multiple Remote Buffer Overflow Vulnerabilities
2004-03-04: TCPDump ISAKMP Decoding Routines Denial Of Service Vulnerability
2004-03-04: Microsoft Internet Explorer window.open Search Pane Cross-Zone Scripting Vulnerability
2004-03-04: Microsoft Internet Explorer window.open Media Bar Cross-Zone Scripting Vulnerability


Symantec SSR


W32.Cone.D@mm March 10, 2004 March 11, 2004
W32.Netsky.M@mm March 10, 2004 March 11, 2004
W97M.Trug.B March 9, 2004 March 10, 2004
W32.Netsky.L@mm March 9, 2004 March 10, 2004
W32.Cone.C@mm March 9, 2004 March 9, 2004
W32.Netsky.K@mm
W32/Netsky-J [Sophos], Win32.Netsky.J [Computer Associates], W32/Netsky.j@MM [McAfee], WORM_NETSKY.J [Trend], I-Worm.NetSky.j [Kaspersky] March 8, 2004 March 8, 2004
W32.Keco@mm
W32/Keco.worm [McAfee], WORM_KECO.A [Trend], Win32.Keco.A [Computer Associates], I-Worm.Keco [Kaspersky] March 8, 2004 March 8, 2004
W32.Netsky.J@mm
NetSky.J [F-Secure], W32/Netsky-K [Sophos], Win32.Netsky.K [Computer Associates], WORM_NETSKY.K [Trend] March 8, 2004 March 8, 2004
W32.Sober.D@mm
Win32.Sober.D [Computer Associates], W32/Sober.d@MM [McAfee], WORM_SOBER.D [Trend] March 7, 2004 March 8, 2004
W32.Netsky.I@mm
W32/Netsky.i@MM [McAfee], I-Worm.Netsky.gen [Kaspersky], Win32.Netsky.I [Computer Associates], WORM_NETSKY.I [Trend], W32/Netsky-I [Sophos] March 7, 2004 March 8, 2004
W32.HLLW.Heycheck March 5, 2004 March 8, 2004
PWSteal.Banpaes.C March 5, 2004 March 5, 2004
W32.Netsky.H@mm March 5, 2004 March 5, 2004
W32.Netsky.G@mm
Win32.Netsky.G [Computer Associates], NetSky.G [F-Secure], W32/Netsky.g@MM [McAfee], WORM_NETSKY.G [Trend] March 4, 2004 March 5, 2004
X97M.Kbase
X97M/Generic (McAfee) March 3, 2004 March 4, 2004
W32.Mydoom.H@mm
W32/Mydoom.h@MM [McAfee], Win32.Mydoom.H [Computer Associates], WORM_MYDOOM.H [Trend] March 3, 2004 March 4, 2004
W32.Beagle@mm!zip March 3, 2004 March 3, 2004
W32.Beagle.K@mm
Win32.Bagle.K [Computer Associates], Bagle.K [F-Secure], W32/Bagle.k@MM [McAfee], W32/Bagle.K.worm [Panda], W32/Bagle-K [Sophos], WORM_BAGLE.K [Trend Micro] March 3, 2004 March 3, 2004
W32.Netsky.F@mm
Win32.Netsky.F [Computer Associates], NetSky.F [F-Secure], W32/Netsky.f@MM [McAfee], WORM_NETSKY.F [Trend] March 3, 2004 March 3, 2004
W32.Beagle.J@mm
W32/Bagle.j@MM [McAfee], WORM_BAGLE.J [Trend], Win32.Bagle.J [Computer Associates], W32/Bagle-J [Sophos] March 2, 2004 March 2, 2004
W32.Hiton@mm
W32/Hiton.a@MM [McAfee], WORM_HITON.A [Trend], Win32.Hiton.A [Computer Associates] March 2, 2004 March 2, 2004
W32.Mydoom.G@mm
W32/Mydoom.g@MM [McAfee], WORM_MYDOOM.G [Trend], Win32.Mydoom.G [Computer Associates], W32/MyDoom-G [Sophos] March 2, 2004 March 2, 2004
W32.Beagle.I@mm
WORM_BAGLE.I [Trend], W32/Bagle-I [Sophos], Win32.Bagle.I [Computer Associates], W32/Bagle.i@MM [McAfee] March 1, 2004 March 2, 2004
W32.Beagle.H@mm
W32/Bagle.h@MM [McAfee], W32/Bagle-H [Sophos], I-Worm.Bagle.Gen [Kaspersky], WORM_BAGLE.H [Trend], Win32.Bagle.H [Computer Associates] March 1, 2004 March 1, 2004
W32.Netsky.E@mm
Win32.Netsky.E [Computer Associates], W32/Netsky.e@MM [McAfee], W32/Netsky-E [Sophos], WORM_NETSKY.E [Trend], I-Worm.Netsky.e [Kaspersky] March 1, 2004 March 1, 2004
W32.Netsky.D@mm
WORM_NETSKY.D [Trend], W32/Netsky.d@MM [McAfee], W32/Netsky.D.worm [Panda], W32/Netsky-D [Sophos], Win32.Netsky.D [Computer Associates], I-Worm.Netsky.d [Kaspersky] March 1, 2004 March 1, 2004
W32.Beagle.G@mm
W32/Bagle.g@MM [McAfee], WORM_BAGLE.G [Trend] February 29, 2004 February 29, 2004
W32.Beagle.F@mm
W32/Bagle.f@MM [McAfee], W32/Bagle-F [Sophos], Win32.Bagle.F [Computer Associates], WORM_BAGLE.F [Trend], I-Worm.Bagle.f [Kaspersky] February 29, 2004 February 29, 2004
W32.Cone.B@mm February 29, 2004 February 29, 2004
W32.HLLW.Cult.P@mm February 29, 2004 February 29, 2004
Trojan.Bookmarker.F February 29, 2004 February 29, 2004
W32.Beagle.E@mm
Bagle.E [F-Secure], I-Worm.Bagle.e [Kaspersky], WORM_BAGLE.E [Trend], Win32.Bagle.E [Computer Associates], W32/Bagle-E [Sophos] February 28, 2004 February 28, 2004
W32.HLLW.Evianc
Bloodhound.W32.5, Worm.P2P.gen [Kaspersky] February 28, 2004 February 28, 2004
W32.HLLW.Moega.AP February 28, 2004 February 28, 2004
W32.Beagle.C@mm
W32.Beagle.A@mm, W32/Bagle.c@MM [McAfee], WORM_BAGLE.C [Trend], Win32.Bagle.C [Computer Associates], W32/Bagle-C [Sophos], I-Worm.Bagle.c [Kaspersky] February 27, 2004 February 27, 2004
Trojan.Tilser February 27, 2004 February 27, 2004
PWSteal.Bancos.E February 26, 2004 February 27, 2004
Backdoor.IRC.Loonbot February 26, 2004 February 26, 2004
PWSteal.Tarno.B February 26, 2004 February 26, 2004
W32.Mockbot.A.Worm February 25, 2004 February 26, 2004
Backdoor.IRC.Aladinz.M February 25, 2004 February 26, 2004
W32.Netsky.C@mm
W32/Netsky.c@MM [McAfee], Win32.Netsky.C [Computer Associates], W32/Netsky-C [Sophos], WORM_NETSKY.C [Trend], I-Worm.Moodown.c [Kaspersky] February 24, 2004 February 25, 2004
W32.Bizex.Worm
Worm.Win32.Bizex [Kaspersky], W32/Bizex.worm [McAfee], W32/Bizex-A [Sophos] February 24, 2004 February 25, 2004
W32.Welchia.D.Worm February 23, 2004 February 23, 2004
Downloader.Botten February 23, 2004 February 23, 2004
W97M.Ortant@mm
WM97/Ortant-A (Sophos), W97M/Ortant (McAfee), W97M_ORTANT.A. (Trend) February 22, 2004 February 23, 2004
W32.Cone@mm February 22, 2004 February 23, 2004
Backdoor.IRC.Aladinz.L February 21, 2004 February 23, 2004
Java.StartPage
Trojan.Java.StartPage [Kaspersky], Exploit-ByteVerify [McAfee] February 20, 2004 February 23, 2004
W32.Mydoom.F@mm
W32/Mydoom.f@MM [McAfee], WORM_MYDOOM.F [Trend], W32/MyDoom-F [Sophos], I-Worm.Mydoom.f [Kaspersky], Win32.Mydoom.F [Computer Associates] February 20, 2004 February 23, 2004
Backdoor.Kaitex.E February 20, 2004 February 23, 2004
W97M.Saver.H
Macro.Word97.Saver [Kaspersky], W97M/Doccopy.A [F-Prot] February 19, 2004 February 20, 2004
Backdoor.IRC.Aladinz.K February 19, 2004 February 19, 2004
W32.Netsky.B@mm
W32/Netsky.b@MM [McAfee], W32/Netsky.B.worm [Panda], WORM_NETSKY.B [Trend Micro], Moodown.B [F-Secure], I-Worm.Moodown.b [Kaspersky] February 18, 2004 February 18, 2004
W32.Beagle.B@mm
W32.Alua@mm, Win32/Bagle.B.Worm [Computer Associates], Bagle.B [F-Secure], W32/Bagle.b@MM [McAfee], W32/Bagle.B@mm [Norman], WORM_BAGLE.B [Trend Mirco], W32/Bagle.B.worm [Panda], W32/Tanx-A [Sophos], I-Worm.Bagle.b [Kaspersky] February 17, 2004 February 17, 2004
W32.HLLW.Antinny.E February 17, 2004 February 17, 2004
X97M.Ellar.F February 16, 2004 February 16, 2004
W32.Kifer.B February 16, 2004 February 16, 2004
W32.Netsky@mm
WORM_NETSKY.A [Trend] February 16, 2004 February 16, 2004
W32.HLLW.Cult.M@mm February 15, 2004 February 16, 2004
W32.Rusty@m February 15, 2004 February 16, 2004
W32.Welchia.C.Worm
WORM_NACHI.C [Trend], W32/Nachi.worm.c [McAfee], W32/Nachi-C [Sophos], Win32.Nachi.C [Computer Associates], Worm.Win32.Welchia.c [Kaspersky] February 15, 2004 February 17, 2004
VBS.Laske@mm February 13, 2004 February 13, 2004
W32.Doomhunter February 12, 2004 February 13, 2004
W32.HLLW.Deadhat.B
W32/Deadhat.B.worm [Panda] February 12, 2004 February 13, 2004
X97M.Esab February 12, 2004 February 13, 2004
Trojan.Bansap February 12, 2004 February 12, 2004
Trojan.PWS.QQPass.F February 12, 2004 February 12, 2004
W32.HLLP.Shodi February 11, 2004 February 12, 2004
W32.Welchia.B.Worm
W32/Nachi.worm.b [McAfee], W32/Nachi-B [Sophos], Win32.Nachi.B [Computer Associates], WORM_NACHI.B [Trend], Worm.Win32.Welchia.b [Kaspersky] February 11, 2004 February 11, 2004
W32.HLLW.Doomjuice.B
W32/Doomjuice.worm.b [McAfee], W32/Doomjuice.worm.c [McAfee], WORM_DOOMJUICE.B [Trend], Win32.Doomjuice.B [Computer Associates], W32/Doomjuice-B [Sophos], Worm.Win32.Doomjuice.b [Kaspersky], Worm.Win32.Doomjuice.c [Kaspersky] February 11, 2004 February 11, 2004





NAV Daily Definitions (Go!)


*Note: The i32 Intelligent Updater package cannot be used to update Symantec AntiVirus Corporate Edition 8.0 servers or Norton AntiVirus Corporate Edition 7.6 servers, but can be used to update Corporate Edition clients. The x86 Intelligent Updater package can be used to update corporate Edition clients and servers.

National Cyber Alert System (US-Cert)


Latest version: March 10, 2004 15:52:23 EST
W32/Netsky and Variants
W32/Beagle.J-K Variants
W32/Beagle.C-I Variants
W32/Bizex
W32/Mydoom.F
W32/Welchia.D
IMail server exploitation
W32/Beagle.B or W32/Bagle.B ASN.1 exploit code
W32/Mydoom.C or W32.HLLW.Doomjuice
W32/Mydoom or W32/Novarg
W32/Beagle or W32/Bagle Worm
Systems compromised via buffer overflow in DameWare


Technical Alerts
TA04-070A
Microsoft Outlook mailto URL Handling Vulnerability
SB04-063
Summary of Security Items from February 18 through March 3, 2004
Non-technical Alerts
SA04-070A
Vulnerability in Microsoft Outlook 2002
ST04-004
Understanding Firewalls

New and Notable Vulnerabilities

BlackICE and RealSecure heap overflow vulnerability

Microsoft ASN.1 vulnerabilities

Vulnerabilities in H.323 messaging

Microsoft IE URL display vulnerability


Live Virus Advisory Feed