Latest Advisories

Live Virus Advisory Feeds
05-17-2004



*Live Feeds are from Panda, Trend Micro, and Symantec

Live Virus Advisory Feeds

National Cyber Alert System (US-Cert)


Secunia



Secunia Highlights


Symantec Client Firewall Products Multiple Vulnerabilities

eEye Digital Security has discovered multiple vulnerabilities in various Symantec firewall products, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.


Eudora URL Handling Buffer Overflow Vulnerability

Paul Szabo has reported a vulnerability in Eudora, which can be exploited by malicious people to compromise a user's system.





Latest Secunia Security Advisories


2004-05-17
- Mac OS X Help URI Handler Arbitrary Script Execution

- Slackware update for mc

- Gentoo update for exim

- Gentoo update for libpng

- SuSE update for mc



2004-05-14
- Trustix update for apache

- Sun Solaris SMC Web Server File Enumeration Security Issue

- HP-UX B6848AB GTK+ Support Libraries Insecure Directory Permissions

- HP-UX dtlogin XDMCP Parsing Vulnerability

- HP-UX update for Mozilla





Latest Virus Information

2004-05-17
- Bobax.worm.a - Reported by Network Associates
Risk: Low Risk. Grouped with 1 virus description:
- WORM_BOBAX.A [Trend Micro]

- Agobot-IN - Reported by Sophos

- RBot-J - Reported by Sophos
Risk: Not Assessed. Grouped with 1 virus description:
- SdBot.MB [F-Secure]

- Flyer-A - Reported by Sophos

- Lovgate-AB - Reported by Sophos

- Agobot-IR - Reported by Sophos

- Agobot-IP - Reported by Sophos

- StdBot-A - Reported by Sophos

- RBot-L - Reported by Sophos

- Agobot-IO - Reported by Sophos



Security Tracker







Solaris Management Console Server Discloses File and Directory Existence to Remote Users

An information disclosure vulnerability was reported in the Solaris Management Console smc(1M) Server. A remote user can determine information about files and directories on the system.

Impact: Disclosure of system information, Disclosure of user information



libtASN1 DER Parsing Flaw Has Unspecified Impact

A vulnerability was reported in libtASN1. The impact was not specified.

Impact: Not specified



Ethereal SIP, AIM, SPNEGO, and MMSE Dissector Flaws Allow Remote Users to Crash Ethereal or Execute Arbitrary Code

Several vulnerabilities were reported in Ethereal, affecting the SIP, AIM, SPNEGO, and MMSE dissectors. A remote user can cause denial of service conditions or execute arbitrary code on the target system.

Impact: Denial of service via network, Execution of arbitrary code via network, User access via network



Microsoft Internet Explorer showHelp Path Search Lets Remote Users Load Existing Local CHM Files

A vulnerability was reported in Microsoft Internet Explorer. A remote user can create HTML that, when loaded, will execute existing CHM files on the target user's computer.

Impact: Execution of arbitrary code via network, User access via network



mah-jong Game Can Be Crashed By Remote Users With Empty Name Value

A denial of service vulnerability was reported in mah-jong in the processing of player names. A remote user can cause the game service to crash.

Impact: Denial of service via network




SecurityFocus Vulnerabilities


2004-05-14: Microsoft Windows LSASS Buffer Overrun Vulnerability
2004-05-13: Microsoft Outlook Express URI Obfuscation Vulnerability
2004-05-13: Mozilla Browser Zombie Document Cross-Site Scripting Vulnerability
2004-05-13: Mozilla Browser Cookie Path Restriction Bypass Vulnerability
2004-05-13: Multiple Vendor S/MIME ASN.1 Parsing Denial of Service Vulnerabilities
2004-05-13: Multiple Vendor IEEE 802.11 Protocol Remote Denial Of Service Vulnerability
2004-05-13: Opera Web Browser Telnet URI handler Arbitrary File Creation/Modification Vulnerability
2004-05-13: Mah-Jong Server NULL Pointer Dereference Remote Denial Of Service Vulnerability
2004-05-13: Sweex Wireless Broadband Router/Access Point Unauthorized Access Vulnerability
2004-05-13: Multiple Linksys Devices DHCP Information Disclosure and Denial of Service Vulnerability
2004-05-13: Windows Media Services MX_STATS_LogLine NSIISlog.DLL Remote Buffer Overflow Vulnerability
2004-05-13: UTempter Multiple Local Vulnerabilities
2004-05-13: Triornis ZoneMinder Multiple Remote Buffer Overflow Vulnerabilities
2004-05-13: Sun Solaris Patch Information Disclosure Vulnerability
2004-05-13: Agnitum Outpost Firewall Remote Denial of Service Vulnerability
2004-05-13: BSD Kernel ProcFS Handler UIO_Offset Integer Overflow Vulnerability
2004-05-13: Opera Web Browser Address Bar Spoofing Weakness
2004-05-12: Multiple Vendor H.323 Protocol Implementation Vulnerabilities
2004-05-12: Symantec Client Firewall NetBIOS Name Service Response Buffer Overflow Vulnerability
2004-05-12: Symantec Client Firewall NetBIOS Handler Remote Heap Overflow Vulnerability
2004-05-12: Symantec Client Firewall DNS Response Buffer Overflow Vulnerability
2004-05-12: NetBSD/FreeBSD Port Systrace Exit Routine Access Validation Privilege Escalation Vulnerability
2004-05-12: HP B6848AB GTK+ Library Insecure File Permissions Vulnerability
2004-05-12: Symantec Client Firewall Products SYMNDIS.SYS Driver Remote Denial Of Service Vulnerability
2004-05-12: Linux Kernel STRNCPY Information Leak Vulnerability
2004-05-12: KAME Racoon Malformed ISAKMP Packet Denial of Service Vulnerability
2004-05-12: KAME Racoon Authentication SA Deletion Vulnerability
2004-05-12: KAME Racoon Initial Contact SA Deletion Vulnerability
2004-05-12: Racoon IKE Daemon Unauthorized X.509 Certificate Connection Vulnerability
2004-05-12: Linux Kernel NCPFS ncp_lookup() Unspecified Local Privilege Escalation Vulnerability
2004-05-12: Linux Kernel 2.4 RTC Handling Routines Memory Disclosure Vulnerability
2004-05-12: Linux Kernel Serial Driver Proc File Information Disclosure Vulnerability
2004-05-11: Neon WebDAV Client Library Format String Vulnerabilities
2004-05-11: BEA WebLogic Server And WebLogic Express Lowered Security Settings Vulnerability
2004-05-11: BEA WebLogic Server and WebLogic Express Denial of Service Vulnerability
2004-05-11: Microsoft Windows Terminal Server Patch Unspecified Denial Of Service Vulnerability
2004-05-11: Clam Anti-Virus ClamAV Arbitrary Command Execution Vulnerability
2004-05-11: Microsoft Windows HSC DVD Driver Upgrade Code Execution Vulnerability
2004-05-11: Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
2004-05-11: Microsoft Jet Database Engine Remote Code Execution Vulnerability
2004-05-11: Multiple Mail Transfer Agent Embedded Hyperlink URI Obfuscation Variant Weakness
2004-05-11: Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
2004-05-11: Microsoft Outlook Mail Client E-mail Address Verification Weakness
2004-05-11: Multiple Vendor TCP Sequence Number Approximation Vulnerability
2004-05-11: SCO OpenServer StartX Weak XHost Permissions Vulnerability
2004-05-11: RSync Configured Module Path Escaping Vulnerability
2004-05-11: Apple Mac OS X TrueBlueEnvironment Local Denial Of Service Vulnerability
2004-05-11: Samba SMB/CIFS Packet Assembling Buffer Overflow Vulnerability
2004-05-11: Microsoft Internet Explorer Unconfirmed Memory Corruption Vulnerability
2004-05-11: Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
2004-05-10: NetCache/Data ONTAP Remote Undisclosed Denial Of Service Vulnerability
2004-05-10: McAfee ePolicy Orchestrator Server Remote Code Execution Vulnerability
2004-05-10: EMule Web Control Panel Denial Of Service Vulnerability
2004-05-10: Linux Kernel Panic Function Call Buffer Overflow Vulnerability
2004-05-10: Microsoft Internet Explorer XML Parsing Denial Of Service Vulnerability
2004-05-10: MailEnable Mail Server HTTPMail Remote Heap Overflow Vulnerability
2004-05-10: National Science Foundation Squid Proxy Internet Access Control Bypass Vulnerability
2004-05-10: Tutorials Manager Multiple Remote SQL Injection Vulnerabilities
2004-05-10: Open WebMail Remote Command Execution Variant Vulnerability
2004-05-10: PHPShop Remote PHP Script Execution Vulnerability
2004-05-10: AIX Getlvcb Command Line Argument Buffer Overflow Vulnerability
2004-05-10: PaX 2.6 Kernel Patch Denial Of Service Vulnerability
2004-05-10: Qualcomm Eudora Embedded Hyperlink URI Obfuscation Weakness
2004-05-10: Icecast Server Base64 Authorization Request Remote Buffer Overflow Vulnerability
2004-05-10: Linux Kernel Local IO Access Inheritance Vulnerability


Symantec SSR



W32.Kibuv.B May 15, 2004 May 15, 2004
W32.Kibuv.Worm
BloodHound.Packed May 14, 2004 May 15, 2004
PWSteal.Banpaes.D
TROJ_BANPAES.E May 14, 2004 May 15, 2004
Backdoor.Sysdot May 14, 2004 May 14, 2004
W32.Dabber.A
W32/Dabber-A [Sophos], W32/Dabber.worm.a [McAfee], WORM_DABBER.A [Trend] May 14, 2004 May 14, 2004
W32.Gaobot.AIS May 14, 2004 May 14, 2004
W32.Sober.G@mm
Win32.Sober.G [Computer Associates], I-Worm.Sober.g [Kaspersky], Sober.G [F-Secure], W32/Sober.g@MM [McAfee], WORM_SOBER.G [Trend] May 13, 2004 May 14, 2004
Trojan.Mitglieder.K
Proxy-Mitglieder.gen [McAfee] May 13, 2004 May 14, 2004
AS.MW2004.Trojan
MacOS/MW2004 [McAfee] May 12, 2004 May 13, 2004
W32.Gaobot.AJJ May 11, 2004 May 12, 2004
W32.Gaobot.AJE May 11, 2004 May 12, 2004
Backdoor.Nibu.E May 11, 2004 May 12, 2004
PWSteal.Tarno.H May 11, 2004 May 12, 2004
W32.Posit@mm
Bloodhound.W32.VBWORM May 11, 2004 May 12, 2004
W32.Wallon.A@mm
WORM_WALLON.A [Trend], Win32.Wallon [Computer Associates], W32/Wallon.worm.a [McAfee], I-Worm.Wallon [Kaspersky] May 11, 2004 May 12, 2004
W32.Gaobot.AJD
Backdoor.Agobot.gen [Kaspersky] May 11, 2004 May 11, 2004
W32.Donk.Q May 10, 2004 May 11, 2004
W32.Sasser.F.Worm May 10, 2004 May 11, 2004
Backdoor.Sinups May 10, 2004 May 10, 2004
W32.Cycle
Win32.Cycle.A [Computer Associates], WORM_CYCLE.A [Trend], W32/Cycle.worm.a [McAfee] May 10, 2004 May 10, 2004
W32.Sasser.E.Worm May 9, 2004 May 9, 2004
W32.Axon.B
Win32.HLLP.Riaz [Kaspersky] May 8, 2004 May 9, 2004
W32.Golo.A@mm May 8, 2004 May 9, 2004
W32.Axon
W32/Riaz [McAfee], Win32.HLLP.Xenon [Kaspersky] May 7, 2004 May 8, 2004
Hacktool.Upload May 7, 2004 May 7, 2004
W32.Gobot.A
Backdoor.Gobot.u [Kaspersky], Exploit-Mydoom [McAfee] May 6, 2004 May 7, 2004
W32.Randex.AEV
W32/Sdbot.worm.gen.j [McAfee], WORM_SDBOT.Z [Trend] May 6, 2004 May 7, 2004
W32.Welchia.K May 5, 2004 May 6, 2004
W32.Arcam May 4, 2004 May 5, 2004
Backdoor.Carool May 4, 2004 May 4, 2004
W32.Netad.Trojan May 4, 2004 May 4, 2004
W32.Supova.Z@mm May 3, 2004 May 3, 2004
W32.Netsky.AC@mm
WORM_NETSKY.AC [Trend], W32/Netsky-AC [Sophos], Win32.Netsky.AC [Computer Associates], I-Worm.NetSky.ad [Kaspersky] May 3, 2004 May 3, 2004
W32.Sasser.D
W32/Sasser-D [Sophos], WORM_SASSER.D [Trend], W32/Sasser.worm.d [McAfee], Win32.Sasser.D [Computer Associates], Worm.Win32.Sasser.d [Kaspersky] May 3, 2004 May 3, 2004
W32.Sasser.C.Worm
W32/Sasser-C [Sophos], Worm.Win32.Sasser.c [Kaspersky], W32/Sasser.worm.c [McAfee], WORM_SASSER.C [Trend], Win32.Sasser.C [Computer Associates] May 2, 2004 May 2, 2004
Trojan.Adwaheck May 2, 2004 May 2, 2004
W32.Sasser.B.Worm
WORM_SASSER.B [Trend], W32/Sasser.worm.b [McAfee], Worm.Win32.Sasser.b [Kaspersky], W32/Sasser-B [Sophos], Win32.Sasser.B [Computer Associates], Sasser.B [F-Secure], W32/Sasser.B.worm [Panda], Win32/Sasser.B.worm [RAV], W32/Sasser.B [F-Prot] May 1, 2004 May 1, 2004
W32.Sasser.Worm
W32/Sasser.worm.a [McAfee], WORM_SASSER.A [Trend], Worm.Win32.Sasser.a [Kaspersky], W32/Sasser-A [Sophos], Win32.Sasser.A [Computer Associates], Sasser [F-Secure], W32/Sasser.A.worm [Panda] April 30, 2004 May 1, 2004
W32.Misodene@mm
WORM_MISODENE.A [Trend], W32/Misoden.a@MM [McAfee] April 29, 2004 April 30, 2004
Backdoor.Sdbot.Z
Backdoor.SdBot.ht [Kaspersky] April 29, 2004 April 29, 2004
W32.Gaobot.AFW April 29, 2004 April 29, 2004
W32.Gaobot.AFJ
Backdoor.Agobot.gen [Kaspersky], WORM_AGOBOT.JF [Trend], WORM_AGOBOT.JO [Trend] April 27, 2004 April 28, 2004
W32.Gaobot.AFC
Backdoor.Agobot.gen [Kaspersky] April 29, 2004 April 29, 2004
W32.Beagle.X@mm
I-Worm.Bagle.z [Kaspersky], WORM_BAGLE.Z [Trend], WORM_BAGLE.AA [Trend], WORM_BAGLE.AB [Trend], W32/Bagle.aa@MM [McAfee], W32/Bagle.ab@MM [McAfee], W32/Bagle-AA [Sophos], Win32.Bagle.X [Computer Associates] April 28, 2004 April 28, 2004
W32.Netsky.AB@mm
W32/Netsky-AB [Sophos], W32/Netsky.ab@MM [McAfee], WORM_NETSKY.AB [Trend], Win32.Netsky.AB [Computer Associates], I-Worm.Netsky.ac [Kaspersky] April 27, 2004 April 28, 2004
Backdoor.Mipsiv April 27, 2004 April 28, 2004
W97M.Smey
W97M/Generic (McAfee), macro.Word97.Smyser.b (KAV) April 27, 2004 April 28, 2004
W32.Netsky.AA@mm
WORM_NETSKY.AA [Trend], W32/Netsky.aa@MM [McAfee], Win32.Netsky.AA [Computer Associates], W32/Netsky-AA [Sophos] April 27, 2004 April 27, 2004
Hacktool.LsassSba
Bloodhound.Exploit.8 April 27, 2004 April 27, 2004
W32.Traxg@mm April 26, 2004 April 27, 2004
W32.Beagle.W@mm
W32/Bagle.z@MM [McAfee], W32/Bagle-W [Sophos], Win32.Bagle.W [Computer Associates], WORM_BAGLE.X [Trend], I-Worm.Bagle.y [Kaspersky], Bagle.Y [F-Secure] April 26, 2004 April 26, 2004
Hacktool.THCIISLame April 26, 2004 April 26, 2004
PWSteal.Tarno.G April 26, 2004 April 26, 2004
W32.Shodi.C April 25, 2004 April 25, 2004
Backdoor.Evivinc April 25, 2004 April 25, 2004
Trojan.Mitglieder.J April 24, 2004 April 24, 2004
W32.Gaobot.ADX April 24, 2004 April 24, 2004
W32.Slime April 23, 2004 April 24, 2004
Backdoor.Sdbot.Y
Backdoor.Sdbot.U, W32/Sdbot.worm.gen.e [McAfee] April 23, 2004 April 24, 2004
W32.Bugbear.E@mm
W32/Bugbear.gen@MM [McAfee] April 23, 2004 April 24, 2004
W32.Gaobot.ADW April 23, 2004 April 23, 2004
W32.Randex.AAS April 22, 2004 April 23, 2004
W32.Gaobot.ADV April 22, 2004 April 23, 2004
Trojan.Mercurycas.A April 22, 2004 April 22, 2004
W32.Gaobot.ADN April 21, 2004 April 21, 2004
Backdoor.Berbew.D
Backdoor.Padodor.e [Kaspersky] April 21, 2004 April 21, 2004
W32.Netsky.Z@mm
W32/Netsky.z@MM [McAfee] April 21, 2004 April 21, 2004
W32.Blaster.T.Worm
W32/Blaster-G [Sophos], WORM_MSBLAST.I [Trend], W32/Blaster.worm.k [McAfee] April 21, 2004 April 21, 2004
W32.HLLP.Shodi.B April 20, 2004 April 21, 2004
W32.Mydoom.J@mm
WORM_MYDOOM.J [Trend], Win32.Mydoom.J [Computer Associates], W32/Mydoom.j@MM [McAfee] April 20, 2004 April 20, 2004
W32.Opasa@mm
WORM_MIMAIL.V [Trend], W32/Mimail-V [Sophos], JS.Mimail.V [Computer Associates] April 20, 2004 April 20, 2004
W32.Netsky.Y@mm
W32/Netsky.y@MM [McAfee], WORM_NETSKY.Y [Trend], Win32.Netsky.Y [Computer Associates], W32/Netsky-X [Sophos] April 20, 2004 April 20, 2004
W32.Netsky.X@mm
Win32.Netsky.X [Computer Associates], W32/NetSky.X@mm [F-Secure], W32/Netsky.x@MM [McAfee], W32/Netsky.X.worm [Panda], W32/Netsky-Y [Sophos], WORM_NETSKY.X [Trend] April 20, 2004 April 20, 2004
W97M.Evo April 19, 2004 April 20, 2004
Backdoor.Carufax.A April 19, 2004 April 19, 2004
W32.Erkez.A@mm
Zafi April 19, 2004 April 19, 2004
W32.Randex.YR April 19, 2004 April 19, 2004
W32.HLLW.Donk.O April 18, 2004 April 18, 2004
W32.Netsky.W@mm April 16, 2004 April 17, 2004
Backdoor.Sdbot.T April 16, 2004 April 16, 2004
W32.Mydoom.I@mm April 15, 2004 April 15, 2004
W32.Gaobot.AAY
W32.HLLW.Gaobot.gen, W32/Gaobot.worm.gen.d [McAfee], Backdoor.Agobot.kr [Kaspersky] April 15, 2004 April 15, 2004
Backdoor.IRC.Zcrew.C April 15, 2004 April 15, 2004






NAV Daily Definitions (Go!)




*Note: The i32 Intelligent Updater package cannot be used to update Symantec AntiVirus Corporate Edition 8.0 servers or Norton AntiVirus Corporate Edition 7.6 servers, but can be used to update Corporate Edition clients. The x86 Intelligent Updater package can be used to update corporate Edition clients and servers.



National Cyber Alert System (US-Cert)




Live Virus Advisory Feed