Latest Advisories

Live Virus Advisory Feeds
03-26-2004



*Live Feeds are from Panda, Trend Micro, and Symantec

Live Virus Advisory Feeds

National Cyber Alert System (US-Cert)


Secunia

Secunia Highlights:
OpenSSL SSL/TLS Handshake Denial of Service Vulnerabilities
Three vulnerabilities have been discovered in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial-of-Service).
ISS Multiple Products ICQ Server Response Processing Vulnerability
Briley Hassell-Jack of eEye Digital Security has discovered a vulnerability in multiple ISS products, which can be exploited to compromise a vulnerable system.
Symantec Internet Security ActiveX Component Arbitrary File Execution
NGSSoftware has discovered a vulnerability in Norton Internet Security 2004, which can be exploited by malicious people to compromise a user's system.

Latest 15 Secunia Security Advisories:

2004-03-26
- eSignal STREAMQUOTE Buffer Overflow Vulnerability

- oftpd PORT Command Denial of Service Vulnerability

- OpenLinux update for mc

- OpenLinux update for mutt

- Gentoo update for Apache 2

- AIX invscoutd Insecure Logfile Handling Vulnerability

2004-03-25
- Nexgen FTP Server Directory Traversal Vulnerability

- Trend Micro Interscan VirusWall Directory Traversal Vulnerability

- Sun Solaris CDE dtlogin XDMCP Parsing Vulnerability

- HP Web JetAdmin Multiple Vulnerabilities

- Debian update for Emil

- Emil Multiple Vulnerabilities

- Common Desktop Environment dtlogin XDMCP Parsing Vulnerability

- PicoPhone Logging Functionality Buffer Overflow Vulnerability

- Kerio MailServer SPAM Filter Buffer Overflow Vulnerability

Top 5 Most Read Secunia Security Advisories (Last 24 hours):
- Microsoft Visual C++ Constructed ISAPI Extensions Denial of Service

- HP Web JetAdmin Multiple Vulnerabilities

- Internet Explorer URL Spoofing Vulnerability

- Sun Solaris CDE dtlogin XDMCP Parsing Vulnerability

- Trend Micro Interscan VirusWall Directory Traversal Vulnerability

Security Tracker

Dameware Mini Remote Control Sends a File Encryption Key as Clear Text

A vulnerability was reported in Dameware Mini Remote Control. The software transmits an encryption key over the network in clear text.

Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information

NetSupport School Pro Weak Password Encoding Lets Local Users Decode Passwords

A vulnerability was reported in NetSupport School Pro. A local user can decode passwords.

Impact: Disclosure of authentication information

HP Web Jetadmin Lets Remote Authenticated Users Read and Write Files on the System

A vulnerabililty was reported in HP Web Jetadmin. A remote authenticated user can read and write files on the system and execute scripting code on the target system.

Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

MySQL 'mysqlbug' Temporary File Flaw Lets Local Users Overwrite Files

A vulnerability was reported in MySQL in the 'mysqlbug' component. A local user can overwrite files on the target system.

Impact: Modification of system information, Modification of user information, Root access via local system, User access via local system

eSignal Buffer Overflow Lets Remote Users Execute Arbitrary Code

A buffer overflow vulnerability was reported in eSignal. A remote user can execute arbitrary code on the target system.

Impact: Execution of arbitrary code via network, User access via network


SecurityFocus Vulnerabilities

2004-03-22: ReGet Software ReGet Directory Traversal Vulnerability
2004-03-22: Qualcomm Eudora Spoofed Attachment Line Denial Of Service Vulnerability
2004-03-22: Pine rfc2231_get_param() Remote Integer Overflow Vulnerability
2004-03-22: Pine Message/External-Body Type Attribute Buffer Overflow Vulnerability
2004-03-22: PHP-Nuke MS-Analysis Module HTTP Referrer Field SQL Injection Vulnerability
2004-03-22: PHP-Nuke MS-Analysis Module Multiple Cross-Site Scripting Vulnerabilities
2004-03-22: PHP-Nuke MS-Analysis Module Multiple Remote Path Disclosure Vulnerabilities
2004-03-22: Invision Power Top Site List Comments function id Parameter SQL Injection Vulnerability
2004-03-22: Joel Palmius Mod_Survey Survey Input Field HTML Injection Vulnerability
2004-03-22: Invision Gallery Multiple SQL Injection Vulnerabilities
2004-03-22: JelSoft VBulletin Multiple Module Index.PHP Cross-Site Scripting Vulnerabilities
2004-03-22: JelSoft VBulletin Private.PHP Cross-Site Scripting Vulnerability
2004-03-22: Xine Bug Reporting Script Insecure Temporary File Creation Vulnerability
2004-03-22: Ericsson HM220dp DSL Modem World Accessible Web Administration Interface Vulnerability
2004-03-22: XWeb Directory Traversal Vulnerability
2004-03-21: Internet Security Systems Protocol Analysis Module ICQ Parsing Buffer Overflow Vulnerability
2004-03-21: NullSoft Winamp Long File Name Denial of Service Vulnerability
2004-03-20: Expinion.net News Manager Lite Multiple Vulnerabilities
2004-03-20: OpenSSH Buffer Mismanagement Vulnerabilities
2004-03-20: Novell NetWare Admin/Install Password Disclosure Vulnerability
2004-03-20: Invision Power Board Search.PHP st SQL Injection Vulnerability
2004-03-20: Expinion.net Member Management System Multiple Cross-Site Scripting Vulnerabilities
2004-03-20: Expinion.net Member Management System ID Parameter SQL Injection Vulnerability
2004-03-20: Samba SMBPrint Sample Script Insecure Temporary File Handling Symbolic Link Vulnerability
2004-03-19: Symantec Norton Internet Security WrapNISUM Class Remote Command Execution Vulnerability
2004-03-19: Symantec Norton AntiSpam SymSpamHelper Class Buffer Overrun Vulnerability
2004-03-19: Tarantella Enterprise 3 TTACab.CGI Remote Cross-Site Scripting Vulnerability
2004-03-19: Tarantella Enterprise 3 TTAArchives.CGI Remote Cross-Site Scripting Vulnerability
2004-03-19: Computer Associates eTrust Antivirus Malicious Code Detection Bypass Vulnerability
2004-03-19: FVWM fvwm_make_directory_menu.sh Scripts Command Execution Vulnerability
2004-03-19: FVWM fvwm_make_browse_menu.sh Scripts Command Execution Vulnerability
2004-03-19: Microsoft Windows XP Explorer.EXE Remote Denial of Service Vulnerability
2004-03-19: NullSoft Winamp Malformed File Name Denial of Service Vulnerability
2004-03-19: SquidGaurd NULL URL Character Unauthorized Access Vulnerability
2004-03-19: Phorum Multiple Module Cross-Site Scripting Vulnerability
2004-03-19: Clever's Games Terminator 3: War of the Machines Remote Client Buffer Overflow Vulnerability
2004-03-19: WS_FTP Pro Client Remote Buffer Overflow Vulnerability
2004-03-19: Jetty Unspecified Denial Of Service Vulnerability
2004-03-19: Sun Solaris SAdmin Client Credentials Remote Administrative Access Vulnerability
2004-03-19: Apple Mac OS X Server Administration Service Undisclosed Remote Buffer Overflow Vulnerability


Symantec SSR

W32.Beagle.U@mm
Bagle.U [F-Secure], WORM_BAGLE.U [Trend], W32/Bagle-U [Sophos] March 26, 2004 March 26, 2004
W32.Timese.AG March 25, 2004 March 26, 2004
W32.Hesi.Worm March 25, 2004 March 26, 2004
Swaffer.Exploit
Exploit-ViaSWFurl [MacAfee] March 25, 2004 March 26, 2004
Trojan.Noupdate.B March 24, 2004 March 25, 2004
W32.Snapper.A@mm
I-Worm.Snapper [Kaspersky], W32/Snapper@MM [McAfee], Snapper [F-Secure] March 24, 2004 March 24, 2004
Backdoor.IRC.Aladinz.N March 24, 2004 March 24, 2004
Backdoor.IRC.Spybuzz March 23, 2004 March 24, 2004
Backdoor.R3C.B March 23, 2004 March 24, 2004
W32.Blackmal@mm
W32/MyWife.a@MM [McAfee], I-Worm.Nyxem [Kaspersky], W32/Nyxem-A [Sophos], WORM_BLUEWORM.A [Trend] March 23, 2004 March 24, 2004
W32.Gaobot.SA
W32.HLLW.Polybot.B, W32/Gaobot.worm.gen.d [McAfee], Phatbot March 23, 2004 March 23, 2004
W32.HLLW.Donk.L March 23, 2004 March 23, 2004
W32.HLLW.Lovgate.O@mm
I-Worm.LovGate.t [Kaspersky], W32/Lovgate.s@MM [McAfee] March 23, 2004 March 23, 2004
W32.HLLW.Gaobot.RS March 22, 2004 March 22, 2004
W32.Netsky.P@mm
W32.Netsky.Q@mm, W32/Netsky.p@MM [McAfee], Win32.Netsky.P [Computer Associates], NetSky.P [F-Secure], W32/Netsky.P.worm [Panda], W32/Netsky-P [Sophos], WORM_NETSKY.P [Trend] March 21, 2004 March 22, 2004
Backdoor.Danton March 21, 2004 March 22, 2004
Backdoor.Tumag March 21, 2004 March 22, 2004
W32.Witty.Worm
W32/Witty.worm [McAfee], WORM_WITTY.A [Trend] March 20, 2004 -----
Backdoor.IRC.MyPoo March 20, 2004 March 22, 2004
Backdoor.IRC.MyPoo.Kit March 20, 2004 March 22, 2004
Download.SmallWeb March 20, 2004 March 22, 2004
Download.SmallWeb.Kit March 20, 2004 March 22, 2004
PWSteal.Bancos.G March 20, 2004 March 22, 2004
PWSteal.Tarno.C March 20, 2004 March 22, 2004
Trojan.KillAV.D March 20, 2004 March 22, 2004
W32.HLLW.Gaobot.RQ
W32/Randbot.worm [McAfee], Backdoor.SdBot.gen [Kaspersky] March 20, 2004 March 22, 2004
W32.HLLW.Leox.B March 20, 2004 March 22, 2004
Backdoor.Cazno March 19, 2004 March 22, 2004
Backdoor.Cazno.Kit March 19, 2004 March 22, 2004
Backdoor.Ranky.E March 19, 2004 March 22, 2004
Download.Chamber March 19, 2004 March 22, 2004
Download.Chamber.Kit March 19, 2004 March 22, 2004
Trojan.Bookmarker.G March 19, 2004 March 22, 2004
Trojan.Dustbunny March 19, 2004 March 22, 2004
Trojan.Linst March 19, 2004 March 22, 2004
Trojan.Regsys March 19, 2004 March 22, 2004
W32.HLLW.Antinny.G March 19, 2004 March 19, 2004
W32.HLLW.Polybot
Phatbot, W32/Polybot.l!irc [McAfee], WORM_AGOBOT.HM [Trend], Backdoor.Agobot.hm [Kaspersky] March 19, 2004 March 19, 2004
W32.Nimos.Worm
W32/Nomis.worm [Mcafee] March 18, 2004 March 18, 2004
W32.Beagle@mm (vbs) March 18, 2004 March 18, 2004
W32.Beagle.T@mm
I-Worm.Bagle.o [Kaspersky] March 18, 2004 March 18, 2004
W32.Beagle.S@mm
W32/Bagle.s@MM [McAfee] March 18, 2004 March 18, 2004
W32.Beagle.R@mm
W32/Bagle.r@MM [Mcafee], PE_BAGLE.R [Trend], W32/Bagle-R [Sophos], Win32.Bagle.R [Computer Associates], I-Worm.Bagle.q [Kaspersky] March 18, 2004 March 18, 2004
W32.Beagle.O@mm
W32.Bagle.Q [Computer Associates], Bagle.Q [F-Secure], W32/Bagle.q@MM [McAfee], W32/Bagle.Q [Panda], W32/Bagle-Q [Sophos], PE_Bagle.Q [Trend], W32.Beagle.Q@mm March 18, 2004 March 18, 2004
W32.Dinfor.D.Worm March 17, 2004 March 18, 2004
W32.HLLW.Lovgate.N@mm
W32/Lovgate.p@MM [McAfee] March 17, 2004 March 17, 2004
W32.HLLW.Gaobot.RF March 17, 2004 March 17, 2004
W32.Netsky.O@mm
W32/Netsky.o@MM [McAfee], WORM_NETSKY.O [Trend] March 17, 2004 March 17, 2004
PWSteal.Bancos.F March 16, 2004 March 17, 2004
W32.Netsky.N@mm
W32/Netsky.n@MM [McAfee], I-Worm.NetSky.o [Kaspersky] March 16, 2004 March 17, 2004
W32.HLLW.RedDw@mm March 15, 2004 March 16, 2004
W32.Beagle.N@mm
Win32.Bagle.O [Computer Associates], Bagle.P@mm [F-Secure], W32/Bagle.p@MM [McAfee], W32/Bagle.O [Panda], W32/Bagle-O [Sophos], PE_BAGLE.P [Trend] March 15, 2004 March 15, 2004
W32.Tuoba.Trojan March 15, 2004 March 15, 2004
W32.Cone.F@mm March 14, 2004 March 14, 2004
Trojan.Mitglieder.E
W32/Bagle.gen@mm March 13, 2004 March 13, 2004
Trojan.Mitglieder.D
W32/Bagle.gen@mm March 13, 2004 March 13, 2004
W32.Beagle.M@mm
Win32.Bagle.N [Computer Associates], Bagle.N [F-Secure], W32/Bagle.n@MM [McAfee], W32/Bagle.N [Panda], W32/Bagle-N [Sophos], PE_BAGLE.N [Trend] March 13, 2004 March 13, 2004
W32.HLLW.Citor March 13, 2004 March 13, 2004
W32.HLLW.Annil@mm March 12, 2004 March 13, 2004
W32.Cone.E@mm March 12, 2004 March 13, 2004
PWSteal.Irftp March 12, 2004 March 13, 2004
Trojan.Etsur March 12, 2004 March 13, 2004
Trojan.Noupdate March 11, 2004 March 12, 2004
Trojan.Gipma March 10, 2004 March 11, 2004
W32.Cone.D@mm March 10, 2004 March 11, 2004
W32.Netsky.M@mm
I-Worm.NetSky.m [Kaspersky], W32/Netsky.m@MM [McAfee], WORM_NETSKY.M [Trend], W32/Netsky-M [Sophos], Win32.Netsky.M [Computer Associates] March 10, 2004 March 11, 2004
Trojan.Simcss.B March 10, 2004 March 10, 2004
W97M.Trug.B March 9, 2004 March 10, 2004
W32.Netsky.L@mm March 9, 2004 March 10, 2004
W32.Cone.C@mm March 9, 2004 March 9, 2004
W32.Netsky.K@mm
W32/Netsky-J [Sophos], Win32.Netsky.J [Computer Associates], W32/Netsky.j@MM [McAfee], WORM_NETSKY.J [Trend], I-Worm.NetSky.j [Kaspersky] March 8, 2004 March 8, 2004
W32.Keco@mm
W32/Keco.worm [McAfee], WORM_KECO.A [Trend], Win32.Keco.A [Computer Associates], I-Worm.Keco [Kaspersky] March 8, 2004 March 8, 2004
W32.Netsky.J@mm
NetSky.J [F-Secure], W32/Netsky-K [Sophos], Win32.Netsky.K [Computer Associates], WORM_NETSKY.K [Trend] March 8, 2004 March 8, 2004
W32.Sober.D@mm
Win32.Sober.D [Computer Associates], W32/Sober.d@MM [McAfee], WORM_SOBER.D [Trend], W32/Roca-A [Sophos], I-Worm.Sober.d [Kaspersky] March 7, 2004 March 8, 2004
W32.Netsky.I@mm
W32/Netsky.i@MM [McAfee], I-Worm.Netsky.gen [Kaspersky], Win32.Netsky.I [Computer Associates], WORM_NETSKY.I [Trend], W32/Netsky-I [Sophos] March 7, 2004 March 8, 2004
Trojan.Reur.B March 5, 2004 March 8, 2004
W32.HLLW.Reur.B March 5, 2004 March 8, 2004
W32.HLLW.Heycheck March 5, 2004 March 8, 2004
PWSteal.Banpaes.C March 5, 2004 March 5, 2004
W32.Netsky.H@mm March 5, 2004 March 5, 2004
W32.Netsky.G@mm
Win32.Netsky.G [Computer Associates], NetSky.G [F-Secure], W32/Netsky.g@MM [McAfee], WORM_NETSKY.G [Trend] March 4, 2004 March 5, 2004
X97M.Kbase
X97M/Generic (McAfee) March 3, 2004 March 4, 2004
W32.Mydoom.H@mm
W32/Mydoom.h@MM [McAfee], Win32.Mydoom.H [Computer Associates], WORM_MYDOOM.H [Trend] March 3, 2004 March 4, 2004
W32.Beagle.K@mm
Win32.Bagle.K [Computer Associates], Bagle.K [F-Secure], W32/Bagle.k@MM [McAfee], W32/Bagle.K.worm [Panda], W32/Bagle-K [Sophos], WORM_BAGLE.K [Trend Micro] March 3, 2004 March 3, 2004
W32.Netsky.F@mm
Win32.Netsky.F [Computer Associates], NetSky.F [F-Secure], W32/Netsky.f@MM [McAfee], WORM_NETSKY.F [Trend] March 3, 2004 March 3, 2004
W32.Beagle.J@mm
W32/Bagle.j@MM [McAfee], WORM_BAGLE.J [Trend], Win32.Bagle.J [Computer Associates], W32/Bagle-J [Sophos] March 2, 2004 March 2, 2004
W32.Hiton@mm
W32/Hiton.a@MM [McAfee], WORM_HITON.A [Trend], Win32.Hiton.A [Computer Associates] March 2, 2004 March 2, 2004
W32.Mydoom.G@mm
W32/Mydoom.g@MM [McAfee], WORM_MYDOOM.G [Trend], Win32.Mydoom.G [Computer Associates], W32/MyDoom-G [Sophos] March 2, 2004 March 2, 2004
W32.Beagle.I@mm
WORM_BAGLE.I [Trend], W32/Bagle-I [Sophos], Win32.Bagle.I [Computer Associates], W32/Bagle.i@MM [McAfee] March 1, 2004 March 2, 2004
W32.Beagle.H@mm
W32/Bagle.h@MM [McAfee], W32/Bagle-H [Sophos], I-Worm.Bagle.Gen [Kaspersky], WORM_BAGLE.H [Trend], Win32.Bagle.H [Computer Associates] March 1, 2004 March 1, 2004
W32.Netsky.E@mm
Win32.Netsky.E [Computer Associates], W32/Netsky.e@MM [McAfee], W32/Netsky-E [Sophos], WORM_NETSKY.E [Trend], I-Worm.Netsky.e [Kaspersky] March 1, 2004 March 1, 2004
W32.Netsky.D@mm
WORM_NETSKY.D [Trend], W32/Netsky.d@MM [McAfee], W32/Netsky.D.worm [Panda], W32/Netsky-D [Sophos], Win32.Netsky.D [Computer Associates], I-Worm.Netsky.d [Kaspersky] March 1, 2004 March 1, 2004
W32.Beagle.G@mm
W32/Bagle.g@MM [McAfee], WORM_BAGLE.G [Trend] February 29, 2004 February 29, 2004
W32.Beagle.F@mm
W32/Bagle.f@MM [McAfee], W32/Bagle-F [Sophos], Win32.Bagle.F [Computer Associates], WORM_BAGLE.F [Trend], I-Worm.Bagle.f [Kaspersky] February 29, 2004 February 29, 2004
W32.Cone.B@mm February 29, 2004 February 29, 2004
W32.HLLW.Cult.P@mm February 29, 2004 February 29, 2004
Trojan.Bookmarker.F February 29, 2004 February 29, 2004
W32.Beagle.E@mm
Bagle.E [F-Secure], I-Worm.Bagle.e [Kaspersky], WORM_BAGLE.E [Trend], Win32.Bagle.E [Computer Associates], W32/Bagle-E [Sophos] February 28, 2004 February 28, 2004
W32.HLLW.Evianc
Bloodhound.W32.5, Worm.P2P.gen [Kaspersky] February 28, 2004 February 28, 2004
W32.HLLW.Moega.AP February 28, 2004 February 28, 2004
W32.Beagle.C@mm
W32.Beagle.A@mm, W32/Bagle.c@MM [McAfee], WORM_BAGLE.C [Trend], Win32.Bagle.C [Computer Associates], W32/Bagle-C [Sophos], I-Worm.Bagle.c [Kaspersky] February 27, 2004 February 27, 2004
Trojan.Tilser February 27, 2004 February 27, 2004
PWSteal.Bancos.E February 26, 2004 February 27, 2004
Backdoor.IRC.Loonbot February 26, 2004 February 26, 2004
PWSteal.Tarno.B February 26, 2004 February 26, 2004
W32.Mockbot.A.Worm February 25, 2004 February 26, 2004
Backdoor.IRC.Aladinz.M February 25, 2004 February 26, 2004
W32.Netsky.C@mm
W32/Netsky.c@MM [McAfee], Win32.Netsky.C [Computer Associates], W32/Netsky-C [Sophos], WORM_NETSKY.C [Trend], I-Worm.Moodown.c [Kaspersky] February 24, 2004 February 25, 2004
W32.Bizex.Worm
Worm.Win32.Bizex [Kaspersky], W32/Bizex.worm [McAfee], W32/Bizex-A [Sophos] February 24, 2004 February 25, 2004






NAV Daily Definitions (Go!)


*Note: The i32 Intelligent Updater package cannot be used to update Symantec AntiVirus Corporate Edition 8.0 servers or Norton AntiVirus Corporate Edition 7.6 servers, but can be used to update Corporate Edition clients. The x86 Intelligent Updater package can be used to update corporate Edition clients and servers.

National Cyber Alert System (US-Cert)



Latest version: March 25, 2004 16:58:01 EST
Witty Worm
Phatbot Trojan
Many Variants of W32/Beagle malicious code
Many Variants of W32/Netsky malicious code
Many Variants of W32/MyDoom malicious code

Current Activity Archive





Technical
TA04-078A
Multiple Vulnerabilities in OpenSSL
SB04-077
Summary of Security Items from March 3 through March 16, 2004
Non-technical
SA04-079A
Continuing Threats to Home Users
ST04-005
Understanding Anti-Virus Software







New and Notable Vulnerabilities
Remotely exploitable ISS vulnerability
Vulnerabilities in OpenSSL
Linux Kernel mremap() Vulnerabilities
BlackICE and RealSecure heap overflow vulnerability
Microsoft ASN.1 vulnerabilities

Live Virus Advisory Feed