Latest Advisories

Live Virus Advisory Feeds
2004-02-18

*Live Feeds are from Panda, Trend Micro, and Symantec

Live Virus Advisory Feeds

National Cyber Alert System (US-Cert)


Secunia

Secunia Highlights:
Microsoft Windows ASN.1 Library Integer Overflow Vulnerabilities
eEye Digital Security has discovered some vulnerabilities in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
Linux Kernel mremap() Missing Return Value Checking Privilege Escalation
Paul Starzetz has reported a vulnerability in the Linux kernel, which can be exploited by malicious, local users to gain escalated privileges on a vulnerable system.

Latest 15 Secunia Security Advisories:
2004-02-18
- Slackware update for kernel

- Gentoo update for clamav

- APC SmartSlot Web/SNMP Management Card Default Password

- Linux Kernel mremap() Missing Return Value Checking Privilege Escalation

- Red Hat update for PWLib

- FTP Broker Connection Handling Denial of Service Vulnerabilities

- Vizer Web Server Invalid Request Denial of Service Vulnerabilities

- IMail Server LDAP Daemon Buffer Overflow Vulnerability

2004-02-17
- ShopCartCGI Directory Traversal Vulnerability

- YaBB SE quote Parameter SQL Injection Vulnerability

- Online Store Kit SQL Injection and Cross Site Scripting Vulnerability

- AllMyPHP Various Products Arbitrary File Inclusion Vulnerabilities

- Symantec AntiVirus Scan Engine Race Condition Vulnerability

- Purge and Purge Jihad Client Buffer Overflow Vulnerabilities

- ProductCart SQL Injection and Cross Site Scripting Vulnerabilities

Top 5 Most Read Secunia Security Advisories (Last 24 hours):
- Microsoft Windows ASN.1 Library Integer Overflow Vulnerabilities

- Internet Explorer URL Spoofing Vulnerability

- Symantec AntiVirus Scan Engine Race Condition Vulnerability

- Internet Explorer File Download Extension Spoofing

- Opera Browser File Download Extension Spoofing


Security Tracker

Special Alerts - Serious flaw in Microsoft ASN.1 Library allows remote users to execute arbitrary code with
System privileges by exploiting any of several commonly used services.
Microsoft WINS permits remote denial of service.

APC SmartSlot Card Backdoor Password Lets Remote Users Obtain Usernames and Passwords

A vulnerability was reported in the APC SmartSlot management cards used by various APC SmartSwitch and UPS products. A remote user can gain access to the device.

Impact: Disclosure of authentication information, User access via network

Vizer Web Server Can Be Crashed By Remote Users

A vulnerability was reported in the Vizer web server. A remote user can cause the web service to crash.

Impact: Denial of service via network

Sami HTTP Server Buffer Overflow Lets Remote Users Crash the Web Server

badpack3t of SP Research Labs reported a buffer overflow in the Sami HTTP Server. A remote user can cause the web service to crash and may be able to execute arbitrary code.

Impact: Denial of service via network, Execution of arbitrary code via network, User access via network

ShopCartCGI Discloses Files on the System to Remote Users

G00db0y from Zone-h Security Labs reported a file disclosure vulnerability in ShopCartCGI. A remote user can view files on the target system with the privileges of the target user.

Impact: Disclosure of system information, Disclosure of user information

Serv-U FTP Server Can Be Crashed By Remote Authenticated Users With a Malformed SITE CHMOD Command

A vulnerability was reported in the Serv-U FTP Server. A remote authenticated user can cause the FTP service to crash.

Impact: Denial of service via network


SecurityFocus BugTraq
SecurityFocus Vulnerabilities

02/18/2004 Second critical mremap() bug found in all Linux kernels Paul Starzetz
02/17/2004 iDEFENSE Security Advisory 02.17.04: Ipswitch IMail LDAP Daemon Remote Buffer Overflow iDefense Labs
02/17/2004 ASN.1 vulnerability -is- on Win98 Joshua Levitsky
02/17/2004 Beagle.b@mm spreading at a steady pace. dotsecure hushmail com
02/17/2004 Fw: APC 9606 SmartSlot Web/SNMP management card backdoor - MORE PROBLEMS thiago vazquez light com br
02/17/2004 RE: Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access The Forbidden Directory (/WEB-INF/) Alun Jones
02/17/2004 RE: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP Zak Dechovich
02/17/2004 Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP Michal Zalewski
02/17/2004 Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP 3APA3A
02/17/2004 Broker FTP DoS (Message Server) Aviram Jenik
02/17/2004 ASN.1 telephony critical infrastructure warning - VOIP Gadi Evron
02/17/2004 Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP daniel uriah clemens
02/17/2004 YABB information leakage on failed login David Cantrell
02/17/2004 Denial Of Service in Vizer Web Server 1.9.1 Donato Ferrante
02/17/2004 ZH2004-06SA (security advisory): ShopCartCGI v2.3 Remote arbitrary file retrieving ZetaLabs
02/17/2004 KarjaSoft Sami HTTP Server 1.0.4 Buffer Overflow badpack3t
02/17/2004 [ GLSA 200402-06 ] Linux kernel AMD64 ptrace vulnerability Tim Yamin
02/17/2004 [ GLSA 200402-05 ] phpMyAdmin 2.5.6-rc1 directory traversal attack Tim Yamin
02/17/2004 Re: [work] Re: W2K source leaked? opticfiber
02/17/2004 Re: iDEFENSESecurityAdvisory02.10.04:XFree86FontInformationFileBufferOverflow Steffen Kluge
02/17/2004 Re: Misinformation in Security Advisories (ASN.1) Anthony Saffer
02/16/2004 Re: Misinformation in Security Advisories (ASN.1) Steven M. Christey
02/16/2004 Re: Misinformation in Security Advisories (ASN.1) Ivan Arce
02/16/2004 RE: [Full-Disclosure] Misinformation in Security Advisories (ASN.1) first last
02/16/2004 Re: Another YabbSE SQL Injection Mike Bobbitt
02/16/2004 RE: Exploit based on leaked code released. tlarholm pivx com
02/16/2004 Re: W2K source leaked? Ho Chaw Ming
02/16/2004 Re: Misinformation in Security Advisories (ASN.1) evol ruiner halo nu
02/16/2004 Re: Misinformation in Security Advisories (ASN.1) Simon Brady
02/16/2004 Another YabbSE SQL Injection backspace
02/16/2004 Re: [Full-Disclosure] Misinformation in Security Advisories (ASN.1) Valdis Kletnieks vt edu
02/16/2004 Misinformation in Security Advisories (ASN.1) John Compton
02/16/2004 Re: [Full-Disclosure] Possible race condition in Symantec AntiVirus Scan Engine for Red Hat Linux during LiveUpdate Valdis Kletnieks vt edu
02/16/2004 Possible race condition in Symantec AntiVirus Scan Engine for Red Hat Linux during LiveUpdate Dr. Peter Bieringer
02/16/2004 Exploit based on leaked code released. Christopher Carboni
02/16/2004 Broadcast client buffer-overflow in Purge Jihad 2.0.1 Luigi Auriemma
02/16/2004 APC 9606 SmartSlot Web/SNMP management card backdoor Dave Tarbatt
02/16/2004 Symantec FireWall/VPN Appliance model 200 leak of security Davide Del Vecchio
02/15/2004 Re: ISS Security Rip: Microsoft ASN.1 (Half a sploit) Valdis Kletnieks vt edu
02/15/2004 LNSA-#2004-0001: mutt remote crash Vincenzo Ciaglia
02/15/2004 Bypassing PatchFinder 2 Edgar Barbosa
02/15/2004 problems with database files in 'SignatureDB' LynX
02/15/2004 Buffer overflow in mnoGoSearch Jedi/Sector One
02/15/2004 Re: Microsoft ASN.1 (Half a sploit) K-OTiK Security
02/15/2004 Xlight ftp server 1.52 RETR bug intuit e.b.
02/15/2004 buffer overflow in Robot FTP Server gsicht gsicht
2004-02-14: Microsoft IIS Unspecified Remote Denial Of Service Vulnerability
2004-02-14: Multiple ASP Portal Vulnerabilities
2004-02-14: GnuPG ElGamal Signing Key Private Key Compromise Vulnerability
2004-02-13: GNU Mailman Admin Page Multiple Cross-Site Scripting Vulnerabilities
2004-02-13: GNU Mailman Malformed Message Remote Denial Of Service Vulnerability
2004-02-13: Microsoft Internet Explorer Unspecified CHM File Processing Arbitrary Code Execution Vulnerability
2004-02-13: JelSoft VBulletin Search.PHP Cross-Site Scripting Vulnerability
2004-02-13: Sami FTP Server Multiple Denial Of Service Vulnerabilities
2004-02-13: Multiple RealPlayer/RealOne Player Supported File Type Buffer Overrun Vulnerabilities
2004-02-13: RealPlayer/RealOne Player RMP Skin File Handler Directory Traversal Vulnerability
2004-02-13: Multiple Vendor H.323 Protocol Implementation Vulnerabilities
2004-02-12: Crob FTP Server Remote Denial Of Service Vulnerability
2004-02-12: Mailmgr Insecure Temporary File Creation Vulnerabilities
2004-02-12: AIM Sniff Temporary File Symlink Attack Vulnerability
2004-02-12: Netpbm Temporary File Vulnerabilities
2004-02-12: PHPNuke Category Parameter SQL Injection Vulnerability
2004-02-12: Sophos Anti-Virus Delivery Status Notification Handling Scanner Bypass Vulnerability
2004-02-12: Sophos Anti-Virus MIME Header Handling Denial Of Service Vulnerability
2004-02-12: SandSurfer Unspecified User Authentication Vulnerability
2004-02-12: JelSoft VBulletin Cross-Site Scripting Vulnerability
2004-02-12: OpenSSL ASN.1 Parsing Vulnerabilities
2004-02-12: Macallan Mail Solution Web Interface Authentication Bypass Vulnerability
2004-02-12: MIT CGIEmail Arbitrary Recipient Mail Relay Vulnerability
2004-02-11: PHPCodeCabinet Multiple Cross-Site Scripting Vulnerabilities
2004-02-11: Ratbag Game Engine Denial of Service Vulnerability
2004-02-11: Linux Kernel Samba Share Local Privilege Elevation Vulnerability
2004-02-11: Monkey HTTP Daemon Missing Host Field Denial Of Service Vulnerability
2004-02-11: BolinTech Dream FTP Server User Name Format String Vulnerability
2004-02-11: Microsoft Internet Explorer Unauthorized Clipboard Contents Disclosure Vulnerability
2004-02-11: Midnight Commander Virtual File System Symlink Buffer Overflow Vulnerability
2004-02-11: Util-Linux Login Program Information Leakage Vulnerability
2004-02-11: Opera Web Browser CLSID File Extension Misrepresentation Vulnerability
2004-02-11: BosDev BosDates SQL Injection Vulnerability
2004-02-11: VisualShapers ezContents Multiple Module File Include Vulnerability
2004-02-11: Novell Groupwise Webaccess Cross Site Scripting Vulnerability
2004-02-11: HP-UX NLSPATH Environment Variable Format String Vulnerability
2004-02-11: Linux Kernel R128 Device Driver Unspecified Privilege Escalation Vulnerability
2004-02-11: Apache Web Server Multiple Module Local Buffer Overflow Vulnerability

Symantec SSR


W32.Netsky.B@mm
W32/Netsky.b@MM [McAfee], W32/Netsky.B.worm [Panda], WORM_NETSKY.B [Trend Micro], Moodown.B [F-Secure], I-Worm.Moodown.b [Kaspersky] February 18, 2004 February 18, 2004
W32.Beagle.B@mm
W32.Alua@mm, Win32/Bagle.B.Worm [Computer Associates], Bagle.B [F-Secure], W32/Bagle.b@MM [McAfee], W32/Bagle.B@mm [Norman], WORM_BAGLE.B [Trend Mirco], W32/Bagle.B.worm [Panda], W32/Tanx-A [Sophos] February 17, 2004 February 17, 2004
X97M.Ellar.F February 16, 2004 February 16, 2004
W32.Kifer.B February 16, 2004 February 16, 2004
W32.Netsky@mm
WORM_NETSKY.A [Trend] February 16, 2004 February 16, 2004
W32.HLLW.Cult.M@mm February 15, 2004 February 16, 2004
W32.Rusty@m February 15, 2004 February 16, 2004
W32.Welchia.C.Worm
WORM_NACHI.C [Trend] February 15, 2004 February 17, 2004
VBS.Laske@mm February 13, 2004 February 13, 2004
W32.Doomhunter February 12, 2004 February 13, 2004
W32.HLLW.Deadhat.B
W32/Deadhat.B.worm [Panda] February 12, 2004 February 13, 2004
X97M.Esab February 12, 2004 February 13, 2004
Trojan.Bansap February 12, 2004 February 12, 2004
Trojan.PWS.QQPass.F February 12, 2004 February 12, 2004
W32.HLLP.Shodi February 11, 2004 February 12, 2004
W32.Welchia.B.Worm
W32/Nachi.worm.b [McAfee], W32/Nachi-B [Sophos], Win32.Nachi.B [Computer Associates], WORM_NACHI.B [Trend], Worm.Win32.Welchia.b February 11, 2004 February 11, 2004
W32.HLLW.Doomjuice.B
W32/Doomjuice.worm.b [McAfee], WORM_DOOMJUICE.B [Trend], Win32.Doomjuice.B [Computer Associates], W32/Doomjuice-B [Sophos] February 11, 2004 February 11, 2004
W32.Dumaru.AH@mm
W32/Mimail.u@MM [McAfee], Win32.Mimail.U[Computer Associates] February 10, 2004 February 11, 2004
VBS.Bootconf.B February 10, 2004 February 11, 2004
W32.Kifer
TrojanDropper.Win32.Kifer [Kaspersky] February 10, 2004 February 10, 2004
W32.HLLP.Yero.Worm
W32.HLLP.Yero.Worm.dr, W32/Fesber.worm [McAfee] February 10, 2004 February 10, 2004
W32.HLLW.Moega.AG February 10, 2004 February 10, 2004
W32.Yenik.A@mm
W32/Yenik.worm [McAfee] February 10, 2004 February 10, 2004
Trojan.Gutta February 9, 2004 February 10, 2004
W32.HLLW.Doomjuice
W32/Doomjuice.worm.a [McAfee], WORM_DOOMJUICE.A [Trend], Win32.Doomjuice.A [Computer Associates], Worm.Win32.Doomjuice [Kaspersky], W32/Doomjuice-A [Sophos] February 9, 2004 February 9, 2004
Backdoor.IRC.Aladinz.J February 8, 2004 February 9, 2004
W32.HLLW.Deadhat
Vesser [F-Secure], W32/Deadhat.worm.a [McAfee], WORM_DEADHAT.A [Trend], Win32.Deadhat.A [Computer Associates], Worm.Win32.Vesser [Kaspersky] February 6, 2004 February 9, 2004
W32.Dinfor.Worm
WORM_SDBOT.FP [Trend] February 6, 2004 February 6, 2004
Backdoor.Domwis February 6, 2004 February 6, 2004
Backdoor.OptixPro.13.C February 6, 2004 February 6, 2004
W32.Mimail.T@mm
WORM_MIMAIL.T [Trend], W32/Mimail.t@MM [McAfee] February 5, 2004 February 6, 2004
W32.HLLW.Gaobot.JB February 4, 2004 February 5, 2004
W32.Blaster.K.Worm
W32.Blaster.Worm, WORM_MSBLAST.H [Trend], Worm.Win32.Lovesan.a [Kaspersky], W32/Lovsan.worm.gen [McAfee] February 3, 2004 February 4, 2004
W32.Hostidel.Trojan.C February 3, 2004 February 4, 2004
W32.HLLW.Chemsvy
Worm.P2P.Apsiv [Kaspersky], W32/Apsiv.worm!p2p [McAfee] February 3, 2004 February 3, 2004
W32.Dumaru.AD@mm
I-Worm.Dumaru.gen [Kaspersky], W32/Dumaru.gen@MM [McAfee] February 3, 2004 February 3, 2004
W32.Galil.F@mm
W32/Holar.gen@MM [McAfee], I-Worm.Holar.f [Kaspersky] February 2, 2004 February 3, 2004
VBS.Shania
Backdoor.VBS.Shania [Kaspersky], VBS/Pica.worm.gen [McAfee] February 2, 2004 February 2, 2004
Keylogger.Stawin
Keylogger.Trojan, Keylog-Stawin [McAfee], Troj/Stawin-A [Sophos], TrojanSpy.Win32.Keylogger.aa [Kaspersky], Win32.Elkong.D [Computer Associates], TROJ_KEYLOG.AA [Trend] January 29, 2004 January 30, 2004
W32.Randex.FC
Backdoor.IRCBot.gen [KAV] January 29, 2004 January 30, 2004
W32.HLLW.Anig
W32/Anig.worm [McAfee], WORM_ANIG.A [Trend], Win32.Dfcsvc.A [Computer Associates], Worm.Win32.Anig [Kaspersky] January 29, 2004 January 30, 2004
PWSteal.Olbaid January 29, 2004 January 29, 2004
W32.Mimail.S@mm
W32/Mimail-S [Sophos], WORM_MIMAIL.S [Trend], Win32.Mimail.S [Computer Associates], W32/Mimail.s@MM [McAfee] January 29, 2004 January 29, 2004
Backdoor.Aphexdoor
Backdoor.Aphexdoor.10 [Kaspersky] January 28, 2004 January 28, 2004
W32.IRCBot.C
Backdoor.IRCBot.gen [Kaspersky] January 28, 2004 January 28, 2004
W32.Mydoom.B@mm
Mydoom.B [F-Secure], W32/Mydoom.b@MM [McAfee], WORM_MYDOOM.B [Trend], Win32.Mydoom.B [Computer Associates], I-Worm.Mydoom.b [Kaspersky], W32/MyDoom-B [Sophos] January 28, 2004 January 28, 2004
Trojan.Bookmarker.E January 27, 2004 January 28, 2004
W32.HLLW.Pokibat January 27, 2004 January 28, 2004
W32.Mydoom.A@mm
W32.Novarg.A@mm, W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend], Win32.Mydoom.A [Computer Associates], W32/Mydoom-A [Sophos], I-Worm.Novarg [Kaspersky] January 26, 2004 January 26, 2004
W32.Mimail.Q@mm
W32/Mimail.q@MM [McAfee], WORM_MIMAIL.Q [Trend], W32/Mimail-Q [Sophos] January 26, 2004 January 26, 2004
W32.Dumaru.Z@mm
W32/Dumaru.z@MM [McAfee], Win32.Dumaru.Z [Computer Associates], I-Worm.Dumaru.l [Kaspersky], WORM_DUMARU.Z [Trend] January 25, 2004 January 26, 2004
W32.Dumaru.Y@mm
W32/Dumaru.y@MM [McAfee], I-Worm.Dumaru.j [Kaspersky], Win32.Dumaru.Y [Computer Associates], W32/Dumaru-Y [Sophos], WORM_DUMARU.Y [Trend] January 23, 2004 January 26, 2004
Trojan.Bookmarker.D January 23, 2004 January 26, 2004
W32.HLLW.Sanker January 22, 2004 January 23, 2004
Backdoor.OptixPro.13b
Backdoor.Optix.Pro.13 [Kaspersky] January 21, 2004 January 22, 2004
Backdoor.Tuxder January 20, 2004 January 20, 2004
Trojan.Httpdos
Backdoor.Snart.j[Kaspersky] January 20, 2004 January 20, 2004
Trojan.Mitglieder.C
Mitglieder [F-Secure], TrojanProxy.Win32.Mitglieder.c [Kaspersky], Proxy-Mitglieder [McAfee], TROJ_MITGLIEDR [Trend] January 20, 2004 January 20, 2004
VBS.Zsyang.B@mm
I-Worm.Zsyang [Kaspersky] January 19, 2004 January 19, 2004
W32.Beagle.A@mm
I-Worm.Bagle [Kaspersky], WORM_BAGLE.A [Trend], W32/Bagle-A [Sophos], W32/Bagle@MM [McAfee], Win32.Bagle.A [Computer Associates] January 18, 2004 January 18, 2004
Backdoor.IRC.Aladinz.H January 18, 2004 January 18, 2004
Trojan.Bookmarker.C January 15, 2004 January 16, 2004
W32.Protoride.Worm
Win32.Protoride.A [Computer Associates], BackDoor-AZJ [McAfee], Worm.Win32.Protoride [Kaspersky], WORM_PROTORIDE.A [Trend] January 16, 2004 January 16, 2004
W97M.Twopey.E
Macro.Word97.Racaga [Kaspersky] January 15, 2004 January 16, 2004
W32.Stuplo January 15, 2004 January 16, 2004





NAV Daily Definitions (Go)


*Note: The i32 Intelligent Updater package cannot be used to update Symantec AntiVirus Corporate Edition 8.0 servers or Norton AntiVirus Corporate Edition 7.6 servers, but can be used to update Corporate Edition clients. The x86 Intelligent Updater package can be used to update corporate Edition clients and servers.

National Cyber Alert System (US-Cert)

Technical
TA04-041A:Multiple Vulnerabilities in Microsoft ASN.1 Library
SB04-035:Summary of Security Items from January 21 through February 3, 2004

Non-technical
SA04-041A:Multiple Vulnerabilities in Microsoft Windows
ST04-002:Choosing and Protecting Passwords


Live Virus Advisory Feed