Summary of Security Items from February 18 through March 2, 2004
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Publications by US-CERT |
href="#vendors">Publications by Vendors |
href="#others">Publications by Third Parties
Publications by US-CERT
VU#116182: WinZip vulnerable to buffer overflow in handling of MIME archive
parameters
A buffer overflow vulnerability in the WinZip program could allow a remote attacker to execute arbitrary code on a vulnerable system.VU#150326: Internet Security Systems' BlackICE and RealSecure contain a
heap overflow in the processing of SMB packets
Internet Security Systems' BlackICE and RealSecure intrusion detection products contain a remotely exploitable vulnerability. Exploitation of this vulnerability could lead to the compromise of the system with privileges of the vulnerable process, typically the "SYSTEM" user.VU#194238: Apple Mac OS X Safari fails to properly display URLs in the
status bar
Apple Mac OS X Safari fails to properly display URLs in the status bar.VU#240174: Oracle9i Database contains buffer overflow in TIME_ZONE session parameter
Oracle9i Database contains a buffer overflow in the TIME_ZONE session parameter which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process.VU#399806: Oracle9i Database contains buffer overflow in FROM_TZ() function
Oracle9i Database contains a buffer overflow in the FROM_TZ() function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process.VU#445214: Microsoft Windows Internet Naming Service (WINS) fails to
properly validate the length of specially crafted packets
Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets which could allow an unauthenticated, remote attacker to cause a denial-of-service condition.VU#460350: Apple Quicktime/Darwin Streaming Server fails to properly parse
DESCRIBE requestsApple Quicktime/Darwin Streaming Server fails to properly parse DESCRIBE
requests containing overly large User-Agent fields. This could allow an
unauthenticated, remote attacker to cause a denial-of-service condition.VU#513062: metamail contains multiple buffer overflow vulnerabilities
Multiple buffer overflows in the metamail package could allow a remote
attacker
to execute arbitrary code on a vulnerable system. An attacker may be able
to
exploit these vulnerabilities via a specially-crafted email message.VU#518518: metamail contains multiple format string vulnerabilities
Multiple format string vulnerabilities in the metamail package could allow a remote attacker to execute arbitrary code on the vulnerable system. An attacker may be able to exploit these vulnerabilities via a specially-crafted email message.
Apple Mac OS X contains a vulnerability in DiskArbitration when initializing
writable removable media.VU#619982: Zone Labs desktop security products fail to properly validate
RCPT TO command argumentZone Labs desktop security products contains a buffer overflow in the code
that
processes the RCPT TO command argument. This could allow an attacker to
execute
arbitrary code with SYSTEM privileges.VU#819126: Oracle9i Database contains buffer overflow in NUMTOYMINTERVAL()
functionOracle9i Database contains a buffer overflow in the NUMTOYMINTERVAL() function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process.
VU#841742: Apple Mac OS X Point-to-Point Protocol daemon (pppd) contains
format string vulnerabilityApple Mac OS X Point-to-Point Protocol daemon contains a format string
vulnerability in the handling of invalid command line arguments.VU#846582: Oracle9i Database contains buffer overflow in NUMTODSINTERVAL()
functionOracle9i Database contains a buffer overflow in the NUMTODSINTERVAL() function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process.
VU#972334: IMail Server LDAP daemon buffer overflow
A buffer overflow in the LDAP server component supplied with some versions of the Ipswitch IMail Server could allow a remote attacker to execute arbitrary code on the vulnerable system.
VU#987118: Microsoft Virtual PC for Mac fails to properly validate
temporary fileMicrosoft Virtual PC for Mac fails to properly validate a temporary file
which
could allow an attacker to execute arbitrary code with system privileges.
Publications by Vendors
Apple
- Security Update 2004-02-23 for Mac OS X 10.3.2 "Panther" and Mac OS X 10.3.2 Server (02-23-04)
http://docs.info.apple.com/article.html?artnum=61798- Security Update 2004-02-23 for Mac OS X 10.2.8 "Jaguar" and Mac OS X 10.2.8 Server (02-23-04)
http://docs.info.apple.com/article.html?artnum=61798Cisco
- Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities (02-19-04)
http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtmlConectiva
- XFree86 - Improper handling of font files (02-20-04)
http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000821- kernel - A new vulnerability in the linux memory management code that can be used by local attackers to obtain root privileges. (02-20-04)
http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000820- Zebra - A vulnerability has been found in zebra which allows local users to create a denial of service condition (DoS) by sending malicious netlink messages. (02-19-04)
http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000818- Mon - An error in the init script prevents mon from starting up
correctly. (02-19-04)
http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000817Debian
- DSA-454 linux-kernel-2.2.22-alpha - failing function and TLB flush (03-02-04)
http://www.debian.org/security/2004/dsa-454- DSA-453 linux-kernel-2.2.20-i386+m68k+powerpc - failing function and TLB flush (03-02-04)
http://www.debian.org/security/2004/dsa-453- DSA-452 libapache-mod-python - denial of service (02-29-04)
http://www.debian.org/security/2004/dsa-452- DSA-451 xboing - buffer overflows (02-27-04)
http://www.debian.org/security/2004/dsa-451- DSA-450 linux-kernel-2.4.19-mips - several vulnerabilities (02-27-04)
http://www.debian.org/security/2004/dsa-450- DSA-449 metamail - buffer overflow, format string bugs (02-24-04)
http://www.debian.org/security/2004/dsa-449- DSA-448 pwlib - several vulnerabilities (02-22-04)
http://www.debian.org/security/2004/dsa-448- DSA-447 hsftp - format string (02-22-04)
http://www.debian.org/security/2004/dsa-447- DSA-446 synaesthesia - insecure file creation (02-21-04)
http://www.debian.org/security/2004/dsa-446- DSA-445 lbreakout2 - buffer overflow (02-21-04)
http://www.debian.org/security/2004/dsa-445- DSA-444 linux-kernel-2.4.17-ia64 - missing function return value check (02-20-04)
http://www.debian.org/security/2004/dsa-444- DSA-443 xfree86 - several vulnerabilities (02-19-04)
http://www.debian.org/security/2004/dsa-443- DSA-442 linux-kernel-2.4.17-s390 - several vulnerabilities (02-19-04)
http://www.debian.org/security/2004/dsa-442- DSA-441 linux-kernel-2.4.17-mips+mipsel - missing function return value check (02-18-04)
http://www.debian.org/security/2004/dsa-441- DSA-440 linux-kernel-2.4.17-powerpc-apus - several vulnerabilities (02-18-04)
http://www.debian.org/security/2004/dsa-440- DSA-439 linux-kernel-2.4.16-arm - several vulnerabilities (02-18-04)
http://www.debian.org/security/2004/dsa-439- DSA-438 linux-kernel-2.4.18-alpha+i386+powerpc - missing function return value check (02-18-04)
http://www.debian.org/security/2004/dsa-438Fedora
- Updated kernel packages resolve security vulnerabilities (02-18-04)
http://www.redhat.com/archives/fedora-announce-list/2004-February/msg00023.html- Updated kernel packages resolve security vulnerabilities (02-18-04)
http://www.redhat.com/archives/fedora-announce-list/2004-February/msg00025.html- Update of libxml2 2.6.6 available (02-25-04)
http://www.redhat.com/archives/fedora-announce-list/2004-February/msg00029.html- Fedora Core 1 Update: pwlib-1.5.0-4 (03-02-04)
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00004.html- Fedora Core 1 Update: tcpdump-3.7.2-7.fc1.1 (03-02-04)
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00006.htmlFreeBSD
- FreeBSD-SA-04:03.jail.asc (02-25-04)
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc- FreeBSD-SA-04:04.tcp.asc (03-02-04)
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.ascHewlett Packard
- HPSBUX0402-313 New Mailing List for Security Bulletins Rev.1 (02-29-04)
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0402-313- HPSBGN0402-005 New Mailing List for Security Bulletins (02-21-04)
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBGN0402-005Mandrake
- Updated mtools packages fix local root vulnerability (02-25-04)
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:016- Updated x86_64 kernel packages fix multiple vulnerabilities (02-25-04)
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:015-1- Two format string and two buffer overflow vulnerabilities were discovered in metamail (02-18-04)
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:014Microsoft
- Cumulative Security Update for Internet Explorer - Microsoft Security Bulletin MS04-004. (updated 02-18-04)
http://www.microsoft.com/technet/security/bulletin/MS04-004.aspNovell
- iChain 2.2 Field Patch 3c (03-01-04)
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968316.htmOracle
- Security Vulnerabilities in Oracle9i Lite (02-18-04)
http://otn.oracle.com/deploy/security/pdf/2004alert63.pdf- Security Vulnerabilities in Oracle9i Database Server 1 and Server 2 release (02-18-04)
http://otn.oracle.com/deploy/security/pdf/2004alert64.pdf- Security Vulnerability in Oracle9i Application and Database Servers involving processing of SOAP messages whose XML contains carefully constructed DTDs (02-18-04)
http://otn.oracle.com/deploy/security/pdf/2004alert65.pdfRed Hat
- Updated libxml2 packages fix security vulnerability (03-03-04)
https://rhn.redhat.com/errata/RHSA-2004-091.html- Updated kernel packages resolve security vulnerabilities (02-18-04)
https://rhn.redhat.com/errata/RHSA-2004-065.html- Updated libxml2 packages fix security vulnerability (02-26-04)
https://rhn.redhat.com/errata/RHSA-2004-091.html- Updated mod_python packages fix denial of service vulnerability (02-26-04)
https://rhn.redhat.com/errata/RHSA-2004-063.html- Updated SANE packages fix problem with shared libraries (03-01-04)
https://rhn.redhat.com/errata/RHBA-2004-043.htmlSGI
- SGI Advanced Linux Environment security update #11 (02-26-04)
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc- SGI Advanced Linux Environment security update #12 (02-26-04)
ftp://patches.sgi.com/support/free/security/advisories/20040203-01-U.asc- SGI ProPack v2.4: Kernel fixes and security update (02-26-04)
ftp://patches.sgi.com/support/free/security/advisories/20040204-01-U.ascSlackware
- Kernel security update (SSA:2004-049-01) (02-18-04)
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.541911- metamail security update (SSA:2004-049-02) (02-18-04)
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734Sun Microsystems
- Patches Disable the Auditing Functionality on Basic Security Module (BSM) Enabled Systems (02-23-04)
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57478- SunPlex (Sun Cluster) Multiple Security Vulnerabilities in OpenSSL Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Protocols (02-23-04)
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57475- Security Issue with kcms_server Daemon (02-25-04)
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50104- Sun ONE Web Server Buffer Overflow Vulnerability May Result in "Denial of Service" (DoS) (02-25-04)
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57464- Security Vulnerability Involving the passwd(1) Command (02-26-04)
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57454- Security Vulnerability in "/usr/lib/print/conv_fix" May Allow Unauthorized Privileges and/or Denial of Service (02-26-04)
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57509SuSE Linux
- Linux Kernel (SuSE-SA:2004:005) (02-18-04)
http://www.suse.de/de/security/2004_05_linux_kernel.html- xf86/XFree86 (SuSE-SA:2004:006) (02-26-04)
http://www.suse.de/de/security/2004_06_xf86.htmlTurboLinux
- kernel mremap vulnerability (02-23-04)
http://www.turbolinux.com/security/2004/TLSA-2004-7.txtTrustix
- local root exploit in mremap (02-18-04)
http://www.trustix.org/errata/misc/2004/TSL-2004-0007-kernel.asc.txt
Publications by Third Parties
AusCERT
- Squid Proxy Cache Security Update Advisory SQUID-2004:1 (03-02-04)
http://www.auscert.org.au/render.html?it=3909&cid=1- Variants of mass-mailing worms Netsky and Bagle spreading rapidly (03-02-04)
http://www.auscert.org.au/render.html?it=3908&cid=1- New libapache-mod-python packages fix denial of service (03-01-04)
http://www.auscert.org.au/render.html?it=3907&cid=1- WinZip MIME Parsing Buffer Overflow Vulnerability (03-01-04)
http://www.auscert.org.au/render.html?it=3906&cid=1- Microsoft Internet Explorer Cross Frame Scripting Restriction Bypass (03-01-04)
http://www.auscert.org.au/render.html?it=3905&cid=1- Jailed processes can attach to other jails (03-01-04)
http://www.auscert.org.au/render.html?it=3904&cid=1- New Linux 2.4.19 packages fix several local root exploits (mips) (03-01-04)
http://www.auscert.org.au/render.html?it=3903&cid=1- Security Vulnerability in "/usr/lib/print/conv_fix" May Allow Unauthorized Privileges and/or Denial of Service (03-01-04)
http://www.auscert.org.au/render.html?it=3902&cid=1- Security Vulnerability Involving the passwd(1) Command (03-01-04)
http://www.auscert.org.au/render.html?it=3901&cid=1- RealSecure/BlackICE Server Message Block (SMB) Processing Overflow (02-27-04)
http://www.auscert.org.au/render.html?it=3900&cid=1- Updated libxml2 packages fix security vulnerability (02-27-04)
http://www.auscert.org.au/render.html?it=3898&cid=1- Updated mod_python packages fix denial of service vulnerability (02-27-04)
http://www.auscert.org.au/render.html?it=3897&cid=1- Exploit activity for Linux kernel memory management problem via mremap() (02-27-04)
http://www.auscert.org.au/render.html?it=3899&cid=1- Sun ONE Web Server Buffer Overflow Vulnerability May Result in "Denial of Service" (DoS) (02-26-04)
http://www.auscert.org.au/render.html?it=3895&cid=1- Security Issue with kcms_server Daemon *REVISED* (02-26-04)
http://www.auscert.org.au/render.html?it=3894&cid=1- WORM_NETSKY.C (W32/Netsky.C@MM, W32.Netsky.C@mm, Win32.Netsky.C, NetSky.C, I-Worm.Moodown.c) (02-26-04)
http://www.auscert.org.au/render.html?it=3893&cid=1- New metamail packages fix arbitrary code execution (02-25-04)
http://www.auscert.org.au/render.html?it=3892&cid=1- SunPlex (Sun Cluster) Multiple Security Vulnerabilities in OpenSSL Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Protocols *REVISED* (02-25-04)
http://www.auscert.org.au/render.html?it=3891&cid=1- Apple Security Update 2004-02-23 (02-24-04)
http://www.auscert.org.au/render.html?it=3890&cid=1- New pwlib packages fix multiple vulnerabilities (02-24-04)
http://www.auscert.org.au/render.html?it=3889&cid=1- New hsftp packages fix format string vulnerability (02-24-04)
http://www.auscert.org.au/render.html?it=3888&cid=1- New synaesthesia packages fix insecure file creation (02-24-04)
http://www.auscert.org.au/render.html?it=3887&cid=1- New mailman packages fix bug introduced in DSA 436-1 (02-24-04)
http://www.auscert.org.au/render.html?it=3886&cid=1- New Linux 2.4.17 packages fix local root exploit (ia64) (02-23-04)
http://www.auscert.org.au/render.html?it=3885&cid=1- New xfree86 packages fix multiple vulnerabilities (02-23-04)
http://www.auscert.org.au/render.html?it=3884&cid=1- New Linux 2.4.17 packages fix local root exploits and more (s390) (02-23-04)
http://www.auscert.org.au/render.html?it=3883&cid=1- shmat reference counting bug (02-23-04)
http://www.auscert.org.au/render.html?it=3882&cid=1- OpenSSL 0.9.6 ASN.1 parser vulnerability (02-23-04)
http://www.auscert.org.au/render.html?it=3881&cid=1- Inconsistent IPv6 path MTU discovery handling (02-23-04)
http://www.auscert.org.au/render.html?it=3880&cid=1- Insufficient packet validation in racoon IKE daemon (02-23-04)
http://www.auscert.org.au/render.html?it=3879&cid=1- Novell iChain Telnet Service Vulnerability (02-23-04)
http://www.auscert.org.au/render.html?it=3877&cid=1- SSRT2336 Rev.5 XDR library (02-23-04)
http://www.auscert.org.au/render.html?it=3876&cid=1- SSRT2439 Rev.10 xdrmem_getbytes() (02-23-04)
http://www.auscert.org.au/render.html?it=3875&cid=1- SSRT2330 Rev.2 rpc.yppasswdd (02-23-04)
http://www.auscert.org.au/render.html?it=3874&cid=1- SSRT3631 Rev.8 sendmail (02-23-04)
http://www.auscert.org.au/render.html?it=3873&cid=1- ZoneLabs SMTP Processing Buffer Overflow (02-23-04)
http://www.auscert.org.au/render.html?it=3878&cid=1- Updated kernel packages fix security vulnerability (02-20-04)
http://www.auscert.org.au/render.html?it=3872&cid=1- Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities (02-20-04)
http://www.auscert.org.au/render.html?it=3871&cid=1- Updated kernel packages fix security vulnerability (02-20-04)
http://www.auscert.org.au/render.html?it=3870&cid=1- Kernel security update (02-20-04)
http://www.auscert.org.au/render.html?it=3869&cid=1- New Linux 2.4.17 packages fix local root exploit (mips+mipsel) (02-20-04)
http://www.auscert.org.au/render.html?it=3868&cid=1- New Linux 2.4.17 packages fix several local root exploits (powerpc/apus) (02-20-04)
http://www.auscert.org.au/render.html?it=3867&cid=1- New Linux 2.4.16 packages fix several local root exploits (arm) (02-20-04)
http://www.auscert.org.au/render.html?it=3866&cid=1- Updated metamail packages fix vulnerabilities (02-20-04)
http://www.auscert.org.au/render.html?it=3865&cid=1- Updated samba packages fix security vulnerability (02-20-04)
http://www.auscert.org.au/render.html?it=3864&cid=1- Updated PWLib packages fix protocol security issues (02-20-04)
http://www.auscert.org.au/render.html?it=3863&cid=1- Updated kernel packages resolve security vulnerabilities (02-19-04)
http://www.auscert.org.au/render.html?it=3862&cid=1- New Linux 2.4.18 packages fix local root exploit (alpha+i386+powerpc) (02-19-04)
http://www.auscert.org.au/render.html?it=3861&cid=1- W32/Netsky.b (02-19-04)
http://www.auscert.org.au/render.html?it=3860&cid=1F-Secure
- Bagle.I (03-02-04)
http://www.f-secure.com/v-descs/bagle_i.shtml- Bagle.H (03-02-04)
http://www.f-secure.com/v-descs/bagle_h.shtml- Bagle.F (03-02-04)
http://www.f-secure.com/v-descs/bagle_f.shtml- Bagle.E (03-02-04)
http://www.f-secure.com/v-descs/bagle_e.shtml- Bagle.D (03-02-04)
http://www.f-secure.com/v-descs/bagle_d.shtml- Bagle.C (03-02-04)
http://www.f-secure.com/v-descs/bagle_c.shtml- NetSky.E (03-01-04)
http://www.f-secure.com/v-descs/netsky_e.shtml- NetSky.D (03-01-04)
http://www.f-secure.com/v-descs/netsky_d.shtml- NetSky.C (03-01-04)
http://www.f-secure.com/v-descs/netsky_c.shtml- MyDoom.F (03-01-04)
http://www.f-secure.com/v-descs/mydoom_f.shtml- Bagle.B (02-28-04)
http://www.f-secure.com/v-descs/bagle_b.shtml- Bizex (02-27-04)
http://www.f-secure.com/v-descs/bizex.shtml- NetSky.B (02-26-04)
http://www.f-secure.com/v-descs/netsky_b.shtml- NetSky.A (02-26-04)
http://www.f-secure.com/v-descs/moodown.shtml- Swicer (02-23-04)
http://www.f-secure.com/v-descs/swicer.shtml- Bagle (02-18-04)
http://www.f-secure.com/v-descs/bagle.shtmlISS
- Vulnerability in SMB Parsing in ISS Products (02-26-04)
http://xforce.iss.net/xforce/alerts/id/165- AS04-09 (03-01-04)
http://xforce.iss.net/xforce/alerts/id/AS04-09- AS04-08 (02-23-04)
http://xforce.iss.net/xforce/alerts/id/AS04-08Network Associates
- W32/Mydoom.g@MM (03-02-04)
http://vil.nai.com/vil/content/v_101072.htm- W32/Bagle.j@MM (03-02-04)
http://vil.nai.com/vil/content/v_101071.htm- W32/Hiton.a@MM (03-02-04)
http://vil.nai.com/vil/content/v_101070.htm- W32/Bagle.i@MM (03-02-04)
http://vil.nai.com/vil/content/v_101069.htm- W32/Bagle.h@MM (03-01-04)
http://vil.nai.com/vil/content/v_101068.htm- W32/Netsky.e@MM (03-01-04)
http://vil.nai.com/vil/content/v_101067.htm- W32/Netsky.d@MM (03-01-04)
http://vil.nai.com/vil/content/v_101064.htm- W32/Bagle.g@MM (02-29-04)
http://vil.nai.com/vil/content/v_101063.htm- W32/Bagle.f@MM (02-29-04)
http://vil.nai.com/vil/content/v_101062.htm- W32/Bagle.e@MM (02-28-04)
http://vil.nai.com/vil/content/v_101061.htm- W32/Bagle.d@MM (02-28-04)
http://vil.nai.com/vil/content/v_101060.htm- W32/Bagle.c@MM (02-27-04)
http://vil.nai.com/vil/content/v_101059.htm- W32/Netsky.c@MM (02-25-04)
http://vil.nai.com/vil/content/v_101048.htm- W32/Bizex.worm (02-24-04)
http://vil.nai.com/vil/content/v_101044.htm- W32/Cone@MM (02-23-04)
http://vil.nai.com/vil/content/v_101043.htm- W32/Eyeveg.worm.c (02-20-04)
http://vil.nai.com/vil/content/v_101041.htm- W97M/Trugbar.a (02-20-04)
http://vil.nai.com/vil/content/v_101040.htm- W32/Mydoom.f@MM (02-19-04)
http://vil.nai.com/vil/content/v_101038.htm- W32/Netsky.b@MM (02-18-04)
http://vil.nai.com/vil/content/v_101034.htmSANS
- SANS NewsBites #7 (02-18-04)
http://www.sans.org/newsletters/newsbites/newsbites.php?vol=6&issue=7- SANS NewsBites #8 (02-25-04)
http://www.sans.org/newsletters/newsbites/newsbites.php?vol=6&issue=8- @RISK: The Consensus Security Vulnerability Alert #7 (02-19-04)
http://www.sans.org/newsletters/risk/vol3_7.php- @RISK: The Consensus Security Vulnerability Alert #8 (02-26-04)
http://www.sans.org/newsletters/risk/vol3_8.phpSophos
- 32/Bagle-J (03-02-04)
http://www.sophos.com/virusinfo/analyses/w32baglej.html- W32/Netsky-D (03-02-04)
http://www.sophos.com/virusinfo/analyses/w32netskyd.html- W32/Bagle-I (03-02-04)
http://www.sophos.com/virusinfo/analyses/w32baglei.html- W32/Bagle-H (03-01-04)
http://www.sophos.com/virusinfo/analyses/w32bagleh.html- W32/Netsky-E (03-01-04)
http://www.sophos.com/virusinfo/analyses/w32netskye.html- W32/Bagle-G (03-01-04)
http://www.sophos.com/virusinfo/analyses/w32bagleg.html- W32/Bagle-F (03-01-04)
http://www.sophos.com/virusinfo/analyses/w32baglef.html- W32/Bagle-D (02-28-04)
http://www.sophos.com/virusinfo/analyses/w32bagled.html- W32/Bagle-E (02-28-04)
http://www.sophos.com/virusinfo/analyses/w32baglee.html- W32/Bagle-C (02-28-04)
http://www.sophos.com/virusinfo/analyses/w32baglec.html- W32/Maddis-A (02-28-04)
http://www.sophos.com/virusinfo/analyses/w32maddisa.html- W32/Nachi-D (02-27-04)
http://www.sophos.com/virusinfo/analyses/w32nachid.html- W32/Agobot-FE (02-27-04)
http://www.sophos.com/virusinfo/analyses/w32agobotfe.html- W32/Spybot-BM (02-27-04)
http://www.sophos.com/virusinfo/analyses/w32spybotbm.html- Troj/Killproc-B (02-27-04)
http://www.sophos.com/virusinfo/analyses/trojkillprocb.html- Troj/Tofger-O (02-27-04)
http://www.sophos.com/virusinfo/analyses/trojtofgero.html- JS/Venga-A (02-27-04)
http://www.sophos.com/virusinfo/analyses/jsvengaa.html- W32/Wenru-A (02-27-04)
http://www.sophos.com/virusinfo/analyses/w32wenrua.html- Troj/Dalixy-A (02-27-04)
http://www.sophos.com/virusinfo/analyses/trojdalixya.html- Troj/Dasmin-E (02-27-04)
http://www.sophos.com/virusinfo/analyses/trojdasmine.html- W32/Synapse-A (02-27-04)
http://www.sophos.com/virusinfo/analyses/w32synapsea.html- W32/Netsky-C (02-26-04)
http://www.sophos.com/virusinfo/analyses/w32netskyc.html- Troj/Narhem-A (02-26-04)
http://www.sophos.com/virusinfo/analyses/trojnarhema.html- W32/Agobot-DF (02-26-04)
http://www.sophos.com/virusinfo/analyses/w32agobotdf.html- Troj/Loony-B (02-26-04)
http://www.sophos.com/virusinfo/analyses/trojloonyb.html- W32/Darby-E (02-26-04)
http://www.sophos.com/virusinfo/analyses/w32darbye.html- mIRC/Darby-E (02-26-04)
http://www.sophos.com/virusinfo/analyses/mircdarbye.html- W32/Capside-B (02-26-04)
http://www.sophos.com/virusinfo/analyses/w32capsideb.html- Troj/Multidr-K (02-26-04)
http://www.sophos.com/virusinfo/analyses/trojmultidrk.html- Troj/Sandbox-A (02-26-04)
http://www.sophos.com/virusinfo/analyses/trojsandboxa.html- W32/Bizex-A (02-24-04)
http://www.sophos.com/virusinfo/analyses/w32bizexa.html- W32/MyDoom-F (02-20-04)
http://www.sophos.com/virusinfo/analyses/w32mydoomf.html- Troj/KeyHost-A (02-19-04)
http://www.sophos.com/virusinfo/analyses/trojkeyhosta.html- W32/Netsky-B (02-19-04)
http://www.sophos.com/virusinfo/analyses/w32netskyb.html- Troj/DDosSmal-B (02-19-04)
http://www.sophos.com/virusinfo/analyses/trojddossmalb.html- W32/Netsky-A (02-19-04)
http://www.sophos.com/virusinfo/analyses/w32netskya.html- W32/Nachi-C (02-19-04)
http://www.sophos.com/virusinfo/analyses/w32nachic.html- W32/SdBot-FQ (02-19-04)
http://www.sophos.com/virusinfo/analyses/w32sdbotfq.html- W32/SdBot-HH (02-19-04)
http://www.sophos.com/virusinfo/analyses/w32sdbothh.html- W32/SdBot-HI (02-19-04)
http://www.sophos.com/virusinfo/analyses/w32sdbothi.html- W32/SdBot-HJ (02-19-04)
http://www.sophos.com/virusinfo/analyses/w32sdbothj.html- JS/NoClose-B (02-19-04)
http://www.sophos.com/virusinfo/analyses/jsnocloseb.htmlSymantec
- W32.Beagle.J@mm (03-02-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.j@mm.html- W32.Hiton@mm (03-02-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hiton@mm.html- W32.Mydoom.G@mm (03-02-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.g@mm.html- W32.Beagle.I@mm (03-01-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.i@mm.html- W32.Beagle.H@mm (03-01-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.h@mm.html- W32.Netsky.E@mm (03-01-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.e@mm.html- W32.Netsky.D@mm (03-01-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.d@mm.html- W32.Beagle.G@mm (02-29-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.g@mm.html- W32.Beagle.F@mm (02-29-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.f@mm.html- W32.Cone.B@mm (02-29-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.cone.b@mm.html- W32.HLLW.Cult.P@mm (02-29-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cult.p@mm.html- Trojan.Bookmarker.F (02-29-04)
http://securityresponse.symantec.com/avcenter/venc/data/trojan.bookmarker.f.html- W32.Beagle.E@mm (02-28-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.e@mm.html- W32.HLLW.Evianc (02-28-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.evianc.html- W32.HLLW.Moega.AP (02-28-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.moega.ap.html- W32.Beagle.C@mm (02-27-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.c@mm.html- Trojan.Tilser (02-27-04)
http://securityresponse.symantec.com/avcenter/venc/data/trojan.tilser.html- PWSteal.Bancos.E (02-26-04)
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.e.html- Backdoor.IRC.Loonbot (02-26-04)
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.loonbot.html- PWSteal.Tarno.B (02-26-04)
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.b.html- W32.Mockbot.A.Worm (02-25-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.mockbot.a.worm.html- Backdoor.IRC.Aladinz.M (02-25-04)
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.m.html- W32.Netsky.C@mm (02-24-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.c@mm.html- W32.Bizex.Worm (02-24-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.bizex.worm.html- W32.Welchia.D.Worm (02-23-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.d.worm.html- Downloader.Botten (02-23-04)
http://securityresponse.symantec.com/avcenter/venc/data/downloader.botten.html- W97M.Ortant@mm (02-22-04)
http://securityresponse.symantec.com/avcenter/venc/data/w97m.ortant@mm.html- W32.Cone@mm (02-22-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.cone@mm.html- Backdoor.IRC.Aladinz.L (02-21-04)
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.l.html- Java.StartPage (02-20-04)
http://securityresponse.symantec.com/avcenter/venc/data/java.startpage.html- W32.Mydoom.F@mm (02-20-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.f@mm.html- Backdoor.Kaitex.E (02-20-04)
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.kaitex.e.html- W97M.Saver.H (02-19-04)
http://securityresponse.symantec.com/avcenter/venc/data/w97m.saver.h.html- Backdoor.IRC.Aladinz.K (02-19-04)
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.k.html- W32.Netsky.B@mm (02-18-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.b@mm.htmlTrend Micro
- WORM_MYDOOM.G (03-02-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.G- WORM_BAGLE.I (03-02-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.I- WORM_BAGLE.D (03-01-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.D- WORM_BAGLE.H (03-01-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.H- WORM_NETSKY.E (03-01-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY.E- WORM_NETSKY.D (03-01-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY.D- WORM_AGOBOT.ZF (03-01-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ZF- WORM_BAGLE.G (02-29-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.G- WORM_BAGLE.F (02-29-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.F- WORM_BAGLE.E (02-28-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.E- WORM_BAGLE.C (02-27-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.C- WORM_NETSKY.C (02-26-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY.C- WORM_NACHI.D (02-25-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NACHI.D- WORM_BIZEX.A (02-24-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BIZEX.A- WORM_CASPID.B (02-24-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_CASPID.B- WORM_AGOBOT.DE (02-23-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.DE- WORM_DARBY.D (02-23-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DARBY.D- WORM_MYDOOM.F (02-20-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.F- WORM_RUSTY.A (02-19-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RUSTY.A- WORM_NETSKY.B (02-18-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY.BUNIRAS
- Malicious Software Report: NetSky.D ALIAS: I-Worm.Moodown.D, W32/Netsky.D@mm, Moodown.D, Worm.Somefool (03-01-04)
http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-0904.txt- Malicious Software Report:W32/Bagle.c@MM & W32/Bagle.e@MM (03-01-04)
http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-0804.txt- Malicious Software Report - W32/Netsky.c@MM (02-25-04)
http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-0704.txt- Malicious Software Report - W32/Netsky.b AKA Worm.Moodown.B, W32/Netsky.B, Moodown.B (02-18-04)
http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-0604.txt- Jailed processes can attach to other jails (03-01-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-9804.txt- Two iDefense Security Advisories:
- WinZip MIME Parsing Buffer Overflow Vulnerability.
- Microsoft Internet Explorer Cross Frame Scripting Restriction Bypass (03-01-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-9704.txt- Two Debian Security Advisories:
- New Linux 2.4.19 packages fix several local root exploits (mips).
- New libapache-mod-python packages fix denial of service (03-01-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-9604.txt- RealSecure/BlackICE Server Message Block (SMB) Processing Overflow (03-01-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-9504.txt- Three Sun Microsystems Advisories:
- SunPlex (Sun Cluster) Multiple Security Vulnerabilities in OpenSSL Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Protocols.
- Security Vulnerability Involving the passwd(1) Command.
- Security Vulnerability in /usr/lib/print/conv_fix May Allow Unauthorized Privileges and/or Denial of Service (03-01-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-9404.txt- Updated mod_python packages fix denial of service vulnerability and Updated libxml2 packages fix security vulnerability (02-27-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-9304.txt- DSA 449-1 - New metamail packages fix arbitrary code execution (02-27-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-9204.txt- Two Mandrake Security Advisories:
- Updated x86_64 kernel packages fix multiple vulnerabilities
- Updated mtools packages fix local root vulnerability (02-27-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-9104.txt- Cisco Security Bulletin: ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities (02-26-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-9004.txt- Debian Security Bulletins:
- New gnupg packages fix cryptographic weakness.
- New mailman packages fix bug introduced in DSA 436-1.
- New Linux 2.4.18 packages fix local root exploit.
- New Linux 2.4.17 packages fix local root exploits and more.
- New xfree86 packages fix multiple vulnerabilities.
- New lbreakout2 packages fix buffer overflow.
- New synaesthesia packages fix insecure file creation.
- New hsftp packages fix format string vulnerability.
- New pwlib packages fix multiple vulnerabilities (02-26-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-8904.txt- Apple Security Bulletin: Security Update (02-26-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-8804.txt- eEye Security Bulletin: ZoneLabs SMTP Processing Buffer Overflow (02-26-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-8704.txt- CIAC Security Bulletin: Novell iChain Telnet Service Vulnerability (02-26-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-8604.txt- Slackware Security Bulletin: Kernel security update (02-26-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-8504.txt- Red Hat Security Bulletin: Updated kernel packages fix security vulnerability (02-25-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-8404.txt- Four Hewlett-Packard Security Advisories:
- Potential security vulnerability in sendmail
- Potential security vulnerability in rpc.yppasswdd.
- Potential buffer overflow in xdrmem_getbytes() and related functions.
- Potential buffer overflow in XDR library (02-25-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-8304.txt- Debian Security Briefings:
- DSA 439-1 - New Linux 2.4.16 packages fix several local root exploits (arm)
- DSA 440-1 - New Linux 2.4.17 packages fix several local root exploits (powerpc/apus)
- DSA 441-1 - New Linux 2.4.17 packages fix local root exploit (mips+mipsel) (02-25-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-8204.txt- Three Red Hat Security Bulletins:
- Updated PWLib packages fix protocol security issues.
- Updated samba packages fix security vulnerability.
- Updated metamail packages fix vulnerabilities (02-24-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-8104.txt- Five SCO Security Advisories:
- cache poisoning BIND 8 prior to 8.3.7 and BIND 8.4.x prior 8.4.2
- OpenLinux: Fetchmail 6.2.4 and earlier remote dennial of service.
- OpenLinux: mpg123 remote denial of service and heap-based buffer overflow
- OpenLinux: Multiple vulnerabilities were discovered in the saned daemon
- OpenLinux: Perl Safe.pm unsafe access (02-24-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-8004.txt
Copyright 2004 Carnegie Mellon University. Terms of use
updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.