Latest Advisories

Live Virus Advisory Feeds
2004-01-29

*Live Feeds are from Panda, Trend Micro, and Symantec

Live Virus Advisory Feeds
National Cyber Alert System (US-Cert)

Secunia

Secunia Highlights:
Internet Explorer URL Spoofing Vulnerability
A vulnerability has been identified in Internet Explorer, which can be exploited by malicious people to display a fake URL in the address and status bars.
Windows XP Malicious Folder Automatic Code Execution Vulnerability
http-equiv has reported a vulnerability in Windows XP, which can be exploited by malicious people to compromise a user's system or gain escalated privileges.
Internet Explorer File Download Extension Spoofing
http-equiv has identified a vulnerability in Internet Explorer, allowing malicious web sites to spoof the file extension of downloadable files.

Latest 15 Secunia Security Advisories:
2004-01-29
- DotNetNuke Multiple Vulnerabilities

- Kerio Personal Firewall Privilege Escalation Vulnerability

- Debian update for trr19

- trr19 Privilege Escalation Vulnerability

- BRS WebWeaver ISAPISkeleton.dll Cross Site Scripting Vulnerability

- PJ CGI Neo review Directory Traversal Vulnerability

- Check Point FireWall-1 H.323 Protocol Implementation Vulnerabilities

- MAILsweeper for SMTP RAR Attachment Denial of Service Vulnerability

2004-01-28
- Web Blog Directory Traversal Vulnerability

- BlackICE PC Protection Privilege Escalation Vulnerability

- Gentoo update for gaim

- IBM Informix Database Multiple Local Vulnerabilities

- Internet Explorer File Download Extension Spoofing

- Gentoo update for mod_python

- BremsServer Cross Site Scripting and Directory Traversal

Top 5 Most Read Secunia Security Advisories (Last 24 hours):
- Internet Explorer File Download Extension Spoofing

- Internet Explorer URL Spoofing Vulnerability

- Windows XP Malicious Folder Automatic Code Execution Vulnerability

- BlackICE PC Protection Privilege Escalation Vulnerability

- Mac OS X Security Update Fixes Multiple Vulnerabilities


Security Tracker

TRR19 Lets Local Users Execute Commands With 'Games' Group Privileges

A vulnerability was reported in the TRR19 typing trainer for GNU Emacs. A local user can gain elevated privileges on the target system.

Impact: Execution of arbitrary code via local system, User access via local system

DotNetNuke Multiple Input Validation Flaws Disclose Files to Remote Users and Permit SQL Injection

Several vulnerabilities were reported in DotNetNuke. A remote user can view files on the system. A remote user can also inject SQL commands and conduct cross-site scripting attacks.

Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

IBM Informix Dynamic Server Buffer Overflows and Format String Flaws Let Local Users Gain Elevated Privileges

Several vulnerabilities were reported in IBM's Informix Dynamic Server. A local user can obtain elevated privileges.

Impact: Execution of arbitrary code via local system, Root access via local system, User access via local system

Leif M. Wright Web Blog Input Validation Flaw Discloses Files to Remote Users

Zone-h Security Labs reported a vulnerability in Leif M. Wright's Web Blog. A remote user can view files on the target system.

Impact: Disclosure of system information, Disclosure of user information

Kerio Personal Firewall Administration Menu Lets Local Users Run Applications With SYSTEM Privileges

Johan Tuneld reported a vulnerability in the Kerio Personal Firewall version 2.x. A local user can run commands with SYSTEM privileges.

Impact: Root access via local system

SecurityFocus BugTraq
SecurityFocus Vulnerabilities

01/28/2004 RFC: virus handling Thomas Zehetbauer
01/28/2004 phpBB privmsg.php XSS vulnerability patch. Shaun Colley
01/28/2004 [SECURITY] [DSA 430-1] New trr19 packages fix local games exploit joey infodrom org (Martin Schulze)
01/28/2004 Denial Of Service in SurfNOW 2.2 Donato Ferrante
01/28/2004 Changes to CERT Advisories [INFO#04.20510] CERT Advisory
01/28/2004 BRS WebWeaver Webserver Cross Site Scripting Vulnerability Oliver Karow
01/28/2004 ZH2004-01SA (security advisory): Web Blog 1.1 Remote arbitrary files retrieving ZetaLabs
01/28/2004 SRT2004-01-17-0227 - BlackICE allows local users to become SYSTEM KF
01/28/2004 Re: New MiMail variant is DDoS'ing SCO.com Bob Toxen
01/28/2004 Oracle toplink mapping workbench password algorithm Pete Finnigan
01/27/2004 RE: GOOROO CROSSING: File Spoofing Internet Explorer 6 tlarholm pivx com
01/27/2004 Remote exploit in Gallery 1.3.1, 1.3.2, 1.3.3, 1.4 and 1.4.1 Bharat Mediratta
01/27/2004 Re: vulnerabilities of postscript printers Ian Farquhar - Network Security Group
01/27/2004 information and reverse engineering bits of the Mydoom worm Gadi Evron
01/27/2004 RE: GOOROO CROSSING: File Spoofing Internet Explorer 6 Oliver Lavery
01/27/2004 [ GLSA 200401-04 ] GAIM 0.75 Remote overflows Tim Yamin
01/27/2004 GAIM Patch update Stefan Esser
01/27/2004 Elevated scanning: TCP port 135 (RPC) AND 445 (Domain Services) Nicholas Weaver
01/27/2004 CERT Advisory CA-2004-02 Email-borne Viruses CERT Advisory
01/27/2004 GOOROO CROSSING: File Spoofing Internet Explorer 6 http-equiv@excite.com
01/27/2004 [ GLSA 200401-03 ] Apache mod_python Denial of Service vulnerability Tim Yamin
01/27/2004 Re: symlink vul for Antivir / Linux Version 2.0.9-9 (maybe lower) AntiVir Support
01/27/2004 Re: Self-Executing FOLDERS: Windows XP Explorer Part V Liu Die Yu
01/27/2004 Chaosreader: Trace TCP/UDP from snoop/tcpdump logs Brendan Gregg
01/27/2004 [FLSA-2004:1187] Updated screen resolves security vulnerability Jesse Keating
01/27/2004 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code lowhalo hush com
01/27/2004 MDKSA-2004:008 - Updated tcpdump packages fix several vulnerabilities Mandrake Linux Security Team
01/27/2004 MDKSA-2004:007 - Updated mc packages fix buffer overflow vulnerability Mandrake Linux Security Team
01/27/2004 MDKSA-2004:006 - Updated gaim packages fix multiple vulnerabilities Mandrake Linux Security Team
01/27/2004 [SECURITY] [DSA 429-1] New gnupg packages fix cryptographic weakness in ElGamal signing keys Matt Zimmerman
01/27/2004 Re: Self-Executing FOLDERS: Windows XP Explorer Part V Jelmer
01/27/2004 [slackware-security] GAIM security update (SSA:2004-026-01) Slackware Security Team
01/27/2004 New MiMail variant is DDoS'ing SCO.com tlarholm pivx com
01/26/2004 RE: Finjan SurfinGate Vulnerability Menashe Eliezer
01/26/2004 [HUC] Serv-U FTPD 3.x/4.x SITE CHMOD Command remote exploit V1.0 lion
01/26/2004 ProxyNow! 2.x Multiple Overflow Vulnerabilities Peter Winter-Smith
01/26/2004 Re: Windows XP Explorer Executes Arbitrary Code in Folders Stuart Moore
01/26/2004 RE: Self-Executing FOLDERS: Windows XP Explorer Part V Thor Larholm
01/26/2004 Re: Self-Executing FOLDERS: Windows XP Explorer Part V mightye[removethis] mightye[removethis]@mightye.org
01/26/2004 [RHSA-2004:032-01] Updated Gaim packages fix various vulnerabiliies bugzilla redhat com
01/26/2004 Re: QuadComm Q-Shop ASP Shopping Cart Software multiple security vulnerabilities S-Quadra Security Research
01/26/2004 Directory traversal and XSS in BremsServer 1.2.4 Donato Ferrante
01/26/2004 Advisory 01/2004: 12 x Gaim remote overflows Stefan Esser
01/26/2004 Serv-U ftp 4.2 site chmod long_file_name exploit Qianwei Hu
2004-01-25: Jordan Windows Telnet Server Username Stack Based Buffer Overrun Vulnerability
2004-01-24: Borland Webserver for Corel Paradox Directory Traversal Vulnerability
2004-01-24: TinyServer Multiple Vulnerabilities
2004-01-24: Oracle HTTP Server isqlplus Cross-Site Scripting Vulnerability
2004-01-23: Jabber Server SSL Handling Denial of Service Vulnerability
2004-01-23: Reptile Web Server Remote Denial Of Service Vulnerability
2004-01-23: QuadComm Q-Shop SQL Injection Vulnerabilities
2004-01-23: Novell Netware Enterprise Web Server Multiple Vulnerabilities
2004-01-23: Sun Solaris modload() Unauthorized Kernel Module Loading Vulnerability
2004-01-23: QMail-SMTPD Long SMTP Session Integer Overflow Denial of Service Vulnerability
2004-01-22: McAfee ePolicy Orchestrator Agent HTTP POST Buffer Mismanagement Vulnerability
2004-01-22: Linux Kernel do_mremap Function Boundary Condition Vulnerability
2004-01-22: Linux Kernel do_brk Function Boundary Condition Vulnerability
2004-01-22: Native Solutions TBE Banner Engine Server Side Script Execution Vulnerability
2004-01-22: Netbus Directory Listings Disclosure and File Upload Vulnerability
2004-01-22: Acme thttpd CGI Test Script Cross-Site Scripting Vulnerability
2004-01-22: Apache mod_perl Module File Descriptor Leakage Vulnerability
2004-01-22: EA Black Box Need For Speed Hot Pursuit 2 Game Client Remote Buffer Overflow Vulnerability
2004-01-22: lftp Try_Squid_Eplf Buffer Overflow Vulnerability
2004-01-22: lftp Try_Netscape_Proxy Buffer Overflow Vulnerability
2004-01-22: OpenSSH Buffer Mismanagement Vulnerabilities
2004-01-22: SuSE Multiple Scripts Insecure Temporary File Handling Symbolic Link Vulnerabilities

Symantec SSR


W32.Mimail.S@mm
W32.Mimail.R@mm January 29, 2004 January 29, 2004
Backdoor.Aphexdoor
Backdoor.Aphexdoor.10 [Kaspersky] January 28, 2004 January 28, 2004
W32.IRCBot.C
Backdoor.IRCBot.gen [Kaspersky] January 28, 2004 January 28, 2004
W32.Mydoom.B@mm
Mydoom.B [F-Secure], W32/Mydoom.b@MM [McAfee], WORM_MYDOOM.B [Trend], Win32.Mydoom.B [Computer Associates], I-Worm.Mydoom.b [Kaspersky], W32/MyDoom-B [Sophos] January 28, 2004 January 28, 2004
Trojan.Bookmarker.E January 27, 2004 January 28, 2004
W32.HLLW.Pokibat January 27, 2004 January 28, 2004
W32.Novarg.A@mm
W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend], Win32.Mydoom.A [Computer Associates], W32/Mydoom-A [Sophos], I-Worm.Novarg [Kaspersky] January 26, 2004 January 26, 2004
W32.Mimail.Q@mm
W32/Mimail.q@MM [McAfee], WORM_MIMAIL.Q [Trend], W32/Mimail-Q [Sophos] January 26, 2004 January 26, 2004
W32.Dumaru.Z@mm
W32/Dumaru.z@MM [McAfee] January 25, 2004 January 26, 2004
W32.Dumaru.Y@mm
W32/Dumaru.y@MM [McAfee], I-Worm.Dumaru.j [Kaspersky], Win32.Dumaru.Y [Computer Associates], W32/Dumaru-Y [Sophos], WORM_DUMARU.Y [Trend] January 23, 2004 January 26, 2004
Trojan.Bookmarker.D January 23, 2004 January 26, 2004
W32.HLLW.Sanker January 22, 2004 January 23, 2004
Backdoor.OptixPro.13b
Backdoor.Optix.Pro.13 [Kaspersky] January 21, 2004 January 22, 2004
Backdoor.Tuxder January 20, 2004 January 20, 2004
Trojan.Httpdos
Backdoor.Snart.j[Kaspersky] January 20, 2004 January 20, 2004
Trojan.Mitglieder.C
Mitglieder [F-Secure] January 20, 2004 January 20, 2004
VBS.Zsyang.B@mm
I-Worm.Zsyang [Kaspersky] January 19, 2004 January 19, 2004
W32.Beagle.A@mm
I-Worm.Bagle [Kaspersky], WORM_BAGLE.A [Trend], W32/Bagle-A [Sophos], W32/Bagle@MM [McAfee], Win32.Bagle.A [Computer Associates] January 18, 2004 January 18, 2004
Backdoor.IRC.Aladinz.H January 18, 2004 January 18, 2004
Trojan.Bookmarker.C January 15, 2004 January 16, 2004
W32.Protoride.Worm January 16, 2004 January 16, 2004
W97M.Twopey.E
Macro.Word97.Racaga [Kaspersky] January 15, 2004 January 16, 2004
W32.Stuplo January 15, 2004 January 16, 2004
Backdoor.IRC.Aladinz.G
Worm.Win32.Randon.o [Kaspersky] January 15, 2004 January 15, 2004
Downloader.Mimail.B
Downloader-GN [McAfee], Troj/Mmdload-A [Sophos] January 14, 2004 January 16, 2004
W32.HLLC.Elpmis January 14, 2004 January 15, 2004
W32.HLLW.Nettrash
Backdoor.NetTrash, Backdoor/NetTrash.10.a [Kaspersky] January 12, 2004 January 13, 2004
Trojan.Bookmarker.B January 12, 2004 January 13, 2004
W32.HLLW.Gaobot.FQ
W32/Gaobot.worm.gw [McAfee] January 12, 2004 January 13, 2004
PWSteal.Freemega January 11, 2004 January 12, 2004
PWSteal.Leox January 11, 2004 January 12, 2004
Backdoor.Threadsys January 10, 2004 January 12, 2004
Trojan.Xombe
Xombe [FSecure], Downloader-GJ [McAfee], Troj/Dloader-L [Sophos] January 9, 2004 January 9, 2004
Backdoor.Sdbot.S
Backdoor.SdBot.gen [Kaspersky] January 8, 2004 January 8, 2004
W32.Opaserv.AE.Worm January 7, 2004 January 8, 2004
W32.Mimail.P@mm
W32/Mimail.p@MM [McAfee], Win32.Mimail.P [Computer Associates], WORM_MIMAIL.P [Trend], W32/Mimail-N [Sophos], I-Worm.Mimail.p [Kaspersky] January 7, 2004 January 8, 2004
W32.HLLW.Gaobot.FL January 6, 2004 January 7, 2004
W32.Bizten
Trojan.Win32.Bizten [Kaspersky] January 6, 2004 January 6, 2004
W32.HLLW.Gaobot.FB
Backdoor.Agobot.3.gen [Kaspersky] January 4, 2004 January 5, 2004
Backdoor.Graybird.H January 4, 2004 January 5, 2004
W32.Miroot.Worm
W32/Legemer.worm [McAfee] January 3, 2004 January 5, 2004
W32.Bugbros@mm January 2, 2004 January 5, 2004
Backdoor.IRC.Aladinz.F
Win32.Randon.AC [Kaspersky] January 1, 2004 January 2, 2004
W32.Tupeg January 1, 2004 January 2, 2004
Download.Berbew.dam
Downloader-DI.dam [McAfee], Troj/Antikl-Dam [Sophos] December 31, 2003 January 2, 2004
W32.Jitux.Worm
W32/Jitux.worm [McAfee], WORM_JITUX.A [Trend] December 31, 2003 December 31, 2003
W32.Mumo December 29, 2003 December 30, 2003
Backdoor.Gaster December 29, 2003 December 30, 2003
W32.Torun
W32.Torun.dr, Worm.W32.Torun [Kaspersky], PE_TORUN.A [Trend] December 28, 2003 December 29, 2003
Trojan.Download.Revird December 27, 2003 December 29, 2003
Backdoor.Portless December 26, 2003 December 29, 2003


NAV Daily Definitions (Go)


*Note: The i32 Intelligent Updater package cannot be used to update Symantec AntiVirus Corporate Edition 8.0 servers or Norton AntiVirus Corporate Edition 7.6 servers, but can be used to update Corporate Edition clients. The x86 Intelligent Updater package can be used to update corporate Edition clients and servers.


National Cyber Alert System (US-Cert)
Live Virus Advisory Feed