Latest Advisories

Live Virus Advisory Feeds
2004-01-30

*Live Feeds are from Panda, Trend Micro, and Symantec

Live Virus Advisory Feeds

National Cyber Alert System (US-Cert)


Secunia

Secunia Highlights:
Internet Explorer URL Spoofing Vulnerability
A vulnerability has been identified in Internet Explorer, which can be exploited by malicious people to display a fake URL in the address and status bars.
Windows XP Malicious Folder Automatic Code Execution Vulnerability
http-equiv has reported a vulnerability in Windows XP, which can be exploited by malicious people to compromise a user's system or gain escalated privileges.
Internet Explorer File Download Extension Spoofing
http-equiv has identified a vulnerability in Internet Explorer, allowing malicious web sites to spoof the file extension of downloadable files.

Latest 15 Secunia Security Advisories:
2004-01-30
- Sun Solaris pfexec Privilege Escalation Vulnerability

- Kietu Arbitrary File Inclusion Vulnerability

- PhpGedView Arbitrary File Inclusion Vulnerabilities

- WWW::Form Potential Cross-Site Scripting Vulnerability

- Bodington Uploaded File Exposure Vulnerability

2004-01-29
- SuSE update for gaim

- DotNetNuke Multiple Vulnerabilities

- Kerio Personal Firewall Privilege Escalation Vulnerability

- Debian update for trr19

- trr19 Privilege Escalation Vulnerability

- Cold Fusion MX Form Denial of Service and Sandbox Bypass

- McAfee ePolicy Orchestrator Invalid Content-Length: Denial of Service

- BRS WebWeaver ISAPISkeleton.dll Cross Site Scripting Vulnerability

- PJ CGI Neo review Directory Traversal Vulnerability

- Check Point FireWall-1 H.323 Protocol Implementation Vulnerabilities

Top 5 Most Read Secunia Security Advisories (Last 24 hours):
- Internet Explorer File Download Extension Spoofing

- Internet Explorer URL Spoofing Vulnerability

- Windows XP Malicious Folder Automatic Code Execution Vulnerability

- Check Point FireWall-1 H.323 Protocol Implementation Vulnerabilities

- Internet Explorer showHelp() Restriction Bypass Vulnerability

Security Tracker

PJreview_Neo.cgi Input Validation Hole Discloses Files to Remote Users

Zone-h Security Team reported an input validation flaw in the 'PJreview_Neo.cgi' script. A remote user can view files on the target system.

Impact: Disclosure of system information, Disclosure of user information

BRS WebWeaver Input Validation Flaw in ISAPISkeleton.dll Permits Cross-Site Scripting Attacks

An input validation vulnerability was reported in BRS WebWeaver in ISAPISkeleton.dll. A remote user can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

SurfNOW Proxy Service Can Be Denied By Remote Users

A vulnerability was reported in the SurfNOW proxy software. A remote user can cause the proxy to stop working properly.

Impact: Denial of service via network

Macromedia ColdFusion Lets Remote Users Deny Service By Sending Many Form Fields

A vulnerability was reported in Macromedia ColdFusion in the processing of form fields. A remote user can cause denial of service conditions on the target system.

Impact: Denial of service via network

Macromedia ColdFusion MX 6.1 Access Control Flaw Lets Objects Bypass Sandbox Security

A vulnerability was reported in Macromedia's ColdFusion. A Java object can bypass the sandbox security features.

Impact: Disclosure of user information, Modification of user information


SecurityFocus BugTraq
SecurityFocus Vulnerabilities

01/29/2004 Cisco Security Advisory: Buffer Overrun in Microsoft Windows 2000 Workstation Service (MS03-049) Cisco Systems Product Security Incident Response Team
01/29/2004 userland binary vulnerabilities on IRIX SGI Security Coordinator
01/29/2004 Security Announcement: untrusted ELF library path in some cvsup binary RPMs Matthias Andree
01/29/2004 SUSE Security Announcement: gaim (SuSE-SA:2004:004) thomas suse de (Thomas Biege)
01/29/2004 ZH2004-02SA (security advisory): PJ CGI Neo review (NeoBoard review) Remote arbitrary file retrieving ZetaLabs
01/29/2004 ----------========== OPEN3S-2003-08-08-eng-informix-ontape ==========---------- pask open3s com
01/29/2004 ----------========== OPEN3S-2003-08-08-eng-informix-onshowaudit ==========---------- pask open3s com
01/29/2004 ----------========== OPEN3S-2003-08-08-eng-informix-onedcu ==========---------- pask open3s com
01/29/2004 [FLSA-2004:1207] Updated cvs resolves security vulnerability Jesse Keating
01/29/2004 new WIN virus? Atom 'Smasher'
01/29/2004 MacOS X TruBlueEnvironment Buffer Overflow @stake Advisories
01/28/2004 SGI Advanced Linux Environment security update #9 SGI Security Coordinator
01/28/2004 RFC: virus handling Thomas Zehetbauer
01/28/2004 phpBB privmsg.php XSS vulnerability patch. Shaun Colley
01/28/2004 [SECURITY] [DSA 430-1] New trr19 packages fix local games exploit joey infodrom org (Martin Schulze)
01/28/2004 Denial Of Service in SurfNOW 2.2 Donato Ferrante
01/28/2004 Changes to CERT Advisories [INFO#04.20510] CERT Advisory
01/28/2004 BRS WebWeaver Webserver Cross Site Scripting Vulnerability Oliver Karow
01/28/2004 ZH2004-01SA (security advisory): Web Blog 1.1 Remote arbitrary files retrieving ZetaLabs
01/28/2004 SRT2004-01-17-0227 - BlackICE allows local users to become SYSTEM KF
01/28/2004 Re: New MiMail variant is DDoS'ing SCO.com Bob Toxen
01/28/2004 Oracle toplink mapping workbench password algorithm Pete Finnigan
01/27/2004 RE: GOOROO CROSSING: File Spoofing Internet Explorer 6 tlarholm pivx com
01/27/2004 Remote exploit in Gallery 1.3.1, 1.3.2, 1.3.3, 1.4 and 1.4.1 Bharat Mediratta
01/27/2004 Re: vulnerabilities of postscript printers Ian Farquhar - Network Security Group
01/27/2004 information and reverse engineering bits of the Mydoom worm Gadi Evron
01/27/2004 RE: GOOROO CROSSING: File Spoofing Internet Explorer 6 Oliver Lavery
01/27/2004 [ GLSA 200401-04 ] GAIM 0.75 Remote overflows Tim Yamin
01/27/2004 GAIM Patch update Stefan Esser
01/27/2004 Elevated scanning: TCP port 135 (RPC) AND 445 (Domain Services) Nicholas Weaver
01/27/2004 CERT Advisory CA-2004-02 Email-borne Viruses CERT Advisory
01/27/2004 GOOROO CROSSING: File Spoofing Internet Explorer 6 http-equiv@excite.com
01/27/2004 [ GLSA 200401-03 ] Apache mod_python Denial of Service vulnerability Tim Yamin
01/27/2004 Re: symlink vul for Antivir / Linux Version 2.0.9-9 (maybe lower) AntiVir Support
01/27/2004 Re: Self-Executing FOLDERS: Windows XP Explorer Part V Liu Die Yu
01/27/2004 Chaosreader: Trace TCP/UDP from snoop/tcpdump logs Brendan Gregg
01/27/2004 [FLSA-2004:1187] Updated screen resolves security vulnerability Jesse Keating
01/27/2004 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code lowhalo hush com
01/27/2004 MDKSA-2004:008 - Updated tcpdump packages fix several vulnerabilities Mandrake Linux Security Team
01/27/2004 MDKSA-2004:007 - Updated mc packages fix buffer overflow vulnerability Mandrake Linux Security Team
01/27/2004 MDKSA-2004:006 - Updated gaim packages fix multiple vulnerabilities Mandrake Linux Security Team
01/27/2004 [SECURITY] [DSA 429-1] New gnupg packages fix cryptographic weakness in ElGamal signing keys Matt Zimmerman
01/27/2004 Re: Self-Executing FOLDERS: Windows XP Explorer Part V Jelmer
01/27/2004 [slackware-security] GAIM security update (SSA:2004-026-01) Slackware Security Team
01/27/2004 New MiMail variant is DDoS'ing SCO.com tlarholm pivx com
2004-01-27: WebLogic Server and Express HTTP TRACE Credential Theft Vulnerability
2004-01-27: BEA WebLogic Incorrect Operator Permissions Password Disclosure Vulnerability
2004-01-27: BEA WebLogic Server/Express Potential Administrator Password Disclosure Weakness
2004-01-27: BEA WebLogic Server and Express SSL Client Privilege Escalation Vulnerability
2004-01-27: BEA WebLogic Operator/Admin Password Disclosure Vulnerability
2004-01-27: GnuPG ElGamal Signing Key Private Key Compromise Vulnerability
2004-01-26: InternetNow ProxyNow Multiple Stack and Heap Overflow Vulnerabilities
2004-01-26: Kietu Index.PHP Remote File Include Vulnerability
2004-01-26: Kietu Hit.PHP Remote File Inclusion Vulnerability
2004-01-26: SLocate User-Supplied Database Heap Overflow Vulnerability
2004-01-26: RhinoSoft Serv-U FTP Server MDTM Command Stack Overflow Vulnerability
2004-01-26: Antologic Antolinux Administrative Interface NDCR Parameter Remote Command Execution Vulnerability
2004-01-26: Xoops Viewtopic.php Cross-Site Scripting Vulnerability
2004-01-26: QuadComm Q-Shop Cross Site Scripting Vulnerabilities
2004-01-26: CGI.pm Start_Form Cross-Site Scripting Vulnerability
2004-01-26: LANDesk Software LANDesk Management Suite IRCBoot.DLL ActiveX Control Buffer Overrun Vulnerability
2004-01-26: Cherokee Error Page Cross Site Scripting Vulnerability
2004-01-26: Mambo Open Source mod_mainmenu.php Remote File Include Vulnerability
2004-01-26: Herberlin BremsServer Cross-Site Scripting Vulnerability
2004-01-26: Herberlin BremsServer Directory Traversal Vulnerability
2004-01-26: Mbedthis Software AppWeb HTTP Server Empty Options Request Denial Of Service Vulnerability
2004-01-26: Multiple Cisco PIX Remote Denial Of Service Vulnerabilities
2004-01-26: mIRC DCC Get Dialog Denial Of Service Vulnerability
2004-01-26: IBM Net.Data db2www Error Message Cross-Site Scripting Vulnerability
2004-01-26: Gallery Remote Global Variable Injection Vulnerability
2004-01-26: Multiple Vendor H.323 Protocol Implementation Vulnerabilities
2004-01-25: Jordan Windows Telnet Server Username Stack Based Buffer Overrun Vulnerability
2004-01-24: Borland Webserver for Corel Paradox Directory Traversal Vulnerability
2004-01-24: TinyServer Multiple Vulnerabilities
2004-01-24: Oracle HTTP Server isqlplus Cross-Site Scripting Vulnerability
2004-01-23: Jabber Server SSL Handling Denial of Service Vulnerability
2004-01-23: Reptile Web Server Remote Denial Of Service Vulnerability
2004-01-23: QuadComm Q-Shop SQL Injection Vulnerabilities
2004-01-23: Novell Netware Enterprise Web Server Multiple Vulnerabilities
2004-01-23: Sun Solaris modload() Unauthorized Kernel Module Loading Vulnerability
2004-01-23: QMail-SMTPD Long SMTP Session Integer Overflow Denial of Service Vulnerability

Symantec SSR

W32.Randex.FC
Backdoor.IRCBot.gen [KAV] January 29, 2004 January 30, 2004
W32.HLLW.Anig
W32/Dfcsvc.worm [McAfee] January 29, 2004 January 30, 2004
W32.Mimail.S@mm
W32/Mimail-S [Sophos], WORM_MIMAIL.S [Trend], Win32.Mimail.S [Computer Associates], W32/Mimail.s@MM [McAfee] January 29, 2004 January 29, 2004
Backdoor.Aphexdoor
Backdoor.Aphexdoor.10 [Kaspersky] January 28, 2004 January 28, 2004
W32.IRCBot.C
Backdoor.IRCBot.gen [Kaspersky] January 28, 2004 January 28, 2004
W32.Mydoom.B@mm
Mydoom.B [F-Secure], W32/Mydoom.b@MM [McAfee], WORM_MYDOOM.B [Trend], Win32.Mydoom.B [Computer Associates], I-Worm.Mydoom.b [Kaspersky], W32/MyDoom-B [Sophos] January 28, 2004 January 28, 2004
Trojan.Bookmarker.E January 27, 2004 January 28, 2004
W32.HLLW.Pokibat January 27, 2004 January 28, 2004
W32.Novarg.A@mm
W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend], Win32.Mydoom.A [Computer Associates], W32/Mydoom-A [Sophos], I-Worm.Novarg [Kaspersky] January 26, 2004 January 26, 2004
W32.Mimail.Q@mm
W32/Mimail.q@MM [McAfee], WORM_MIMAIL.Q [Trend], W32/Mimail-Q [Sophos] January 26, 2004 January 26, 2004
W32.Dumaru.Z@mm
W32/Dumaru.z@MM [McAfee] January 25, 2004 January 26, 2004
W32.Dumaru.Y@mm
W32/Dumaru.y@MM [McAfee], I-Worm.Dumaru.j [Kaspersky], Win32.Dumaru.Y [Computer Associates], W32/Dumaru-Y [Sophos], WORM_DUMARU.Y [Trend] January 23, 2004 January 26, 2004
Trojan.Bookmarker.D January 23, 2004 January 26, 2004
W32.HLLW.Sanker January 22, 2004 January 23, 2004
Backdoor.OptixPro.13b
Backdoor.Optix.Pro.13 [Kaspersky] January 21, 2004 January 22, 2004
Backdoor.Tuxder January 20, 2004 January 20, 2004
Trojan.Httpdos
Backdoor.Snart.j[Kaspersky] January 20, 2004 January 20, 2004
Trojan.Mitglieder.C
Mitglieder [F-Secure] January 20, 2004 January 20, 2004
VBS.Zsyang.B@mm
I-Worm.Zsyang [Kaspersky] January 19, 2004 January 19, 2004
W32.Beagle.A@mm
I-Worm.Bagle [Kaspersky], WORM_BAGLE.A [Trend], W32/Bagle-A [Sophos], W32/Bagle@MM [McAfee], Win32.Bagle.A [Computer Associates] January 18, 2004 January 18, 2004
Backdoor.IRC.Aladinz.H January 18, 2004 January 18, 2004
Trojan.Bookmarker.C January 15, 2004 January 16, 2004
W32.Protoride.Worm January 16, 2004 January 16, 2004
W97M.Twopey.E
Macro.Word97.Racaga [Kaspersky] January 15, 2004 January 16, 2004
W32.Stuplo January 15, 2004 January 16, 2004
Backdoor.IRC.Aladinz.G
Worm.Win32.Randon.o [Kaspersky] January 15, 2004 January 15, 2004
Downloader.Mimail.B
Downloader-GN [McAfee], Troj/Mmdload-A [Sophos] January 14, 2004 January 16, 2004
W32.HLLC.Elpmis January 14, 2004 January 15, 2004
W32.HLLW.Nettrash
Backdoor.NetTrash, Backdoor/NetTrash.10.a [Kaspersky] January 12, 2004 January 13, 2004
Trojan.Bookmarker.B January 12, 2004 January 13, 2004
W32.HLLW.Gaobot.FQ
W32/Gaobot.worm.gw [McAfee] January 12, 2004 January 13, 2004
PWSteal.Freemega January 11, 2004 January 12, 2004
PWSteal.Leox January 11, 2004 January 12, 2004
Backdoor.Threadsys January 10, 2004 January 12, 2004
Trojan.Xombe
Xombe [FSecure], Downloader-GJ [McAfee], Troj/Dloader-L [Sophos] January 9, 2004 January 9, 2004
Backdoor.Sdbot.S
Backdoor.SdBot.gen [Kaspersky] January 8, 2004 January 8, 2004
W32.Opaserv.AE.Worm January 7, 2004 January 8, 2004
W32.Mimail.P@mm
W32/Mimail.p@MM [McAfee], Win32.Mimail.P [Computer Associates], WORM_MIMAIL.P [Trend], W32/Mimail-N [Sophos], I-Worm.Mimail.p [Kaspersky] January 7, 2004 January 8, 2004
W32.HLLW.Gaobot.FL January 6, 2004 January 7, 2004
W32.Bizten
Trojan.Win32.Bizten [Kaspersky] January 6, 2004 January 6, 2004
W32.HLLW.Gaobot.FB
Backdoor.Agobot.3.gen [Kaspersky] January 4, 2004 January 5, 2004
Backdoor.Graybird.H January 4, 2004 January 5, 2004
W32.Miroot.Worm
W32/Legemer.worm [McAfee] January 3, 2004 January 5, 2004
W32.Bugbros@mm January 2, 2004 January 5, 2004
Backdoor.IRC.Aladinz.F
Win32.Randon.AC [Kaspersky] January 1, 2004 January 2, 2004
W32.Tupeg January 1, 2004 January 2, 2004
Download.Berbew.dam
Downloader-DI.dam [McAfee], Troj/Antikl-Dam [Sophos] December 31, 2003 January 2, 2004
W32.Jitux.Worm
W32/Jitux.worm [McAfee], WORM_JITUX.A [Trend] December 31, 2003 December 31, 2003
W32.Mumo December 29, 2003 December 30, 2003
Backdoor.Gaster December 29, 2003 December 30, 2003
W32.Torun
W32.Torun.dr, Worm.W32.Torun [Kaspersky], PE_TORUN.A [Trend] December 28, 2003 December 29, 2003
Trojan.Download.Revird December 27, 2003 December 29, 2003
Backdoor.Portless December 26, 2003 December 29, 2003






NAV Daily Definitions (Go)


*Note: The i32 Intelligent Updater package cannot be used to update Symantec AntiVirus Corporate Edition 8.0 servers or Norton AntiVirus Corporate Edition 7.6 servers, but can be used to update Corporate Edition clients. The x86 Intelligent Updater package can be used to update corporate Edition clients and servers.

National Cyber Alert System (US-Cert)

Technical
TA04-028A: MyDoom.B Rapidly Spreading
Non-technical
SA04-028A: MyDoom Virus Spreading Rapidly

Live Virus Advisory Feed