Summary of Security Items from October 20 through October 26
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
This bulletin
provides a summary of new or updated vulnerabilities, exploits, trends, viruses,
and trojans. Updates to items appearing in previous
bulletins are listed in bold text. The text in the Risk column appears in
red for vulnerabilities ranking High. The risks
levels applied to vulnerabilities in the Cyber Security Bulletin are based on
how the "system" may be impacted. The Recent Exploit/Technique table contains a
"Workaround or Patch Available" column that indicates whether a workaround or
patch has been published for the vulnerability which the script exploits.
name=bugs>Bugs, Holes,
& Patches
face="Arial, Helvetica, sans-serif">The table below summarizes vulnerabilitiesthat have been identified, even if they are not being exploited. Complete
details about patches or workarounds are available from the source of the
information or from the URL provided in the section. CVE numbers are listed
where applicable. Vulnerabilities that affect both Windows and
Unix Operating Systems are included in the Multiple
Operating Systems section.
Note: All the information included in the following tables
has been discussed in newsgroups and on web sites.
The Risk levels
defined below are based on how the system may be impacted:
- High - A
high-risk vulnerability is defined as one that will allow an intruder to
immediately gain privileged access (e.g., sysadmin or root) to the system or
allow an intruder to execute code or alter arbitrary system files. An example
of a high-risk vulnerability is one that allows an unauthorized user to send a
sequence of instructions to a machine and the machine responds with a command
prompt with administrator privileges. - Medium - A
medium-risk vulnerability is defined as one that will allow an intruder
immediate access to a system with less than privileged access. Such
vulnerability will allow the intruder the opportunity to continue the attempt
to gain privileged access. An example of medium-risk vulnerability is a server
configuration error that allows an intruder to capture the password
file. - Low - A
low-risk vulnerability is defined as one that will provide information to an
intruder that could lead to further compromise attempts or a Denial of Service
(DoS) attack. It should be noted that while the DoS attack is deemed low from
a threat potential, the frequency of this type of attack is very high. DoS
attacks against mission-critical nodes are not included in this rating and any
attack of this nature should instead be considered to be a "High"
threat.
name=unix>UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name |
face="Arial, Helvetica, sans-serif">Risk |
face="Arial, Helvetica, sans-serif">Source |
Ghostscript 4.3, 4.3.2, 5.10 cl, 5.10.10 -1 mdk, 5.10.10 -1, 5.10.10 | A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files. Trustix: href="ftp://ftp.trustix.org/pub/trustix/updates/">ftp://ftp.trustix.org/pub/trustix/updates/ Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-18.xml">http://security.gentoo.org/glsa/glsa-200410-18.xml here is no exploit code required. | Medium | Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 Gentoo Linux Security Advisory, GLSA 200410-18, October 20, | |
Apache 2.0.35-2.0.52 | A vulnerability exists when the 'SSLCipherSuite' directive is used in a OpenPKG:
href="ftp://ftp.openpkg.org/release/">ftp://ftp.openpkg.org/release/ Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-21.xml">http://security.gentoo.org/glsa/glsa-200410-21.xml Slackware: href="ftp://ftp.slackware.com/pub/slackware/">ftp://ftp.slackware.com/pub/slackware/ There is no exploit code required. | Medium | OpenPKG Security Advisory, OpenPKG-SA-2004.044, October 15, 2004 Gentoo Linux Security Advisory, GLSA 200410-21, October 22, Slackware Security Advisory, SSA:2004-299-01, October 26, 2004 | |
Apache 1.3, 1.3.1, 1.3.3, 1.3.4, 1.3.46, 1.3.7 -dev, 1.3.9, 1.3.11, | A buffer overflow vulnerability exists in the 'get_tag()' function, No workaround or patch available at time of publishing. Exploit scripts have been published. | High | SecurityFocus, October 20, 2004 | |
Safari 1.2.3 | A cross-domain vulnerability exists when multiple windows are open, which could let a remote malicious user spoof web page functions. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit | Apple Safari Cross-Domain Dialog Box Spoofing | Medium | Secunia Advisory, SA12892, October 20, 2004 |
A vulnerability exists in Concurrent Versions System (CVS) in which a Upgrade to version 1.11.17 or 1.12.9 available at:
href="https://www.cvshome.org/"> FreeBSD:
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:14/cvs.patch">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/ Fedora Legacy: href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/redhat/ Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php A Proof of Concept exploit has been published. | CVS Undocumented Flag Information Disclosure CVE Name: | Low | iDEFENSE Security Advisory 08.16.04 FreeBSD Security Advisory, FreeBSD-SA-04:14, September 20, 2004 Fedora Legacy Update Advisory, FLSA:1735, October 7, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004, October 20, | |
cPanel 9.4.1-RELEASE-64; 9.9.1-RELEASE-3 | Several vulnerabilities exist: a vulnerability exists in the backup feature, which could let a remote authenticated malicious user obtain sensitive information; a vulnerability exists when FrontPage extensions are turned on or off, which could let a remote authenticated malicious user change ownership of critical files; and a vulnerability exists in the '_private' directory when FrontPage extensions are turned on or off, which could let a remote authenticated malicious user change permissions on any file on the target system to 0755. The vendor has released fixes dealing with this issue. Users Proofs of Concept exploits have been published. | cPanel Backup & FrontPage Management Remote Arbitrary File Modifications | Medium/ High (High if root access can be obtained) | SecurityTracker Alert ID, 1011762, October 18, 2004 SecurityFocus, October 20, 2004 |
cPanel 9.4.1-STABLE 65 | A vulnerability exists in the webmail feature due to insufficient validation of all password characters, which could let a remote malicious user brute force webmail account passwords. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | cPanel Truncated Password Brute Force | Medium | Secunia Advisory, SA12943, October 22, 2004 |
dadaimc 0.95-0.98.2 | A vulnerability exists due to insufficient sanitization of user-supplied input before including in dynamically generated web page content, which could let a remote malicious user execute arbitrary HTML code. No workaround or patch available at time of There is no exploit code required. | dadaIMC HTML Injection | High | SecurityFocus, October 18, 2004 |
telnetd 0.17 -25, 0.17 -18 | A vulnerability exists due to a failure to ensure that memory buffers are properly allocated and deallocated, which could let a malicious user cause a Denial of Service or potentially execute arbitrary code. Debian: Debian:
href="http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl">http://security.debian.org/pool/updates/main We are not aware of any exploits for this vulnerability. | Low/High (High if arbitrary code can be executed) | Debian Security Advisory, DSA 556-1, October 3, 2004 Debian Security Advisory DSA 569-1, October 18, 2004 | |
Gentoo | Multiple vulnerabilities were reported in Gaim in the Gentoo: href="http://security.gentoo.org/glsa/glsa-200408-12.xml">http://security.gentoo.org/glsa/glsa-200408-12.xml SuSE: href="http://www.suse.de/de/security/2004_25_gaim.html">http://www.suse.de/de/security/2004_25_gaim.html Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php Rob Flynn: Slackware: Fedora Legacy: href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/redhat/ We are not aware of any exploits for this | Gaim Buffer Overflows in Processing MSN
| High | SecurityTracker, 1010872, August 5, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:081, Slackware Security Advisory, SSA:2004-239-01, August Fedora Legacy Update Advisory, FLSA:1237, |
socat 1.0 .x, 1.1 .x, 1.2 .x, 1.3 .x, 1.4 .0.2, 1.4 .0.1, 1.4 | A format string vulnerability exists in the 'void _msg()' function in 'error.c' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary code. Socat: Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-26.xml">http://security.gentoo.org/glsa/glsa-200410-26.xml An exploit script has been published. | Gerhard Rieger Socat Remote Format String | High | socat Security Advisory 1, October 22,2 004 Gentoo Linux Security Advisory, GLSA 200410-26, October 25, 2004 |
glibc 2.0-2.0.6, 2.1, 2.1.1 -6, 2.1.1, 2.1.2, 2.1.3 -10, 2.1.3, 2.1.9 | A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files. Trustix: href="ftp://ftp.trustix.org/pub/trustix/updates/">ftp://ftp.trustix.org/pub/trustix/updates/ Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-19.xml">http://security.gentoo.org/glsa/glsa-200410-19.xml There is no exploit code required. | Medium | Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 Gentoo Linux Security Advisory, GLSA 200410-19, October 21, | |
OpenSkat 1.1-1.9 | Several security issues related to the non-interactive zero knowledge Upgrades available at: We are not aware of any exploits for this vulnerability. | Heiko Stamer openSkat Game Unspecified Security Issues | Not Specified | SecurityTracker Alert ID, 1011805, October 20, 2004 |
Cluster Object Manager B.03.00.01, B.03.00.00, B.02.02.02, B.02.02.00, | A vulnerability exists which could let a remote malicious user obtain Patches available at: href=" http://itrc.hp.com">http://itrc.hp.com We are not aware of any exploits for this vulnerability. | HP ServiceGuard & Cluster Object Manager Remote Root Access | High | HP Security Bulletin, HPSBUX01080 , October 22, 2004 |
HP-UX B.11.23, B.11.22, B.11.11, B.11.00 | A vulnerability exists in 'stmkfont' due to the way paths to external Patches available at: href="http://itrc.hp.com/">http://itrc.hp.com/ There is no exploit code required.
| High | HP Security Bulletin, HPSBUX01088, October 20, 2004 | |
Tru64 4.0 G PK4, 4.0 F PK8, 5.1 B-2 PK4 (BL25), | A file permissions and a buffer overflow vulnerability exists in the X Patches available at: We are not aware of any exploits for this vulnerability. | HP Tru64 X Window System Elevated Privileges | Medium | HP Security Bulletin, HPSBTU01084, October 18, 2004 |
Konqueror 3.2.2 -6 | A cross-domain dialog vulnerability exists because inactive tabs can No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit | Konqueror Browser Cross-Domain Dialog Box Spoofing | Medium | Secunia Advisory, SA12706, October 20, 2004 |
LibTIFF 3.6.1 | Several buffer overflow vulnerabilities exist: a vulnerability exists because a specially crafted image file can be created, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a remote Denial of Service vulnerability exists in 'libtiff/tif_dirread.c' due to a division by zero error; and a vulnerability exists in the 'tif_next.c,' 'tif_thunder.c,' and 'tif_luv.c' RLE decoding routines, which could let a remote malicious user execute arbitrary code. Debian: Gentoo: href=" http://security.gentoo.org/glsa/glsa-200410-11.xml">http://security.gentoo.org/glsa/glsa-200410-11.xml Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/">http://download.fedora.redhat.com/pub/fedora/ OpenPKG: Trustix: href="ftp://ftp.trustix.org/pub/trustix/updates/">ftp://ftp.trustix.org/pub/trustix/updates/ Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/ RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-577.html">http://rhn.redhat.com/errata/RHSA-2004-577.html Proofs of Concept exploits have been published. | LibTIFF Buffer Overflows CVE Name: | Low/High (High if arbitrary code can be execute) | Gentoo Linux Security Advisory, GLSA 200410-11, October 13, 2004 Fedora Update Notification, OpenPKG Security Advisory, OpenPKG-SA-2004.043, October 14, 2004 Debian Security Advisory, DSA 567-1, October 15, 2004 Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, Mandrakelinux Security Update Advisory, MDKSA-2004:109 & SuSE Security Announcement, SUSE-SA:2004:038, October 22, 2004 RedHat Security Advisory, RHSA-2004:577-16, October 22, 2004 |
mpg123 pre0.59s, 0.59r | A buffer overflow vulnerability exists in the 'getauthfromURL()' No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | MPG123 Remote URL Open Buffer Overflow | High | Securiteam, October 21, 2004 |
FileZilla Server 0.7, 0.7.1; OpenBSD -current, 3.5; | A remote Denial of Service vulnerability during the decompression Gentoo: href="http://security.gentoo.org/glsa/glsa-200408-26.xml">http://security.gentoo.org/glsa/glsa-200408-26.xml FileZilla:
href="http://sourceforge.net/project/showfiles.php?group_id=21558">http://sourceforge.net/project/showfiles. OpenBSD: OpenPKG: ftp ftp.openpkg.org Trustix:
href="ftp://ftp.trustix.org/pub/trustix/updates/ ">ftp://ftp.trustix.org/pub/trustix/updates/ SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/ Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php Conectiva: href="ftp://atualizacoes.conectiva.com.br/">ftp://atualizacoes.conectiva.com.br/ SCO: href="ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.17">ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.17 We are not aware of any exploits for this vulnerability. | Low | SecurityFocus, August 25, 2004 SUSE Security Announcement, SUSE-SA:2004:029, September 2, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:090, September 8, Conectiva Linux Security Announcement, CLA-2004:865, September 13, 2004 US-CERT Vulnerability Note VU#238678, October 1, 2004 SCO Security Advisory, SCOSA-2004.17, October 19, 2004 | |
Gaim version 0.75 & prior | Multiple buffer overflow vulnerabilities exist due to boundary errors Upgrade available at: Debian: Mandrake: href="http://www.mandrakesecure.net/en/advisories/">http://www.mandrakesecure.net/en/advisories/ RedHat: href="ftp://updates.redhat.com/">ftp://updates.redhat.com/ Slackware: href="ftp://ftp.slackware.com/pub/slackware/">ftp://ftp.slackware.com/pub/slackware/ SuSE: href="ftp://ftp.suse.com/pub/suse/i386/update/">ftp://ftp.suse.com/pub/suse/i386/update/ Conectiva: href="ftp://atualizacoes.cbronectiva.com./">ftp://atualizacoes.cbronectiva.com./ Fedora: SGI: Fedora Legacy: href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/redhat/ We are not aware of any exploits for this vulnerability. | Gaim CVE Names: | High | Red Hat Security Advisory, RHSA-2004:032-01, January 26, 2004 Slackware Security Advisory, SSA:2004-026-01, January 27, 2004 SuSE Security Announcement, SuSE-SA:2004:004, January 29, 2004 Mandrake Linux Security Update Advisory, MDKSA-2004:006-1, January 30, Debian Security Advisory, DSA 434-1, February 5, 2004 Conectiva Linux Security Announcement, CLA-2004:813, February 10, SGI Security Advisory, 20040201-01-U, February 11, 1004 Fedora Update Notification, FEDORA-2004-070, February 16, 2004 US-CERT Vulnerability Notes, VU#197142, VU#779614, VU#444158, Fedora Legacy Update Advisory, FLSA:1237, October 16, 2004 |
Apple Mac OS X 10.2-10.2.8, 10.3 -10.3.5, OS X Server 10.2-10.2.8, 10.3 | A vulnerability exists in 'error_log' when certain methods of remote Update available at: href="http://www.cups.org/software.php">http://www.cups.org/software.php Apple: Fedora: Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-06.xml">http://security.gentoo.org/glsa/glsa-200410-06.xml Debian: href="http://security.debian.org/pool/updates/main/c/cupsys/">http://security.debian.org/pool/updates/main/c/cupsys/ Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-543.html">http://rhn.redhat.com/errata/RHSA-2004-543.html There is no exploit code required. | Medium | Apple Security Update, APPLE-SA-2004-09-30, October 4, 2004 Fedora Update Notification, Gentoo Linux Security Advisory, GLSA 200410-06, October 9, 2004 Debian Security Advisory, DSA 566-1, October 14, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:116, October RedHat Security Advisory, RHSA-2004:543-15, October 22, 2004 | |
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, | A vulnerability exists in 'src/modules/lsg2/lsg2-main.c,' which could Debian: href="http://security.debian.org/pool/updates/main/e/ecartis/">http://security.debian.org/pool/updates/main/e/ecartis/ We are not aware of any exploits for this vulnerability. | Ecartis Remote Administrator Privileges CVE Name: | High | Debian Security Advisory, DSA 572-1, October 21, 2004 |
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, | Several integer overflow vulnerabilities exist in 'pdftops/Catalog.cc' and 'pdftops/XRef.cc,' which could let a remote malicious user execute arbitrary code. Debian: Fedora: Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-20.xml">http://security.gentoo.org/glsa/glsa-200410-20.xml KDE: Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php Ubuntu: href="http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/">http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/ We are not aware of any exploits for this vulnerability.
| High | SecurityTracker Alert ID, 1011865, October 21, 2004 | |
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, | A buffer overflow vulnerability exists in the processing of images with excessive height, which could let a remote malicious user execute arbitrary code. Debian: SuSE: Ubuntu: We are not aware of any exploits for this vulnerability. | High | Debian Security Advisories, DSA 570-1 & 571-1, October 20, 2004 SuSE Security Announcement, SUSE-SA:2004:037, October 20, 2004 Ubuntu Security Notice 1-1, October 22, 2004 | |
Enlightenment Imlib2 1.0-1.0.5, 1.1, 1.1.1; | Multiple buffer overflow vulnerabilities exist in the Iimlib/Imlib2 libraries when handling malformed bitmap images, which could let a remote malicious user cause a Denial of Service or execute arbitrary code. lmlib:
href="http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/">http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/ ImageMagick:
href="http://www.imagemagick.org/www/download.html ">http://www.imagemagick.org/www/download.html Gentoo: href="http://security.gentoo.org/glsa/glsa-200409-12.xml">http://security.gentoo.org/glsa/glsa-200409-12.xml Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/">http://download.fedora.redhat.com/pub/ Debian: href="http://security.debian.org/pool/updates/main/i/imagemagick/">http://security.debian.org/pool/updates/main/i/imagemagick/ RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-465.html">http://rhn.redhat.com/errata/RHSA-2004-465.html SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/ TurboLinux:
href="ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/">ftp://ftp.turbolinux.com/pub/TurboLinux/ Conectiva: href="ftp://atualizacoes.conectiva.com.br/">ftp://atualizacoes.conectiva.com.br/ Sun:
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57648-1&searchclause=">http://sunsolve.sun.com/search/document.do?
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57645-1&searchclause=">http://sunsolve.sun.com/search/document.do? TurboLinux: href="ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/">ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/ RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-480.html">http://rhn.redhat.com/errata/RHSA-2004-480.html We are not aware of any exploits for this vulnerability. | IMLib/IMLib2 Multiple BMP Image
CVE Names: | Low/High (High if arbitrary code can be executed) | SecurityFocus, September 1, 2004 Gentoo Linux Security Advisory, GLSA 200409-12, September 8, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:089, September 8, Fedora Update Notifications, Turbolinux Security Advisory, TLSA-2004-27, September 15, 2004 RedHat Security Advisory, RHSA-2004:465-08, September 15, 2004 Debian Security Advisories, DSA 547-1 & 548-1, September 16, 2004 Conectiva Linux Security Announcement, CLA-2004:870, September 28, 2004 Sun(sm) Alert Notifications, 57645 & 57648, September 20, 2004 Turbolinux Security Announcement, October 5, 2004 RedHat Security Update, RHSA-2004:480-05, October 20, 2004 |
FreeBSD 4.8-4.10, 5.1, 5.2, 5.2.1-RELEASE; | A vulnerability exists in bmon, which could let a malicious user FreeBSD has updated their port system to remove the setuid bit from the A Proof of Concept exploit script has been published. | BMON Arbitrary Code Execution | High | Securiteam October 17, 2004 |
Gentoo Linux 1.4; | Multiple vulnerabilities exist: a buffer overflow vulnerability exists Debian:
href="http://security.debian.org/pool/updates/main/q/qt-copy/ ">http://security.debian.org/pool/updates/main/q/qt-copy/ Fedora: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ Gentoo: href="http://security.gentoo.org/glsa/glsa-200408-20.xml">http://security.gentoo.org/glsa/glsa-200408-20.xml Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php Slackware:
href="ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kde/qt-3.1.2-i486-4.tgz">ftp://ftp.slackware.com/pub/slackware/ SuSE: href="ftp://ftp.suse.com/pub/suse/i386/update">ftp://ftp.suse.com/pub/suse/i386/update Trolltech Upgrade: href="http://www.trolltech.com/download/index.html">http://www.trolltech.com/download/index.html TurboLinux:
href="ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/ ">ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/ Sun:
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57637-1&searchclause=security">http://sunsolve.sun.com/search/document.do? Conectiva: href="ftp://atualizacoes.conectiva.com.br/">ftp://atualizacoes.conectiva.com.br/ RedHat:
href="http://rhn.redhat.com/errata/RHSA-2004-478.html">http://rhn.redhat.com/errata/RHSA-2004-478.html SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/ Avaya:
href="http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=203389&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()">http://support.avaya.com/japple/css/japple Proof of Concept exploit has been published. | QT Image File Buffer Overflows CVE Names: | High | Secunia Advisory, SA12325, August 10, 2004 Sun Alert ID: 57637, September 3, 2004 Conectiva Linux Security Announcement, CLA-2004:866, September 22, 2004 RedHat Security Advisories, RHSA-2004:478-13 & RHSA-2004:479-05, SUSE Security Announcement, SUSE-SA:2004:035, October 5, 2004 SecurityFocus, October 18, 2004 |
Gentoo Linux, 1.4; Rob Flynn Gaim 0.10 x, 0.10.3, 0.50-0.75, 0.78, | A buffer overflow vulnerability exists in the processing of MSNSLP Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-23.xml">http://security.gentoo.org/glsa/glsa-200410-23.xml Rob Flynn: RedHat: href=" ftp://updates.redhat.com">ftp://updates.redhat.com Slackware: We are not aware of any exploits for this vulnerability. | High | Gentoo Linux Security Advisory, GLSA 200410-23, October 25, 2004 RedHat Security Advisory, RHSA-2004:604-01, October 20, 2004 Slackware Security Advisory, SSA:2004-296-01, October 22, 2004 | |
GNU Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, | Multiple vulnerabilities exist: a vulnerability exists when decoding Debian: Fedora: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/ Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php RedHat:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/ SuSE: href=" ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/ Gentoo: href=" http://security.gentoo.org/glsa/glsa-200409-28.xml">http://security.gentoo.org/glsa/glsa-200409-28.xml Conectiva: href="ftp://atualizacoes.conectiva.com.br/">ftp://atualizacoes.conectiva.com.br/ We are not aware of any exploits for this vulnerability. | gdk-pixbug BMP, ICO, and XPM Image Processing Errors CVE Names: | Low/High (High if arbitrary code can be executed) | SecurityTracker Alert ID, 1011285, September 17, 2004 Gentoo Linux Security Advisory, GLSA 200409-28, September 21, 2004 US-CERT Vulnerability Notes VU#577654, VU#369358, VU#729894, VU#825374, Conectiva Linux Security Announcement, CLA-2004:875, October |
Linux kernel 2.6 -test1-test11, 2.6-l 2.6.8; SuSE Linux 9.1 | A remote Denial of Service vulnerability exists in the iptables logging rules due to an integer underflow. Update available at: href=" http://kernel.org/">http://kernel.org/ SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/ We are not aware of any exploits for this vulnerability.
| Low | SuSE Security Announcement, SUSE-SA:2004:037, October 20, 2004 | |
Linux kernel kernel 2.2- 2.2.25, 2.4 .0-test1-test11, 2.4-2.4.27, 2.6 | Two vulnerabilities exist: a vulnerability exists in the terminal Upgrades available at: We are not aware of any exploits for this vulnerability. | Low/ Medium (Medium if sensitive information can be obtained) | Secunia Advisory, SA12951, October 22, 2004 | |
Luke Mewburn lukemftp 1.5, TNFTPD 20031217; NetBSD Current, 1.3-1.3.3, | Several vulnerabilities exist in the out-of-band signal handling code due to race condition errors, which could let a remote malicious user obtain superuser privileges. Luke Mewburn Upgrade: Apple:
href="http://wsidecar.apple.com/cgi-bin/ ">http://wsidecar.apple.com/cgi-bin/ Debian: href="http://security.debian.org/pool/updates/main/l/lukemftpd/">http://security.debian.org/pool/updates/main/l/lukemftpd/ Gentoo: href=" http://security.gentoo.org/glsa/glsa-200409-19.xml">http://security.gentoo.org/glsa/glsa-200409-19.xml Sun:
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57655-1&searchclause=">http://sunsolve.sun.com/search/document.do We are not aware of any exploits for this vulnerability. | High | NetBSD Security Advisory 2004-009, August 17, 2004 Apple Security Update, APPLE-SA-2004-09-07, September 7, 2004 Debian Security Advisory DSA 551-1, September 21, 2004 Gentoo Linux Security Advisory, GLSA 200409-19, September 16, 2004 Sun(sm) Alert Notification, 57655, October 15, 2004 | |
OpenBSD 3.4, 3.5; SuSE Linux 8.1, 8.2, 9.0, x86_64, 9.1, Linux | Multiple vulnerabilities exist: a stack overflow vulnerability exists Debian:
href="http://security.debian.org/pool/updates/main/i/imlib/">http://security.debian.org/pool/updates/main/i/imlib/ Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" OpenBSD: SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/ X.org: http://x.org/X11R6.8.1/ Gentoo: href="http://security.gentoo.org/glsa/glsa-200409-34.xml">http://security.gentoo.org/glsa/glsa-200409-34.xml IBM: href="http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp">http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-478.html">http://rhn.redhat.com/errata/RHSA-2004-478.html Avaya:
href="http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=203389&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()">http://support.avaya.com/japple/css/japple? Sun:
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57652-1&searchclause=">http://sunsolve.sun.com/search/document.do Proofs of Concept exploits have been published. | High | X.Org Foundation Security Advisory, September 16, 2004 US-CERT Vulnerability Notes, VU#537878 & VU#882750, September 30, SecurityFocus, October 4, 2004 SecurityFocus, October 18, 2004 Sun(sm) Alert Notification, 5765, October 18, 2004 | |
MySQL 3.23.49, 4.0.20 | A vulnerability exists in the 'mysqlhotcopy' script due to predictable Debian: href="http://security.debian.org/pool/updates/main/m/">http://security.debian.org/pool/updates/main/m/ Gentoo: href="http://security.gentoo.org/glsa/glsa-200409-02.xml">http://security.gentoo.org/glsa/glsa-200409-02.xml SuSE: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/ RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-569.html">http://rhn.redhat.com/errata/RHSA-2004-569.html There is no exploit code required. | Medium | Debian Security Advisory, DSA 540-1, August 18, 2004 Gentoo Linux Security Advisory GLSA 200409-02, September 1, 2004 SUSE Security Announcement, SUSE-SA:2004:030, September 6, 2004 RedHat Security Advisory, ,RHSA-2004:569-16, October 20, 2004 | |
nbmember.cgi | A vulnerability exists in the 'nbmember.cgi' script, which could let a No workaround or patch available at time of There is no exploit code required; however, a Proof of Concept exploit | Netbilling NBMEMBER Script Information Disclosure | Medium | SecurityFocus, October 22, 2004 |
OpenOffice 1.1.2, | A vulnerability exists in the '/tmp' folder due to insecure Upgrades available at:
href="http://sunsolve.sun.com/search/">http://sunsolve.sun.com/search/ RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-446.html">http://rhn.redhat.com/errata/RHSA-2004-446.html Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-17.xml">http://security.gentoo.org/glsa/glsa-200410-17.xml There is no exploit code required. | Medium | Secunia Advisory, SA12302, September 13, 2004 RedHat Security Bulletin, RHSA-2004:446-08, September 15, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:103, September 28, Gentoo Linux Security Advisory, GLSA 200410-17, October 20, | |
PostgreSQL 7.4.5 | A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files. Trustix: href="ftp://ftp.trustix.org/pub/trustix/updates/">ftp://ftp.trustix.org/pub/trustix/updates/ Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-16.xml">http://security.gentoo.org/glsa/glsa-200410-16.xml There is no exploit code required. | Medium | Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 Gentoo Linux Security Advisory, GLSA 200410-16, October 18, | |
ProFTPd 1.2.8, 1.2.10; possibly other versions | A vulnerability exists due to a time delay difference in the No workaround or patch available at time of Another Proof of Concept exploit script has been published. | ProFTPd Login Timing Account Disclosure | Medium | LSS Security Team Advisory, October 14, 2004 PacketStorm, October 26, 2004 |
Gaim 0.50-0.75, 0.82, 0.82.1, 1.0, 1.0.1 | A remote MSN file transfer and a remote MSN SLP Denial of Service vulnerability exists due to a failure to properly handle exceptional conditions. Upgrades available at: There is no exploit code required. | Gaim Remote Denials of Service | Low | SecurityFocus, October 20, 2004 |
Gaim 0.10 x, 0.10.3, 0.50-0.75 | Multiple vulnerabilities exist which could let a remote malicious user execute arbitrary code or cause a Denial of Service: a vulnerability exists during the installation of a smiley theme; a heap overflow vulnerability exists when processing data from a groupware server; a buffer overflow vulnerability exists in the URI parsing utility; a buffer overflow vulnerability exists when performing a DNS query to obtain a hostname when signing on to zephyr; a buffer overflow vulnerability exists when processing Rich Text Format (RTF) messages; and a buffer overflow vulnerability exists in the 'content-length' header when an excessive value is submitted. Fedora: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/ Gentoo: href="http://security.gentoo.org/glsa/glsa-200408-27.xml">http://security.gentoo.org/glsa/glsa-200408-27.xml Rob Flynn: Slackware:
href="ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gaim-0.82-i486-1.tgz ">ftp://ftp.slackware.com/pub/slackware/slackware-10.0/ Fedora Legacy: href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/redhat/ Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php We are not aware of any exploits for this vulnerability. | Low/High
(High if arbitrary code can be executed) | SecurityFocus, August 26, 2004 Fedora Legacy Update Advisory, FLSA:1237, October 16, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:110, October | |
rssh 2.2.1 & prior | A vulnerability exists in 'log.c' due to a format string error, which Update available at: href=" http://www.pizzashack.org/rssh/downloads.shtml">http://www.pizzashack.org/rssh/downloads.shtml We are not aware of any exploits for this vulnerability. | rssh 'log.c' Format String | High | Secunia Advisory, SA12954, October 25, 2004 |
SCO Group SCO OpenServer 5.x | Multiple vulnerabilities exist in SCO MMDF. According to SCO the vulnerabilities are: buffer overflows, null dereferences and core dumps. One of the buffer overflows is known to affect "execmail". Updates available at:
href="ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.7/">ftp://ftp.sco.com/pub/updates/OpenServer/ An exploit script has been published. | SCO OpenServer Multiple Vulnerabilities in MMDF CVE Names: | Medium | SCO Advisory, SCOSA-2004.7, July 14, 2004 Deprotect Security Advisory 20040206, July 2, 2004 PacketStorm October 26, 2004 |
USB Driver 1.0, 1.1, 1.2 , beta1-beta3, 1.3 | A format string vulnerability exists because the 'modem_run,' 'pppoa2,' and 'pppoa3' functions make an unsafe 'syslog()' call due to insufficient sanitization, which could let a malicious user execute arbitrary code. Upgrades available at: We are not aware of any exploits for this vulnerability. | High | SecurityFocus, October 21, 2004 | |
DokuWiki 2004-09-30, 2004-09-25, 2004-09-12, 2004-08-22, 2004-08-15a, | A vulnerability exists due to improper enforcement of the the access Updates available at: There is no exploit code required. | DokuWiki Access Control Enforcement | Medium | SecurityTracker Alert ID, 1011802, October 20, 2004 |
Squid 2.5-STABLE6, 3.0-PRE3-20040702; when compiled with SNMP support
| A remote Denial of Service vulnerability exists in the Updates available at: href=" http://www.squid-cache.org/">http://www.squid-cache.org/ Fedora: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/">http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ Gentoo: href="http://security.gentoo.org/glsa/glsa-200410-15.xml">http://security.gentoo.org/glsa/glsa-200410-15.xml Trustix: href="http://http.trustix.org/pub/trustix/updates/">http://http.trustix.org/pub/trustix/updates/ RedHat: href="http://rhn.redhat.com/errata/RHSA-2004-591.html">http://rhn.redhat.com/errata/RHSA-2004-591.html Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">http://www.mandrakesecure.net/en/ftp.php We are not aware of any exploits for this vulnerability. | Low | iDEFENSE Security Advisory, October 11, 2004 Fedora Update Notification, Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, Gentoo Linux Security Advisory, GLSA 200410-15, October 18, 2004 RedHat Security Advisory, RHSA-2004:591-04, October 20, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:112, October | |
Solaris 8.0, 8.0 _x86, 9.0, 9.0 _x86 | A vulnerability exists in 'ldap(1)' when used with Role Based Access Update available at:
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57657-1">http://sunsolve.sun.com/search/ We are not aware of any exploits for this vulnerability. | Sun Solaris LDAP RBAC Root Privileges | High | Sun(sm) Alert Notification, 57657, October 18, 2004 |
Linux Enterprise Server for S/390, 9.0 | A vulnerability exists due to an incorrectly handled privileged instruction which could let a malicious user obtain root user privileges. Note: Vulnerability only affects SuSE Linux Enterprise Server 9 when it is installed on the IBM S/390 platform. Upgrade available at: href="ftp://ftp.suse.com/pub/suse/">ftp://ftp.suse.com/pub/suse/ We are not aware of any exploits for this vulnerability. | High | SuSE Security Announcement, SUSE-SA:2004:037, October 21, 2004 | |
LibTIFF LibTIFF 3.6.1; | A buffer overflow vulnerability exists in libtiff on SuSE Linux in the OJPEGVSetField() function in 'libtiff/tif_ojpeg.c,' which could let a remote malicious user cause a Denial of Service or execute arbitrary code. Upgrades and patches available at: We are not aware of any exploits for this vulnerability. | Low/High (High if arbitrary code can be executed) | SUSE Security Announcement, SUSE-SA:2004:038, October 22, 2004 | |
Links 0.91-0.99 | A remote Denial of Service vulnerability exists when handling HTML No workaround or patch available at time of Proofs of Concept exploits have been published. | Links Malformed Table Remote Denial of Service | Low | Bugtraq, October 18, 2004 |
Lynx 2.7, 2.8-2.8.5, 2.8.5 dev2-5, dev8 | A remote Denial of Service vulnerability exists when handling malformed No workaround or patch available at time of Proofs of Concept exploits have been published. | Lynx Malformed HTML Remote Denial of Service | Low | Bugtraq, October 18, 2004 |
[back to
top]
size=-2>
Recent
Exploit Scripts/Techniques
The table belowcontains a sample of exploit scripts and "how to" guides identified during this
period. The "Workaround or Patch Available" column indicates if vendors,
security vulnerability listservs, or Computer Emergency Response Teams (CERTs)
have published workarounds or patches.
Note: At times,
scripts/techniques may contain names or content that may be considered
offensive.
Date of | Script name | Workaround or Patch Available | Script Description |
October 26, 2004 | 85mod_include.c | No | Proof of Concept exploit for the Apache mod_include Buffer Overflow vulnerability. |
October 26, 2004 | ethereal-0.10.7.tar.gz | N/A | A GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. |
October 26, 2004 | javascript.txt | N/A | A write-up discussion on how to use Javascript to spoof what page is actually being visited. |
October 26, 2004 | navRant.txt | NA | Proof of Concept regarding how easy it is to bypass Norton Antivirus. |
October 26, 2004 | nmap-3.75.tgz | N/A | A utility for port scanning large networks, although it works fine for single hosts. |
October 26, 2004 | osx86_mmdfdeliver.c | Yes | Script that exploits the SCO OpenServer MMDF vulnerability. |
October 26, 2004 | proftpdEnum.c | No | Proof of Concept script that exploits the ProFTPd Login Timing Account Disclosure vulnerability. |
October 26, 2004 | rkdscan.zip | N/A | A scanner designed to detect whether or not an NT based computer is infected with the Hacker Defender root kit. |
October 25, 2004 | socat_exp.c | Yes | Script that exploits the Socat Remote Format String vulnerability. |
October 24, 2004 | creating_a_asp_command _shell_using_BACKUP.txt | N/A | This is a text document that describes how MS SQL can be "tricked" into creating a command.asp script under the webroot, even when you do not have access to 'sa' privs (dbo privs are probably still a must, though). The technique described uses the SQL server 'backup' command. |
October 24, 2004 | ksb26-2.6.9.tar.gz | N/A | KSB26, Kernel Socks Bouncer for 2.6.x, is a Linux 2.6.x-kernel patch that redirects full tcp connections through a socks5 proxy. KSB26 uses a character device to pass socks5 and the target IPs the Linux kernel. |
October 24, 2004 | lgool.c | N/A | Lgool is a program that will search Google for a given vulnerability. |
October 24, 2004 | SetWindowLong_Shatter_Attacks.pdf | N/A | This paper gives an example of the variety of shatter attacks which should be corrected by MS04-032 (KB840987). This sort of attack can typically be used for local privilege escalation. |
October 24, 2004 | uml.c | N/A | Userspace Logger is functioning code based on the example given in the article in Phrack 51 entitled "Shared Library Redirection". The following functions are logged: read()/recv() output and intercepts open(), open64(), close(), socket(), connect(), exit(). This is an effective keystroke logger, among other things, despite that the author says it is only at the Proof-of-Concept phase. |
October 23, 2004 | 101_shixx.cpp | No | Exploit for the Mavel ShixxNote 6.net Buffer Overflow in Font Field vulnerability. |
October 23, 2004 | amap-4.7.tar.gz | N/A | Application Mapper is a next-generation scanning tool that allows you to identify the applications that are running on a specific port. It does this by connecting to the port(s) and sending trigger packets. |
October 23, 2004 | Camou121.exe | N/A | Camouflage v1.2.1 is an incredibly weak steganography tool for Windows that uses various image files and doc files as a carrier to hide arbitrary data inside of. |
October 23, 2004 | CKFP.zip | N/A | This is a Windows program that "unprotects" files which have been hidden using a steganography program called Camouflage. If the Camouflage'd file requires a password, the password is reset to nothing. |
October 23, 2004 | hitb04-shreeraj-shah.pdf | N/A | "Web Services - Attacks and Defense Strategies, Methods and Tools" presentation that discusses how the web service is the new security Lego Land. The main building blocks are UDDI, SOAP and WSDL. This presentation will briefly touch upon each of these aspects. |
October 23, 2004 | hitb04-sk-chong.pdf | N/A | "Windows Local Kernel Exploitation" presentation that discusses mechanisms to exploit the Windows Kernel for useful local privilege escalation. |
October 23, 2004 | hitb04-teo-sze-siong.zip | N/A | "Stealth Virus Design Thru Breeding Concept (Non Polymorphic)" presentation that includes Proof of Concept code samples. |
October 23, 2004 | SetecAstronomy.pl | N/A | This is a Perl script that can search files to identify whether data has been hidden using a weak steganography tool for Windows named Camouflage. |
October 22, 2004 | ability-2.34-ftp-stor.py | No | Exploit for the Code-Crafters Ability Server FTP STOR Argument Remote Buffer Overflow vulnerability. |
October 20, 2004 | akellaPrivateersBountyExploit.zip | No | Script that exploits the Akella Privateer's Bounty: Age of Sail II Remote Nickname Buffer Overflow vulnerability. |
October 20, 2004 | apacheModIncludeLocal BufferOverflowExploit.c | No | Script that exploits the Apache mod_include Buffer Overflow vulnerability. |
October 20, 2004 | Intro_to_Win32_Exploits.pdf | N/A | An introduction to writing exploits for the Win32 platform. Walks through creation of an exploit for a real vulnerable piece of software, using OllyDbg to help isolate the fault and exploit it. |
October 20, 2004 | ms04-030_spl.pl | Yes | Perl script that exploits the Microsoft WebDav XML Message Handler Denial of Service vulnerability. |
October 20, 2004 | noceegar.html | No | Exploit for the Microsoft Internet Explorer HTML Help Control Local Zone Security Restriction Bypass & File Drag and Drop Embedded Code vulnerabilities. |
October 20, 2004 | windowsEMF_WMF_Exploit.c | Yes | Script that exploits the Microsoft Windows WMF/EMF Remote Buffer Overflow vulnerability. |
October 19, 2004 | HOD-ms04032-emf-expl2.c | Yes | Exploit that creates crafted metadata files to exploit Microsoft Internet Explorer 6.0. |
October 19, 2004 | toneboom.zip | No | Script that exploits the Vypress Tonecast Remote Denial of Service vulnerability. |
October 18, 2004 | dc_ypop.c | No | Script that exploits the YPOPs! Buffer Overflows vulnerability. |
October 18, 2004 | salesLogixFileUploadPoC.pl | Yes | Proof of Concept exploit for the Best Software SalesLogix File Upload vulnerability. |
October 16, 2004 | bmon.sh | Yes | Proof of Concept exploit for theBMON Arbitrary Code Execution vulnerability. |
name=trends>Trends
- Results of a survey of 2,000 consumers conducted in August
indicated that consumers, increasingly fearful of identity theft, want more
security before they'll engage in online banking and other Internet-based
services, according to a survey released Tuesday, October 26. Such findings may indicate
the marketplace has reached a tipping point in which security is now viewed by
users as an imperative rather than impediment to online usage. For more
information, see href="http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1017458,00.html">http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1017458,00.html.
name=viruses>Viruses/Trojans
Top Ten Virus
Threats
A list of high threat
viruses, as reported to various anti-virus vendors and virus incident reporting
organizations, has been ranked and categorized in the table below. For the
purposes of collecting and collating data, infections involving multiple systems
at a single location are considered a single infection. It is therefore possible
that a virus has infected hundreds of machines but has only been counted once.
With the number of viruses that appear each month, it is possible that a new
virus will become widely distributed before the next edition of this
publication. To limit the possibility of infection, readers are reminded to
update their anti-virus packages as soon as updates become available. The table
lists the viruses by ranking (number of sites affected), common virus name, type
of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on
number of infections reported since last week), and approximate date first
found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trends |
face="Arial, Helvetica, sans-serif">Date |
1 | Netsky-P | Win32 Worm | Stable | March 2004 |
2 | Zafi-B | Win32 Worm | Stable | June 2004 |
3 | Netsky-Z | Win32 Worm | Stable | April 2004 |
4 | Netsky-D | Win32 Worm | Stable | March 2004 |
5 | Bagle-AA | Win32 Worm | Stable | April 2004 |
6 | Netsky-B | Win32 Worm | Stable | February 2004 |
7 | Netsky-Q | Win32 Worm | Stable | March 2004 |
8 | MyDoom-O | Win32 Worm | Stable | July 2004 |
9 | Bagle-Z | Win32 Worm | Stable | April 2004 |
10 | MyDoom.M | Win32 Worm | Stable | July 2004 |
Table
Updated October 26, 2004
Viruses or
Trojans Considered to be a High Level of Threat
- Opener - A
script-based threat that spies on Mac users has been discovered. The malware
disables Mac OS X's built-in firewall, steals personal information and can
destroy data. ( href="http://news.com.com/Mac+users+face+rare+threat/2100-7349_3-5424883.html?tag=nefd.top">CNET
News, October 25, 2004) - Famus.B - After a series of celebrity related Trojans
that spread through social engineering techniques the latest one preys on
potential victims' curiosity about the ongoing conflict in Iraq. Antivirus
companies warned of a new worm on Monday, October 25, that is sent by email
and appears to contain photographs of the Iraq war. The Famus.B worm affects
Windows systems and tries to trick users into believing its attached file --
called Iraq.scr -- contains pictures from inside Iraq. This virus type was
first reported in May 2004. ( href="http://news.zdnet.co.uk/0,39020330,39171362,00.htm">ZDNet News,
October 26, 2004)
The following table
provides, in alphabetical order, a list of new viruses, variations of previously
encountered viruses, and Trojans that have been discovered during the period
covered by this bulletin. This information has been compiled from the following
anti-virus vendors: Sophos, Trend Micro, Symantec, McAfee, Network Associates,
Central Command, F-Secure, Kaspersky Labs, MessageLabs, Panda Software, Computer
Associates, and The WildList Organization International. Users should keep
anti-virus software up to date and should contact their anti-virus vendors to
obtain specific information on the Trojans and Trojan variants that anti-virus
software detects.
NOTE: At
times, viruses and Trojans may contain names or content that may be considered
offensive.
updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.