Latest Advisories

Live Virus Advisory Feeds
04-02-2004



*Live Feeds are from Panda, Trend Micro, and Symantec

Live Virus Advisory Feeds

National Cyber Alert System (US-Cert)


Secunia

Secunia Highlights:
OpenSSL SSL/TLS Handshake Denial of Service Vulnerabilities
Three vulnerabilities have been discovered in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial-of-Service).
ISS Multiple Products ICQ Server Response Processing Vulnerability
Briley Hassell-Jack of eEye Digital Security has discovered a vulnerability in multiple ISS products, which can be exploited to compromise a vulnerable system.
Symantec Internet Security ActiveX Component Arbitrary File Execution
NGSSoftware has discovered a vulnerability in Norton Internet Security 2004, which can be exploited by malicious people to compromise a user's system.

Latest 15 Secunia Security Advisories:
2004-04-02
- MondoSearch Denial of Service and Proxying Vulnerabilities

- Sidewinder Potential OpenSSL Vulnerabilities

- ADA Image Server Directory Listing Vulnerability

- VMware ESX Server Privilege Escalation Vulnerabilities

- Heimdal Cross-Realm Trust Spoofing Vulnerability

- Roger Wilco Multiple Vulnerabilities

- Trustix update for tcpdump

2004-04-01
- HP OpenCall MultiService Controller H.323 Vulnerabilities

- Internet Explorer/Outlook Express Restricted Zone Status Bar Spoofing

- CactuShop Multiple Vulnerabilities

- Gentoo update for monit

- Conectiva update for mc

- Conectiva update for openssl

- Conectiva update for ethereal

- Conectiva update for libxml2

Top 5 Most Read Secunia Security Advisories (Last 24 hours):
- Internet Explorer/Outlook Express Restricted Zone Status Bar Spoofing

- Internet Explorer URL Spoofing Vulnerability

- Sun Java System (Sun ONE) SSL Vulnerabilities

- Internet Explorer showHelp() Restriction Bypass Vulnerability

- HP OpenCall MultiService Controller H.323 Vulnerabilities


Security Tracker

Special Alerts - URL status bar spoofing in Microsoft Outlook Express and Internet Explorer.

OpenLDAP back-ldbm Initialization Error May Let Remote Users Crash the Server

A vulnerability was reported in OpenLDAP when using the back-ldbm backend. A remote user may be able to cause the LDAP server to crash.

Impact: Denial of service via network

ImgSvr Web Interface Discloses Directory Listings and Files to Remote Users

A vulnerability was reported in the ImgSvr web service. A remote user can view directory listings and files on the target system.

Impact: Disclosure of system information, Disclosure of user information

madBMS Authentication Flaw May Yield Access to Remote Users

An authentication vulnerability was reported in the madBMS billing system. A remote user may be able to gain access to the application.

Impact: User access via network

Clam AntiVirus Unsafe VirusEvent Directive May Let Local Users Gain Root Privileges

A vulnerability was reported in Clam AntiVirus in the VirusEvent directive. A local user can execute arbitrary commands on the target system.

Impact: Execution of arbitrary code via local system, Root access via local system

cdp Song Name Buffer Overflow May Execute Arbitrary Code When a Malicious CD is Played

A buffer overflow vulnerability was reported in the cdp CD player software. A user can execute arbitrary code on the target system.

Impact: Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network


SecurityFocus Vulnerabilities

2004-03-30: cPanel Multiple Module Cross-Site Scripting Vulnerabilities
2004-03-29: Cloisterblog Administration Interface Authentication Weakness
2004-03-29: Cloisterblog Journal.pl Directory Traversal Vulnerability
2004-03-29: Cloisterblog Multiple Unspecified Cross-Site Scripting Vulnerabilities
2004-03-29: Microsoft Internet Explorer Shell: IFrame Cross-Zone Scripting Vulnerability
2004-03-29: Microsoft Windows XP HCP URI Handler Arbitrary Command Execution Vulnerability
2004-03-29: Systrace Local Policy Bypass Vulnerability
2004-03-29: Internet Security Systems Protocol Analysis Module ICQ Parsing Buffer Overflow Vulnerability
2004-03-29: WebCT Campus Edition HTML Injection Vulnerability
2004-03-29: TCPDump Malformed RADIUS Packet Denial Of Service Vulnerability
2004-03-29: Tcpdump L2TP Parser Remote Denial of Service Vulnerability
2004-03-29: TCPDump ISAKMP Decoding Routines Multiple Remote Buffer Overflow Vulnerabilities
2004-03-29: TCPDump ISAKMP Decoding Routines Denial Of Service Vulnerability
2004-03-29: Alan Ward A-Cart Multiple Input Validation Vulnerabilities
2004-03-29: NessusWX Account Credentials Disclosure Vulnerability
2004-03-29: All Enthusiast Photopost PHP Pro Multiple Input Validation Vulnerabilities
2004-03-29: Multiple Vendor S/MIME ASN.1 Parsing Denial of Service Vulnerabilities
2004-03-29: Mozilla Browser Zombie Document Cross-Site Scripting Vulnerability
2004-03-29: Web Fresh Fresh Guest Book HTML Injection Vulnerability
2004-03-29: Mbedthis Software AppWeb HTTP Server Empty Options Request Denial Of Service Vulnerability
2004-03-29: DameWare Mini Remote Control Server Clear Text Encryption Key Disclosure Vulnerability
2004-03-29: DameWare Mini Remote Control Server Weak Encryption Implementation Vulnerability
2004-03-29: OFTPD Port Argument Denial Of Service Vulnerability
2004-03-29: FreeBSD IPv6 Socket Options Handling Local Memory Disclosure Vulnerability
2004-03-29: PHPBB Privmsg.PHP SQL Injection Vulnerability
2004-03-29: SMC Router Backup Tool Plaintext Password Weakness
2004-03-29: Courier Multiple Remote Buffer Overflow Vulnerabilities
2004-03-28: UUDeview MIME Archive Buffer Overrun Vulnerability
2004-03-27: Internet Security Systems BlackICE PC/Server Protection Weak Default Configuration Vulnerability
2004-03-27: Novell NetWare Perl Handler Cross-Site Scripting Vulnerability
2004-03-27: Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability
2004-03-27: Cisco Broadband Operating System TCP/IP Stack Denial of Service Vulnerability
2004-03-27: NSTX Remote Denial Of Service Vulnerability
2004-03-26: Gnome Gnome-Session Local Privilege Escalation Vulnerability
2004-03-26: XFree86 Direct Rendering Infrastructure Buffer Overflow Vulnerabilities
2004-03-26: Apache mod_python Module Malformed Query Denial of Service Vulnerability
2004-03-26: OpenSSH SCP Client File Corruption Vulnerability
2004-03-26: Multiple Local Linux Kernel Vulnerabilities
2004-03-26: AIX Invscoutd Symbolic Link Vulnerability
2004-03-26: XMB Forum Multiple Vulnerabilities
2004-03-26: NetSupport School Weak Password Encryption Vulnerability
2004-03-26: GdkPixbuf Unspecified Bitmap Handling Denial Of Service Vulnerability
2004-03-26: Multiple Vendor Internet Browser Cookie Path Argument Restriction Bypass Vulnerability

Symantec SSR






W32.Gaobot.UL April 2, 2004 April 2, 2004
W32.Gaobot.UJ April 1, 2004 April 2, 2004
Trojan.Cookrar April 1, 2004 April 1, 2004
W32.Netsky.R@mm March 31, 2004 March 31, 2004
Trojan.Brutecode
QReg-9 [McAfee], Win32.Lovmus [Computer Associates] March 31, 2004 March 31, 2004
W32.Randex.PR
W32/Spybot.worm.gen.a [McAfee] March 30, 2004 March 31, 2004
[email protected] March 30, 2004 March 30, 2004
W32.Antinny.K March 30, 2004 March 30, 2004
PWSteal.Lemir.G March 30, 2004 March 30, 2004
Backdoor.IRC.Aladinz.O March 30, 2004 March 30, 2004
W32.Beagle.V@mm
WORM_BAGLE.V [Trend], W32/Bagle.v@MM [McAfee], I-Worm.Bagle.t [Kaspersky] March 29, 2004 March 29, 2004
W32.Netsky.Q@mm
W32/Netsky.Q@mm [McAfee], W32/Netsky-Q [Sophos], WORM NETSKY.Q [Trend], Win32.Netsky.Q [Computer Associates], I-Worm.NetSky.r [Kaspersky] March 28, 2004 March 28, 2004
Backdoor.Medias March 27, 2004 March 28, 2004
W32.Sober.E@mm
W32/Sober-E [Sophos], W32/Sober.e@MM [McAfee], Win32.Sober.E [Computer Associates], WORM_SOBER.E [Trend], I-Worm.Sober.e [Kaspersky] March 27, 2004 March 28, 2004
W32.Gaobot.SY March 26, 2004 March 27, 2004
W32.Randex.OL March 26, 2004 March 27, 2004
W32.HLLP.Philis March 26, 2004 March 27, 2004
W32.Beagle.U@mm
Bagle.U [F-Secure], WORM_BAGLE.U [Trend], W32/Bagle-U [Sophos], W32/Bagle.u@MM [McAfee] March 26, 2004 March 26, 2004
W32.Timese.AG March 25, 2004 March 26, 2004
W32.Hesi.Worm March 25, 2004 March 26, 2004
Swaffer.Exploit
Exploit-ViaSWFurl [MacAfee] March 25, 2004 March 26, 2004
Trojan.Noupdate.B March 24, 2004 March 25, 2004
W32.Snapper.A@mm
I-Worm.Snapper [Kaspersky], W32/Snapper@MM [McAfee], Snapper [F-Secure] March 24, 2004 March 24, 2004
Backdoor.IRC.Aladinz.N March 24, 2004 March 24, 2004
Backdoor.IRC.Spybuzz March 23, 2004 March 24, 2004
Backdoor.R3C.B March 23, 2004 March 24, 2004
W32.Blackmal@mm
W32/MyWife.a@MM [McAfee], I-Worm.Nyxem [Kaspersky], W32/Nyxem-A [Sophos], WORM_BLUEWORM.A [Trend] March 23, 2004 March 24, 2004
W32.Gaobot.SA
W32.HLLW.Polybot.B, W32/Gaobot.worm.gen.d [McAfee], Phatbot March 23, 2004 March 23, 2004
W32.HLLW.Donk.L March 23, 2004 March 23, 2004
W32.HLLW.Lovgate.O@mm
I-Worm.LovGate.t [Kaspersky], W32/Lovgate.s@MM [McAfee] March 23, 2004 March 23, 2004
W32.HLLW.Gaobot.RS March 22, 2004 March 22, 2004
W32.Netsky.P@mm
W32.Netsky.Q@mm, W32/Netsky.p@MM [McAfee], Win32.Netsky.P [Computer Associates], NetSky.P [F-Secure], W32/Netsky.P.worm [Panda], W32/Netsky-P [Sophos], WORM_NETSKY.P [Trend] March 21, 2004 March 22, 2004
Backdoor.Danton March 21, 2004 March 22, 2004
Backdoor.Tumag March 21, 2004 March 22, 2004
PWSteal.Bancos.F March 16, 2004 March 17, 2004
W32.Netsky.N@mm
W32/Netsky.n@MM [McAfee], I-Worm.NetSky.o [Kaspersky] March 16, 2004 March 17, 2004
W32.HLLW.RedDw@mm March 15, 2004 March 16, 2004
W32.Beagle.N@mm
Win32.Bagle.O [Computer Associates], Bagle.P@mm [F-Secure], W32/Bagle.p@MM [McAfee], W32/Bagle.O [Panda], W32/Bagle-O [Sophos], PE_BAGLE.P [Trend] March 15, 2004 March 15, 2004
W32.Tuoba.Trojan March 15, 2004 March 15, 2004
W32.Cone.F@mm March 14, 2004 March 14, 2004
Trojan.Mitglieder.E
W32/Bagle.gen@mm March 13, 2004 March 13, 2004
Trojan.Mitglieder.D
W32/Bagle.gen@mm March 13, 2004 March 13, 2004
W32.Beagle.M@mm
Win32.Bagle.N [Computer Associates], Bagle.N [F-Secure], W32/Bagle.n@MM [McAfee], W32/Bagle.N [Panda], W32/Bagle-N [Sophos], PE_BAGLE.N [Trend] March 13, 2004 March 13, 2004
W32.HLLW.Citor March 13, 2004 March 13, 2004
W32.HLLW.Annil@mm March 12, 2004 March 13, 2004
W32.Cone.E@mm March 12, 2004 March 13, 2004
PWSteal.Irftp March 12, 2004 March 13, 2004
Trojan.Etsur March 12, 2004 March 13, 2004
Trojan.Noupdate March 11, 2004 March 12, 2004
Trojan.Gipma March 10, 2004 March 11, 2004
W32.Cone.D@mm March 10, 2004 March 11, 2004
W32.Netsky.M@mm
I-Worm.NetSky.m [Kaspersky], W32/Netsky.m@MM [McAfee], WORM_NETSKY.M [Trend], W32/Netsky-M [Sophos], Win32.Netsky.M [Computer Associates] March 10, 2004 March 11, 2004
Trojan.Simcss.B March 10, 2004 March 10, 2004
W32.Witty.Worm
W32/Witty.worm [McAfee], WORM_WITTY.A [Trend] March 20, 2004 -----
Backdoor.IRC.MyPoo March 20, 2004 March 22, 2004
Backdoor.IRC.MyPoo.Kit March 20, 2004 March 22, 2004
Download.SmallWeb March 20, 2004 March 22, 2004
Download.SmallWeb.Kit March 20, 2004 March 22, 2004
PWSteal.Bancos.G March 20, 2004 March 22, 2004
PWSteal.Tarno.C March 20, 2004 March 22, 2004
Trojan.KillAV.D March 20, 2004 March 22, 2004
W32.HLLW.Gaobot.RQ
W32/Randbot.worm [McAfee], Backdoor.SdBot.gen [Kaspersky] March 20, 2004 March 22, 2004
W32.HLLW.Leox.B March 20, 2004 March 22, 2004
Backdoor.Cazno March 19, 2004 March 22, 2004
Backdoor.Cazno.Kit March 19, 2004 March 22, 2004
Backdoor.Ranky.E March 19, 2004 March 22, 2004
Download.Chamber March 19, 2004 March 22, 2004
Download.Chamber.Kit March 19, 2004 March 22, 2004
Trojan.Bookmarker.G March 19, 2004 March 22, 2004
Trojan.Dustbunny March 19, 2004 March 22, 2004
Trojan.Linst March 19, 2004 March 22, 2004
Trojan.Regsys March 19, 2004 March 22, 2004
W32.HLLW.Antinny.G March 19, 2004 March 19, 2004
W32.Gaobot.gen!poly
W32.HLLW.Polybot, Phatbot, W32/Polybot.l!irc [McAfee], WORM_AGOBOT.HM [Trend], Backdoor.Agobot.hm [Kaspersky] March 19, 2004 March 19, 2004
W32.Nimos.Worm
W32/Nomis.worm [Mcafee] March 18, 2004 March 18, 2004
W32.Beagle@mm (vbs) March 18, 2004 March 18, 2004
W32.Beagle.T@mm
I-Worm.Bagle.o [Kaspersky] March 18, 2004 March 18, 2004
W32.Beagle.S@mm
W32/Bagle.s@MM [McAfee] March 18, 2004 March 18, 2004
W32.Beagle.R@mm
W32/Bagle.r@MM [Mcafee], PE_BAGLE.R [Trend], W32/Bagle-R [Sophos], Win32.Bagle.R [Computer Associates], I-Worm.Bagle.q [Kaspersky] March 18, 2004 March 18, 2004
W32.Beagle.O@mm
W32.Bagle.Q [Computer Associates], Bagle.Q [F-Secure], W32/Bagle.q@MM [McAfee], W32/Bagle.Q [Panda], W32/Bagle-Q [Sophos], PE_Bagle.Q [Trend], W32.Beagle.Q@mm March 18, 2004 March 18, 2004
W32.Dinfor.D.Worm March 17, 2004 March 18, 2004
W32.HLLW.Lovgate.N@mm
W32/Lovgate.p@MM [McAfee] March 17, 2004 March 17, 2004
W32.HLLW.Gaobot.RF March 17, 2004 March 17, 2004


NAV Daily Definitions (Go!)


*Note: The i32 Intelligent Updater package cannot be used to update Symantec AntiVirus Corporate Edition 8.0 servers or Norton AntiVirus Corporate Edition 7.6 servers, but can be used to update Corporate Edition clients. The x86 Intelligent Updater package can be used to update corporate Edition clients and servers.

National Cyber Alert System (US-Cert)


US-CERT is charged with protecting our nation's Internet infrastructure by coordinating defense against and response to cyber attacks.

March 18, 2004: US-CERT Channels Available
US-CERT publishes a number of RSS channels that web publishers can use to automate pointers to the latest computer security information from US-CERT.

Latest version: April 1, 2004 17:11:47 EST
Exploit for Cisco vulnerabilities released
Witty Worm
Phatbot Trojan
Many Variants of W32/Beagle malicious code
Many Variants of W32/Netsky malicious code
Many Variants of W32/MyDoom malicious code

Technical
TA04-078A
Multiple Vulnerabilities in OpenSSL
SB04-091
Summary of Security Items from March 16 through March 30, 2004
Non-technical
SA04-079A
Continuing Threats to Home Users
ST04-005
Understanding Anti-Virus Software

New and Notable Vulnerabilities
CDE dtlogin XDMCP vulnerability
Remotely exploitable ISS vulnerability
Vulnerabilities in OpenSSL
Linux Kernel mremap() Vulnerabilities
BlackICE and RealSecure heap overflow vulnerability



Live Virus Advisory Feed