Summary of Security Items from March 23 through March 29, 2005
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Information
in the US-CERT Cyber Security Bulletin is a compilation and includes information
published by outside sources, so the information should not be considered the
result of US-CERT analysis. Software vulnerabilities are categorized in the
appropriate section reflecting the operating system on which the vulnerability
was reported; however, this does not mean that the vulnerability only affects
the operating system reported since this information is obtained from
open-source information.
This bulletin
provides a summary of new or updated vulnerabilities, exploits, trends, viruses,
and trojans. Updates to vulnerabilities that
appeared in previous bulletins are listed in bold
text. The text in the Risk column appears in red for vulnerabilities
ranking High. The risks levels applied to
vulnerabilities in the Cyber Security Bulletin are based on how the "system" may
be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch
Available" column that indicates whether a workaround or patch has been
published for the vulnerability which the script exploits.
name=vulns> face="Arial, Helvetica, sans-serif">Vulnerabilities
class=style46>The table belowsummarizes vulnerabilities that have been identified, even if they are not being
exploited. Complete details about patches or workarounds are available from the
source of the information or from the URL provided in the section. CVE numbers
are listed where applicable. Vulnerabilities that affect both
Windows and Unix Operating Systems are included in the href="#other">Multiple Operating Systems section.
Note: All the information included in the following tables
has been discussed in newsgroups and on web sites.
The Risk levels
defined below are based on how the system may be impacted:
- High - A
high-risk vulnerability is defined as one that will allow an intruder to
immediately gain privileged access (e.g., sysadmin or root) to the system or
allow an intruder to execute code or alter arbitrary system files. An example
of a high-risk vulnerability is one that allows an unauthorized user to send a
sequence of instructions to a machine and the machine responds with a command
prompt with administrator privileges. - Medium - A
medium-risk vulnerability is defined as one that will allow an intruder
immediate access to a system with less than privileged access. Such
vulnerability will allow the intruder the opportunity to continue the attempt
to gain privileged access. An example of medium-risk vulnerability is a server
configuration error that allows an intruder to capture the password
file. - Low - A
low-risk vulnerability is defined as one that will provide information to an
intruder that could lead to further compromise attempts or a Denial of Service
(DoS) attack. It should be noted that while the DoS attack is deemed low from
a threat potential, the frequency of this type of attack is very high. DoS
attacks against mission-critical nodes are not included in this rating and any
attack of this nature should instead be considered to be a "High"
threat.
| name=unix>UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference |
face="Arial, Helvetica, sans-serif">Risk |
face="Arial, Helvetica, sans-serif">Source |
Safari 1.2.5 | A vulnerability exists when processing International Domain Names (IDNs), which could let a remote malicious user spoof web sites. Update available at: A Proof of Concept exploit has been published. | Medium | Secunia Advisory, | |
Cyrus IMAP Server 2.x
| Multiple vulnerabilities exist: a buffer overflow vulnerability exists in mailbox handling due to an off-by-one boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in the imapd annotate extension due to an off-by-one boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in 'fetchnews,' which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exist because remote administrative users can exploit the backend; and a buffer overflow vulnerability exists in imapd due to a boundary error, which could let a remote malicious user execute arbitrary code. Update available at:
href=" http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200502-29.xml"> SUSE: Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Conectiva:
href="ftp://atualizacoes.conectiva.com.br/"> ALT Linux:
href="http://lists.altlinux.ru/pipermail/security-announce/2005-March/000287.html"> Currently we are not aware of any exploits for these | High | Secunia Advisory, Gentoo Linux Security Advisory, GLSA 200502-29, February 23, 2005 SUSE Security Announcement, SUSE-SA:2005:009, February 24, 2005 Ubuntu Security Notice USN-87-1, February 28, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:051, March 4, 2005 Conectiva Linux Security Announcement, CLA-2005:937, March 17, 2005 ALTLinux Security Advisory, March 29, 2005 | |
Dnsmasq 2.0-2.20 | Multiple vulnerabilities have been reported: a buffer overflow vulnerability has been reported due to an off-by-one error when reading the DHCP lease file, which could let a remote malicious user cause a Denial of Service; and a vulnerability has been reported when receiving DNS replies due to insufficient validation, which could let a remote malicious user poison the DNS cache. Upgrades available at: Currently we are not aware of any exploits for these vulnerabilities. | Low/ Medium (Medium if the DNS cache can be poisoned) | Security Focus, 12897, March 25, 2005 | |
PayPal Storefront 1.7 | Multiple vulnerabilities have been reported: a vulnerability has been reported in the 'pages.php' and 'products1.php' scripts due to insufficient validation of user-supplied data, which could let a remote malicious user execute arbitrary SQL commands; and a Cross-Site Scripting vulnerability has been reported in the 'products1h.php' script due to insufficient validation of the 'id' parameter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploits | High | Dcrab 's Security Advisory, March 25, 2005 | |
Ethereal 0.8, 0.8.13-0.8.15, 0.8.18, 0.8.19, 0.9-0.9.16, | Multiple vulnerabilities exist: remote Denial of Service vulnerabilities exist in the COPS, DLSw, DNP, Gnutella, and MMSE dissectors; and a buffer overflow vulnerability exists in the X11 dissector, which could let a remote malicious user execute arbitrary code. Ethereal:
href="http://www.ethereal.com/download.html"> Debian: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200501-27.xml"> SuSE:
href="ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/subversion-viewcvs-1.0.8-2.2.x86_64.rpm" SGI:
href="ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/"> ALT Linux:
href="http://lists.altlinux.ru/pipermail/security-announce/2005-March/000287.html"> Conectiva:
href="ftp://atualizacoes.conectiva.com.br/"> Currently we are not aware of any exploits for these | Ethereal Multiple Dissector Vulnerabilities
href="http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CAN-2005-0006">CAN-2005-0006 | Low/High (High if arbitrary code can be executed) | Security Tracker Alert, 1012962, January 21, 2005 SGI Security Advisory, 20050202-01-U, February 9, 2005 Conectiva Security Linux Announcement, CLA-2005:942, March 28, ALTLinux Security Advisory, March 29, 2005 |
sharutils 4.2, 4.2.1 | Multiple buffer overflow vulnerabilities exists due to a failure to Gentoo:
href="http://security.gentoo.org/glsa/glsa-200410-01.xml"> FedoraLegacy: Ubuntu: We are not aware of any exploits for this vulnerability. | Low/High (High if arbitrary code can be executed) | Gentoo Linux Security Advisory, GLSA 200410-01, October 1, 2004 Fedora Legacy Update Advisory, FLSA:2155, March 24, 2005 Ubuntu Security Notice, USN-102-1 March 29, | |
Smail-3 3.2.0.120 | Multiple vulnerabilities have been reported: a vulnerability has been reported in 'addr.c' due to a heap overflow, which could let a remote malicious user execute arbitrary code with root privileges; and a vulnerability has been reported in 'modes.c' due to insecure handling of heap memory by signal handlers, which could let a malicious user execute arbitrary code with root privileges. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for these vulnerabilities. | High | Security Tracker Alert, 1013564, March 27, 2005 | |
Grip 3.1.2, 3.2 .0 | A buffer overflow vulnerability has been reported in the CDDB protocol due to a boundary error, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code. Fedora: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-21.xml"> RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-304.html"> Currently we are not aware of any exploits for this | Low/ (High if arbitrary code can be executed) | Fedora Update Notifications, Gentoo Linux Security Advisory, GLSA 200503-21, March 17, 2005 RedHat Security Advisory, RHSA-2005:304-08, March 28, 2005 | |
ImageMagick 5.3.3, 5.3.8, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8 .2-1.1.0 , | Several vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported in the decoder due to a failure to handle malformed TIFF tags; a remote Denial of Service vulnerability has been reported due to a failure to handle malformed TIFF images; a remote Denial of Service vulnerability has been reported due to a failure to handle malformed PSD files; and a buffer overflow vulnerability has been reported in the SGI parser, which could let a remote malicious user execute arbitrary code. Upgrades available at: SuSE: RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-070.html"> Currently we are not aware of any exploits for these | ImageMagick
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0759">CAN-2005-0759 | Low/ High (High if arbitrary code can be executed) | Security Tracker Alert, 1013550, March 24, 2005 |
CDRTools 2.0 | A vulnerability has been reported in cdrecord due to insecure creation of various files, which could let a malicious user corrupt arbitrary files. Ubuntu: There is no exploit code required. | Medium | Ubuntu Security Notice USN-100-1, March 24, 2005 | |
KDE 1.1-1.1.2, 1.2, 2.1-2.1.2, 2.2-2.2.2, 3.0- 3.0.5, 3.1-3.1.5, | A Denial of Service vulnerability has been reported in the Desktop Upgrade available at: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-22.xml"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Fedora: RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-325.html"> ALTLinux: Currently we are not aware of any exploits for this vulnerability. | Low | KDE Security Advisory, March 16, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:325-07, March 23, 2005 ALTLinux Security Advisory, March 29, 2005 | |
kdelibs 3.3.2 | A vulnerability exists in the 'dcopidling' library due to insufficient Patch available at: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-14.xml"> Fedora: RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-325.html"> ALTLinux: Currently we are not aware of any exploits for this | Medium | Security Focus, February 11, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:045, February 18, Gentoo Linux Security Advisory, GLSA 200503-14, March 7, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:058, March 16, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:325-07, March 23, 2005 ALTLinux Security Advisory, March 29, 2005
| |
libexif 0.6.9, 0.6.11 | A vulnerability exists in the 'EXIF' library due to insufficient validation of 'EXIF' tag structure, which could let a remote malicious user execute arbitrary code. Ubuntu: Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-17.xml"> RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-300.html"> Currently we are not aware of any exploits for this vulnerability. | High | Ubuntu Security Notice USN-91-1, March 7, 2005 Fedora Update Notifications, Gentoo Linux Security Advisory, GLSA 200503-17, March 12, 2005 RedHat Security Advisory, RHSA-2005:300-08, March 21, 2005 | |
Mathopd Web Server 1.5 p4, 1.6 b5 | A vulnerability has been reported in the 'internal_dump()' function due Upgrades available at: There is no exploit code required. | Medium | Secunia Advisory, SA14524, March 23, 2005 | |
Midnight Commander 4.5.40-4.5.5.52, 4.5.54, 4.5.55 | A buffer overflow vulnerability has been reported in the 'insert_text()' function due to insufficient bounds checking, which could let a malicious user execute arbitrary code. Debian: Currently we are not aware of any exploits for this vulnerability. | High | Debian Security Advisory, DSA 698-1 , March 29, 2005 | |
Firefox 1.0 | A vulnerability exists because a predictable name issued for the plugin temporary directory, which could let a malicious user cause a Denial of Service or modify system/user information. Update available at:
link="#999999">
href="http://www.mozilla.org/products/firefox/all.html "> Fedora: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-10.xml"> SuSE:
href="ftp://ftp.suse.com/pub/suse/"> Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-30.xml">
href="http://security.gentoo.org/glsa/glsa-200503-30.xml">http://security.gentoo.org/ An exploit has been published. | Low/ Medium (Medium if user/system information can be modified) | Mozilla Foundation Security Advisory, 2005-28, February 25, 2005 SUSE Security Announcement, SUSE-SA:2005:016, March 16, 2005 Fedora Update Notification, Gentoo Linux Security Advisory, GLSA 200503-30 & GLSA | |
ClamAV 0.51-0.54, 0.60, 0.65, 0.67, 0.68 -1, 0.68, 0.70, 0.80 rc1-rc4, | A remote Denial of Service vulnerability exists due to an error in the Upgrade available at: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200501-46.xml"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> SUSE: Trustix:
href="http://www.trustix.org/errata/2005/0003/"> Conectiva:
href="ftp://atualizacoes.conectiva.com.br/10/RPMS/libclamav-devel-static-0.83-70136U10_7cl.i386.rpm"> ALT Linux:
href="http://lists.altlinux.ru/pipermail/security-announce/2005-March/000287.html"> Currently we are not aware of any exploits for this | Low | Security Focus, January 31, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:025, January 31, Gentoo Linux Security Advisory, GLSA 200501-46, January 31, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, Conectiva Linux Security Announcement, CLA-2005:928, March 3, 2005 ALTLinux Security Advisory, March 29, 2005 | |
Exim 4.43 & prior | Multiple vulnerabilities exist that could allow a local user to obtain The vendor has issued a fix in the latest snapshot:
href="ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/Testing/exim-snapshot.tar.gz">ftp://ftp.csx.cam.ac.uk/pub/software
href="ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/Testing/exim-snapshot.tar.gz.sig">ftp://ftp.csx.cam.ac.uk/pub/software/ Also, patches for 4.43 are available at: Fedora: Ubuntu: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200501-23.xml"> Debian:
href="http://security.debian.org/pool/updates/main/e/exim/"> SUSE: ALT Linux:
href="http://lists.altlinux.ru/pipermail/security-announce/2005-March/000287.html"> An exploit script has been published. | High | Security Tracker Alert ID: 1012771, January 5, 2005 Gentoo Linux Security Advisory, GLSA 200501-23, January 12, 2005 Debian Security Advisory, DSA 635-1 & 637-1, January 12 & 13, SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 US-CERT Vulnerability Note, VU#132992, January 28, 2005 Security Focus, February 12, 2005 ALTLinux Security Advisory, March 29, 2005 | |
ImageMagick 5.3.3, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8 .2-1.1.0, 5.4.8, 5.5.3 | A format string vulnerability exists when handling malformed file Update available at:
href="http://www.imagemagick.org/script/downloads.php"> Ubuntu: Gentoo:
href=" http://security.gentoo.org/glsa/glsa-200503-11.xml"> SUSE:
href="ftp://ftp.suse.com/pub/suse/"> RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-320.html"> Currently we are not aware of any exploits for this vulnerability. | Low/ High (High if arbitrary code can be executed) | Secunia Advisory, Ubuntu Security Notice, USN-90-1, March 3, 2004 SUSE Security Announcement, SUSE-SA:2005:017, March 23, RedHat Security Advisory, RHSA-2005:320-10, March 23, 2005 | |
Linux kernel 2.4 .0-test1-test12, 2.4-2.4.29, 2.6, 2.6-test1-test11, | Multiple vulnerabilities have been reported in the ISO9660 handling Fedora: Currently we are not aware of any exploits for these | High | Security Focus, 12837, March 18, 2005 Fedora Security Update Notification, | |
Linux Kernel versions except 2.6.9 | A race condition vulnerability exists in the Linux Kernel terminal This issue has been addressed in version 2.6.9 of Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-doc-2.6.8.1_2.6.8.1-16.3_all.deb" Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> FedoraLegacy:
href="http://download.fedoralegacy.org/redhat/"> TurboLinux:
href="ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/"> SUSE: Currently we are not aware of any exploits for this | Multiple Vendors Linux Kernel href="http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CAN-2004-0814">CAN-2004-0814 | Low | Security Focus, December 14, 2004 Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 Fedora Legacy Update Advisory, FLSA:2336, February 24, 2005 Turbolinux Security Announcement , February 28, 2005 SUSE Security Announcement, SUSE-SA:2005:018, March 24, |
Linux Kernel versions except 2.6.9 | The Linux Kernel is prone to a local vulnerability in the terminal This issue has been addressed in version 2.6.9 of Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-doc-2.6.8.1_2.6.8.1-16.3_all.deb" Mandrake: FedoraLegacy:
href="http://download.fedoralegacy.org/redhat/"> TurboLinux:
href="ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/"> SUSE: Currently we are not aware of any exploits for this | Low | Security Focus, December 14, 2004 Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 SUSE Security Announcement, SUSE-SA:2005:018, March 24, | |
MandrakeSoft Corporate Server 3.0, x86_64, Linux Mandrake 10.0, AMD64, | A buffer overflow vulnerability exists in the main() function of the Update available at:
link="#999999"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200501-35.xml"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Ubuntu: SUSE:
href="ftp://ftp.suse.com/pub/suse/"> Debian:
href="http://security.debian.org/pool/updates/main/e/evolution/"> Conectiva:
href="ftp://atualizacoes.conectiva.com.br/"> ALT Linux:
href="http://lists.altlinux.ru/pipermail/security-announce/2005-March/000287.html"> Currently we are not aware of any exploits for this | High | Gentoo Linux Security Advisory, GLSA 200501-35, January 25, 2005 Ubuntu Security Notice, USN-69-1, January 25, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:024, January 27, SUSE Security Summary Report, SUSE-SR:2005:003, Debian Security Advisory, DSA 673-1, February 10, 2005 Conectiva Linux Security Announcement, CLA-2005:925, February 16, 2005 ALTLinux Security Advisory, March 29, 2005 | |
MySQL AB MySQL 3.20 .x, 3.20.32 a, 3.21.x, 3.22 .x, 3.22.26-3.22.30, | A vulnerability exists in the 'GRANT' command due to a failure to ensure sufficient privileges, which could let a malicious user obtain unauthorized access. Upgrades available at: OpenPKG: RedHat:
href="http://rhn.redhat.com/errata/RHSA-2004-611.html"> SuSE: Trustix:
href="ftp://ftp.trustix.org/pub/trustix/updates/"> Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/m"> Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/"> TurboLinux: FedoraLegacy: There is no exploit code required. | Medium | Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, Fedora Update Notification, Turbolinux Security Announcement, February 17, 2005 Fedora Legacy Update Advisory, FLSA:2129, March 24, | |
RedHat Fedora Core3 & Core 2; | A buffer overflow vulnerability has been reported when handling email messages that contain attachments with MIME-encoded file names, which could let a remote malicious user execute arbitrary code. Fedora: Sylpheed: Currently we are not aware of any exploits for this | High | Fedora Update Notifications, FEDORA-2005-263 & 264, March 29, 2005 | |
Apache Software Foundation Apache 2.0 a9, 2.0, 2.0.28 Beta, 2.0.28, | A remote Denial of Service vulnerability has been reported in the Upgrades available at: SuSE: There is no exploit code required. | Apache mod_ssl 'ssl_io_filter_ cleanup' Remote Denial of Service | Low | Security Focus, 12877, March 23, 2005 |
Daniel Stenberg curl 6.0-6.4, 6.5-6.5.2, 7.1, 7.1.1, 7.2, 7.2.1, 7.3, | A buffer overflow vulnerability exists in the Kerberos authentication SUSE: Ubuntu: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Updates available at: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-20.xml"> Conectiva:
href="ftp://atualizacoes.conectiva.com.br/10/"> ALT Linux:
href="http://lists.altlinux.ru/pipermail/security-announce/2005-March/000287.html"> Currently we are not aware of any exploits for these | High | iDEFENSE Security Advisory , February 21, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:048, March 4, 2005 Gentoo Linux Security Advisory, GLSA 200503-20, March 16, 2005 Conectiva Linux Security Announcement, CLA-2005:940, March 21, 2005 ALTLinux Security Advisory, March 29, 2005 | |
IPsec-Tools IPsec-Tools 0.5; KAME Racoon prior to 20050307 | A remote Denial of Service vulnerability has been reported when parsing Upgrades available at: Fedora: RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-232.html"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-30.xml"> ALTLinux: Currently we are not aware of any exploits for this | Low | Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:232-10, March 23, 2005 Gentoo Linux Security Advisory, GLSA 200503-33, March 25, 2005 ALTLinux Security Advisory, March 29, 2005 | |
Linux Kernel 2.2, 2.4, 2.6 | Several buffer overflow vulnerabilities exist in 'drivers/char/moxa.c' Ubuntu: SUSE: Currently we are not aware of any exploits for these | High | Security Tracker Alert, 1013273, February 23, 2005 SUSE Security Announcement, SUSE-SA:2005:018, March 24, | |
Linux kernel 2.4.0-test1-test12, 2.4-2.4.28, 2.4.29 -rc1&rc2 | A vulnerability exists in the processing of ELF binaries on IA64 systems due to improper checking of overlapping virtual memory address allocations, which could let a malicious user cause a Denial of Service or potentially obtain root privileges. Patch available at:
link="#999999"> Trustix: RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-043.html">
href="http://rhn.redhat.com/errata/RHSA-2005-017.html">http://rhn.redhat.com/errata/ Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> TurboLinux:
href="ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/"> FedoraLegacy:
href="http://download.fedoralegacy.org/redhat/"> SUSE: Currently we are not aware of any exploits for this vulnerability. | Low/High (High if root access can be obtained) | Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, RedHat Security Advisories, RHSA-2005:043-13 & RHSA-2005:017-14m Mandrake Security Advisory, MDKSA-2005:022, January 26, Turbolinux Security Announcement , February 28, 2005 SUSE Security Announcement, SUSE-SA:2005:018, March 24, | |
Linux kernel 2.4-2.4.29, 2.6 .10, 2.6-2.6.11 | A vulnerability has been reported in the 'bluez_sock_create()' function Patches available at: Fedora: A Proof of Concept exploit script has been published. | High | Security Tracker Alert, 1013567, March 27, 2005 | |
Linux kernel 2.6 .10, | A Denial of Service vulnerability has been reported in the Netfilter code due to a memory leak. Ubuntu: SuSE:
href=" ftp://ftp.suse.com/pub/suse/"> Fedora: Currently we are not aware of any exploits for this | Low | Ubuntu Security Notice, USN-95-1 March 15, 2005 SUSE Security Announcement, SUSE-SA:2005:018, March 24, 2005 Fedora Security Update Notification, | |
Linux kernel 2.6 .10, 2.6-2.6.11 | Multiple vulnerabilities exist: a vulnerability exists in the 'radeon' Patches available at: SuSE:
href="ftp://ftp.suse.com/pub/suse/"> Conectiva:
href="ftp://atualizacoes.conectiva.com.br/"> Ubuntu: SUSE: Fedora: ALTLinux: Exploit scripts have been published. | Linux Kernel
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0529">CAN-2005-0529 | Medium/ High (High if arbitrary code can be executed) | Secunia Advisory, SA14270, February 15, 2005 Conectiva Linux Security Announcement, CLA-2005:930, March 7, 2005 Ubuntu Security Notice, USN-95-1 March 15, 2005 SUSE Security Announcement, SUSE-SA:2005:018, March 24, Fedora Security Update Notification, ALTLinux Security Advisory, March 29, 2005
|
Linux Kernel 2.6.10, 2.6 -test1-test11, 2.6-2.6.11 | A Denial of Service vulnerability has been reported in the Patches available at: Fedora: Currently we are not aware of any exploits for this | Low | Fedora Security Update Notification, FEDORA-2005-262, March 28, 2005 | |
Linux kernel 2.6.10, 2.6 -test9-CVS, 2.6 -test1-test11, 2.6, 2.6.1 | A remote Denial of Service vulnerability has been reported in the Ubuntu: Trustix:
href="http://http.trustix.org/pub/trustix/updates"> SUSE: Fedora: ALTLinux: Currently we are not aware of any exploits for this vulnerability. | Low | Ubuntu Security Notice, USN-95-1 March 15, 2005 Trustix Secure Linux Security Advisory, TSL-2005-0009, March 21, 2005 SUSE Security Announcement, SUSE-SA:2005:018, March 24, Fedora Security Update Notification, ALTLinux Security Advisory, March 29, 2005
| |
Linux kernel 2.6.10, 2.6 -test9-CVS, 2.6-test1- -test11, 2.6, | Multiple vulnerabilities exist: a vulnerability exists in the 'shmctl' RedHat:
href="https://rhn.redhat.com/errata/RHSA-2005-092.html"> Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/"> Conectiva:
href="ftp://atualizacoes.conectiva.com.br/1"> SUSE: Fedora: Currently we are not aware of any exploits for these | Linux Kernel
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0177">
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0176">CAN-2005-0176 | Low/Medium (Low if a DoS) | Ubuntu Security Notice, USN-82-1, February 15, 2005 RedHat Security Advisory, RHSA-2005:092-14, February 18, 2005 SUSE Security Announcement, SUSE-SA:2005:018, March 24, 2005 Fedora Security Update Notification, |
Linux kernel 2.6.10, 2.6, -test1-test 11, 2.6.1- 2.6.11; | A vulnerability has been reported in the EXT2 filesystem handling code, which could let malicious user obtain sensitive information. Patches available at: Fedora: Currently we are not aware of any exploits for this | Medium | Security Focus, 12932, March 29, 2005 | |
Linux kernel 2.6.8 rc1-rc3 | A Denial of Service vulnerability exists in the 'ReiserFS' file system Upgrades available at: Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> TurboLinux:
href="ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/"> SUSE: There is no exploit code required. | Low | Security Focus, October 26, 2004 Ubuntu Linux Security Advisory USN-38-1, December 14, 2004 Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 SUSE Security Announcement, SUSE-SA:2005:018, March 24, | |
Linux kernel 2.6-2.6.11 | A vulnerability has been reported in 'SYS_EPoll_Wait' due to a failure Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/"> Fedora: An exploit script has been published. | Medium | Security Focus, 12763, March 8, 2005 Ubuntu Security Notice, USN-95-1 March 15, 2005 Security Focus, 12763, March 22, 2005 Fedora Security Update Notification, | |
X.org X11R6 6.7.0, 6.8, 6.8.1; | An integer overflow vulnerability exists in 'scan.c' due to Patch available at:
link="#999999"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-08.xml"> Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/"> Gentoo:
href=" http://security.gentoo.org/glsa/glsa-200503-15.xml"> Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/x/xfree86/"> ALTLinux: Currently we are not aware of any exploits for this | High | Security Focus, 12714, March 2, 2005 Gentoo Linux Security Advisory, GLSA 200503-08, March 4, 2005 Ubuntu Security Notice, USN-92-1 March 07, 2005 Gentoo Linux Security Advisory, GLSA 200503-15, March 12, 2005 Ubuntu Security Notice, USN-97-1 March 16, 2005 ALTLinux Security Advisory, March 29, 2005 | |
xli 1.14-1.17 | A vulnerability exists due to a failure to manage internal buffers Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-05.xml"> Debian:
href="http://security.debian.org/pool/updates/main/x/xli/"> ALTLinux: Currently we are not aware of any exploits for this | High | Gentoo Linux Security Advisory, GLSA 200503-05, March 2, 2005 Debian Security Advisory, DSA 695-1, March 21, 2005 ALTLinux Security Advisory, March 29, 2005 | |
xli 1.14-1.17; xloadimage 3.0, 4.0, 4.1 | A vulnerability exists due to a failure to parse compressed images safely, which could let a remote malicious user execute arbitrary code. Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-05.xml"> Debian:
href="http://security.debian.org/pool/updates/main/x/xli/"> Fedora: ALTLinux: Currently we are not aware of any exploits for this | High | Gentoo Linux Security Advisory, GLSA 200503-05, March 2, 2005 Fedora Update Notifications, Debian Security Advisory, DSA 695-1, March 21, 2005 ALTLinux Security Advisory, March 29, 2005
| |
| MySQL AB Conectiva Debian Engarde FreeBSD Gentoo HP IBM Immunix Mandrake OpenBSD OpenPKG RedHat Trustix Sun SuSE MySQL AB MySQL 3.20.32 a, 3.22.26- 3.22.30, 3.22.32, 3.23.2- 3.23.5, | A vulnerability exists in the MySQL 'mysqld_multi' script due to insecure temporary file handling, which could let a malicious user obtain elevated privileges. Debian: Mandrake: OpenPKG: Gentoo: TurboLinux:
href="ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/"> FedoraLegacy: There is not exploit code required. | Medium | Debian Security Advisory, DSA 483-1, April 14, 2004 Gentoo Linux Security Advisory, GLSA 200405-20, May 25, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:034, April 20, OpenPKG Security Advisory, OpenPKG-SA-2004.014, April 14, 2004 Turbolinux Security Announcement, February 17, 2005 Fedora Legacy Update Advisory, FLSA:2129, March 24, | |
MySQL 3.20 .x, 3.20.32 a, 3.21 .x, 3.22 .x, 3.22.26-3.22.30, 3.22.32, | A buffer overflow vulnerability exists in the 'mysql_real_connect' function due to insufficient boundary checking, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code. Note: Computers using glibc on Linux and BSD platforms may not be vulnerable to this issue. Debian:
href=" http://security.debian.org/pool/updates/main/m/mysql/"> Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> OpenPKG: Mandrake:
href="http://www.mandrakesoft.com/security/advisories"> Conectiva:
href="ftp://atualizacoes.conectiva.com.br/1"> SUSE:
href="ftp://ftp.suse.com/pub/suse"> Ubuntu:
href=" http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/"> Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/"> TurboLinux:
href="ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/"> FedoraLegacy: We are not aware of any exploits for this vulnerability. | Low/High (High if arbitrary code can be executed) | Secunia Advisory, Debian Security Advisory, DSA 562-1, October 11, 2004 Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, Conectiva Linux Security Announcement, CLA-2004:892, November 18, 2004 Fedora Update Notification, Turbolinux Security Announcement, February 17, 2005 Fedora Legacy Update Advisory, FLSA:2129, March 24, | |
MySQL 3.23.49, 4.0.20 | A vulnerability exists in the 'mysqlhotcopy' script due to predictable Debian:
href="http://security.debian.org/pool/updates/main/m/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200409-02.xml"> SuSE:
href="ftp://ftp.suse.com/pub/suse/"> RedHat:
href="http://rhn.redhat.com/errata/RHSA-2004-569.html"> OpenPKG:
href="ftp://ftp.openpkg.org/release/"> Mandrake: Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/"> TurboLinux:
href="ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/"> FedoraLegacy: There is no exploit code required. | Medium | Debian Security Advisory, DSA 540-1, August 18, 2004 Gentoo Linux Security Advisory GLSA 200409-02, September 1, 2004 SUSE Security Announcement, SUSE-SA:2004:030, September 6, 2004 RedHat Security Advisory, ,RHSA-2004:569-16, October 20, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, SUSE Security Summary Report, USE-SR:2004:001, November 24, 2004 Fedora Update Notification, Turbolinux Security Announcement, February 17, 2005 Fedora Legacy Update Advisory, FLSA:2129, March 24, | |
MySQL 3.x, 4.x
| Two vulnerabilities exist: a vulnerability exists due to an error in Updates available at:
href="http://dev.mysql.com/downloads/mysql/"> Debian:
href=" http://security.debian.org/pool/updates/main/m/mysql"> Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Mandrake:
href="http://www.mandrakesoft.com/security/advisories"> Conectiva:
href="ftp://atualizacoes.conectiva.com.br/1"> Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/"> SuSE: Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/"> TurboLinux:
href="ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/"> FedoraLegacy: We are not aware of any exploits for these vulnerabilities. | Low/ Medium (Low if a DoS; and Medium if security | Secunia Advisory, SA12783, October 11, 2004 Trustix Secure Linux Security Advisory, TSLSA-2004-0054, October 15, Mandrakelinux Security Update Advisory, MDKSA-2004:119, November 1, Conectiva Linux Security Announcement, CLA-2004:892, November 18, 2004 Ubuntu Security Notice, USN-32-1, November 25, 2004 SUSE Security Summary Report, SUSE-SR:2004:001, November 24, 2004 Fedora Update Notification, Turbolinux Security Announcement, February 17, 2005 Fedora Legacy Update Advisory, FLSA:2129, March 24, | |
MySQL 4.x | A vulnerability exists in the 'mysqlaccess.sh' script because temporary Update available at:
href=" http://lists.mysql.com/internals/20600"> Ubuntu:
href="http://www.ubuntulinux.org/support/documentation/usn/usn-63-1"> Debian:
href="http://www.debian.org/security/2005/dsa-647"> Gentoo:
href="http://www.gentoo.org/security/en/glsa/glsa-200501-33.xml"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" FedoraLegacy: Currently we are not aware of any exploits for this | MySQL 'mysqlaccess.sh' Unsafe Temporary Files
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004">CAN-2005-0004 | Medium | Security Tracker Alert, 1012914, January 17,2005 Ubuntu Security Notice USN-63-1 January 18, 2005 Debian Security Advisory Gentoo GLSA 200501-33, January 23, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:036, February 11, Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, Fedora Legacy Update Advisory, FLSA:2129, March 24, |
openMosixview 1.2-1.5 | Multiple vulnerabilities have been reported due to the creation of various temporary files that contain predictable filenames, which could let a malicious user create/overwrite arbitrary files. No workaround or patch available at time of publishing. A Proof of Concept exploit script has been published. | Medium | Securiteam, March 28, 2005 | |
SpamAssassin prior to 2.64 | A Denial of Service vulnerability exists in Update to version (2.64), available at: href="http://old.spamassassin.org/released/">http://old.spamassassin.org/released/ Gentoo:
href="http://security.gentoo.org/glsa/glsa-200408-06.xml"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> OpenPKG:
href="ftp://ftp.openpkg.org/release/"> Conectiva:
href="ftp://atualizacoes.conectiva.com.br/"> RedHat:
href="http://rhn.redhat.com/errata/RHSA-2004-451.html"> FedoraLegacy: We are not aware of any exploits for this | Low | Security Tracker: 1010903, August 10, 2004 Mandrake Security Advisory, MDKSA-2004:084, August 19, OpenPKG Security Advisory, OpenPKG-SA-2004.041, September Conectiva Linux Security Announcement, CLA-2004:867, RedHat Security Advisory, RHSA-2004:451-05, September 30, Fedora Legacy Update Advisory, class=bodytext>FLSA:2268 , March 24, 2005 | |
WebAPP 0.9.9 .2, 0.9.9 | A vulnerability has been reported due to an unspecified error, which could let a remote malicious user obtain sensitive information. Update available at: | Medium | Secunia Advisory, SA14716, March 29, 2005 | |
[back to
top]
size=-2>
[back to
top]
size=-2>
Recent
Exploit Scripts/Techniques
The table belowcontains a sample of exploit scripts and "how to" guides identified during this
period. The "Workaround or Patch Available" column indicates if vendors,
security vulnerability listservs, or Computer Emergency Response Teams (CERTs)
have published workarounds or patches.
Note: At times,
scripts/techniques may contain names or content that may be considered
offensive.
Date of | Script name | Workaround or Patch Available | Script Description |
| March 29, 2005 | answerbook2.txt | Yes | Exploit for the Sun Answerbook2 Cross-Site Scripting vulnerability. |
| March 29, 2005 | blackmagic.txt | N/A | A guide to advanced network attack and reconnaissance techniques using Python. Includes topics such as firewalking, port scanning, ARP poisoning, and DNS poisoning. |
| March 29, 2005 | photopostSQLXSS.txt | No | Detailed exploitation for the PhotoPost PHP Pro Cross-Site Scripting & SQL Injection vulnerabilities. |
| March 29, 2005 | smack.c.gz | No | Exploit for the Smail-3 Remote preparse_address_1() heap buffer overflow vulnerability. |
| March 29, 2005 | vladersoft30.txt | No | Sample exploitation for the Valdersoft Shopping Cart Multiple Input Validation vulnerabilities. |
| March 29, 2005 | WepDecrypt-0.5.tar.gz | N/A | A wireless LAN tool based on wepattack that guesses WEP keys using an active dictionary attack, a key generator, a distributed network attack, and some other methods. |
| March 28, 2005 | dcrab-e-xoops.txt | No | Proof of Concept URLs for the EXoops Multiple Input Validation vulnerabilities. |
| March 28, 2005 | kernelBluetoothSocketPoC.c | Yes | Proof of Concept exploit for the Linux Kernel Bluetooth Signed Buffer Index Vulnerability. |
| March 28, 2005 | relayscanner.zip | N/A | SMTP relay scanner that checks for open relays and misconfigurations that allow spoofing via the tested mailserver or for internal mail to internal address from external nets. |
| March 28, 2005 | RX_oMcollector_proof.sh dvRX250305.txt | No | Proof of Concept exploits for the OpenMosixview Multiple Insecure Temporary File Creation vulnerabilities. |
| March 28, 2005 | timbuktu_userbrute.c | N/A | Timbuktu Pro Remote Control user enumeration program is a wordlist-based bruteforce tool that checks whether a given username exists on the target server or not, which is possible due to a difference in the error message returned when the username is invalid versus when the password is invalid. |
| March 28, 2005 | tincat2bof.zip | Yes | Proof of Concept exploit for the Tincat Network Library Remote Buffer Overflow vulnerability. |
| March 28, 2005 | ZH2005-03SA.txt | Yes | Example URLs for the Nuke Bookmarks Multiple Remote Vulnerabilities. |
| March 25, 2005 | cachedump-1.1.zip | N/A | CacheDump is a tool that demonstrates how to recover cache entry information: username and hashed password (called MSCASH). This tool also explains the technical issues underneath Windows password cache entries, which are undocumented by Microsoft. |
| March 25, 2005 | lameSeries60NokiaDoS.pl | No | An exploit for the Nokia/Symbian Series60 bluetooth device-name handling vulnerability. |
| March 25, 2005 | phpbb2013user.txt | No | Exploit for the phpbb vulnerability. |
| March 25, 2005 | WebApp_HTTPMod.pdf | N/A | A whitepaper that describes how the IHttpModule that comes with the .Net framework can be used to man-in-the-middle HTTP transactions in order to help filter against input validation attacks. |
| March 25, 2005 | WebServices_Profiling.pdf | N/A | A whitepaper that discusses the scope of information gathering used against web services. Second in a series of papers defining attack and defense methodologies with web services. |
| March 24, 2005 | Attack_5250_terminal_em.pdf | No | A paper that describes how insertion of commands inside an AS/400 application allows them to be executed as a command on the connected PC. |
| March 24, 2005 | cisco-torch-0.4b.tar.bz2 | N/A | Cisco Torch mass scanning, fingerprinting, and exploitation tool. |
| March 24, 2005 | essus-installer-2.2.4.sh | N/A | A free, up-to-date, and full featured remote vulnerability scanner for Linux, BSD, Solaris and other systems. |
| March 24, 2005 | snmp-fuzzer-0.1.1.tar.bz2 | N/A | SNMP fuzzer uses Protos test cases with an entirely new engine written in Perl. It provides efficient methods of determining which test case has caused a fault, offers more testing granularity and a friendlier user interface. Happy vulnerability searching. |
| March 22, 2005 | phpautolog.pl | No | phpBB versions 2.0.12 and below remote session autologin exploit that gives a user administrative rights. |
name=trends>Trends
- Phishing Attacks Jump 26%: According to the
Anti-phising Working Group in the February Phishing Activity Trends report
"Phishing without a lure" is an increasingly common attack style. The report,
compiled with research from Websense Security Labs and Tumbleweed Message
Protection Lab, reported 13,141 new, unique phishing e-mail messages in
February 2005, more than a 2 percent increase over January. The average
monthly growth rate in attacks since July 2004 was 26 percent. The United
States continues to be the top location geographic location for hosting
phishing sites with more than 37%, which was almost a 6% increase from last
month. Source: href="http://www.internetnews.com/security/article.php/3493046">http://www.internetnews.com/security/article.php/3493046.
Report: href="http://antiphishing.org/APWG_Phishing_Activity_Report_Feb05.pdf">http://antiphishing.org/APWG_Phishing_Activity_Report_Feb05.pdf - First IM
phishing attack hits Yahoo!: The first phishing attack carried out
via instant messenger tried to trick Yahoo Messenger users last week into
giving up information that would let attackers access their IM account and
contact list. Yahoo Messenger users have been spimmed (spam for IM) with
messages that include a link to a bogus Web site that looks like an official
Yahoo page, which asks them to log in with their Yahoo username and password.
Source: href="http://www.informationweek.com/story/showArticle.jhtml?articleID=159906218">http://www.informationweek.com/story/showArticle.jhtml?articleID=159906218 - Experts debate real risk of cell phone
viruses: When anti-virus researchers reported the discovery of the
first proof-of-concept cell phone virus, analysts and experts immediately
predicted a coming wave of malware targeting high-end mobile devices. But not
everyone is convinced that the risk is high enough to justify the investments.
"A lot of this is hyped to create a market that doesn't exist," said Neil
MacDonald, group vice president and research director at Gartner Inc. However,
Kaspersky Labs, the well-known Russian anti-virus company has a different
view. "Malware for smart phones is now evolving, and seems likely to become a
growing threat as smart phones gain popularity," the company said in a
statement. Symantec Corp., Trend Micro Inc. and McAfee Inc. also have invested
in mobile anti-virus products. Source: href="http://www.eweek.com/article2/0,1759,1779359,00.asp">http://www.eweek.com/article2/0,1759,1779359,00.asp. - High-profile identify thefts force government,
industry to take action: The Federal Trade Commission logged 635,000
consumer complaints for fraud and identity theft last year, with 61% for fraud
and 39% for identity theft This rash of identity thefts has businesses and
government agencies exploring new options for locking down resources and
setting policies. Source: href="http://www.nwfusion.com/news/2005/032805-identity-theft.html?ts%A0">http://www.nwfusion.com/news/2005/032805-identity-theft.html?ts%A0. - Hackers phishing for Chinese victims:
Chinese consumers are becoming increasingly popular targets of international
Internet scammers, or "phishers", hoping to con the country's growing ranks of
Web surfers out of their money. "China reported 223 fake Web sites last year,
a huge increase from only one reported from 2002 to 2003," Source: href="http://www.expressindia.com/fullstory.php?newsid=43954">http://www.expressindia.com/fullstory.php?newsid=43954.
name=viruses>Viruses/Trojans
Top Ten Virus Threats
A list of high threat
viruses, as reported to various anti-virus vendors and virus incident reporting
organizations, has been ranked and categorized in the table below. For the
purposes of collecting and collating data, infections involving multiple systems
at a single location are considered a single infection. It is therefore possible
that a virus has infected hundreds of machines but has only been counted once.
With the number of viruses that appear each month, it is possible that a new
virus will become widely distributed before the next edition of this
publication. To limit the possibility of infection, readers are reminded to
update their anti-virus packages as soon as updates become available. The table
lists the viruses by ranking (number of sites affected), common virus name, type
of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on
number of infections reported since last week), and approximate date first
found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trends |
face="Arial, Helvetica, sans-serif">Date |
1 | Netsky-P | Win32 Worm | Stable | March 200 face="Arial, Helvetica, sans-serif">4 |
2 | Bagle-BJ | Win32 Worm | Stable | January 2005 |
3 | Zafi-D | Win32 Worm | Stable | December 2004 |
4 | Netsky-Q | Win32 Worm | Stable | March 2004 |
5 | Zafi-B | Win32 Worm | Stable | June 2004 |
6 | Netsky-D | Win32 Worm | Stable | March 2004 |
7 | Netsky-Z | Win32 Worm | Stable | April 2004 |
8 | Netsky-B | Win32 Worm | Stable | February 2004 |
9 | Bagle-AU | Win32 Worm | Stable | October 2004 |
10 | Bagle.BB | Win32 Worm | Stable | September 2004 |
face="Arial, Helvetica, sans-serif">Table Updated March 29,
2005
Viruses or Trojans Considered to be a High Level of
Threat
-
href="#drever">Drever-C: Malware authors have
created a Trojan that targets Symbian smart phones and attempts to remove any
anti-virus protection it finds. Drever-C poses as a security update and tries
to damage the boot loader and application binaries of F-Secure Mobile
Anti-Virus. Like all mobile malware threats to date, Drever-C is rare and
largely a risk confined to people downloading content from disreputable
sources. Source: href="http://www.theregister.co.uk/2005/03/23/mobile_trojan_targets_av/">http://www.theregister.co.uk/2005/03/23/mobile_trojan_targets_av/ - Mytob: Multiple
variations of the Mytob worm have appeared in the last week, said Symantec,
all of them able to plant a backdoor on infected machines and prevent them
from updating security software. Source: href="http://www.informationweek.com/story/showArticle.jhtml?articleID=159907336">http://www.informationweek.com/story/showArticle.jhtml?articleID=159907336
The following table
provides, in alphabetical order, a list of new viruses, variations of previously
encountered viruses, and Trojans that have been discovered during the period
covered by this bulletin. This information has been compiled from the following
anti-virus vendors: Sophos, Trend Micro, Symantec, McAfee, Network Associates,
Central Command, F-Secure, Kaspersky Labs, MessageLabs, Panda Software, Computer
Associates, and The WildList Organization International. Users should keep
anti-virus software up to date and should contact their anti-virus vendors to
obtain specific information on the Trojans and Trojan variants that anti-virus
software detects.
NOTE: At
times, viruses and Trojans may contain names or content that may be considered
offensive.
updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.