Latest Advisories

Live Virus Advisory Feeds
2004-02-26

*Live Feeds are from Panda, Trend Micro, and Symantec

Live Virus Advisory Feeds

National Cyber Alert System (US-Cert)


Secunia

Secunia Highlights:
ZoneAlarm SMTP Processing Buffer Overflow Vulnerability
eEye has discovered a vulnerability in ZoneAlarm and Integrity client, allowing users to escalate their privileges and potentially also allowing malicious people to compromise a user's system.
Linux Kernel mremap() Missing Return Value Checking Privilege Escalation
Paul Starzetz has reported a vulnerability in the Linux kernel, which can be exploited by malicious, local users to gain escalated privileges on a vulnerable system.
Mac OS X Security Update Fixes Multiple Vulnerabilities
Multiple vulnerabilities have been discovered in Apple Mac OS X, where some of the specified issues can be exploited to gain knowledge of sensitive information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

Latest 15 Secunia Security Advisories:
2004-02-26
- BadBlue Installation Path Disclosure Weakness

- Red Hat update for mod_python

- Red Hat update for libxml2

- Alcatel OmniSwitch 7000 Series Unspecified Denial of Service Vulnerability

- Mozilla Cross-Site Scripting Vulnerability

- Mandrake update for mtools

- @Mail Cross-Site Scripting and Denial of Service Vulnerabilities

- Fedora update for libxml2

2004-02-25
- nCipher HSM Exposure of Secrets

- jabber-gg-transport Multiple Denial of Service Vulnerabilities

- Trillian Protocol Handling Buffer Overflow Vulnerabilities

- TYPSoft FTP Server Denial of Service

- Mandrake update for kernel

- ICQ Predictable File Location Weakness

- Microsoft Windows Enhanced/Windows Metafile Handling Vulnerability

Top 5 Most Read Secunia Security Advisories (Last 24 hours):
Microsoft Windows Enhanced/Windows Metafile Handling Vulnerability

- Internet Explorer URL Spoofing Vulnerability

- Trillian Protocol Handling Buffer Overflow Vulnerabilities

- ZoneAlarm SMTP Processing Buffer Overflow Vulnerability

- AOL Instant Messenger Predictable File Location Weakness


Security Tracker

Mozilla Event Handler Document Transition Flaw Permits Cross-Site Scripting Attacks

A vulnerability was reported in the Mozilla browser in the processing of event handlers during the transition of documents. A remote user can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

@Mail Input Validation Holes Permit Cross-Site Scripting Attacks and POP3 Service Can Be Denied

Several vulnerabilities were reported in @Mail. A remote user can deny POP mail service. A remote user can conduct cross-site scripting attacks.

Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

Haegemonia Game Packet Length Index Overflow Lets Remote Users Deny Service

A vulnerability was reported in the Haegemonia game. A remote user can cause the game server to crash.

Impact: Denial of service via network

TYPSoft FTP Server Lets Remote Authenticated Users Deny Service With Malformed Parameters

A vulnerability was reported in the TYPSoft FTP Server. A remote user can deny service on the target system.

Impact: Denial of service via network

Apple Safari Browser Has an Unspecified Flaw in URL Status Bar Display

A vulnerability was reported in Apple's Safari web browser. The impact was not specified.

Impact: Not specified

SecurityFocus BugTraq
SecurityFocus Vulnerabilities

02/25/2004 Sandblad #13: Cross-domain exploit on zombie document with event handlers Andreas Sandblad
02/25/2004 PSOProxy's exploit for Windows by Rosiello Security Angelo Rosiello
02/25/2004 Re: [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2 Ben
02/25/2004 Re: Windows XP explorer.exe heap overflow. Eli Kara
02/25/2004 MDKSA-2004:016 - Updated mtools packages fix local root vulnerability Mandrake Linux Security Team
02/25/2004 RE: Windows XP explorer.exe heap overflow. Larry Seltzer
02/25/2004 jgs webserver 0.1.0 Cross Site Scripting Vulnerabillity Rafel Ivgi, The-Insider
02/25/2004 Fw: [Unpatched] The Bizex worm Thor Larholm
02/24/2004 Hidden Gamespy code leads to vulnerabilities in diffused games (BF1942, Halo, Dredd and more) Luigi Auriemma
02/24/2004 Remote crash in Ghost Recon engine Luigi Auriemma
02/24/2004 Remote server crash in Haegemonia 1.07 Luigi Auriemma
02/24/2004 Advisory 02/2004: Trillian remote overflows Stefan Esser
02/24/2004 Re: blocking gzip encoded files Josep L. Guallar-Esteve
02/24/2004 Re: Windows XP explorer.exe heap overflow. Tim
02/24/2004 Re: Bank of America Contact peloy chapus net (Eloy A Paris)
02/24/2004 RE: blocking gzip encoded files Gervase Markham
02/24/2004 MDKSA-2004:015 - Updated kernel packages fix multiple vulnerabilities Mandrake Linux Security Team
02/24/2004 New ICQ WORM Rafel Ivgi, The-Insider
02/24/2004 snort rules for ICQ http/https tunnels Alexander Antipov
02/24/2004 BadBlue 2.4 Local Path Disclosure By phptest.php Rafel Ivgi, The-Insider
02/24/2004 FlexWATCH-Webs 2.2 (NTSC) Authorization Bypass Rafel Ivgi, The-Insider
02/24/2004 Gigabyte Broadband Router - Multiple Vulnerabilities Rafel Ivgi, The-Insider
02/24/2004 Re: Windows XP explorer.exe heap overflow. Eli K.
02/24/2004 iDEFENSE Security Advisory 02.23.04: Darwin Streaming Server Remote Denial of Service Vulnerability iDefense Labs
02/24/2004 Re: blocking gzip encoded files mgotts 2roads com
02/24/2004 STG Security Advisory: [SSA-20040217-06] Apache for cygwin directory traversal vulnerability advisory stgsecurity com
02/23/2004 Mac OS X pppd format string vulnerability Advisories
02/23/2004 TYPSoft FTP Server 1.10 multiple vulnerabilities intuit e.b.
02/23/2004 Web Crossing 4.x/5.x Denial of Service Vulnerability (FIX) Peter Winter-Smith
02/23/2004 blocking gzip encoded files Darwin Mecham
02/23/2004 RE: Windows XP explorer.exe heap overflow. Michael Wojcik
02/23/2004 Re: Remote Administrator 2.x: highly possible remote hole or backdoor Ari Gordon-Schlosberg
02/23/2004 Re: Windows XP explorer.exe heap overflow. Chris Calabrese
02/23/2004 Re: Bank of America Contact Jon W
02/23/2004 Lam3rZ Security Advisory : A bug in Confirm leads to remote command execution Mariusz Woloszyn
02/23/2004 RE: [Full-Disclosure] ASN.1 telephony critical infrastructurewarning - VOIP David Wilson
02/23/2004 Re: lbreakout2 2.4beta-2 local exploit Steve Kemp
02/23/2004 Remote server crash in Team Factor 1.25 Luigi Auriemma
02/23/2004 [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2 Janek Vind
02/23/2004 Re: Bank of America Contact Lance James
02/23/2004 ZH2004-09SA (security advisory): PhpNewsManager Remote arbitrary files retrieving ZetaLabs
02/23/2004 SUSE Security Announcement: xf86/XFree86 (SuSE-SA:2004:006) thomas suse de (Thomas Biege)
02/23/2004 Somewhat new SQL Injection concept Tõnu Samuel
02/23/2004 nCipher Advisory 9: Host-side attackers can access secret data nCipher Support
02/23/2004 TSLSA-2004-0008 - kernel Trustix Security Advisor
02/23/2004 ezBoard Cross Site Scripting Vulnerability Cheng Peng Su
02/23/2004 Lam3rZ Security Advisory : LSF eauth vulnerability leads to a possibility of controlling cluster jobs on behalf of other users Tomasz Grabowski
02/23/2004 Lam3rZ Security Advisory : LSF eauth vulnerability leads to remote code execution Tomasz Grabowski
02/23/2004 Multiple Remote Buffer Overflow in Avirt Soho 4.3 Donato Ferrante
02/23/2004 Remote Buffer Overflow in Avirt Voice 4.0 Donato Ferrante
02/23/2004 [SECURITY] [DSA 448-1] New pwlib packages fix multiple vulnerabilities Matt Zimmerman
02/23/2004 [SECURITY] [DSA 447-1] New hsftp packages fix format string vulnerability Matt Zimmerman
2004-02-23: Multiple Vendor H.323 Protocol Implementation Vulnerabilities
2004-02-23: Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
2004-02-22: Dell TrueMobile 1300 WLAN System Tray Applet Local Privilege Escalation Vulnerability
2004-02-22: Synaesthesia Insecure File Creation Vulnerability
2004-02-22: GNU Mailman Admin Page Multiple Cross-Site Scripting Vulnerabilities
2004-02-22: GNU Mailman Malformed Message Remote Denial Of Service Vulnerability
2004-02-21: W3C Jigsaw Unspecified Remote URI Parsing Vulnerability
2004-02-21: Jabber Software Jabber Gadu-Gadu Transport Multiple Remote Denial Of Service Vulnerabilities
2004-02-20: Multiple Outlook/Outlook Express Predictable File Location Weaknesses
2004-02-20: Eric S. Raymond Fetchmail Unspecified Denial of Service Vulnerability
2004-02-20: XFree86 Multiple Unspecified Integer Overflow Vulnerabilities
2004-02-20: Safe.PM Unsafe Code Execution Vulnerability
2004-02-20: Singularity Software Team Factor Integer Handling Memory Corruption Vulnerability
2004-02-20: PHPNuke Category Parameter SQL Injection Vulnerability
2004-02-20: RobotFTP Server Username Buffer Overflow Vulnerability
2004-02-20: Microsoft Windows XP explorer.exe Multiple Memory Corruption Vulnerabilities
2004-02-20: Oracle9i Database Server Unspecified Security Vulnerabilities
2004-02-20: Oracle 9i Application/Database Server SOAP XML DTD Denial Of Service Vulnerability
2004-02-20: TYPSoft FTP Server Remote CPU Consumption Denial Of Service Vulnerability
2004-02-20: XFree86 Direct Rendering Infrastructure Buffer Overflow Vulnerabilities
2004-02-20: KDE KDM PAM Module PAM_SetCred Privilege Escalation Vulnerability
2004-02-20: SANE Daemon Connected User Memory Consumption Denial Of Service Vulnerability
2004-02-20: SANE Remote Dubug Enabled Connection Dropping Denial of Service Vulnerability
2004-02-20: SANE Strings Memory Allocation Denial Of Service Vulnerability
2004-02-20: SANE Internal Wire Memory Disclosure Vulnerability
2004-02-20: SANE SANE_NET_INIT Unauthorized Access Vulnerability
2004-02-19: ISC BIND Negative Cache Poison Denial Of Service Vulnerability
2004-02-19: Zone Labs ZoneAlarm SMTP Remote Buffer Overflow Vulnerability
2004-02-19: LiveJournal HTML Injection Vulnerability
2004-02-19: PunkBuster Database Remote SQL Injection Vulnerability
2004-02-19: AOL Instant Messenger Buddy Icon Predictable File Location Weakness
2004-02-19: APC SmartSlot Web/SNMP Management Card Default Password Vulnerability
2004-02-19: Cisco ONS Platform Vulnerabilities
2004-02-19: Ipswitch IMail Server Remote LDAP Daemon Buffer Overflow Vulnerability
2004-02-19: OpenSSL ASN.1 Large Recursion Remote Denial Of Service Vulnerability
2004-02-19: BSD ICMPV6 Handling Routines Remote Denial Of Service Vulnerability
2004-02-19: KAME Racoon Initial Contact SA Deletion Vulnerability
2004-02-19: KAME Racoon Authentication SA Deletion Vulnerability
2004-02-19: BSD Kernel SHMAT System Call Privilege Escalation Vulnerability
2004-02-19: Microsoft Internet Explorer Unspecified CHM File Processing Arbitrary Code Execution Vulnerability


Symantec SSR

Backdoor.IRC.Aladinz.M February 25, 2004 February 26, 2004
W32.Netsky.C@mm
W32/Netsky.c@MM [McAfee], Win32.Netsky.C [Computer Associates], W32/Netsky-C [Sophos], WORM_NETSKY.C [Trend], I-Worm.Moodown.c [Kaspersky] February 24, 2004 February 25, 2004
W32.Bizex.Worm
Worm.Win32.Bizex [Kaspersky], W32/Bizex.worm [McAfee], W32/Bizex-A [Sophos] February 24, 2004 February 25, 2004
W32.Welchia.D.Worm February 23, 2004 February 23, 2004
Downloader.Botten February 23, 2004 February 23, 2004
W97M.Ortant@mm
WM97/Ortant-A (Sophos), W97M/Ortant (McAfee), W97M_ORTANT.A. (Trend) February 22, 2004 February 23, 2004
W32.Cone@mm February 22, 2004 February 23, 2004
Backdoor.IRC.Aladinz.L February 21, 2004 February 23, 2004
Java.StartPage
Trojan.Java.StartPage [Kaspersky], Exploit-ByteVerify [McAfee] February 20, 2004 February 23, 2004
W32.Mydoom.F@mm
W32/Mydoom.f@MM [McAfee], WORM_MYDOOM.F [Trend], W32/MyDoom-F [Sophos], I-Worm.Mydoom.f [Kaspersky], Win32.Mydoom.F [Computer Associates] February 20, 2004 February 23, 2004
Backdoor.Kaitex.E February 20, 2004 February 23, 2004
W97M.Saver.H
Macro.Word97.Saver [Kaspersky], W97M/Doccopy.A [F-Prot] February 19, 2004 February 20, 2004
Backdoor.IRC.Aladinz.K February 19, 2004 February 19, 2004
W32.Netsky.B@mm
W32/Netsky.b@MM [McAfee], W32/Netsky.B.worm [Panda], WORM_NETSKY.B [Trend Micro], Moodown.B [F-Secure], I-Worm.Moodown.b [Kaspersky] February 18, 2004 February 18, 2004
W32.Beagle.B@mm
W32.Alua@mm, Win32/Bagle.B.Worm [Computer Associates], Bagle.B [F-Secure], W32/Bagle.b@MM [McAfee], W32/Bagle.B@mm [Norman], WORM_BAGLE.B [Trend Mirco], W32/Bagle.B.worm [Panda], W32/Tanx-A [Sophos], I-Worm.Bagle.b [Kaspersky] February 17, 2004 February 17, 2004
W32.HLLW.Antinny.E February 17, 2004 February 17, 2004
X97M.Ellar.F February 16, 2004 February 16, 2004
W32.Kifer.B February 16, 2004 February 16, 2004
W32.Netsky@mm
WORM_NETSKY.A [Trend] February 16, 2004 February 16, 2004
W32.HLLW.Cult.M@mm February 15, 2004 February 16, 2004
W32.Rusty@m February 15, 2004 February 16, 2004
W32.Welchia.C.Worm
WORM_NACHI.C [Trend], W32/Nachi.worm.c [McAfee], W32/Nachi-C [Sophos], Win32.Nachi.C [Computer Associates], Worm.Win32.Welchia.c [Kaspersky] February 15, 2004 February 17, 2004
VBS.Laske@mm February 13, 2004 February 13, 2004
W32.Doomhunter February 12, 2004 February 13, 2004
W32.HLLW.Deadhat.B
W32/Deadhat.B.worm [Panda] February 12, 2004 February 13, 2004
X97M.Esab February 12, 2004 February 13, 2004
Trojan.Bansap February 12, 2004 February 12, 2004
Trojan.PWS.QQPass.F February 12, 2004 February 12, 2004
W32.HLLP.Shodi February 11, 2004 February 12, 2004
W32.Welchia.B.Worm
W32/Nachi.worm.b [McAfee], W32/Nachi-B [Sophos], Win32.Nachi.B [Computer Associates], WORM_NACHI.B [Trend], Worm.Win32.Welchia.b [Kaspersky] February 11, 2004 February 11, 2004
W32.HLLW.Doomjuice.B
W32/Doomjuice.worm.b [McAfee], WORM_DOOMJUICE.B [Trend], Win32.Doomjuice.B [Computer Associates], W32/Doomjuice-B [Sophos] February 11, 2004 February 11, 2004
W32.Dumaru.AH@mm
W32/Mimail.u@MM [McAfee], Win32.Mimail.U[Computer Associates] February 10, 2004 February 11, 2004
VBS.Bootconf.B February 10, 2004 February 11, 2004
W32.Kifer
TrojanDropper.Win32.Kifer [Kaspersky] February 10, 2004 February 10, 2004
W32.HLLP.Yero.Worm
W32.HLLP.Yero.Worm.dr, W32/Fesber.worm [McAfee] February 10, 2004 February 10, 2004
W32.HLLW.Moega.AG February 10, 2004 February 10, 2004
W32.Yenik.A@mm
W32/Yenik.worm [McAfee] February 10, 2004 February 10, 2004
Trojan.Gutta February 9, 2004 February 10, 2004
W32.HLLW.Doomjuice
W32/Doomjuice.worm.a [McAfee], WORM_DOOMJUICE.A [Trend], Win32.Doomjuice.A [Computer Associates], Worm.Win32.Doomjuice [Kaspersky], W32/Doomjuice-A [Sophos] February 9, 2004 February 9, 2004
Backdoor.IRC.Aladinz.J February 8, 2004 February 9, 2004
W32.HLLW.Deadhat
Vesser [F-Secure], W32/Deadhat.worm.a [McAfee], WORM_DEADHAT.A [Trend], Win32.Deadhat.A [Computer Associates], Worm.Win32.Vesser [Kaspersky] February 6, 2004 February 9, 2004
W32.Dinfor.Worm
WORM_SDBOT.FP [Trend] February 6, 2004 February 6, 2004
Backdoor.Domwis February 6, 2004 February 6, 2004
Backdoor.OptixPro.13.C February 6, 2004 February 6, 2004
W32.Mimail.T@mm
WORM_MIMAIL.T [Trend], W32/Mimail.t@MM [McAfee] February 5, 2004 February 6, 2004
W32.HLLW.Gaobot.JB February 4, 2004 February 5, 2004
W32.Blaster.K.Worm
W32.Blaster.Worm, WORM_MSBLAST.H [Trend], Worm.Win32.Lovesan.a [Kaspersky], W32/Lovsan.worm.gen [McAfee] February 3, 2004 February 4, 2004
W32.Hostidel.Trojan.C February 3, 2004 February 4, 2004
W32.HLLW.Chemsvy
Worm.P2P.Apsiv [Kaspersky], W32/Apsiv.worm!p2p [McAfee] February 3, 2004 February 3, 2004
W32.Dumaru.AD@mm
I-Worm.Dumaru.gen [Kaspersky], W32/Dumaru.gen@MM [McAfee] February 3, 2004 February 3, 2004
W32.Galil.F@mm
W32/Holar.gen@MM [McAfee], I-Worm.Holar.f [Kaspersky] February 2, 2004 February 3, 2004
VBS.Shania
Backdoor.VBS.Shania [Kaspersky], VBS/Pica.worm.gen [McAfee] February 2, 2004 February 2, 2004
Keylogger.Stawin
Keylogger.Trojan, Keylog-Stawin [McAfee], Troj/Stawin-A [Sophos], TrojanSpy.Win32.Keylogger.aa [Kaspersky], Win32.Elkong.D [Computer Associates], TROJ_KEYLOG.AA [Trend] January 29, 2004 January 30, 2004
W32.Randex.FC
Backdoor.IRCBot.gen [KAV] January 29, 2004 January 30, 2004
W32.HLLW.Anig
W32/Anig.worm [McAfee], WORM_ANIG.A [Trend], Win32.Dfcsvc.A [Computer Associates], Worm.Win32.Anig [Kaspersky] January 29, 2004 January 30, 2004
PWSteal.Olbaid January 29, 2004 January 29, 2004
W32.Mimail.S@mm
W32/Mimail-S [Sophos], WORM_MIMAIL.S [Trend], Win32.Mimail.S [Computer Associates], W32/Mimail.s@MM [McAfee] January 29, 2004 January 29, 2004
Backdoor.Aphexdoor
Backdoor.Aphexdoor.10 [Kaspersky] January 28, 2004 January 28, 2004
W32.IRCBot.C
Backdoor.IRCBot.gen [Kaspersky] January 28, 2004 January 28, 2004
W32.Mydoom.B@mm
Mydoom.B [F-Secure], W32/Mydoom.b@MM [McAfee], WORM_MYDOOM.B [Trend], Win32.Mydoom.B [Computer Associates], I-Worm.Mydoom.b [Kaspersky], W32/MyDoom-B [Sophos] January 28, 2004 January 28, 2004
Trojan.Bookmarker.E January 27, 2004 January 28, 2004
W32.HLLW.Pokibat January 27, 2004 January 28, 2004
W32.Mydoom.A@mm
W32.Novarg.A@mm, W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend], Win32.Mydoom.A [Computer Associates], W32/Mydoom-A [Sophos], I-Worm.Novarg [Kaspersky] January 26, 2004 January 26, 2004
W32.Mimail.Q@mm
W32/Mimail.q@MM [McAfee], WORM_MIMAIL.Q [Trend], W32/Mimail-Q [Sophos] January 26, 2004 January 26, 2004
W32.Dumaru.Z@mm
W32/Dumaru.z@MM [McAfee], Win32.Dumaru.Z [Computer Associates], I-Worm.Dumaru.l [Kaspersky], WORM_DUMARU.Z [Trend] January 25, 2004 January 26, 2004
W32.Dumaru.Y@mm
W32/Dumaru.y@MM [McAfee], I-Worm.Dumaru.j [Kaspersky], Win32.Dumaru.Y [Computer Associates], W32/Dumaru-Y [Sophos], WORM_DUMARU.Y [Trend] January 23, 2004 January 26, 2004
Trojan.Bookmarker.D January 23, 2004 January 26, 2004
W32.HLLW.Sanker January 22, 2004 January 23, 2004
Backdoor.OptixPro.13b
Backdoor.Optix.Pro.13 [Kaspersky] January 21, 2004 January 22, 2004
Backdoor.Tuxder January 20, 2004 January 20, 2004
Trojan.Httpdos
Backdoor.Snart.j[Kaspersky] January 20, 2004 January 20, 2004
Trojan.Mitglieder.C
Mitglieder [F-Secure], TrojanProxy.Win32.Mitglieder.c [Kaspersky], Proxy-Mitglieder [McAfee], TROJ_MITGLIEDR [Trend] January 20, 2004 January 20, 2004


NAV Daily Definitions (Go!)


*Note: The i32 Intelligent Updater package cannot be used to update Symantec AntiVirus Corporate Edition 8.0 servers or Norton AntiVirus Corporate Edition 7.6 servers, but can be used to update Corporate Edition clients. The x86 Intelligent Updater package can be used to update corporate Edition clients and servers.

National Cyber Alert System (US-Cert)


Technical Alerts
TA04-041A
Multiple Vulnerabilities in Microsoft ASN.1 Library
SB04-049
Summary of Security Items from February 4 through February 17, 2004
Non-technical Alerts
SA04-041A
Multiple Vulnerabilities in Microsoft Windows
ST04-003
Good Security Habits

Latest version: February 25, 2004 18:10:59 EST
W32/Netsky.C
W32/Bizex
W32/Mydoom.F
W32/Welchia.D
IMail server exploitation
W32/Netsky.B
W32/Bagle.B
ASN.1 exploit code
W32/Mydoom.C or W32.HLLW.Doomjuice
W32/Mydoom or W32/Novarg
W32/Beagle or W32/Bagle Worm
Systems compromised via buffer overflow in DameWare



Live Virus Advisory Feed