Summary of Security Items from May 11 through May 17, 2005
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference |
face="Arial, Helvetica, sans-serif">Risk |
face="Arial, Helvetica, sans-serif">Source |
1Two Livre d'Or 1.0 | An input validation vulnerability has been reported that could let a remote malicious user conduct Cross-Site Scripting attacks. The 'guestbook.php' script does not properly validate user-supplied input in the nom, email, and message fields. The vendor has reportedly issued a fix. Currently we are not aware of any exploits for this vulnerability. | 1Two Livre d'Or Input Validation Errors Permit Cross-Site Scripting | High | Security Tracker Alert ID: 1013971, May 13, 2005 |
ClassMaster | A vulnerability has been reported that could let remote malicious users gain unauthorized access to users' folders.
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | High | Security Focus, Bugtraq ID 13604, May 12, 2005 | |
bttlxeForum 2.0 | A vulnerability has been reported that could let a remote malicious user determine the installation path and other system information by supplying a URL containing a scripting code in hex format. No workaround or patch available at time of publishing. An exploit has been published. | bttlxeForum Discloses Installation Path to Remote Users | Medium | Security Tracker Alert ID: 1013934, May 11, 2005 |
ASP Virtual News Manager | A vulnerability has been reported that could let a remote malicious user inject SQL commands. This is due to an input validation error in the 'aspvirtualnews/admin_login.asp' script with the 'password' parameter. No workaround or patch available at time of publishing. An exploit has been published. | Darrel O'Neil ASP Virtual News Remote SQL Injection Vulnerability | High | Security Tracker Alert ID: 1013933, May 11, 2005 |
DotNetNuke 3.0.12 | Multiple vulnerabilities exist that could let remote malicious users conduct script insertion attacks. Input passed to the 'User-Agent' HTTP header, the username, and certain registration data is not properly validated. Update to version 3.0.12. There is no exploit code required. | DotNetNuke Script Insertion Vulnerabilities | High | Secunia SA15397, May 17, 2005 |
Fastream NETFile FTP/Web Server 7.4.6 | A vulnerability has been reported that could let remote malicious users bypass certain security restrictions or cause a Denial of Service. This is caused due to missing validation of the IP address specified as argument to the PORT command and can be exploited via so-called 'FTP Bounce' attacks to open connections to arbitrary systems via the FTP server. Update to version 7.6 and disable FXP support. Currently we are not aware of any exploits for this vulnerability. | Fastream NETFile FTP/Web Server FTP Bounce Vulnerability | Medium | SIG^2 Vulnerability Research Advisory, May 17, 2005 |
Gurgens Guest Book 2.1 | A vulnerability has been reported in Gurgens Guest Book that could let a remote malicious user access the 'Genid.dat' file in the 'db' directory and then decrypt the passwords in the file.
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | GASoft Gurgens Guest Book Discloses Database & Passwords to Remote Users | Medium | Security Tracker Alert ID: 1013976, May 16, 2005 |
Ultimate Forum 1.0 | A vulnerability has been reported that could let a remote malicious user access the 'Genid.dat' file in the 'db' directory and then decrypt the passwords in the file. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | GASoft Ultimate Forum Discloses Database and Passwords to Remote Users | Medium | Security Tracker Alert ID: 1013974, May 16, 2005 |
GeoVision Digital Video Surveillance System 6.04, 6.1, and 7.0 | A vulnerability has been reported that could let a remote malicious user view sensitive information. This is because images can be accessed directly via the JPEG Image Viewer. Enable the "Enhanced Network Security" feature introduced in version 7.0. Currently we are not aware of any exploits for this vulnerability. | GeoVision Digital Video Surveillance System Authentication Bypass | Medium | Esqo Security Advisory , May 10, 2005 |
EnCase Forensic Edition 4.18a | A vulnerability has been reported that could let a remote malicious user hide information on a disk. Support is missing for Device Configuration Overlays (DCO) and the program fails to read parts of a disk using this feature. No workaround or patch available at time of publishing. There is no exploit code required. | Guidance Software EnCase Device Configuration Overlay Data Acquisition Vulnerability | Medium | Secunia SA15340, May 13, 2005 |
ImageGallery | A vulnerability have been reported that could let a remote malicious user download the database and access the administrative password.
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Keyvan1 | High | Security Tracker Alert ID: 1013970, May 13, 2005 |
MaxWebPortal 1.x | Multiple vulnerabilities have been reported that could let a remote malicious user conduct Cross-Site Scripting and SQL injection attacks. These are due to input validation errors in the 'mod,' 'M,' and 'type' parameters in 'post.asp' and 'Forum_Title' parameter in 'post.asp,' the 'txtAddress,' 'message' and 'subject' parameters in 'post_info.asp,' the 'andor' parameter in 'search.asp,' the 'verkey' parameter in 'pop_profile.asp,' a certain password parameter in 'pop_profile.asp,' and the 'Remove' and 'Delete' parameters in 'pm_delete2.asp.' No workaround or patch available at time of publishing. Exploits have been published. | MaxWebPortal Cross-Site Scripting & SQL Injection | High | Zinho's Security Advisory, May 11, 2005 |
Windows Media Player 9 Series, Windows Messenger 5.0, MSN Messenger 6.1, 6.2 | Several vulnerabilities exist: a vulnerability exists in Media Player due to a failure to properly handle PNG files that contain excessive width or height values, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the Windows and MSN Messenger due to a failure to properly handle corrupt or malformed PNG files, which could let a remote malicious user execute arbitrary code. Patches available at: V1.1: Bulletin updated with information on the mandatory upgrade of vulnerable MSN Messenger clients in the caveat section, as well as changes to the Workarounds for PNG Processing Vulnerability in MSN Messenger. V1.2: Bulletin updated with correct file version information for Windows Messenger 5.0 update, as well as added Windows Messenger 5.1 to "Non-Affected Software" list. V2.0: The update for Windows Messenger version 4.7.0.2009 (when running on Windows XP Service Pack 1) was failing to install when distributed via SMS or AutoUpdate. An updated package corrects this behavior. V2.1: Bulletin updated to update the "Security Update Information" section for the Microsoft Windows Messenger 4.7.0.2009 (when running on Windows XP Service Pack 1) security update. An exploit script has been published for MSN Messenger/Windows Messenger PNG Buffer Overflow vulnerability. | Microsoft Media Player & Windows/MSN Messenger PNG Processing | High | Microsoft Security Bulletin, MS05-009, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A US-CERT Cyber Security Alert SA05-039A US-CERT Vulnerability Note VU#259890 Security Focus, February 10, 2005 Microsoft Security Bulletin MS05-009 V1.1, February 11, 2005 Microsoft Security Bulletin, MS05-009 V1.2, February 15, 2005 Microsoft Security Bulletin, MS05-009 V2.0, April 12, 2005 Microsoft Security Bulletin, MS05-009 V2.1, May 11, 2005 |
Windows XP Service Pack 2, Windows 2003 Server Service Pack 1 | A remote Denial of Service vulnerability has been reported. The IPV6 TCP/IP stack is prone to a 'loopback' condition initiated by sending a TCP packet with the 'SYN' flag set and the source address and port spoofed to equal the destination source and port. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Microsoft IPV6 TCPIP Loopback LAND Denial of Service Vulnerability | Low | Security Focus Bugtraq ID 13658, May 17, 2005 |
MSN Messenger 6.2 | A vulnerability has been reported because MSN Messenger may not process a malformed GIF image with an improper height and width. This could let remote malicious users execute arbitrary code. Updates available:
href="http://www.microsoft.com/technet/security/Bulletin/MS05-022.mspx "> V1.1: Bulletin updated with correct file version information for MSN Messenger 6.2. Currently we are not aware of any exploits for this vulnerability. | Microsoft MSN Messenger Remote Code Execution Vulnerability href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0562">CAN-2005-0562 | High | Microsoft Security Bulletin MS05-022, April 12, 2005 href="http://www.us-cert.gov/cas/techalerts/TA05-102A.html">Technical Cyber Security Alert TA05-102A Microsoft Security Bulletin MS05-022, May 11, 2005 |
Windows 2000 SP 3 and SP4 Windows XP SP 1 and SP2 Windows XP 64-Bit Edition SP1 and 2003 (Itanium) Windows Server 2003 Windows Server 2003 for Itanium-based Systems Windows 98, Windows 98 SE, and Windows ME | Multiple vulnerabilities have been reported that include IP Validation, ICMP Connection Reset, ICMP Path MTU, TCP Connection Reset, and Spoofed Connection Request. These vulnerabilities could let remote malicious users execute arbitrary code or execute a Denial of Service. Updates available: V1.1: Bulletin updated to advise customers that Microsoft plans to re-release the MS05-019 security update in June, 2005. Until the re-release of this security update is available, customers experiencing the symptoms described in Microsoft Knowledge Base Article 898060 should follow the documented instructions to address this issue. If you are not experiencing this network connectivity issue Microsoft recommends that you install the currently available security update A Proof of Concept exploit has been published. | Microsoft Windows TCP/IP Remote Code Execution and Denial of Service Vulnerabilities
href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0048">CAN-2005-0048 | Low/ High (High if arbitrary code can be executed) | Microsoft Security Bulletin MS05-019, April 12, 2005 href="http://www.us-cert.gov/cas/techalerts/TA05-102A.html">Technical Cyber Security Alert TA05-102A Microsoft Security Bulletin MS05-019, May 11, 2005 |
Windows Media Player 9 prior to 9.0.0.3263 and 10 prior to 10.0.0.3901 | A vulnerability has been reported that could let a remote malicious user redirect the target user's player to an arbitrary web site. Certain types of Windows Media Digital Rights Management (WMDRM)-protected content can cause the target user's Windows Media Player to redirect to a specified web page. This may occur even if the target user's player has the 'Acquire licenses automatically for protected content' checkbox de-selected under the privacy options.
The following updates are available: Windows Media Player 10: Windows Media Player 9 Series for Windows 2000, Windows XP, and Windows Server 2003: Currently we are not aware of any exploits for this vulnerability. | Microsoft Windows Media Player May Allow Redirection | High | Microsoft Security Advisory (892313), May 10, 2005 |
Word 2000, 2002 Works Suite 2001, 2002, 2003, and 2004 Office Word 2003 | A buffer overflow vulnerability has been reported that could lead to remote execution of arbitrary code or escalation of privilege. Updates available:
href="http://www.microsoft.com/technet/security/Bulletin/MS05-023.mspx"> V1.1 Bulletin updated to point to the correct Exchange 2000 Server Post-Service Pack 3 (SP3) Update Rollup and to advise on the scope and caveats of workaround "Unregister xlsasink.dll and fallback to Active Directory for distribution of route information." V1.2: Bulletin updated to add msiexec in the administrative installation in "Administrative Deployment" section for all versions. Currently we are not aware of any exploits for this vulnerability. | Microsoft Word Remote Code Execution & Escalation of Privilege Vulnerabilities
href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0963">CAN-2004-0963 | High | Microsoft Security Bulletin MS05-023, April 12, 2005 Microsoft Security Bulletin MS05-023 V1.1, April 14, 2005 Microsoft Security Bulletin MS05-023 V1.2, May 11, 2005 |
Firefox 0.10.1 and 1.0 for | Two vulnerabilities have been reported that could let remote malicious users to spoof file types in the file download dialog. Input validation errors occur in the filename and the 'Content-Type' header before being displayed in the file download dialog. The 'Content-Type' header is used for associating a file to a file type in the file download dialog, but the file extension is left intact when saving the file to disk with 'Save to Disk.' This can be exploited to spoof file types in the file download dialog. The vulnerabilities have been partially fixed in version 1.0.1. Currently we are not aware of any exploits for these vulnerabilities. | Mozilla Firefox Download Dialog Spoofing Vulnerabilities | Medium | Secunia SA12979, May 12, 2005 |
RSA Authentication Agent for Web for IIS 5, 5.2, 5.3 | A vulnerability has been reported that could let remote malicious users execute arbitrary code. The is due to a boundary error and can cause a heap-based buffer overflow by sending an overly long piece of data via the chunked-encoding mechanism. A patch is available:
href="https://knowledge.rsasecurity.com/"> Currently we are not aware of any exploits for this vulnerability. | High | Secunia, SA15222 , May 9, 2005 | |
Multiple vulnerabilities have been reported that could let remote malicious users conduct SQL injection attacks. This is due to input validation errors in input passed to the 'username,' 'password,' and 'domain' fields in No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Sigma ISP Manager SQL Injection Vulnerabilities | High | Secunia SA15379, May 17, 2005 | |
602LAN SUITE 2004.0.05.0413 | A vulnerability has been reported that could let remote users detect the presence of local files and cause a Denial of Service. No redirection occurs when accessing the "mail" script with the "A" parameter referencing a valid local file via directory traversal attacks. Upgrade available at: A Proof of Concept exploit has been published. | Low | Secunia Advisory, SA15231, May 3, 2005 Security Focus, 13519, May 11, 2005 | |
PostMaster version 4.2.2 (build 3.2.5) | Multiple vulnerabilities have been reported that could let a remote malicious user detect the presence of local files, enumerate usernames, conduct Cross-Site Scripting attacks, and bypass certain security restrictions. These are due to errors in the web mail service, in the handling of the 'wmm' parameter in 'message.htm,' in the authentication process, and in validating the 'email' parameter in 'message.htm.' No workaround or patch available at time of publishing. Currently we are not aware of any exploits for these vulnerabilities. | Woppoware PostMaster Multiple Vulnerabilities | High | Secunia SA15268, May 11, 2005 |
ShowOff! Digital Media Software 1.5.4 | Two vulnerabilities have been reported that could let a remote malicious user cause a Denial of Service and view sensitive information. These are due to an input validation error in the request handling and an error in the communication handling. No workaround or patch available at time of publishing. An exploit has been published. | WSW ShowOff! Digital Media Software Two Vulnerabilities | Medium | Secunia SA15300, May 11, 2005 |
Yahoo! Messenger 5.x to 6.0 Windows | A vulnerability has been reported that could let a remote malicious user cause a Denial of Service. This is because the application fails to properly handle exceptional conditions.
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Low | Security Focus Bugtraq ID 13626, May 13, 2005 |
UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference | Risk | Source |
Mac OS X 10.3-10.3.9, Mac OS X Server 10.3- 10.3.9 | Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'htdigest' due to a boundary error, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in the AppKit component when processing TIFF files, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in the AppKit component when parsing certain TIFF images because an invalid call is made to the 'NXSeek()' function; a vulnerability was reported due to an error when handling AppleScript because code is displayed that is different than the code that is actually run, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to an error in the Bluetooth support because files are shared without notifying the user properly, which could let a remote malicious user obtain sensitive information; a Directory Traversal vulnerability was reported in the Bluetooth file, which could let a remote malicious user obtain sensitive information; a vulnerability was reported in the 'chfn,' 'chpass,' and 'chsh' utilities because certain external helper programs are invoked insecurely, which could let a malicious user obtain elevated privileges; a vulnerability was reported in Finder due to the insecure creation of '.DS_Store' files, which could let a malicious user obtain elevated privileges; a vulnerability was reported in Help Viewer because a remote malicious user can run JavaScript without imposed security restrictions; a vulnerability was reported in the LDAP functionality because passwords are stored in plaintext, which could let a remote malicious user obtain sensitive information; a vulnerability was reported due to errors when parsing XPM files, which could let a remote malicious user compromise the system; a vulnerability was reported in 'lukemftpd' because chroot restrictions can be bypassed, which could let a remote malicious user bypass restrictions; a vulnerability was reported in the Netinfo Setup Tool (NeST) when processing input passed to the ' -target' command line parameter due to a boundary error, which could let a malicious user execute arbitrary code; a vulnerability was reported when the HTTP proxy service in Server Admin is enabled because by default it is possible for everyone to use the proxy service; a vulnerability was reported in the HTTP proxy service in Server Admin for Mac OS X due to insufficient access restrictions, which could let a remote malicious user obtain unauthorized access; a vulnerability was reported in sudo in the environment clearing, which could let a malicious user obtain elevated privileges; a vulnerability was reported in the Terminal utility, which could let a remote malicious user inject arbitrary data; a vulnerability was reported due to an error in the Terminal utility, which could let a remote malicious user inject commands in x-man-path URIs; and a vulnerability was reported in vpnd due to a boundary error, which could let a malicious user execute arbitrary code. Upgrades available at:
href="http://www.apple.com/support/downloads/securityupdate2005005server.html" Proofs of Concept exploits have been published. | Apple Mac OS X Multiple Vulnerabilities
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687">CAN-2004-0687
| Low/ Medium/ High (Low if a DoS; Medium is sensitive information or elevated privileges can be obtained; and High if arbitrary code can be executed) | Apple Security Update, APPLE-SA-2005-05-03, May 3, 2005 Technical Cyber Security Alert TA05-136A
|
Mac OS X Server 10.3- 10.3.9 | A buffer overflow vulnerability has been reported in the NetInfo Setup Tool (NeST) when excessive string values are processed through a command line parameter, which could let a malicious user execute arbitrary code with root privileges. Updates available at: href=" http://www.apple.com/support/downloads/">http://www.apple.com/support/downloads/ Currently we are not aware of any exploits for this vulnerability. | High | Apple Security Update, APPLE-SA-2005-05-03, May 3, 2005 | |
QuickTime Player 7.0 | A vulnerability has been reported in the QuickTime Web plugin because Quartz Composer compositions that are embedded in '.mov' files can access system information, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Apple QuickTime Quartz Composer File Information Disclosure | Medium | Security Tracker Alert, 1013961, May 12, 2005 |
bzip2 1.0.2 | A remote Denial of Service vulnerability has been reported when the application processes malformed archives. Ubuntu: Currently we are not aware of any exploits for this vulnerability. | bzip2 Remote Denial of Service | Low | Ubuntu Security Notice, USN-127-1, May 17, 2005 |
bzip2 1.0.2 & prior | A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions of target files. Ubuntu: There is no exploit code required. | BZip2 File Permission Modification | Medium | Security Focus, Ubuntu Security Notice, USN-127-1, May 17, 2005 |
Cyrus IMAP Server 2.x
| Multiple vulnerabilities exist: a buffer overflow vulnerability exists in mailbox handling due to an off-by-one boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in the imapd annotate extension due to an off-by-one boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in 'fetchnews,' which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exist because remote administrative users can exploit the backend; and a buffer overflow vulnerability exists in imapd due to a boundary error, which could let a remote malicious user execute arbitrary code. Update available at:
href=" http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200502-29.xml"> SUSE: Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Conectiva:
href="ftp://atualizacoes.conectiva.com.br/"> ALT Linux:
href="http://lists.altlinux.ru/pipermail/security-announce/2005-March/000287.html"> OpenPKG: Fedora: RedHat: Currently we are not aware of any exploits for these vulnerabilities. | High | Secunia Advisory, Gentoo Linux Security Advisory, GLSA 200502-29, SUSE Security Announcement, Ubuntu Security Mandrakelinux Conectiva Linux Security ALTLinux Security Advisory, OpenPKG Security Advisory, Fedora Update Notification, RedHat Security Advisory, RHSA-2005:408-04, May 17, 2005 | |
Cheetah 0.9.16 a1 | A vulnerability has been reported because modules are imported from the '/tmp' directory before searching for the path from the 'PYTHONPATH' variable, which could let a malicious user obtain elevated privileges.
Upgrades available at: There is no exploit code required. | Cheetah Elevated Privileges | Medium | Secunia Advisory, SA15386, May 17, 2005 |
Ethereal 0.8.14, 0.8.15, 0.8.18, 0.8.19, 0.9-0.9.16, 0.10-0.10.9 | Multiple vulnerabilities were reported that affects more 50 different dissectors, which could let a remote malicious user cause a Denial of Service, enter an endless loop, or execute arbitrary code. The following dissectors are affected: 802.3 Slow, AIM, ANSI A, BER, Bittorrent, CMIP, CMP, CMS, CRMF, DHCP, DICOM, DISTCC, DLSw, E IGRP, ESS, FCELS, Fibre Channel, GSM, GSM MAP, H.245, IAX2, ICEP, ISIS, ISUP, KINK, L2TP, LDAP, LMP, MEGACO, MGCP, MRDISC, NCP, NDPS, NTLMSSP, OCSP, PKIX Qualified, PKIX1Explitit, Presentation, Q.931, RADIUS, RPC, RSVP, SIP, SMB, SMB Mailslot, SMB NETLOGON, SMB PIPE, SRVLOC, TCAP, Telnet, TZSP, WSP, and X.509. Upgrades available at: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-03.xml"> Mandriva: An exploit script has been published. | Ethereal Multiple Remote Protocol Dissector Vulnerabilities
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1456">CAN-2005-1456 | Low/ High (High if arbitrary code can be executed) | Ethereal Security Advisory, enpa-sa-00019, May 4, 2005 Gentoo Linux Security Advisory, GLSA 200505-03, May 6, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:083, May 11, 2005 |
FreeBSD 5.4 & prior | A vulnerability was reported in FreeBSD when using Hyper-Threading Technology due to a design error, which could let a malicious user obtain sensitive information and possibly elevated privileges.
Patches and updates available at: Currently we are not aware of any exploits for this vulnerability. | FreeBSD Hyper-Threading Technology Support Information Disclosure | Medium | FreeBSD Security Advisory, FreeBSD-SA-05:09, May 13, 2005 |
FreeRADIUS 1.0.2 | Two vulnerabilities have been reported: a vulnerability was reported in the 'radius_xlat()' function call due to insufficient validation, which could let a remote malicious user execute arbitrary SQL code; and a buffer overflow vulnerability was reported in the 'sql_escape_func()' function, which could let a remote malicious user execute arbitrary code. Gentoo: There is no exploit code required. | High | Security Tracker Alert ID: 1013909, May 6, 2005 Gentoo Linux Security Advisory, GLSA 200505-13, May 17, 2005 | |
gzip 1.2.4 a, 1.2.4, 1.3.3-1.3.5 | A Directory Traversal vulnerability has been reported due to an input validation error when using 'gunzip' to extract a file with the '-N' flag, which could let a remote malicious user obtain sensitive information. Ubuntu: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-05.xml"> A Proof of Concept exploit has been published. | Medium | Bugtraq, 396397, April 20, 2005 Ubuntu Security Notice, USN-116-1, May 4, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005 Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005 Security Focus,13290, May 11, 2005
| |
GnuTLS 1.2 prior to 1.2.3; 1.0 prior to 1.0.25 | A remote Denial of Service vulnerability has been reported due to insufficient validation of padding bytes in 'lib/gnutils_cipher.c.' Updates available at: Fedora: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-04.xml"> Mandriva: Ubuntu: Currently we are not aware of any exploits for this vulnerability. | Low | Security Tracker Alert, 1013861, May 2, 2005 Fedora Update Notification, Gentoo Linux Security Advisory, GLSA 200505-04, May 9, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:084, May 12, 2005 Ubuntu Security Notice, USN-126-1, May 13, 2005 | |
Vim 6.x, GVim 6.x | Multiple vulnerabilities exist which can be exploited by local malicious users to gain escalated privileges. The vulnerabilities are caused due to some errors in the modelines options. This can be exploited to execute shell commands when a malicious file is opened. Successful exploitation can lead to escalated privileges but requires that modelines is enabled. Apply patch for vim 6.3: ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.045 Gentoo: RedHat: Avaya: OpenPKG: Mandrake: Ubuntu: Fedora: Currently we are not aware of any exploits for these vulnerabilities. | GNU Vim / Gvim Modelines Command Execution Vulnerabilities | Medium | Gentoo Linux Security Advisory, GLSA 200412-10 / vim, December 15, 2004 Fedora Legacy Update Advisory, FLSA:2343, February 24, 2005 Security Focus, 11941, May 11, 2005 |
zgrep 1.2.4 | A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands. A patch for 'zgrep.in' is available in the following bug report: There is no exploit code required. | Gzip Zgrep Arbitrary Command Execution | High | Security Tracker Alert, 1013928, May 10, 2005 |
HT Editor 0.8 | Several vulnerabilities have been reported: a vulnerability was reported in the Executable and Linking Format (ELF) parser due to a heap overflow, which could let a remote malicious user execute arbitrary code; and a buffer overflow vulnerability was reported in the Portable Executable (PE) parser due to a boundary error, which could let a remote malicious user execute arbitrary code.
Gentoo: Currently we are not aware of any exploits for these vulnerabilities. | HT Editor ELF & PE Parser Remote Code Execution | High | Gentoo Linux Security Advisory, GLSA 200505-08, May 10, 2005 |
KDE 1.1-1.1.2, 1.2, 2.1-2.1.2, 2.2-2.2.2, 3.0- 3.0.5, 3.1-3.1.5, 3.2-3.2.3, 3.3-3.3.2 | A Denial of Service vulnerability has been reported in the Desktop Communication Protocol (DCOP) daemon due to an error in the authentication process Upgrade available at: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-22.xml"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Fedora: RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-325.html"> ALTLinux: RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-307.html"> SUSE: SGI: Conectiva: Currently we are not aware of any exploits for this vulnerability. | Low | KDE Security Advisory, March 16, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:325-07, March 23, 2005 ALTLinux Security Advisory, March 29, 2005 RedHat Security Advisory, RHSA-2005:307-08, April 6,2005 SUSE Security Announcement, SUSE-SA:2005:022, April 11, 2005
Conectiva Linux Security Announcement, CLA-2005:953, May 17, 2005 | |
kdelibs 3.3.2 | A vulnerability exists in the 'dcopidling' library due to insufficient validation of a files existence, which could let a malicious user corrupt arbitrary files. Patch available at: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-14.xml"> Fedora: RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-325.html"> ALTLinux: Conectiva: Currently we are not aware of any exploits for this vulnerability. | Medium | Security Focus, February 11, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:045, February 18, 2005 Gentoo Linux Security Advisory, GLSA 200503-14, March 7, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:058, March 16, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:325-07, March 23, 2005 ALTLinux Security Advisory, March 29, 2005 Conectiva Linux Security Announcement, CLA-2005:953, May 17, 2005 | |
KDE 3.2-3.2.3, 3.3-3.3.2, 3.4, | A vulnerability has been reported due to a design error in Kommander, which could let a remote malicious user execute arbitrary code. Patches available at: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200504-23.xml"> Fedora: Ubuntu: Conectiva: Currently we are not aware of any exploits for this vulnerability. | High | KDE Security Advisory, April 20, 2005 Gentoo Linux Security Advisory, GLSA 200504-23, April 22, 200 Fedora Update Notification Ubuntu Security Notice, USN-115-1, May 03, 2005 Conectiva Linux Security Announcement, CLA-2005:953, May 17, 2005 | |
tcpdump 3.4 a6, 3.4, 3.5, alpha, 3.5.2, 3.6.2, 3.6.3, 3.7-3.7.2, class=bodytext>3.8.1 -3.8.3; IPCop 1.4.1, 1.4.2, 1.4.4, 1.4.5 | Remote Denials of Service vulnerabilities have been reported due to the way tcpdump decodes Border Gateway Protocol (BGP) packets, Label Distribution Protocol (LDP) datagrams, Resource ReSerVation Protocol (RSVP) packets, and Intermediate System to Intermediate System (ISIS) packets. Fedora: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Ubuntu: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-06.xml"> Mandriva: Exploit scripts have been published. | Low | Bugtraq, 396932, April 26, 2005 Fedora Update Notification, Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005 Ubuntu Security Notice, USN-119-1 May 06, 2005 Gentoo Linux Security Advisory, GLSA 200505-06, May 9, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:087, May 12, 2005 Security Focus, 13392, May 12, 2005 | |
Bugzilla 2.17.1, 2.17.3-2.17.7, | Several vulnerabilities have been reported: a vulnerability was reported because users can determine if a given invisible product exits when an access denied error is returned, which could let a remote malicious user obtain sensitive information; a vulnerability was reported because bugs can be entered into products that are closed for bug entry when a remote malicious user modifies the URL to specify the name of the product; and a vulnerability was reported because a user's password may be embedded as part of a report URL, which could let a remote malicious user obtain sensitive information.
Update available at: http://www.bugzilla.org/download/ There is no exploit code required. | Bugzilla Information Disclosure | Medium | Secunia Advisory, SA15338, May 12, 2005 |
Apache Software Foundation Apache 1.3, 1.3.1, 1.3.3, 1.3.4, 1.3.6, 1.3.9, 1.3.11, 1.3.12, 1.3.14, 1.3.17-1.3.20, 1.3.22-1.3.27; Subunit Linux 4.1 pc, ia64, ia32, 5.0 4 power pc, i386, amd64 | A buffer overflow vulnerability has been reported in the 'htdigest' utility due to insufficient bounds checking, which could let a remote malicious user potentially execute arbitrary code. Ubuntu: : Proof of Concept exploit scripts have been published. | High | Ubuntu Security Notice, USN-120-1 , May 6, 2005 Security Focus, 13537, May 14, 2005 | |
KDE 2.0, beta, 2.0.1, 2.1-2.1.2, 2.2-2.2.2, 3.0-3.0.5, 3.1-3.1.5, 3.2-3.2.3, 3.3-3.3.2, 3.4; Novell Linux Desktop 9; SuSE E. Linux 9.1, x86_64, 9.2, x86_64, 9.3, Linux Enterprise Server 9 | A buffer overflow vulnerability has been reported in the 'kimgio' image library due to insufficient validation of PCX image data, which could let a remote malicious user cause a Denial of Service or possibly execute arbitrary code. Patches available at:
href="http://bugs.kde.org/attachment.cgi?id=10326&action=view ">http://bugs.kde.org/attachment.cgi SuSE: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200504-22.xml"> Debian: Fedora: Ubuntu: Mandriva: Conectiva: RedHat: Denial of Service Proofs of Concept exploits have been published. | Low/ High (High if arbitrary code can be executed) | SUSE Security Announcement, SUSE-SA:2005:022, April 11, 2005 Gentoo Linux Security Advisory, GLSA 200504-22, April 22, 2005 Debian Security Advisory, DSA 714-1, April 26, 2005 Fedora Update Notification, Mandriva Linux Security Update Advisory, MDKSA-2005:085, May 12, 2005 Conectiva Linux Security Announcement, CLA-2005:953, May 17, 2005 RedHat Security Advisory, RHSA-2005:393-05, May 17, 2005
| |
GNOME GdkPixbuf 0.22 | A remote Denial of Service vulnerability has been reported due to a double free error in the BMP loader. Fedora: RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-344.html">
href="http://rhn.redhat.com/errata/RHSA-2005-343.html">http://rhn.redhat.com/ Ubuntu: SGI: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> SGI: TurboLinux: Currently we are not aware of any exploits for this vulnerability. | Low | Fedora Update Notifications, RedHat Security Advisories, Ubuntu Security Notice, USN-108-1 April 05, 2005 SGI Security Advisory, 20050401-01-U, April 6, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:068 & 069, April 8, 2005 SGI Security Advisory, 20050403-01-U, April 15, 2005 Turbolinux Security Advisory, TLSA-2005-57, May 16, 2005 | |
Linux kernel 2.2.x, 2.4.x, 2.6.x | A buffer overflow vulnerability has been reported in the 'elf_core_dump()' function due to a signedness error, which could let a malicious user execute arbitrary code with ROOT privileges.
Update available at: Trustix: An exploit script has been published. | Linux Kernel ELF Core Dump Buffer Overflow | High | Secunia Advisory, SA15341, May 12, 2005 Trustix Secure Linux Security Advisory, 2005-0022, May 13, 2005 |
Linux Kernel 2.6 up to & including 2.6.12-rc4 | Several vulnerabilities have been reported: a vulnerability was reported in raw character devices (raw.c) because the wrong Update available at: A Proof of Concept Denial of Service exploit script has been published. | Multiple Vendor Linux Kernel pktcdvd & raw device Block Device | High | Secunia Advisory, SA15392, May 17, 2005 |
NASM NASM 0.98.35, 0.98.38; RedHat Advanced Workstation for the Itanium Processor 2.1 IA64, r 2.1, Desktop 3.0, 4.0 | A buffer overflow vulnerability has been reported in the 'ieee_putascii()' function, which could let a remote malicious user execute arbitrary code. RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-381.html"> Ubuntu: Currently we are not aware of any exploits for this vulnerability. | High | RedHat Security Advisory, RHSA-2005:381-06, May 4, 2005 Ubuntu Security Notice, USN-128-1, May 17, 2005 | |
RedHat Fedora Core3, Core2; | A remote Denial of Service vulnerability has been reported when an unspecified Jabber file transfer request is handled. Upgrade available at: Fedora: Gentoo: RedHat: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> SGI: Peachtree:
href="http://peachtree.burdell.org/updates/"> Conectiva: Ubuntu: Slackware: There is no exploit code required. | Low | Fedora Update Notifications, Gentoo Linux Security Advisory, GLSA 200504-05, April 06, 2005 RedHat Security Advisory, RHSA-2005:365-06, April 12, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:071, April 14, 2005 SGI Security Advisory, 20050404-01-U, April 20, 2005 Peachtree Linux Security Notice, PLSN-0001, April 21, 2005 Conectiva Linux Security Announcement, CLA-2005:949, April 27, 2005 Ubuntu Security Notice, USN-125-1, May 12, 2005 Slackware Security Advisory, SSA:2005-133-01, May 13, 2005 | |
RedHat Fedora Core3, Core2; | Two vulnerabilities have been reported: a remote Denial of Service vulnerability has been reported due to a buffer overflow in the 'gaim_markup_strip_html()' function; and a vulnerability has been reported in the IRC protocol plug-in due to insufficient sanitization of the 'irc_msg' data, which could let a remote malicious user execute arbitrary code. Update available at: Fedora: Ubuntu: Gentoo: RedHat: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> SGI: Peachtree:
href="http://peachtree.burdell.org/updates/"> Conectiva: Slackware: Currently we are not aware of any exploits for these vulnerabilities. | Low/ High (High if arbitrary code can be executed) | Fedora Update Notifications, Ubuntu Security Gentoo Linux Security Advisory, GLSA 200504-05, April 06, 2005 RedHat Security Advisory, RHSA-2005:365-06, April 12, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:071, April 14, 2005 SGI Security Advisory, 20050404-01-U, April 20, 2005 Peachtree Linux Security Notice, PLSN-0001, April 21, 2005 Conectiva Linux Security Announcement, CLA-2005:949, April 27, 2005 Slackware Security Advisory, SSA:2005-133-01, May 13, 2005 | |
X.org X11R6 6.7.0, 6.8, 6.8.1; | An integer overflow vulnerability exists in 'scan.c' due to insufficient sanity checks on on the 'bitmap_unit' value, which could let a remote malicious user execute arbitrary code. Patch available at:
link="#999999"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-08.xml"> Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/"> Gentoo:
href=" http://security.gentoo.org/glsa/glsa-200503-15.xml"> Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/x/xfree86/"> ALTLinux: Fedora: RedHat: SGI: RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-044.html"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Mandriva: Debian: RedHat: Currently we are not aware of any exploits for this vulnerability. | High | Security Focus, Gentoo Linux Ubuntu Security Gentoo Linux Ubuntu Security ALTLinux Security Advisory, March 29, 2005 Fedora Update Notifications, RedHat Security Advisory, SGI Security Advisory, 20050401-01-U, April 6, 2005 RedHat Security Advisory, RHSA-2005:044-15, April 6, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:080, April 29, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:081, May 6, 2005 Debian Security Advisory, DSA 723-1, May 9, 2005 RedHat Security Advisory, RHSA-2005:412-05, May 11, 2005 | |
Guestbook Pro 3.2.1 & prior | A Cross-Site Scripting vulnerability has been reported due to insufficient validation of user-supplied input in the message content and title fields, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing. There is no exploit code required. | PixySoft Guestbook Pro Cross-Site Scripting | High | Security Tracker Alert, 1013940, May 11, 2005 |
PostgreSQL 7.3 through 8.0.2 | Two vulnerabilities have been reported: a vulnerability was reported because a remote authenticated malicious user can invoke some client-to-server character set conversion functions and supply specially crafted argument values to potentially execute arbitrary commands; and a remote Denial of Service vulnerability was reported because the 'contrib/tsearch2' module incorrectly declares several functions as returning type 'internal.' Fix available at: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Gentoo: Trustix: Currently we are not aware of any exploits for these vulnerabilities. | Low/ High (High if arbitrary code can be executed) | Security Tracker Alert, 1013868, May 3, 2005 Ubuntu Security Notice, USN-118-1, May 04, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005 Gentoo Linux Security Advisory, GLSA 200505-12, May 16, 2005 Trustix Secure Linux Bugfix Advisory, TSL-2005-0023, May 16, 2005 | |
Pserv 3.2 | A buffer overflow vulnerability has been reported in 'completedPath' due to insufficient boundary checks, which could let a remote malicious user execute arbitrary code. Upgrade available at: Currently we are not aware of any exploits for this vulnerability. | Pserv 'completedPath' Remote Buffer Overflow | High | Security Focus, 13648, May 16, 2005 |
Pserv 3.2 | Several vulnerabilities have been reported: a Directory Traversal vulnerability was reported due to insufficient filtering of URIs, which could let a remote malicious user obtain sensitive information; a vulnerability has been reported when a specially crafted URI request is handled, which could let a remote malicious user obtain sensitive information; and a vulnerability was reported because the web server does not differentiate between files and symbolic links, which could let a malicious user obtain sensitive information.
Upgrade available at: There is no exploit code required; however, Proofs of Concept exploits have been published. | PServ Remote Directory Traversal & Information Disclosure | Medium | Security Focus, 13638 & 13642, May 16, 2005 |
Unixware 7.1.1, 7.1.3, 7.1.4 | A vulnerability exists in the 'chroot()' feature due to errors in the implementation, which could let a malicious user break out of the chroot restriction and access arbitrary files.
Patches available at: ftp://ftp.sco.com/pub/ An exploit script has been published. | SCO UnixWare 'CHRoot()' Feature Breakout CVE Name: | Medium | SCO Security Advisory, SCOSA-2005.2, January 14, 2005 SCO Security Advisory, SCOSA-2005.22, May 11, 2005 |
Solaris 7.0, _x86, 8.0, _x86, 9.0, _x86 | A Denial of Service vulnerability has been reported in the automountd daemon. Patches available at: Currently we are not aware of any exploits for this vulnerability. | Sun Solaris automountd Denial of Service | Low | Sun(sm) Alert Notification, 57786, May 10, 2005 |
Confixx Pro 3, Confixx 3.0.6, 3.0.8 | An SQL injection vulnerability has been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
Hotfix available at: There is no exploit code required. | SWSoft Confixx SQL Injection | High | Security Focus, 13355, April 25, 2005 Security Focus, 13366, May 16, 2005 |
Viewglob 2.x | A vulnerability has been reported in the 'vgs' server program when handling 'vgseer' clients, which could let a malicious user obtain sensitive information.
Update available at: Currently we are not aware of any exploits for this vulnerability. | Viewglob Information Disclosure | Medium | Security Tracker Alert, 1013937, May 11, 2005 |
WebAPP 0.9.9.2.1, 0.9.9.2, 0.9.9 | A vulnerability has been reported in 'apage.cgi' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary commands. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | WebAPP 'apage.cgi' | High | Security Focus, 13637, May 16, 2005 |
Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference | Risk | Source |
1Two News 1.0 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in the 'index.php' script due to insufficient validation of several parameters, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported in the 'delete.php' script because images associated with news postings can be removed; and a vulnerability was reported in the 'admin/upload.php' script because a remote malicious user can upload images. No workaround or patch available at time of publishing. There is no exploit code required. | 1Two News Cross-Site Scripting & Image Deletion & Upload | High | SecurityTracker Alert, 1013960, May 12, 2005 |
AAP-3100AR Route | A vulnerability has been reported due to an error in the authentication process, which could let a remote malicious user bypass security restrictions and obtain administrative access.
No workaround or patch available at time of publishing. There is no exploit code required. | Acrowave AAP-3100AR Wireless Router Authentication Bypass | High | Bugtraq, 398060, May 12, 2005 |
Photopost PHP Pro 3.1-3.3, 4.0, 4.1, 4.6, 4.8.1, 5.0 RC3 | An SQL injection vulnerability was reported in the 'member.php' script due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing. A Proof of Concept exploit script has been published. | All Enthusiast PhotoPost PHP Pro 'Member.PHP' SQL Injection | High | Security Focus, 13620, May 13, 2005 |
Attachment Mod 2.3.11, 2.3.12 | A vulnerability has been reported when handling realnames due to an unspecified error. The impact was not specified.
Upgrades available at: Currently we are not aware of any exploits for this vulnerability. | Attachment Mod Unspecified Realname | Not Specified | Secunia Advisory, SA15327, May 13, 2005 |
BoastMachine 3.0 platinum | An input validation vulnerability has been reported in 'users.ini.php,' which could let a remote malicious user upload arbitrary files and execute arbitrary code.
No workaround or patch available at time of publishing. There is no exploit code required. | BoastMachine File Upload | High | Security Focus, 13600, May 11, 2005 |
Booby 1.0 .0 & prior | A vulnerability has been reported in 'booby.php' due to an error, which could let a remote malicious user obtain sensitive information.
Upgrades available at: There is no exploit code required. | Booby Private Bookmark Disclosure | Medium | Secunia Advisory, SA15305, May 13, 2005 |
FWSM for Cisco Catalyst 6500/7600 Series, 6500/7600 Series 1.1 (3.17), 6500/7600 Series 2.3.1 | A vulnerability has been reported when enforcing URL, FTP, or HTTPS filtering, which could let a remote malicious user bypass access control lists (ACLs).
Upgrade and workaround information available at: There is no exploit code required. | Cisco FWSM URL, FTP, & HTTPS Filtering ACL Bypass | Medium | Cisco Security Advisory, 64821, May 11, 2005 |
DirectTopics DT 2final, 2beta, DirectTopics 2.1, 2.2 | Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'topic.php' due to insufficient sanitization of the 'topic' parameter, which could let a remote malicious user execute arbitrary SQL code and obtain sensitive information; and a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of certain passed in BB code, which could let ak remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploits have been published. | Direct Topics SQL Injection & Cross-Site Scripting | High | Secunia Advisory, SA15353, May 13, 2005 |
Bug Report 1.0 | A Cross-Site Scripting vulnerability has been reported in the 'bug_report.php' script due to insufficient validation of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | Eric Fichot Bug Report 'bug_report.php' Cross-Site Scripting | High | Security Tracker Alert, 1013957, May 12, 2005 |
OpenBB 1.0.8 | Several vulnerabilities have been reported: an SQL injection vulnerability was reported in the 'Read.php' script due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported in the 'Member.php' script due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploits have been published. | OpenBB SQL Injection & Cross-Site Scripting | High | Bugtraq, 398162, May 13, 2005 |
JGS-Portal 3.0.1, 3.0.2 | Multiple Cross-Site Scripting and SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code and HTML and script code. It is also possible to obtain the full path to certain scripts by accessing them directly.
No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploits have been published. | JGS-Portal Multiple Cross-Site Scripting & SQL Injection | High | Bugtraq, 398315, May 16, 2005 |
ColdFusion MX 7.0 | A Cross-Site Scripting vulnerability has been reported in the default error page due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. Patch available at: There is no exploit code required. | Macromedia ColdFusion MX 7 Default Error Page Cross-Site Scripting | High | Macromedia Security Bulletin, MPSB05-03, May 10, 2005 |
Mozilla Browser 1.0-1.0.2, 1.1-1.7.6, Firefox 0.8-0.10.1, 1.0.1, 1.0.2; Netscape Navigator 7.0, 7.0.2, 7.1, 7.2, 7.0-7.2 | Multiple vulnerabilities have been reported: a vulnerability was reported in the 'EMBED' tag for non-installed plugins when processing the 'PLUGINSPAGE' attribute due to an input validation error, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because blocked popups that are opened through the GUI incorrectly run with 'chrome' privileges, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because the global scope of a window or tab are not cleaned properly before navigating to a new web site, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because the URL of a 'favicons' icon for a web site isn't verified before changed via JavaScript, which could let a remote malicious user execute arbitrary code with elevated privileges; a vulnerability was reported because the search plugin action URL is not properly verified before used to perform a search, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to the way links are opened in a sidebar when using the '_search' target, which could let a remote malicious user execute arbitrary code; several input validation vulnerabilities were reported when handling invalid type parameters passed to 'InstallTrigger' and 'XPInstall' related objects, which could let a remote malicious user execute arbitrary code; and vulnerabilities were reported due to insufficient validation of DOM nodes in certain privileged UI code, which could let a remote malicious user execute arbitrary code. Upgrades available at:
href="http://www.mozilla.org/products/mozilla1.x/" Gentoo:
href="http://security.gentoo.org/glsa/glsa-200504-18.xml"> RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-383.html">
href="http://rhn.redhat.com/errata/RHSA-2005-386.html">http://rhn.redhat.com/errata/ TurboLinux: SUSE: RedHat: SGI: Ubuntu: Mandriva: There is no exploit code required. | Mozilla Suite / Firefox Multiple Vulnerabilities
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0752">CAN-2005-0752
| High | Mozilla Foundation Security Advisories, 2005-35 - Gentoo Linux Security Advisory, GLSA 200504-18, April 19, 2005 RedHat Security Advisories, RHSA-2005:383-07 & RHSA-2005-386., April 21 & 26, 2005 Turbolinux Security Advisory, SUSE Security Announcement, SUSE-SA:2005:028, April 27, 2005 RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005 SGI Security Advisory, 20050501-01-U, May 5, 2005 Ubuntu Security Notice, USN-124-1 & USN-124-2, May 11 & 12, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:088, |
Mozilla Suite prior to 1.7.6, Firefox prior to 1.0.2 | A vulnerability has been reported when processing drag and drop operations due to insecure XUL script loading, which could let a remote malicious user execute arbitrary code. Mozilla Browser: Firefox: Fedora: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-30.xml">
href="http://security.gentoo.org/glsa/glsa-200503-30.xml">http://security.gentoo.org Slackware:
href="http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.000123"> RedHat: SGI: Mandriva: A Proof of Concept exploit has been published. | High | Mozilla Foundation Security Advisory 2005-32, March 23, 2005 RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005 SGI Security Advisory, 20050501 Mandriva Linux Security Update Advisory, MDKSA-2005:088, | |
Firefox 1.0 | A vulnerability exists in the XPCOM implementation that could let a remote malicious user execute arbitrary code. The exploit can be automated in conjunction with other reported vulnerabilities so no user interaction is required. A fixed version (1.0.1) is available at:
href="http://www.mozilla.org/products/firefox/all.html">http://www.mozilla.org/products/ Fedora: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-30.xml"> SGI: Mandriva: A Proof of Concept exploit has been published. | High | Security Tracker Alert ID: 1013301, February 25, 2005 Gentoo Linux Security Advisory GLSA 200503-30. March 25, 2005 SGI Security Advisory, 20050501 Mandriva Linux Security Update Advisory, MDKSA-2005:088, | |
Firefox Preview Release, 0.8, 0.9 rc, 0.9-0.9.3, 0.10, 0.10.1, 1.0-1.0.3 | Several vulnerabilities have been reported: a vulnerability was reported due to insufficient protection of 'IFRAME' JavaScript URLS from being executed in the context of another history list URL, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in 'InstallTrigger .install()' due to insufficient verification of the 'Icon URL' parameter, which could let a remote malicious user execute arbitrary JavaScript code. Workaround: Slackware: Gentoo: TurboLinux: Proofs of Concept exploit scripts have been published. | High | Secunia Advisory, Slackware Security Advisory, SSA:2005-135-01, May 15, 2005 Gentoo Linux Security Advisory, GLSA 200505-11, May 16, 2005 Turbolinux Security Advisory, TLSA-2005 | |
Mozilla 0.x, 1.0, 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7.x Mozilla Firefox 0.x Mozilla Thunderbird 0.x | Multiple vulnerabilities exist in Firefox, Mozilla and Thunderbird that can permit users to bypass certain security restrictions, conduct spoofing and script insertion attacks and disclose sensitive and system information. Mozilla: Update to version 1.7.5:
href="http://www.mozilla.org/products/mozilla1.x/ "> Firefox: Update to version 1.0:
href="http://www.mozilla.org/products/firefox/"> Thunderbird: Update to version 1.0:
href="http://www.mozilla.org/products/thunderbird/"> Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/"> Slackware:
href="http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.000123"> RedHat: SGI: Mandriva: Currently we are not aware of any exploits for these vulnerabilities. | Mozilla Firefox,
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0141">CAN-2005-0141 | Medium/ High (High if arbitrary code can be executed) | Mozilla Foundation Security Advisory 2005-01, 03, 04, 07, 08, 09, 10, 11, 12 Fedora Update Notification, Slackware Security Advisory, SSA:2005- RedHat SGI Security Advisory, 20050501 Mandriva Linux |
Mozilla Browser prior to 1.7.8; Mozilla Suite prior to 1.7.8; Firefox prior to 1.0.4; Firebird 0.5, 0.6.1, 0.7 | A vulnerability was reported due to a failure in the application to properly verify Document Object Model (DOM) property values, which could let a remote malicious user execute arbitrary code.
Firefox: Mozilla Browser Suite: TurboLinux:: Currently we are not aware of any exploits for this vulnerability. | Mozilla Suite And Firefox DOM Property Overrides | High | Mozilla Foundation Security Advisory, Turbolinux Security Advisory,
|
Mozilla Browser prior to 1.7.8; Mozilla Suite prior to 1.7.8; Firefox prior to 1.0.4; Firebird 0.5, 0.6.1, 0.7 | A vulnerability was reported when processing 'javascript:' URLs, which could let a remote malicious user execute arbitrary code.
Firefox: Mozilla Browser Suite: TurboLinux:: Currently we are not aware of any exploits for this vulnerability. | Mozilla Suite And Firefox Wrapped 'javascript:' URLs | High | Mozilla Foundation Security Advisory, Turbolinux Security Advisory, |
Squid Web Proxy Cache2.5.STABLE9 & prior | A vulnerability has been reported in the DNS client when handling DNS responses, which could let a remote malicious user spoof DNS lookups. Patch available at: Trustix: Currently we are not aware of any exploits for this vulnerability. | Squid Proxy DNS Spoofing | Medium | Security Focus, 13592, Trustix Secure Linux Security Advisory, |
IETF RFC 2406: IPSEC; Hitachi GR2000-1B, GR2000-2B, GR2000-2B+, GR2000-BH | A vulnerability has been reported that affects certain configurations of IPSec when configured to employ Encapsulating Security Payload (ESP) in tunnel mode with only confidentiality and systems that use Authentication Header (AH) for integrity protection, which could let a remote malicious user obtain plaintext IP datagrams and potentially sensitive information. Hitachi advises affected users to use the AH protocol workaround to mitigate this issue. Currently we are not aware of any exploits for this vulnerability. | Medium | NISCC Vulnerability Advisory, IPSEC - 004033, Security Focus, 13562, May 11, 2005 | |
MandrakeSoft Linux Mandrake 10.2 X86_64, 10.2; Rob Flynn Gaim 0.10 x, 0.10.3, 0.50-0.75, 0.78, 0.82, 0.82.1, 1.0-1.0.2, 1.1.1-1.1.4, 1.2, 1.2.1; Ubuntu Linux 4.1 ppc, ia64, ia32, 5.0 4 powerpc, i386, amd64 | Several vulnerabilities have been reported: a buffer overflow vulnerability was reported when handling long URIs due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability was reported due to a NULL pointer dereference error when handling MSN messages. Rob Flynn: RedHat: Fedora: Gentoo: Mandriva: Ubuntu: A Proof of Concept exploit script has been published. | Gaim Remote Buffer Overflow & Denial of Service | Low/ High (High if arbitrary code can be executed) | Fedora Update Notification, RedHat Security Advisory, RHSA-2005:429-06, May 11, 2005 Gentoo Linux Security Advisory, GLSA 200505-09, Mandriva Linux Security Update Advisory, MDKSA-2005:086, Ubuntu Security Notice, USN-125-1, |
MySQL 4.0 .0-4.0.11, 5.0 .0- 5.0.4 | A vulnerability has been reported in the 'mysql_install_db' script due to the insecure creation of temporary files, which could let a malicious user obtain unauthorized access. No workaround or patch available at time of publishing. There is no exploit code required. | MySQL 'mysql_install_db' Insecure Temporary File Creation | Medium | Security Focus, 13660, May 17, 2005 |
NexusWay | Multiple vulnerabilities have been reported: a vulnerability was reported in the web module due to weak authentication, which could let a remote malicious user change device configuration; a vulnerability was reported because a remote malicious user can access Shell or execute any command with ROOT privileges when a specially crafted argument is submitted in a certain command; and a vulnerability was reported when a remote malicious user submits specially crafted packets to a certain administrative script, which could lead to the execution of arbitrary code with ROOT privileges. No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploits have been published. | Neteyes NexusWay Border Gateway Multiple Remote Vulnerabilities | High | Scan Associates Advisory, May 11, 2005 |
NPDS 4.8, 5.0 | SQL injections vulnerabilities have been reported in the 'comments.php' and 'pollcomments.php' scripts due to insufficient validation of the 'thold' parameter, which could let a remote malicious user execute arbitrary SQL code.
Update available at: There is no exploit code required; however, Proofs of Concept exploits have been published. | NPDS Input Validation | High | Security Tracker Alert, 1013973, May 16, 2005 |
Quick.Cart 0.3 | Several vulnerabilities were reported: a Cross-Site Scripting vulnerability was reported in 'index.php' due to insufficient sanitization of the 'sWord' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'index.php' due to insufficient sanitization of the 'iCategory' parameter before used in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Open Solution Quick.Cart Cross-Site Scripting & SQL Injection | High | Lostmon´s Blogger, May 11, 2005 |
Quick.Forum 2.1.6 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'index.php' due to insufficient sanitization of the 'topic' field, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'index.php' due to insufficient sanitization of input passed to the 'iCategory' and 'page' variables, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. | Open Solution Quick.Forum Cross-Site Scripting & SQL Injection | High | Lostmon´s Blogger, May 11, 2005 |
phpBB prior to 2.0.15 | A vulnerability has been reported in 'includes/bbcode.php' due to insufficient validation of the user-supplied BBCode URLs in the 'make_clickable()' function, which could let a remote malicious user execute arbitrary code. Update available at: A Proof of Concept exploit has been published. | High | Security | |
phpMyChat 0.14.5 | A Cross-Site Scripting vulnerability has been reported in the 'Start-Page.CSS.php3' and 'Style.CSS.php3' scripts due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHPHeaven PHPMyChat Cross-Site Scripting | High | Bugtraq, 398167, May 14, 2005 |
PostNuke 0.75, 0.76 RC4 | A Directory Traversal vulnerability has been reported in the 'Blocks' module when a name is submitted for a target file, which could let a remote malicious user obtain sensitive information.
Patches available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | PostNuke Blocks Module Directory Traversal | Medium | Security Focus, 13636, May 16, 2005 |
SafeHTML 1.1-1.3.1 | A vulnerability has been reported due to an error in the quotes handling of attributes values in '_writeAttrs(),' which could let a remote malicious user execute arbitrary HTML code.
Upgrades available at: There is no exploit code required. | SafeHTML Quotes Handling Arbitrary HTML Execution | High | Secunia Advisory, SA15371, May 17, 2005 |
Guestbook 1.0, 2.0, 2.2 | Multiple vulnerabilities have been reported in the title and content of posted messages because it is possible to inject arbitrary HTML and code, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Skull-Spliltter Guestbook Multiple HTML Injection | High | Security Focus,13632, May 14, 2005 |
StorEdge 6130 Array | A vulnerability has been reported in Sun StorEdge 6130 controller arrays with a serial number in the range of 0451AWF00G - 0513AWF00J, which could let a local/remote malicious user obtain unauthorized access. Sun recommends that customers contact their Sun authorized service provider to obtain fixes. There is no exploit code required. | Sun StorEdge 6130 Array Unauthorized Access | Medium | Sun(sm) Alert Notification, 57771, |
ignitionServer 0.3 .0, 0.3.1, -P1, beta1, 0.3.2 beta2, 0.3.3 beta3, 0.3.4 a beta4, 0.3.6 | Several vulnerabilities have been reported: a vulnerability was reported due to insufficient access validation before allowing a host to delete entries, which breaches channel security and allows hosts to delete access entries set by owners; and a vulnerability was reported because IRC operators can't access channels created and locked by normal users due to a design error.
Patches available at: http://www.ignition-project.com/download/ There is no exploit code required. | ignitionServer Access Entry Deletion & Channel Locking | Medium | The Ignition Project Security Bulletin, May 15, 2005 |
Ultimate PHP Board 1.8, 1.8.2, 1.9, 1.9.6 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in the 'ViewForum.php' script due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in the 'ViewForum.php' script due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploits have been published. | Ultimate PHP Board Cross-Site Scripting & SQL Injection | High | Security Focus, 13621 & 13622, May 13, 2005 |
Burning Board 2.0 RC1 & RC2, beta 3-beta 5, 2.3.1 | An SQL injection vulnerability has been reported in the 'verify_email()' function due to insufficient sanitization of input passed to the 'email' field when registering or updating an account, which could let a remote malicious user execute arbitrary SQL code.
Contact the vendor for a patch. There is no exploit code required. | WoltLab Burning Board 'Verify_email' Function SQL Injection | High | GulfTech Security Research Advisory, May 16, 2005 |
WordPress 1.5 | Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'WP-Trackback.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported in 'Post.PHP' and 'Edit.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | Wordpress SQL Injection & Cross-Site Scripting | High | Security Focus, 13655, 13663, & 13664, May 17, 2005 |
Zoidcom 1.0 beta 4 & prior | A remote Denial of Service vulnerability has been reported in the 'ZCom_BitStream::Deserialize' function.
Update available at: A Proof of Concept exploit has been published. | Zoidcom | Low | Security Tracker Alert, 1013939, May 11, 2005 |
[back to top]Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
Date of Script | Script name | Workaround or Patch Available | Script Description |
May 17, 2005 | LandIpV6.cpp | No | Script that exploits the Microsoft IPV6 TCPIP Loopback LAND Denial of Service vulnerability. |
May 17, 2005 | pktcdvd_dos.c | No | Proof of Concept Denial of Service exploit for the Multiple Linux Kernel IOCTL Handlers Local Memory Corruption vulnerability. |
May 16, 2005 | htdigest-realm-bof.c htexploit.c | Yes | Proofs of Concept exploit scripts for the Apache 'HTDigest' Buffer Overflow vulnerability. |
May 14, 2005 | vuln-plugin.so | Yes | Proof of Concept exploit for the Gaim Remote Buffer Overflow & Denial of Service vulnerability. |
May 13, 2005 | netvault_hof.c | No | Script that exploits the BakBone NetVault Remote Heap Overflow Code Execution vulnerability. |
May 13, 2005 | photopost_sql | No | Proof of Concept exploit script for the All Enthusiast PhotoPost PHP Pro 'Member.PHP' SQL Injection vulnerability. |
May 11, 2005 | ethereal_sip_dos.c | Yes | Script that exploits the Ethereal Multiple Remote Protocol Dissector Vulnerabilities. |
May 10, 2005 | elfcd.sh | Yes | Script that exploits the Linux Kernel ELF Core Dump Buffer Overflow vulnerability. |
[back to
top]
name=trends>Trends
- Phishing gets personal: According to the anti-fraud software firm, Cyota, fraudsters are using stolen information to lure victims into divulging additional sensitive information in a new form of phishing attack. Crooks are using real information about the accountholder. Personalized phishing attacks seek to supplement existing lists of stolen credentials with even more sensitive information, such as ATM PIN numbers or credit card CVV codes. Source: http://www.theregister.co.uk/2005/05/17/personal_phishing/.
- MasterCard and Cyota: Anti-phishing trends: On Tuesday, May 10th, MasterCard International Inc. said that it had shut down nearly 1,400 phishing sites and more than 750 sites suspected of selling illegal credit-card information since launching an ID-theft-prevention program in June. The program also has led to the discovery and protection of more than 35,000 MasterCard account numbers that were in jeopardy of being compromised. Source: http://www.crime-research.org/news/12.05.2005/1228/.
- face="Arial, Helvetica, sans-serif">Symbian success feeds mobile malware explosion: Mobile phone malware is still at an embryonic stage when compared with viruses and Trojan horses that target the Windows operating system. However, experts say this is because there is currently such a diverse range of mobile phone operating systems. However, if over the next few years Symbian manages to grab a large enough share of the mobile OS market, it could create a new front in the war against malicious software. Source: http://www.zdnet.com.au/news/security/0,2000061744,39191477,00.htm.
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trends |
face="Arial, Helvetica, sans-serif">Date |
1 | Netsky-P | Win32 Worm | Stable | March 2004 |
2 | Netsky-Q | Win32 Worm | Increase | March 2004 |
3 | Mytob.C | Win32 Worm | Slight Decrease | March 2004 |
4 | Zafi-D | Win32 Worm | Slight Decrease | December 2004 |
5 | Netsky-D | Win32 Worm | Increase | March 2004 |
6 | Lovgate.w | Win32 Worm | Increase | April 2004 |
7 | Zafi-B | Win32 Worm | Decrease | June 2004 |
7 | Netsky-Z | Win32 Worm | Increase | April 2004 |
9 | Netsky-B | Win32 Worm | Decrease | February 2004 |
10 | MyDoom-O | Win32 Worm | New to Table | July 2004 |
face="Arial, Helvetica, sans-serif">Table Updated May 17, 2005
Viruses or Trojans Considered to be a High Level of Threat
- Sober.q: Sober.q uses both German and English-language messages to direct recipients to Web sites with right-wing German nationalistic content, according to an advisory from e-mail security company MX Logic. One of the URLs points to the Web site of the right-wing German NPD party, it says. The variant is downloaded by computers already infected by the Sober.p worm, which began circulating earlier this month. Source: http://www.pcworld.com/resource/article/0,aid,120846,pg,1,RSS,RSS,00.asp
The following table provides, in alphabetical order, a list of new viruses, variations of previously encountered viruses, and Trojans that have been discovered during the period covered by this bulletin. This information has been compiled from the following anti-virus vendors: Sophos, Trend Micro, Symantec, McAfee, Network Associates, Central Command, F-Secure, Kaspersky Labs, MessageLabs, Panda Software, Computer Associates, and The WildList Organization International. Users should keep anti-virus software up to date and should contact their anti-virus vendors to obtain specific information on the Trojans and Trojan variants that anti-virus software detects.
NOTE: At times, viruses and Trojans may contain names or content that may be considered offensive.
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.