Latest Advisories

Live Virus Advisory Feeds
2004-02-17

*Live Feeds are from Panda, Trend Micro, and Symantec

Live Virus Advisory Feeds

National Cyber Alert System (US-Cert)


Secunia

Secunia Highlights:
Microsoft Windows ASN.1 Library Integer Overflow Vulnerabilities
eEye Digital Security has discovered some vulnerabilities in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
RealOne Player / RealPlayer Multiple Vulnerabilities
Multiple vulnerabilities have been discovered in RealOne Player and RealPlayer, where the most serious potentially can be exploited by malicious people to compromise a vulnerable system.
Internet Explorer File Download Extension Spoofing
http-equiv has identified a vulnerability in Internet Explorer, allowing malicious web sites to spoof the file extension of downloadable files.

Latest 15 Secunia Security Advisories:
2004-02-17
- YaBB SE quote Parameter SQL Injection Vulnerability

- Online Store Kit SQL Injection and Cross Site Scripting Vulnerability

- AllMyPHP Various Products Arbitrary File Inclusion Vulnerabilities

- RobotFTP Server Buffer Overflow Vulnerability

- Sami HTTP Server Denial of Service Vulnerability

- Sun Cobalt update for rsync

- Sun Cobalt update for Iptables

- Sun Cobalt update for fileutils

- Sun Cobalt update for gnupg

- Fedora update for FreeRADIUS

- Fedora update for Gaim

- Gentoo update for phpMyAdmin

- Gentoo update for kernel

2004-02-16
- mnoGoSearch UdmDocToTextBuf() Buffer Overflow Vulnerability

- Sami FTP Server Invalid Command Argument Denial of Service Vulnerability

Top 5 Most Read Secunia Security Advisories (Last 24 hours):
- Microsoft Windows ASN.1 Library Integer Overflow Vulnerabilities

- Internet Explorer File Download Extension Spoofing

- Internet Explorer URL Spoofing Vulnerability

- Opera Browser File Download Extension Spoofing

- eTrust Antivirus Zip Archive Virus Detection Bypass Vulnerability

Security Tracker

Special Alerts - Serious flaw in Microsoft ASN.1 Library allows remote users to execute arbitrary code with
System privileges by exploiting any of several commonly used services.
Microsoft WINS permits remote denial of service.

eTrust Antivirus Can By Bypassed By Remote Users Sending Password-Protected Zip File Contents

A vulnerability was reported in eTrust Antivirus. The antivirus software may fail to detected infected files within zip files that contain a password-protected file.

Impact: Host/resource access via network

Purge Jihad Broadcast Response Buffer Overflow Lets Remote Users Execute Arbitrary Code

A buffer overflow vulnerability was reported in the Purge and Purge Jihad games. A remote game server can execute arbitrary code on a connected client system.

Impact: Execution of arbitrary code via network, User access via network

Symantec Firewall/VPN Appliance Displays Password When Edited

A vulnerability was reported in the Symantec Firewall/VPN Appliance. A user may be able to obtain the administrator's password.

Impact: Disclosure of authentication information

mnoGoSearch Buffer Overflow in Processing Large Documents Lets Remote Users Execute Arbitrary Code

A buffer overflow vulnerability was reported in mnoGoSearch. A user with the ability to place documents on the system can execute arbitrary code on the target system.

Impact: Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network

Microsoft Internet Explorer Integer Overflow in Processing Bitmap Files Lets Remote Users Execute Arbitrary Code

A vulnerability was reported in Microsoft Internet Explorer (IE) version 5. A remote user can execute arbitrary code on the target system.

Impact: Execution of arbitrary code via network, User access via network


SecurityFocus BugTraq
SecurityFocus Vulnerabilities

02/16/2004 Re: Misinformation in Security Advisories (ASN.1) Steven M. Christey
02/16/2004 Re: Misinformation in Security Advisories (ASN.1) Ivan Arce
02/16/2004 Re: Another YabbSE SQL Injection Mike Bobbitt
02/16/2004 RE: Exploit based on leaked code released. tlarholm pivx com
02/16/2004 Re: W2K source leaked? Ho Chaw Ming
02/16/2004 Re: Misinformation in Security Advisories (ASN.1) evol ruiner halo nu
02/16/2004 Re: Misinformation in Security Advisories (ASN.1) Simon Brady
02/16/2004 Another YabbSE SQL Injection backspace
02/16/2004 Misinformation in Security Advisories (ASN.1) John Compton
02/16/2004 Possible race condition in Symantec AntiVirus Scan Engine for Red Hat Linux during LiveUpdate Dr. Peter Bieringer
02/16/2004 Exploit based on leaked code released. Christopher Carboni
02/16/2004 Broadcast client buffer-overflow in Purge Jihad 2.0.1 Luigi Auriemma
02/16/2004 Symantec FireWall/VPN Appliance model 200 leak of security Davide Del Vecchio
02/15/2004 LNSA-#2004-0001: mutt remote crash Vincenzo Ciaglia
02/15/2004 Bypassing PatchFinder 2 Edgar Barbosa
02/15/2004 problems with database files in 'SignatureDB' LynX
02/15/2004 Buffer overflow in mnoGoSearch Jedi/Sector One
02/15/2004 Re: Microsoft ASN.1 (Half a sploit) K-OTiK Security
02/15/2004 Xlight ftp server 1.52 RETR bug intuit e.b.
02/15/2004 buffer overflow in Robot FTP Server gsicht gsicht
02/14/2004 AllMyGuests PHP Code Injection vulnerability Pablo Santana
02/14/2004 AllMyLinks PHP Code Injection vulnerability Pablo Santana
02/14/2004 AllMyVisitors PHP Code Injection vulnerability Pablo Santana
02/14/2004 RE: [Full-Disclosure] Re: W2K source leaked? Nick FitzGerald
02/14/2004 Re: Asp Portal Multiple Vulnerabilities Manuel López
02/14/2004 Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Buck Huppmann
02/14/2004 Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Florian Weimer
02/14/2004 Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Michael Shigorin
02/14/2004 Re: iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow Dr Andrew C Aitchison
02/14/2004 Re: W2K source leaked? Byron Copeland
02/14/2004 ASP Portal Multiple Vulnerabilities Manuel López
02/14/2004 Fwd: Re: NT/W2K Source leak Dragos Ruiu
02/14/2004 [SECURITY] [DSA 429-2] New gnupg packages fix cryptographic weakness Matt Zimmerman
2004-02-14: GnuPG ElGamal Signing Key Private Key Compromise Vulnerability
2004-02-14: Microsoft ASN.1 Library Length Integer Mishandling Memory Corruption Vulnerability
2004-02-13: GNU Mailman Admin Page Multiple Cross-Site Scripting Vulnerabilities
2004-02-13: GNU Mailman Malformed Message Remote Denial Of Service Vulnerability
2004-02-13: Microsoft Internet Explorer Unspecified CHM File Processing Arbitrary Code Execution Vulnerability
2004-02-13: JelSoft VBulletin Search.PHP Cross-Site Scripting Vulnerability
2004-02-13: Sami FTP Server Multiple Denial Of Service Vulnerabilities
2004-02-13: Multiple RealPlayer/RealOne Player Supported File Type Buffer Overrun Vulnerabilities
2004-02-13: RealPlayer/RealOne Player RMP Skin File Handler Directory Traversal Vulnerability
2004-02-13: Multiple Vendor H.323 Protocol Implementation Vulnerabilities
2004-02-12: Crob FTP Server Remote Denial Of Service Vulnerability
2004-02-12: Mailmgr Insecure Temporary File Creation Vulnerabilities
2004-02-12: AIM Sniff Temporary File Symlink Attack Vulnerability
2004-02-12: Netpbm Temporary File Vulnerabilities
2004-02-12: PHPNuke Category Parameter SQL Injection Vulnerability
2004-02-12: Sophos Anti-Virus Delivery Status Notification Handling Scanner Bypass Vulnerability
2004-02-12: Sophos Anti-Virus MIME Header Handling Denial Of Service Vulnerability
2004-02-12: SandSurfer Unspecified User Authentication Vulnerability
2004-02-12: JelSoft VBulletin Cross-Site Scripting Vulnerability
2004-02-12: OpenSSL ASN.1 Parsing Vulnerabilities
2004-02-12: slocate Local Buffer Overrun Vulnerability
2004-02-12: Macallan Mail Solution Web Interface Authentication Bypass Vulnerability
2004-02-12: SLocate User-Supplied Database Heap Overflow Vulnerability
2004-02-12: MIT CGIEmail Arbitrary Recipient Mail Relay Vulnerability
2004-02-11: PHPCodeCabinet Multiple Cross-Site Scripting Vulnerabilities
2004-02-11: Ratbag Game Engine Denial of Service Vulnerability
2004-02-11: Linux Kernel Samba Share Local Privilege Elevation Vulnerability
2004-02-11: Gallery Remote Global Variable Injection Vulnerability
2004-02-11: Monkey HTTP Daemon Missing Host Field Denial Of Service Vulnerability
2004-02-11: BolinTech Dream FTP Server User Name Format String Vulnerability
2004-02-11: Microsoft Internet Explorer Unauthorized Clipboard Contents Disclosure Vulnerability
2004-02-11: Midnight Commander Virtual File System Symlink Buffer Overflow Vulnerability
2004-02-11: Util-Linux Login Program Information Leakage Vulnerability
2004-02-11: Opera Web Browser CLSID File Extension Misrepresentation Vulnerability
2004-02-11: BosDev BosDates SQL Injection Vulnerability
2004-02-11: VisualShapers ezContents Multiple Module File Include Vulnerability
2004-02-11: Novell Groupwise Webaccess Cross Site Scripting Vulnerability
2004-02-11: HP-UX NLSPATH Environment Variable Format String Vulnerability
2004-02-11: Linux Kernel R128 Device Driver Unspecified Privilege Escalation Vulnerability
2004-02-11: Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
2004-02-10: Nokia Bluetooth Device Unauthorized Access Vulnerability
2004-02-10: Multiple Vendor Bluetooth Device Unspecified Information Disclosure Vulnerability
2004-02-10: Microsoft Baseline Security Analyzer Vulnerability Identification Weakness
2004-02-10: Microsoft Virtual PC For Mac Temporary File Privilege Escalation Vulnerability
2004-02-10: XLight FTP Server Remote Denial Of Service Vulnerability
2004-02-10: Microsoft Windows Internet Naming Service Buffer Overflow Vulnerability
2004-02-10: Platform Load Sharing Facility LSF_ENVDIR Local Command Execution Vulnerability
2004-02-10: Eggdrop Share Module Arbitrary Share Bot Add Vulnerability
2004-02-10: MaxWebPortal Multiple Input Validation Vulnerabilities
2004-02-10: Microsoft Internet Explorer Shell: IFrame Cross-Zone Scripting Vulnerability
2004-02-10: Caucho Technology Resin Directory Listings Disclosure Vulnerability
2004-02-10: Caucho Technology Resin Source Code Disclosure Vulnerability
2004-02-10: Microsoft Internet Explorer Double-Null URI Denial Of Service Vulnerability
2004-02-10: PHPNuke Web_Links Module Remote SQL Injection Vulnerability

Symantec SSR

W32.Netsky@mm
WORM_NETSKY.A [Trend] February 16, 2004 February 16, 2004
W32.HLLW.Cult.M@mm February 15, 2004 February 16, 2004
W32.Rusty@m February 15, 2004 February 16, 2004
W32.Welchia.C.Worm
WORM_NACHI.C [Trend] February 15, 2004 February 17, 2004
VBS.Laske@mm February 13, 2004 February 13, 2004
W32.Doomhunter February 12, 2004 February 13, 2004
W32.HLLW.Deadhat.B
W32/Deadhat.B.worm [Panda] February 12, 2004 February 13, 2004
X97M.Esab February 12, 2004 February 13, 2004
Trojan.Bansap February 12, 2004 February 12, 2004
Trojan.PWS.QQPass.F February 12, 2004 February 12, 2004
W32.HLLP.Shodi February 11, 2004 February 12, 2004
W32.Welchia.B.Worm
W32/Nachi.worm.b [McAfee], W32/Nachi-B [Sophos], Win32.Nachi.B [Computer Associates], WORM_NACHI.B [Trend], Worm.Win32.Welchia.b February 11, 2004 February 11, 2004
W32.HLLW.Doomjuice.B
W32/Doomjuice.worm.b [McAfee], WORM_DOOMJUICE.B [Trend], Win32.Doomjuice.B [Computer Associates], W32/Doomjuice-B [Sophos] February 11, 2004 February 11, 2004
W32.Dumaru.AH@mm
W32/Mimail.u@MM [McAfee], Win32.Mimail.U[Computer Associates] February 10, 2004 February 11, 2004
VBS.Bootconf.B February 10, 2004 February 11, 2004
W32.Kifer
TrojanDropper.Win32.Kifer [Kaspersky] February 10, 2004 February 10, 2004
W32.HLLP.Yero.Worm
W32.HLLP.Yero.Worm.dr, W32/Fesber.worm [McAfee] February 10, 2004 February 10, 2004
W32.HLLW.Moega.AG February 10, 2004 February 10, 2004
W32.Yenik.A@mm
W32/Yenik.worm [McAfee] February 10, 2004 February 10, 2004
Trojan.Gutta February 9, 2004 February 10, 2004
W32.HLLW.Doomjuice
W32/Doomjuice.worm.a [McAfee], WORM_DOOMJUICE.A [Trend], Win32.Doomjuice.A [Computer Associates], Worm.Win32.Doomjuice [Kaspersky], W32/Doomjuice-A [Sophos] February 9, 2004 February 9, 2004
Backdoor.IRC.Aladinz.J February 8, 2004 February 9, 2004
W32.HLLW.Deadhat
Vesser [F-Secure], W32/Deadhat.worm.a [McAfee], WORM_DEADHAT.A [Trend], Win32.Deadhat.A [Computer Associates], Worm.Win32.Vesser [Kaspersky] February 6, 2004 February 9, 2004
W32.Dinfor.Worm
WORM_SDBOT.FP [Trend] February 6, 2004 February 6, 2004
Backdoor.Domwis February 6, 2004 February 6, 2004
Backdoor.OptixPro.13.C February 6, 2004 February 6, 2004
W32.Mimail.T@mm
WORM_MIMAIL.T [Trend], W32/Mimail.t@MM [McAfee] February 5, 2004 February 6, 2004
W32.HLLW.Gaobot.JB February 4, 2004 February 5, 2004
W32.Blaster.K.Worm
W32.Blaster.Worm, WORM_MSBLAST.H [Trend], Worm.Win32.Lovesan.a [Kaspersky], W32/Lovsan.worm.gen [McAfee] February 3, 2004 February 4, 2004
W32.Hostidel.Trojan.C February 3, 2004 February 4, 2004
W32.HLLW.Chemsvy
Worm.P2P.Apsiv [Kaspersky], W32/Apsiv.worm!p2p [McAfee] February 3, 2004 February 3, 2004
W32.Dumaru.AD@mm
I-Worm.Dumaru.gen [Kaspersky], W32/Dumaru.gen@MM [McAfee] February 3, 2004 February 3, 2004
W32.Galil.F@mm
W32/Holar.gen@MM [McAfee], I-Worm.Holar.f [Kaspersky] February 2, 2004 February 3, 2004
VBS.Shania
Backdoor.VBS.Shania [Kaspersky], VBS/Pica.worm.gen [McAfee] February 2, 2004 February 2, 2004
Keylogger.Stawin
Keylogger.Trojan, Keylog-Stawin [McAfee], Troj/Stawin-A [Sophos], TrojanSpy.Win32.Keylogger.aa [Kaspersky], Win32.Elkong.D [Computer Associates], TROJ_KEYLOG.AA [Trend] January 29, 2004 January 30, 2004
W32.Randex.FC
Backdoor.IRCBot.gen [KAV] January 29, 2004 January 30, 2004
W32.HLLW.Anig
W32/Anig.worm [McAfee], WORM_ANIG.A [Trend], Win32.Dfcsvc.A [Computer Associates], Worm.Win32.Anig [Kaspersky] January 29, 2004 January 30, 2004
PWSteal.Olbaid January 29, 2004 January 29, 2004
W32.Mimail.S@mm
W32/Mimail-S [Sophos], WORM_MIMAIL.S [Trend], Win32.Mimail.S [Computer Associates], W32/Mimail.s@MM [McAfee] January 29, 2004 January 29, 2004
Backdoor.Aphexdoor
Backdoor.Aphexdoor.10 [Kaspersky] January 28, 2004 January 28, 2004
W32.IRCBot.C
Backdoor.IRCBot.gen [Kaspersky] January 28, 2004 January 28, 2004
W32.Mydoom.B@mm
Mydoom.B [F-Secure], W32/Mydoom.b@MM [McAfee], WORM_MYDOOM.B [Trend], Win32.Mydoom.B [Computer Associates], I-Worm.Mydoom.b [Kaspersky], W32/MyDoom-B [Sophos] January 28, 2004 January 28, 2004
Trojan.Bookmarker.E January 27, 2004 January 28, 2004
W32.HLLW.Pokibat January 27, 2004 January 28, 2004
W32.Mydoom.A@mm
W32.Novarg.A@mm, W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend], Win32.Mydoom.A [Computer Associates], W32/Mydoom-A [Sophos], I-Worm.Novarg [Kaspersky] January 26, 2004 January 26, 2004
W32.Mimail.Q@mm
W32/Mimail.q@MM [McAfee], WORM_MIMAIL.Q [Trend], W32/Mimail-Q [Sophos] January 26, 2004 January 26, 2004
W32.Dumaru.Z@mm
W32/Dumaru.z@MM [McAfee], Win32.Dumaru.Z [Computer Associates], I-Worm.Dumaru.l [Kaspersky], WORM_DUMARU.Z [Trend] January 25, 2004 January 26, 2004
W32.Dumaru.Y@mm
W32/Dumaru.y@MM [McAfee], I-Worm.Dumaru.j [Kaspersky], Win32.Dumaru.Y [Computer Associates], W32/Dumaru-Y [Sophos], WORM_DUMARU.Y [Trend] January 23, 2004 January 26, 2004
Trojan.Bookmarker.D January 23, 2004 January 26, 2004
W32.HLLW.Sanker January 22, 2004 January 23, 2004
Backdoor.OptixPro.13b
Backdoor.Optix.Pro.13 [Kaspersky] January 21, 2004 January 22, 2004
Backdoor.Tuxder January 20, 2004 January 20, 2004
Trojan.Httpdos
Backdoor.Snart.j[Kaspersky] January 20, 2004 January 20, 2004
Trojan.Mitglieder.C
Mitglieder [F-Secure], TrojanProxy.Win32.Mitglieder.c [Kaspersky], Proxy-Mitglieder [McAfee], TROJ_MITGLIEDR [Trend] January 20, 2004 January 20, 2004
VBS.Zsyang.B@mm
I-Worm.Zsyang [Kaspersky] January 19, 2004 January 19, 2004
W32.Beagle.A@mm
I-Worm.Bagle [Kaspersky], WORM_BAGLE.A [Trend], W32/Bagle-A [Sophos], W32/Bagle@MM [McAfee], Win32.Bagle.A [Computer Associates] January 18, 2004 January 18, 2004
Backdoor.IRC.Aladinz.H January 18, 2004 January 18, 2004
Trojan.Bookmarker.C January 15, 2004 January 16, 2004
W32.Protoride.Worm
Win32.Protoride.A [Computer Associates], BackDoor-AZJ [McAfee], Worm.Win32.Protoride [Kaspersky], WORM_PROTORIDE.A [Trend] January 16, 2004 January 16, 2004
W97M.Twopey.E
Macro.Word97.Racaga [Kaspersky] January 15, 2004 January 16, 2004
W32.Stuplo January 15, 2004 January 16, 2004
Backdoor.IRC.Aladinz.G
Worm.Win32.Randon.o [Kaspersky] January 15, 2004 January 15, 2004
Downloader.Mimail.B
Downloader-GN [McAfee], Troj/Mmdload-A [Sophos] January 14, 2004 January 16, 2004
W32.HLLC.Elpmis January 14, 2004 January 15, 2004
W32.HLLW.Nettrash
Backdoor.NetTrash, Backdoor/NetTrash.10.a [Kaspersky] January 12, 2004 January 13, 2004
Trojan.Bookmarker.B January 12, 2004 January 13, 2004
W32.HLLW.Gaobot.FQ
W32/Gaobot.worm.gw [McAfee] January 12, 2004 January 13, 2004






NAV Daily Definitions (Go)


*Note: The i32 Intelligent Updater package cannot be used to update Symantec AntiVirus Corporate Edition 8.0 servers or Norton AntiVirus Corporate Edition 7.6 servers, but can be used to update Corporate Edition clients. The x86 Intelligent Updater package can be used to update corporate Edition clients and servers.

National Cyber Alert System (US-Cert)

Technical
TA04-041A:Multiple Vulnerabilities in Microsoft ASN.1 Library
SB04-035:Summary of Security Items from January 21 through February 3, 2004

Non-technical
SA04-041A:Multiple Vulnerabilities in Microsoft Windows
ST04-002:Choosing and Protecting Passwords


Live Virus Advisory Feed