Latest Advisories

Live Virus Advisory Feeds
2004-02-19

*Live Feeds are from Panda, Trend Micro, and Symantec

Live Virus Advisory Feeds

National Cyber Alert System (US-Cert)


Secunia

Secunia Highlights:
Microsoft Windows ASN.1 Library Integer Overflow Vulnerabilities
eEye Digital Security has discovered some vulnerabilities in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
Linux Kernel mremap() Missing Return Value Checking Privilege Escalation
Paul Starzetz has reported a vulnerability in the Linux kernel, which can be exploited by malicious, local users to gain escalated privileges on a vulnerable system.
ZoneAlarm SMTP Processing Buffer Overflow Vulnerability
eEye has discovered a vulnerability in ZoneAlarm and Integrity client, allowing malicious people to compromise a vulnerable system.

Latest 15 Secunia Security Advisories:
2004-02-19
- Small ftpd Denial of Service Vulnerability

- NetBSD IPv6 Traffic Handling Denial of Service Vulnerability

- Cesar FTP RETR Command Handling Denial of Service Vulnerability

- NetBSD update for OpenSSL

- NetBSD update for racoon

- Linksys WAP55AG Exposure of SNMP Community Strings

- AIX X Server Privilege Escalation Vulnerability

- ZoneAlarm SMTP Processing Buffer Overflow Vulnerability

- Webstores 2000 SQL Injection and Cross Site Scripting Vulnerabilities

- Owls Workshop Arbitrary File Retrieval Vulnerabilities

- Fedora update for kernel

- SuSE update for kernel

- Astaro update for kernel

- Red Hat update for kernel

- Mandrake update for metamail

Top 5 Most Read Secunia Security Advisories (Last 24 hours):
- Internet Explorer URL Spoofing Vulnerability

- Microsoft Windows ASN.1 Library Integer Overflow Vulnerabilities

- Linux Kernel mremap() Missing Return Value Checking Privilege Escalation

- ZoneAlarm SMTP Processing Buffer Overflow Vulnerability

- Opera Browser File Download Extension Spoofing


Security Tracker

Special Alerts - Serious flaw in Microsoft ASN.1 Library allows remote users to execute arbitrary code with
System privileges by exploiting any of several commonly used services.

Windows XP Kernel NtSystemDebugControl() Flaws Let Local Users With SeDebugPrivilege Execute Arbitrary Code in Kernel Mode

Several vulnerabilities were reported in the Windows XP kernel in some debugging functions. A local user with 'SeDebugPrivilege' rights can execute arbitrary code in kernel mode.

Impact: Execution of arbitrary code via local system, Root access via local system

Smallftpd Can Be Crashed By Remote Authenticated Users

A vulnerability was reported in Smallftpd. A remote authenticated user can cause the FTP service to crash.

Impact: Denial of service via network

Webstores 2000 Has More Input Validation Flaws in 'browser_item_details.asp' That Let Remote Users Inject SQL Commands and Execute OS Commands

Some input validation vulnerabilities were reported in WebStores 2000. A remote user can inject SQL commands and execute arbitrary operating system commands on the target system. A remote user can also conduct cross-site scripting attacks.

Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network

SandSurfer Authentication Flaw Lets Remote Users Hijack User Sessions

A vulnerability was reported in SandSurfer. A remote user can hijack a target user's session.

Impact: User access via network

Metamail Format String Flaws and Buffer Overflows Let Remote Users Execute Arbitrary Code

Some vulnerabilities were reported in Metamail in the decoding of MIME messages. A remote user can execute arbitrary code on the target system.

Impact: Execution of arbitrary code via network, User access via network


SecurityFocus BugTraq
SecurityFocus Vulnerabilities

02/18/2004 Multiple WinXP kernel vulns can give user mode programs kernel mode privileges first last
02/18/2004 metamail format string bugs and buffer overflows Ulf Härnhammar
02/18/2004 Re: EarlyImpact ProductCart shopping cart software multiple security vulnerabilities Massimo Arrigoni
02/18/2004 Re: APC 9606 SmartSlot Web/SNMP management card backdoor Fredrik Björk
02/18/2004 article: Alleged Trojan horse in Israeli Anti-Ballistic Missile System Gadi Evron
02/18/2004 Re: Second critical mremap() bug found in all Linux kernels Steve Bremer
02/18/2004 [SECURITY] [DSA 441-1] New Linux 2.4.17 packages fix local root exploit (mips+mipsel) joey infodrom org (Martin Schulze)
02/18/2004 bid: 9660 : Microsoft IIS Unspecified Remote Denial Of Service Vulnerability kquest toplayer com
02/18/2004 [SECURITY] [DSA 440-1] New Linux 2.4.17 packages fix several local root exploits (powerpc/apus) joey infodrom org (Martin Schulze)
02/18/2004 [SECURITY] [DSA 439-1] New Linux 2.4.16 packages fix several local root exploits (arm) joey infodrom org (Martin Schulze)
02/18/2004 WebCortex Webstores2000 version 6.0 multiple security vulnerabilities Nick Gudov
02/18/2004 [SECURITY] [DSA 438-1] New Linux 2.4.18 packages fix local root exploit (alpha+i386+powerpc) joey infodrom org (Martin Schulze)
02/18/2004 [ GLSA 200402-07 ] Clamav 0.65 DoS vulnerability Tim Yamin
02/18/2004 [slackware-security] metamail security update (SSA:2004-049-02) Slackware Security Team
02/18/2004 [slackware-security] Kernel security update (SSA:2004-049-01) Slackware Security Team
02/18/2004 TSLSA-2004-0007 - kernel Trustix Security Advisor
02/18/2004 [RHSA-2004:065-01] Updated kernel packages resolve security vulnerabilities bugzilla redhat com
02/18/2004 Second critical mremap() bug found in all Linux kernels Paul Starzetz
02/18/2004 ZH2004-08SA (security advisory): OWLS 1.0 Remote arbitrary files retrieving ZetaLabs
02/18/2004 EarlyImpact ProductCart shopping cart software multiple security vulnerabilities S-Quadra Security Research
02/18/2004 Re[2]: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP 3APA3A
02/18/2004 ZH2004-07SA (security advisory): Multiple Sql injection vulnerabilities in Online Store Kit 3.0 Products (Lite - Standard and Pro) ZetaLabs
02/18/2004 Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP Michael Samuel
02/18/2004 Re: ASN.1 telephony critical infrastructure warning - VOIP Michael H. Warfield
02/17/2004 SNMP community string disclosure in Linksys WAP55AG NN Poster
02/17/2004 Re: Fw: APC 9606 SmartSlot Web/SNMP management card backdoor - MORE PROBLEMS James Green
02/17/2004 Smallftpd 1.0.3 DoS intuit e.b.
02/17/2004 Re: Fw: APC 9606 SmartSlot Web/SNMP management card backdoor - MORE PROBLEMS Thomas M. Payerle
02/17/2004 CesarFTP 0.99 : 100% employment of computer resources intuit e.b.
02/17/2004 Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP Florian Weimer
02/17/2004 iDEFENSE Security Advisory 02.17.04: Ipswitch IMail LDAP Daemon Remote Buffer Overflow iDefense Labs
02/17/2004 ASN.1 vulnerability -is- on Win98 Joshua Levitsky
02/17/2004 Re: ASN.1 telephony critical infrastructure warning - VOIP RJ Auburn
02/17/2004 Beagle.b@mm spreading at a steady pace. dotsecure hushmail com
02/17/2004 Fw: APC 9606 SmartSlot Web/SNMP management card backdoor - MORE PROBLEMS thiago vazquez light com br
02/17/2004 RE: Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access The Forbidden Directory (/WEB-INF/) Alun Jones
02/17/2004 RE: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP Zak Dechovich
02/17/2004 Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP Michal Zalewski
02/17/2004 Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP 3APA3A
02/17/2004 Broker FTP DoS (Message Server) Aviram Jenik
02/17/2004 ASN.1 telephony critical infrastructure warning - VOIP Gadi Evron
02/17/2004 Re: Misinformation in Security Advisories (ASN.1) Slawek
02/17/2004 Re: AIX password enumeration possible Darren Tucker
02/17/2004 Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP daniel uriah clemens
02/17/2004 YABB information leakage on failed login David Cantrell
02/17/2004 Denial Of Service in Vizer Web Server 1.9.1 Donato Ferrante
02/17/2004 ZH2004-06SA (security advisory): ShopCartCGI v2.3 Remote arbitrary file retrieving ZetaLabs
02/17/2004 KarjaSoft Sami HTTP Server 1.0.4 Buffer Overflow badpack3t
02/17/2004 Re: Microsoft ASN.1 (Half a sploit) WebHead
02/17/2004 [ GLSA 200402-06 ] Linux kernel AMD64 ptrace vulnerability Tim Yamin
02/17/2004 OT: reports of a Trojan horse in the Arrow project Gadi Evron
02/17/2004 [ GLSA 200402-05 ] phpMyAdmin 2.5.6-rc1 directory traversal attack Tim Yamin
02/17/2004 Re: [work] Re: W2K source leaked? opticfiber
02/17/2004 Re: iDEFENSESecurityAdvisory02.10.04:XFree86FontInformationFileBufferOverflow Steffen Kluge
02/17/2004 Re: Misinformation in Security Advisories (ASN.1) Anthony Saffer
02/16/2004 Re: Misinformation in Security Advisories (ASN.1) Steven M. Christey
02/16/2004 Re: Misinformation in Security Advisories (ASN.1) Ivan Arce
02/16/2004 RE: [Full-Disclosure] Misinformation in Security Advisories (ASN.1) first last
02/16/2004 Re: Another YabbSE SQL Injection Mike Bobbitt
02/16/2004 RE: Exploit based on leaked code released. tlarholm pivx com
02/16/2004 Re: W2K source leaked? Ho Chaw Ming
02/16/2004 Re: Misinformation in Security Advisories (ASN.1) evol ruiner halo nu
02/16/2004 Re: Misinformation in Security Advisories (ASN.1) Simon Brady
02/16/2004 Another YabbSE SQL Injection backspace
02/16/2004 Re: [Full-Disclosure] Misinformation in Security Advisories (ASN.1) Valdis Kletnieks vt edu
02/16/2004 Misinformation in Security Advisories (ASN.1) John Compton
02/16/2004 Re: [Full-Disclosure] Possible race condition in Symantec AntiVirus Scan Engine for Red Hat Linux during LiveUpdate Valdis Kletnieks vt edu
02/16/2004 Possible race condition in Symantec AntiVirus Scan Engine for Red Hat Linux during LiveUpdate Dr. Peter Bieringer
02/16/2004 Exploit based on leaked code released. Christopher Carboni
02/16/2004 Broadcast client buffer-overflow in Purge Jihad 2.0.1 Luigi Auriemma
02/16/2004 APC 9606 SmartSlot Web/SNMP management card backdoor Dave Tarbatt
02/16/2004 Remote Administrator 2.x: highly possible remote hole or backdoor Pavel Levshin
02/16/2004 Symantec FireWall/VPN Appliance model 200 leak of security Davide Del Vecchio
2004-02-14: Microsoft IIS Unspecified Remote Denial Of Service Vulnerability
2004-02-14: Multiple ASP Portal Vulnerabilities
2004-02-14: GnuPG ElGamal Signing Key Private Key Compromise Vulnerability
2004-02-13: GNU Mailman Admin Page Multiple Cross-Site Scripting Vulnerabilities
2004-02-13: GNU Mailman Malformed Message Remote Denial Of Service Vulnerability
2004-02-13: JelSoft VBulletin Search.PHP Cross-Site Scripting Vulnerability
2004-02-13: Sami FTP Server Multiple Denial Of Service Vulnerabilities
2004-02-13: Multiple RealPlayer/RealOne Player Supported File Type Buffer Overrun Vulnerabilities
2004-02-13: RealPlayer/RealOne Player RMP Skin File Handler Directory Traversal Vulnerability
2004-02-13: Multiple Vendor H.323 Protocol Implementation Vulnerabilities
2004-02-12: Crob FTP Server Remote Denial Of Service Vulnerability
2004-02-12: Mailmgr Insecure Temporary File Creation Vulnerabilities
2004-02-12: AIM Sniff Temporary File Symlink Attack Vulnerability
2004-02-12: Netpbm Temporary File Vulnerabilities
2004-02-12: PHPNuke Category Parameter SQL Injection Vulnerability
2004-02-12: Sophos Anti-Virus Delivery Status Notification Handling Scanner Bypass Vulnerability
2004-02-12: Sophos Anti-Virus MIME Header Handling Denial Of Service Vulnerability
2004-02-12: SandSurfer Unspecified User Authentication Vulnerability
2004-02-12: JelSoft VBulletin Cross-Site Scripting Vulnerability
2004-02-12: OpenSSL ASN.1 Parsing Vulnerabilities

Symantec SSR

W32.Netsky.B@mm
W32/Netsky.b@MM [McAfee], W32/Netsky.B.worm [Panda], WORM_NETSKY.B [Trend Micro], Moodown.B [F-Secure], I-Worm.Moodown.b [Kaspersky] February 18, 2004 February 18, 2004
W32.Beagle.B@mm
W32.Alua@mm, Win32/Bagle.B.Worm [Computer Associates], Bagle.B [F-Secure], W32/Bagle.b@MM [McAfee], W32/Bagle.B@mm [Norman], WORM_BAGLE.B [Trend Mirco], W32/Bagle.B.worm [Panda], W32/Tanx-A [Sophos] February 17, 2004 February 17, 2004
X97M.Ellar.F February 16, 2004 February 16, 2004
W32.Kifer.B February 16, 2004 February 16, 2004
W32.Netsky@mm
WORM_NETSKY.A [Trend] February 16, 2004 February 16, 2004
W32.HLLW.Cult.M@mm February 15, 2004 February 16, 2004
W32.Rusty@m February 15, 2004 February 16, 2004
W32.Welchia.C.Worm
WORM_NACHI.C [Trend] February 15, 2004 February 17, 2004
VBS.Laske@mm February 13, 2004 February 13, 2004
W32.Doomhunter February 12, 2004 February 13, 2004
W32.HLLW.Deadhat.B
W32/Deadhat.B.worm [Panda] February 12, 2004 February 13, 2004
X97M.Esab February 12, 2004 February 13, 2004
Trojan.Bansap February 12, 2004 February 12, 2004
Trojan.PWS.QQPass.F February 12, 2004 February 12, 2004
W32.HLLP.Shodi February 11, 2004 February 12, 2004
W32.Welchia.B.Worm
W32/Nachi.worm.b [McAfee], W32/Nachi-B [Sophos], Win32.Nachi.B [Computer Associates], WORM_NACHI.B [Trend], Worm.Win32.Welchia.b February 11, 2004 February 11, 2004
W32.HLLW.Doomjuice.B
W32/Doomjuice.worm.b [McAfee], WORM_DOOMJUICE.B [Trend], Win32.Doomjuice.B [Computer Associates], W32/Doomjuice-B [Sophos] February 11, 2004 February 11, 2004
W32.Dumaru.AH@mm
W32/Mimail.u@MM [McAfee], Win32.Mimail.U[Computer Associates] February 10, 2004 February 11, 2004
VBS.Bootconf.B February 10, 2004 February 11, 2004
W32.Kifer
TrojanDropper.Win32.Kifer [Kaspersky] February 10, 2004 February 10, 2004
W32.HLLP.Yero.Worm
W32.HLLP.Yero.Worm.dr, W32/Fesber.worm [McAfee] February 10, 2004 February 10, 2004
W32.HLLW.Moega.AG February 10, 2004 February 10, 2004
W32.Yenik.A@mm
W32/Yenik.worm [McAfee] February 10, 2004 February 10, 2004
Trojan.Gutta February 9, 2004 February 10, 2004
W32.HLLW.Doomjuice
W32/Doomjuice.worm.a [McAfee], WORM_DOOMJUICE.A [Trend], Win32.Doomjuice.A [Computer Associates], Worm.Win32.Doomjuice [Kaspersky], W32/Doomjuice-A [Sophos] February 9, 2004 February 9, 2004
Backdoor.IRC.Aladinz.J February 8, 2004 February 9, 2004
W32.HLLW.Deadhat
Vesser [F-Secure], W32/Deadhat.worm.a [McAfee], WORM_DEADHAT.A [Trend], Win32.Deadhat.A [Computer Associates], Worm.Win32.Vesser [Kaspersky] February 6, 2004 February 9, 2004
W32.Dinfor.Worm
WORM_SDBOT.FP [Trend] February 6, 2004 February 6, 2004
Backdoor.Domwis February 6, 2004 February 6, 2004
Backdoor.OptixPro.13.C February 6, 2004 February 6, 2004
W32.Mimail.T@mm
WORM_MIMAIL.T [Trend], W32/Mimail.t@MM [McAfee] February 5, 2004 February 6, 2004
W32.HLLW.Gaobot.JB February 4, 2004 February 5, 2004
W32.Blaster.K.Worm
W32.Blaster.Worm, WORM_MSBLAST.H [Trend], Worm.Win32.Lovesan.a [Kaspersky], W32/Lovsan.worm.gen [McAfee] February 3, 2004 February 4, 2004
W32.Hostidel.Trojan.C February 3, 2004 February 4, 2004
W32.HLLW.Chemsvy
Worm.P2P.Apsiv [Kaspersky], W32/Apsiv.worm!p2p [McAfee] February 3, 2004 February 3, 2004
W32.Dumaru.AD@mm
I-Worm.Dumaru.gen [Kaspersky], W32/Dumaru.gen@MM [McAfee] February 3, 2004 February 3, 2004
W32.Galil.F@mm
W32/Holar.gen@MM [McAfee], I-Worm.Holar.f [Kaspersky] February 2, 2004 February 3, 2004
VBS.Shania
Backdoor.VBS.Shania [Kaspersky], VBS/Pica.worm.gen [McAfee] February 2, 2004 February 2, 2004
Keylogger.Stawin
Keylogger.Trojan, Keylog-Stawin [McAfee], Troj/Stawin-A [Sophos], TrojanSpy.Win32.Keylogger.aa [Kaspersky], Win32.Elkong.D [Computer Associates], TROJ_KEYLOG.AA [Trend] January 29, 2004 January 30, 2004
W32.Randex.FC
Backdoor.IRCBot.gen [KAV] January 29, 2004 January 30, 2004
W32.HLLW.Anig
W32/Anig.worm [McAfee], WORM_ANIG.A [Trend], Win32.Dfcsvc.A [Computer Associates], Worm.Win32.Anig [Kaspersky] January 29, 2004 January 30, 2004
PWSteal.Olbaid January 29, 2004 January 29, 2004
W32.Mimail.S@mm
W32/Mimail-S [Sophos], WORM_MIMAIL.S [Trend], Win32.Mimail.S [Computer Associates], W32/Mimail.s@MM [McAfee] January 29, 2004 January 29, 2004
Backdoor.Aphexdoor
Backdoor.Aphexdoor.10 [Kaspersky] January 28, 2004 January 28, 2004
W32.IRCBot.C
Backdoor.IRCBot.gen [Kaspersky] January 28, 2004 January 28, 2004
W32.Mydoom.B@mm
Mydoom.B [F-Secure], W32/Mydoom.b@MM [McAfee], WORM_MYDOOM.B [Trend], Win32.Mydoom.B [Computer Associates], I-Worm.Mydoom.b [Kaspersky], W32/MyDoom-B [Sophos] January 28, 2004 January 28, 2004
Trojan.Bookmarker.E January 27, 2004 January 28, 2004
W32.HLLW.Pokibat January 27, 2004 January 28, 2004
W32.Mydoom.A@mm
W32.Novarg.A@mm, W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend], Win32.Mydoom.A [Computer Associates], W32/Mydoom-A [Sophos], I-Worm.Novarg [Kaspersky] January 26, 2004 January 26, 2004
W32.Mimail.Q@mm
W32/Mimail.q@MM [McAfee], WORM_MIMAIL.Q [Trend], W32/Mimail-Q [Sophos] January 26, 2004 January 26, 2004
W32.Dumaru.Z@mm
W32/Dumaru.z@MM [McAfee], Win32.Dumaru.Z [Computer Associates], I-Worm.Dumaru.l [Kaspersky], WORM_DUMARU.Z [Trend] January 25, 2004 January 26, 2004
W32.Dumaru.Y@mm
W32/Dumaru.y@MM [McAfee], I-Worm.Dumaru.j [Kaspersky], Win32.Dumaru.Y [Computer Associates], W32/Dumaru-Y [Sophos], WORM_DUMARU.Y [Trend] January 23, 2004 January 26, 2004
Trojan.Bookmarker.D January 23, 2004 January 26, 2004
W32.HLLW.Sanker January 22, 2004 January 23, 2004
Backdoor.OptixPro.13b
Backdoor.Optix.Pro.13 [Kaspersky] January 21, 2004 January 22, 2004
Backdoor.Tuxder January 20, 2004 January 20, 2004
Trojan.Httpdos
Backdoor.Snart.j[Kaspersky] January 20, 2004 January 20, 2004
Trojan.Mitglieder.C
Mitglieder [F-Secure], TrojanProxy.Win32.Mitglieder.c [Kaspersky], Proxy-Mitglieder [McAfee], TROJ_MITGLIEDR [Trend] January 20, 2004 January 20, 2004
VBS.Zsyang.B@mm
I-Worm.Zsyang [Kaspersky] January 19, 2004 January 19, 2004
W32.Beagle.A@mm
I-Worm.Bagle [Kaspersky], WORM_BAGLE.A [Trend], W32/Bagle-A [Sophos], W32/Bagle@MM [McAfee], Win32.Bagle.A [Computer Associates] January 18, 2004 January 18, 2004
Backdoor.IRC.Aladinz.H January 18, 2004 January 18, 2004
Trojan.Bookmarker.C January 15, 2004 January 16, 2004
W32.Protoride.Worm
Win32.Protoride.A [Computer Associates], BackDoor-AZJ [McAfee], Worm.Win32.Protoride [Kaspersky], WORM_PROTORIDE.A [Trend] January 16, 2004 January 16, 2004
W97M.Twopey.E
Macro.Word97.Racaga [Kaspersky] January 15, 2004 January 16, 2004
W32.Stuplo January 15, 2004 January 16, 2004






NAV Daily Definitions (Go)


*Note: The i32 Intelligent Updater package cannot be used to update Symantec AntiVirus Corporate Edition 8.0 servers or Norton AntiVirus Corporate Edition 7.6 servers, but can be used to update Corporate Edition clients. The x86 Intelligent Updater package can be used to update corporate Edition clients and servers.

National Cyber Alert System (US-Cert)

Technical
TA04-041A:Multiple Vulnerabilities in Microsoft ASN.1 Library
SB04-049:Summary of Security Items from February 4 through February 17, 2004

Non-technical
SA04-041A:Multiple Vulnerabilities in Microsoft Windows
ST04-002:Choosing and Protecting Passwords


Live Virus Advisory Feed