Summary of Security Items from August 3 through August 9, 2005
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
| Windows Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference | Risk | Source |
Web Vulnerability Scanner 2.0 | A vulnerability has been reported in Web Vulnerability Scanner (Web Sniffer) that could let remote malicious users cause a Denial of Service. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Web Vulnerability Scanner Denial of Service | Low | Security Tracker, Alert ID: 1014628, August 5, 2005 |
BrightStor ARCserve Backup 9.01, 10, 10.5, 11.0, 11.1 | Multiple buffer overflow vulnerabilities have been reported in BrightStor ARCserve Backup that could let remote malicious users execute arbitrary code. A vendor patch is available: An exploit has been published. | BrightStor ARCserve Backup Arbitrary Code CAN-2005-1272 | High | Computer Associates, Vulnerability ID: 33239, August 2, 2005 |
Windows 2000, XP, Server 2003, 98, 98 (SE), (ME) | A spoofing vulnerability has been reported that could enable a malicious user to spoof trusted Internet content. Updates available: http://www.microsoft.com/technet/ V2.0: Update available for x64-based systems, Microsoft Windows Server 2003 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems. Currently we are not aware of any exploits for this vulnerability. | Microsoft Agent Could Allow Spoofing | Medium | Microsoft, MS05-032, June 14, 2004 Microsoft Security Bulletin MS05-032, August 9, 2005 |
ActiveSync 3.8, 3.7.1 | Multiple vulnerabilities have been reported in ActiveSync's network synchronization protocol that could let remote malicious users to disclose information or cause a Denial of Service. No workaround or patch available at time of publishing. There is no exploit code required. | Microsoft ActiveSync Information Disclosure or Denial of Service | Medium | Security Focus, 14457, August 2, 2005 |
Internet Explorer | A memory corruption vulnerability has been reported in Internet Explorer COM Object instantiation that could let remote malicious users execute arbitrary code. Vendor fix available: A Proof of Concept exploit has been published. | Microsoft Internet Explorer Arbitrary Code Execution | High | Microsoft Security Bulletin MS05-038, August 9, 2005 |
Internet Explorer 6.0SP2 | Multiple vulnerabilities have been reported in Internet Explorer, JPEG Rendering, that could let remote malicious users perform a Denial of Service. Vendor fix available: A Proof of Concept exploit has been published. | Microsoft Internet Explorer Denial of Service | Low | Security Focus, 14284, 14285, 14286, July 15, 2005 Microsoft Security Bulletin MS05-038, August 9, 2005 |
Internet Explorer Web Folder Behaviors | A vulnerability has been reported in Internet Explorer that could let remote malicious users disclose information or execute arbitrary code. Vendor fix available: Currently we are not aware of any exploits for this vulnerability. | Microsoft Internet Explorer Web Folder Behaviors Information Disclosure or Arbitrary Code Execution | High | Microsoft Security Bulletin MS05-038, August 9, 2005 |
Plug and Play | A vulnerability has been reported in Plug and Play that could let local or remote malicious users execute arbitrary code or obtain elevated privileges. Vendor fix available: Currently we are not aware of any exploits for this vulnerability. | Microsoft Plug and Play Arbitrary Code Execution or Elevated Privileges | High | Microsoft Security Bulletin MS05-039, August 9, 2005 |
Remote Desktop Protocol | A vulnerability has been reported in Remote Desktop Protocol that could let remote malicious users cause a Denial of Service. Vendor fix available: A Proof of Concept exploit has been published. | Microsoft Remote Desktop Protocol Denial of Service | Low | Microsoft Security Bulletin MS05-041, August 9, 2005 |
Telephony Service
| A buffer overflow vulnerability has been reported in Microsoft Telephony Service that could let local or remote malicious users execute arbitrary code. Vendor fix available: Currently we are not aware of any exploits for this vulnerability. | Microsoft Telephony Service Remote Code Execution | High | Microsoft Security Bulletin MS05-040, August 9, 2005 |
Windows Kerberos PKINT
| Multiple vulnerabilities have been reported in Windows Kerberos PKINT that could let remote malicious users disclose information or cause a Denial of Service. Vendor fix available: Currently we are not aware of any exploits for this vulnerability. | Microsoft Windows Kerberos PKINIT Information Disclosure or Denial of Service | Low | Microsoft Security Bulletin MS05-042, August 9, 2005 |
Windows Print Spooler in XP, 2000, Server 2003 | A buffer overflow vulnerability has been reported in Windows Print Spooler that could let local or remote malicious users execute arbitrary code. Vendor fix available: Currently we are not aware of any exploits for this vulnerability. | Microsoft Windows Print Spooler Arbitrary Code Execution | High | Microsoft Security Bulletin MS05-043, August 9, 2005 |
Word 2000, 2002 Works Suite 2001, 2002, 2003, and 2004 Office Word 2003 Microsoft Word 2003 Viewer | A buffer overflow vulnerability has been reported that could lead to remote execution of arbitrary code or escalation of privilege. V1.1 Bulletin updated to point to the correct Exchange 2000 Server Post-Service Pack 3 (SP3) Update Rollup and to advise on the scope and caveats of workaround "Unregister xlsasink.dll and fallback to Active Directory for distribution of route information." V2.0 Microsoft Word 2003 Viewer also affected. Currently we are not aware of any exploits for this vulnerability. | Microsoft Word Remote Code Execution and Escalation of Privilege Vulnerabilities
href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0963">CAN-2004-0963 | High | Microsoft Security Bulletin MS05-023, April 12, 2005 Microsoft Security Bulletin MS05-023 V1.1, April 14, 2005 Microsoft Security Bulletin MS05-023 V1.1, August 9, 2005 |
Naxtor e-Directory 1.0 | A vulnerability has been reported in Naxtor e-Directory that could let remote malicious users to conduct Cross-Site Scripting and perform SQL injection. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | Naxtor e-Directory Cross-Site Scripting or SQL Injection | Medium | Secunia, Advisory: SA16314, August 3, 2005 |
Naxtor Shopping Cart 1.0, Pro 1.0 | Multiple vulnerabilities has been reported in Naxtor Shopping Cart that could let remote malicious users to conduct Cross-Site Scripting or perform SQL injection. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | Naxtor Shopping Cart Cross-Site Scripting or SQL Injection | Medium | Security Focus, 14454, 14456, August 2, 2005 |
NetworkActiv Web Server 3.5.13 and previous | An input validation vulnerability has been reported in NetworkActiv Web Server that could let remote malicious users conduct Cross-Site Scripting. Upgrade to V3.5.14: There is no exploit code required; however, Proof of Concept exploits have been published. | NetworkActiv Web Server Cross-Site Scripting | Medium | Secunia, Advisory: SA16301, August 4, 2005 |
Quick 'n Easy FTP Server 3.0 | An input validation vulnerability has been reported in Quick 'n Easy FTP Server (USER Command) that could let remote malicious users cause a Denial of Service. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Quick 'n Easy FTP Server Denial of Service | Low | Security Tracker, Alert ID: 1014615, August 3, 2005 |
A buffer overflow vulnerability has been reported in ProRat Server that could let remote malicious users execute arbitrary code. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | ProRat Server Arbitrary Code Execution | High | Security Focus, 14458, August 2, 2005 | |
Norton GoBack 4.0 | A vulnerability has been reported in Norton GoBack that could let local malicious users bypass authentication. No workaround or patch available at time of publishing. There is no exploit code required. | Norton GoBack Authentication Bypass | Medium | Security Tracker Alert ID: 1014612, August 2, 2005 |
| UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference | Risk | Source |
| Clam AntiVirus 0.86.1 | Multiple vulnerabilities have been reported in Clam AntiVirus that could let remote malicious users cause a Denial of Service. Upgrade to version 0.86.2: Conectiva: Mandriva: Gentoo: SUSE: Currently we are not aware of any exploits for this vulnerability. | Clam AntiVirus Multiple Vulnerabilities | Low | Secunia, Advisory: SA16180, July 25, 2005 Gentoo Linux Security Advisory GLSA 200507-25, July 26, 2005 Mandriva Security Advisory, MDKSA-2005:125, July 27, 2005 SUSE Security Summary Report, SUSE-SR:2005:018, July 28, 2005 Conectiva Linux Announce- |
apt-cacher | A vulnerability has been reported due to an unspecified input validation error, which could let a remote malicious user execute arbitrary code. Debian: There is no exploit code required. | Debian | High | Debian Security Advisory, DSA 772-1, August 3, 2005 |
zgrep 1.2.4 | A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands. A patch for 'zgrep.in' is available in the following bug report: Mandriva: TurboLinux: RedHat: RedHat: SGI: Fedora: SGI: F5: Ubuntu: Trustix: There is no exploit code required. | High | Security Tracker Alert, 1013928, Mandriva Linux Security Update Advisory, Turbolinux RedHat Security Advisory, RedHat Security Advisory, SGI Security Advisory, 20050603 Fedora Update Notification, SGI Security Advisory, 20050605 Secunia Advisory: SA16159, July 21, 2005 Ubuntu Security Notice, Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005 | |
High Availability Heartbeat 1.2.3 | An insecure file creation vulnerability has been reported in Heartbeat that could let local users arbitrarily overwrite files. Debian: Conectiva: Gentoo: There is no exploit code required. | Heartbeat Arbitrary File Overwrite | Medium | Secunia Advisory: SA16039, Debian Security Advisory, Conectiva Linux Announce- Gentoo Linux Security Advisory, GLSA 200508-05, August 7, 2005 |
Kadu 0.4.0 | An integer overflow vulnerability has been reported in Kadu (libgadu) which could let remote malicious users cause a Denial of Service. Upgrade to version 0.4.1: Gentoo: Conectiva: Ubuntu: Currently we are not aware of any exploits for this vulnerability. | Kadu Denial of Service | Low | Secunia, Advisory: SA16238, July 27, 2005 Gentoo Security Advisory, GLSA 200507-26, July 27, 2005 Conectiva Linux Announce- Ubuntu Security Notice, |
Lantronix SCS82, SCS1620 | Multiple vulnerabilities have been reported: a vulnerability was reported due in '/tmp' due to insecure pipe permissions, which could let a malicious user read arbitrary files with elevated privileges; a Directory Traversal vulnerability was reported in the console command interface, which could let a malicious user obtain sensitive information; a vulnerability was reported in the command-line interface, which could let a malicious user obtain superuser privileges; and a buffer overflow vulnerability was reported in the 'edituser' binary due to a boundary error, which could let a malicious user execute arbitrary code with root privileges. Updated firmware available at: A Proof of Concept exploit has been published for the 'edituser' buffer overflow vulnerability. | Lantronix Secure Console Server SCS820/ SCS1620 Multiple Local Vulnerabilities | High | Security Focus, 14486, August 5, 2005 |
Turbolinux
| Multiple vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when a malicious user submits a specially crafted TCP connection that causes the Key Distribution Center (KDC) to attempt to free random memory; a buffer overflow vulnerability was reported in KDC due to a boundary error when a specially crafted TCP or UDP request is submitted, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in 'krb/recvauth.c' which could let a remote malicious user execute arbitrary code. MIT: Mandriva: Fedora: RedHat: Sun: SuSE: Trustix: TurboLinux: SGI: Debian: Conectiva: Currently we are not aware of any exploits for these vulnerabilities. | Kerberos V5 Multiple Vulnerabilities | High | MIT krb5 Security Advisory, RedHat Security Advisory, Sun(sm) Alert Notification, 101809, July 12, 2005 Fedora Update Notifications, SUSE Security Summary Turbolinux Mandriva Linux Security Update Advisory, Trustix Secure SGI Security Advisory, 20050703-01-U, July 15, 2005 Debian Security Advisory, Conectiva Linux Advisory, |
Linux kernel
| A vulnerability has been reported in the 'restore_sigcontext()' function due to a failure to restrict access to the 'ar.rsc' register, which could let a malicious user cause a Denial of Service or obtain elevated privileges. Updates available at: SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel 64 Bit 'AR-RSC' Register Access | Medium | Security Tracker Alert ID: 1014275, June 23, 2005 SUSE Security Announce- |
Linux Kernel | A race condition in ia32 emulation, vulnerability has been reported in the Linux Kernel that could let local malicious users obtain root privileges or create a buffer overflow. Patch Available: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Race Condition and Buffer Overflow | High | Security Focus, 14205, July 11, 2005 Trustix Secure Linux Security Advisory, SUSE Security Announce- |
SuSE Linux Professional | An unspecified Denial of Service vulnerability has been reported when stack fault exceptions are triggered. SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Stack Fault Exceptions Denial of Service | Low | Security Focus, 14467, August 3, 2005 SUSE Security Announce- |
Linux kernel 2.5.0-2.5.69, | A Denial of Service vulnerability has been reported in 'kernel/futex.c.' Ubuntu: RedHat: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Futex Denial of Service | Low | Security Tracker Ubuntu Security Notice, USN-110-1 April 11, 2005 RedHat Security Advisory, |
Linux kernel | A Denial of Service vulnerability has been reported in the Netfilter code due to a memory leak. Ubuntu: SuSE:
href=" ftp://ftp.suse.com/pub/suse/"> Fedora: Conectiva: Fedora: RedHat: Currently we are not aware of any exploits for this vulnerability. | Low | Ubuntu Security SUSE Security Announce- Fedora Security Conectiva Linux Security Announce- Fedora Update Notification RedHat Security Advisory, | |
Linux Kernel | Several vulnerabilities have been reported: a vulnerability was reported in raw character devices (raw.c) because the wrong function is called before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space; and a vulnerability was reported in the 'pkt_ioctl' function in the 'pktcdvd' block device ioctl handler Update available at:
href="http://kernel.org/"> Ubuntu: RedHat: A Proof of Concept Denial of Service exploit script has been published. | High | Secunia Advisory, SA15392, May 17, 2005 Ubuntu Security Notice, USN-131-1, May 23, 2005 RedHat Security Advisory, | |
Linux kernel | A vulnerability has been reported in the '/sys' file system due to a mismanagement of integer signedness, which could let a malicious user cause a Denial of Service and potentially execute arbitrary code.
SuSE: Ubuntu: RedHat: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel SYSFS_Write_ | Low/ High (High if arbitrary code can be executed) | Security Focus, 13091, April 11, 2005 RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 SUSE Security Announce- |
SuSE Linux Professional | A remote Denial of Service vulnerability has been reported in the NFSACL protocol when handling when handling XDR data. SUSE: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel NFSACL Protocol XDR Data Remote Denial of | Low | Security Focus, 14468, August 3, 2005 SUSE Security Announce- |
RedHat Enterprise | A Denial of Service vulnerability has been reported in the auditing code. RedHat: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Auditing Code Denial of Service | Low | RedHat Security Advisory, RHSA-2005:420-22, June 8, 2005 RedHat Security Advisory, |
Linux kernel 2.6.10, 2.6 | Multiple vulnerabilities exist: a vulnerability exists in the 'shmctl' function, which could let a malicious user obtain sensitive information; a Denial of Service vulnerability exists in 'nls_ascii.c' due to the use of incorrect table sizes; a race condition vulnerability exists in the 'setsid()' function; and a vulnerability exists in the OUTS instruction on the AMD64 and Intel EM64T architecture, which could let a malicious user obtain elevated privileges. RedHat:
href="https://rhn.redhat.com/errata/RHSA-2005-092.html"> Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/"> Conectiva:
href="ftp://atualizacoes.conectiva.com.br/1"> SUSE: Fedora: Conectiva: Fedora: RedHat: RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-284.html">http://rhn.redhat.com/ RedHat: Avaya:
href="http://support.avaya.com/elmodocs2/security/ASA-2005-120_RHSA-2005-283_RHSA-2005-284_RHSA-2005-293_RHSA-2005-472.pdf"> FedoraLegacy: RedHat: Currently we are not aware of any exploits for these vulnerabilities. | Linux Kernel
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0177">
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0176">CAN-2005-0176 | Medium
| Ubuntu Security RedHat Security Advisory, SUSE Security Announce- Fedora Security Conectiva Linux Security Announce- Fedora Update Notification RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 RedHat Security Advisories, RHSA-2005 RedHat Security Advisory, Avaya Security Advisory, ASA-2005-120, June 3, 2005 FedoraLegacy: FLSA:152532, June 4, 2005 RedHat Security Advisory, |
SuSE Linux Professional | A buffer overflow vulnerability has been reported in the XFRM network architecture code due to insufficient validation of user-supplied input, which could let a malicious user execute arbitrary code. Patches available at: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel XFRM Array Index Buffer Overflow | High | Security Focus, 14477, August 5, 2005 |
Linux kernel | Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to an error when handling keyrings; and a Denial of Service vulnerability was reported in the 'KEYCTL_JOIN_SESSION_KEYRING' operation due to an error when attempting to join a key management session. Patches available at: There is no exploit code required. | Linux Kernel Management Denials of Service | Low | Secunia Advisory: SA16355, August 9, 2005 |
zlib 1.2.2, 1.2.1; Ubuntu Linux 5.04 powerpc, i386, amd64, | A remote Denial of Service vulnerability has been reported due to a failure of the library to properly handle unexpected compression routine input. Zlib: Debian: Ubuntu: OpenBSD: Mandriva: Fedora: Slackware: FreeBSD: SUSE: Gentoo: http://security.gentoo.org/ Trustix: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendor Zlib Compression Library Decompression Remote Denial of Service | Low | Security Focus, 14340, July 21, 2005 Debian Security Advisory DSA 763-1, July 21, 2005 Ubuntu Security Notice, USN-151-1, July 21, 2005 OpenBSD, Release Errata 3.7, July 21, 2005 Mandriva Security Advisory, MDKSA-2005:124, July 22, 2005 Secunia, Advisory: SA16195, July 25, 2005 Slackware Security Advisory, SSA:2005- FreeBSD Security Advisory, SA-05:18, July 27, 2005 SUSE Security Announce- Gentoo Linux Security Advisory, GLSA 200507-28, July 30, 2005 Gentoo Linux Security Advisory, GLSA 200508-01, August 1, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0040, |
| netpbm 10.0 | A vulnerability has been reported in netpbm ('-dSAFER') that could let malicious users execute arbitrary postscript code. Trustix: Gentoo: There is no exploit code required. | netpbm Arbitrary Code Execution | High | Secunia Advisory: SA16184, July 25, 2005 Trustix Secure Linux Security Advisory, #2005-0038, July 29, 2005 Gentoo Linux Security Advisory, GLSA 200508-04, August 5, 2005 |
| ProFTPd | Multiple format string vulnerabilities have been reported in ProFTPd that could let remote malicious users cause a denial of service or disclose information. Upgrade to version 1.3.0rc2: Gentoo: Trustix: TurboLinux: Currently we are not aware of any exploits for this vulnerability. | ProFTPD Denial of Service or Information Disclosure | Medium | Secunia, Advisory: SA16181, July 26, 2005 Gentoo Linux Security Advisory, GLSA 200508-02, August 1, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005 Turbolinux Security Advisory, TLSA-2005-82, August 9, 2005 |
Solaris 10.0, 10.0_x86, 9.0, 9.0 _x86 | A vulnerability has been reported in the 'printd' daemon due to an unspecified error, which could let a local/remote malicious user delete arbitrary files. Patches available at: Currently we are not aware of any exploits for this vulnerability. | Sun Solaris Printd Arbitrary File Deletion | Medium | Sun(sm) Alert Notification, 101842, August 8, 205 |
SysCP 1.2.1-1.2.10 | Several vulnerabilities have been reported: a vulnerability was reported due to insufficient verification of input in an unspecified parameter before including a language file, which could let a remote malicious user include arbitrary files from external resources; and a vulnerability was reported in the internal template engine due to insufficient sanitization of input, which could let a remote malicious user execute arbitrary PHP code. Upgrades available at: There is no exploit code required; however a Proof of Concept exploit has been published. | SysCP Multiple Script Execution | High | Secunia Advisory: SA16347, August 8,2005 |
Windows API Emulator 20050725 | A vulnerability has been reported in 'winelauncher.in' due to the insecure creation of a temporary file in '/tmp,' which could let a malicious user create/overwrite arbitrary files. No workaround or patch available at time of publishing. There is no exploit code required. | Wine Wine Launcher.IN Local Insecure File Creation | Medium | Security Focus 14495, August 8, 2005 |
ekg 2005- | A vulnerability has been reported in 'contrib/scripts/linki.py' due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges. Debian: Ubuntu: There is no exploit code required. | Wojtek Kaniewski | Medium | Secunia Advisory: SA15889, Debian Security Advisory, Ubuntu Security Notice, USN-162-1, August 08, 2005 |
Ekspery-mentalny | Several vulnerabilities have been reported: a vulnerability was reported in 'contrib/ekgnv.sh,' 'contrib/getekg.sh,' and 'contrib/ekgh' due to the insecure creation of a temporary file, which could let a remote malicious user create/overwrite arbitrary files; and an SQL injection vulnerability was reported in 'contrib/scripts/ekgbot-pre1.py' due to an error, which could let a remote malicious user inject arbitrary shell commands. Debian: Ubuntu: There is no exploit code required. | Wojtek Kaniewski EKG Insecure Temporary File Creation & SQL Injection | High | Debian Security Advisory, Ubuntu Security Notice, USN-162-1, August 08, 2005 |
Ruby 1.8.2 | A vulnerability has been reported in the XMLRPC server due to a failure to set a valid default value that prevents security protection using handlers, which could let a remote malicious user execute arbitrary code. Fedora: TurboLinux: Debian: Gentoo: Mandriva: RedHat: Currently we are not aware of any exploits for this vulnerability. | Yukihiro Matsumoto Ruby XMLRPC Server Unspecified Command Execution | High | Fedora Update Notifications, Turbolinux Debian Security Advisory, DSA 748-1, July 11, 2005 Gentoo Linux Security Mandriva Linux Security Update Advisory, RedHat Security Advisory, RHSA-2005: |
| Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference | Risk | Source |
| Apache | A vulnerability has been reported in Apache which can be exploited by remote malicious user to smuggle http requests. Conectiva: Fedora: Mandriva: http://security.ubuntu.com/ TurboLinux: Currently we are not aware of any exploits for these vulnerabilities. | Apache HTTP Request Smuggling Vulnerability CAN-2005-1268 | Medium | Secunia, Advisory: SA14530, July 26, 2005 Conectiva, CLSA-2005:982, July 25, 2005 Fedora Update Notification Mandriva Linux Security Update Advisory, MDKSA-2005:129, Ubuntu Security Notice, USN-160-1, August 04, 2005 Turbolinux Security Advisory, TLSA-2005-81, |
Chipmunk Forum 1.3 | A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'fontcolor' parameter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploits have been published. | Chipmunk Forum 'fontcolor' Cross-Site Scripting
| Medium | Security Tracker Alert ID: 1014630, August 8, 2005 |
Cisco IOS | An IPv6 packet handling vulnerability has been reported in Cisco IOS that could let local malicious users cause a remote Denial of Service or potentially execute arbitrary code. Vendor fix available: Revision 1.6: Added a note to the Affected Products section. Software Versions and Fixes table updated for 12.2EZ. Revision 1.7: A working Proof of Concept exploit has been developed; however, it is currently not publicly available. | Cisco IOS Remote Denial of Service or Arbitrary Code Execution | High | Cisco Security Advisory, Document ID: 65783 Revision 1.5, August 1, 2005 Cisco Security Advisory, Document ID: 65783 Revision 1.6 & 1.7, August 3 & 5, 2005 |
eCommerce 3.0 | A Directory Traversal vulnerability has been reported in 'WCE.Download.php,' which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept has been published. | Comdev eCommerce 'WCE.Download. | Medium | Security Focus, 14479, August 5, 2005 |
eCommerce 3.0 | A vulnerability has been reported in the 'path[docroot]' parameter due to insufficient verification before including files, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept has been published. | Comdev ECommerce Config.PHP Remote File Include | High | Secunia Advisory: SA16346, August 8, 2005 |
Denora IRC Stats 1.0 | A buffer overflow vulnerability has been reported in the 'rdb_query()' function due to a boundary error, which could let a remote malicious user execute arbitrary code.
Upgrade available at: Currently we are not aware of any exploits for this vulnerability. | Denora IRC Stats Remote Buffer Overflow | High | Secunia Advisory: SA16281, August 4, 2005 |
e107 website system 0.617, 0.616, 0.603, 0.6 10 - 0.6 15a | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported because users can upload HTML and TXT attachments that contain JavaScript, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published for the Cross-Site Scripting vulnerability. | E107 Website System Cross-Site Scripting & HTML Injection | Medium | Security Focus, 14495 & 14508, August 8, 2005 |
Navisphere Manager 6.4-6.6 | Several vulnerabilities have been reported: a Directory Traversal vulnerability was reported due to insufficient validation of HTTP requests, which could let a remote malicious user obtain sensitive information; and an information disclosure vulnerability was reported because it is possible to list the contents of a directory. The vendor has addressed this issue in the latest version of the affected application. There is no exploit code required; however, Proofs of Concept exploits have been published. | EMC Navisphere Manager IEMC Navisphere Manager Directory Traversal & Information Disclosure | Medium | iDEFENSE Security Advisory, August 5, 2005 |
Ethereal | Multiple dissector and zlib vulnerabilities have been reported in Ethereal that could let remote malicious users cause a denial of service or execute arbitrary code. Upgrade to version 0.10.12: Fedora: Mandriva: Currently we are not aware of any exploits for these vulnerabilities. | Ethereal Denial of Service or Arbitrary Code Execution CAN-2005-2361 | High | Secunia, Advisory: SA16225, July 27, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:131,
|
FFTW 3.0.1 | A vulnerability has been reported due to the insecure creation of temporary files, which could let a malicious user create/overwrite arbitrary files.
No workaround or patch available at time of publishing. There is no exploit code required. | FFTW Insecure Temporary File Creation | Medium | Security Focus, 14501, August 8, 2005 |
FlatNuke 2.5.5 | Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'structure.php' due to insufficient sanitization of the 'bodycolor,' 'backimage,' 'theme,' and 'logo' parameters, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported due to insufficient sanitization of posted news articles before displaying to site administrators, which could let a remote malicious user execute arbitrary code; a vulnerability was ported due to insufficient sanitization of the 'firma' parameter when saving the user's signature to the user file, which could let a remote malicious user inject and execute arbitrary PHP commands; and a vulnerability was reported because it is possible to obtain path information. No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploits have been published. | FlatNuke Multiple Vulnerabilities | High | Secunia Advisory: SA16330, August 5, 2005 |
FunkBoard 0.66 CF | Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploits have been published. | FunkBoard Multiple Cross-Site Scripting | Medium | Security Focus, 13507, August 8, 2005 |
Fusebox 4.1.0 | A Cross-Site Scripting vulnerability has been reported in the 'index.cfm' due to insufficient sanitization of the 'fuseaction' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been reported. | Fusebox 'Index.CFM' Cross-Site Scripting | Medium | Security Focus, 14460, August 3, 2005 |
GBX 1.1 | Multiple vulnerabilities have been reported: an SQL injection vulnerability was reported in 'index.php' due to insufficient sanitization of the 'email' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a Cross-Site Scripting vulnerability was reported in 'deletethread.php' due to insufficient sanitization of the 'board_id' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'editcss.php' script due to insufficient access restrictions, which could let a remote malicious user execute arbitrary PHP scripts. No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploits and a script for the Cross-Site Scripting vulnerability have been published. | Gravity Board X Input Validation & Access Restrictions | High | Security Tracker Alert ID: 1014631, August 8, 2005 |
Inkscape 0.41 | A vulnerability has been reported in 'ps2epsi.sh' due to the insecure creation of a temporary file, which could let a malicious user create/overwrite arbitrary files. Upgrade available at: There is no exploit code required. | Inkscape 'ps2epsi.sh' Insecure Temporary File
| Medium | Security Focus 14522, August 9, 2005 |
Invision Board 1.0.3 | a Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Invision Power Board Cross-Site Scripting | Medium | Security Focus, 14492, August 8, 2005 |
Jax Petitionbook 3.31, Newsletter 2.14, Jax LinkLists 1.0 , Guestbook 3.31, Jax DWT Editor 1.0, Jax Calendar 1.34 | Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept has been published. | Jax PHP Scripts Multiple Cross-Site Scripting | Medium | Security Focus 14481, August 5,2 005 |
Jax Petitionbook 3.31, Newsletter 2.14, Jax LinkLists 1.0 , Guestbook 3.31, Jax DWT Editor 1.0, Jax Calendar 1.34 | Multiple vulnerabilities have been reported due to insufficient access validation, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept has been published. | Jax PHP Scripts Multiple Remote Information Disclosure | Medium | Security Focus 14482, August 5, 2005 |
Karrigell 2.1-2.1.5, 2.0-2.0.5, 1.x | A vulnerability has been reported in a karrigell services (.ks) script due to insufficient validation of user-supplied input, which could let a remote malicious user execute arbitrary python code. Upgrades available at: There is no exploit code required; however, Proofs of Concept exploits have been published. | Karrigell Arbitrary Python Code Execution | High | Secunia Advisory: SA16319, August 3, 2005 |
KDE 3.4, | A vulnerability has been reported in KDE Kate and KWrite because backup files are created with default permissions even if the original file had more restrictive permissions set, which could let a local/remote malicious user obtain sensitive information.
Patches available at: Fedora: Mandriva: RedHat: Conectiva: There is no exploit code required. | KDE Kate, KWrite Local Backup File Information Disclosure | Medium | Security Tracker Alert ID: 1014512, July 18, 2005 Fedora Update Notification, Mandriva Linux Security Update Advisory, MDKSA-2005:122, July 20, 2005 RedHat Security Advisory, RHSA-2005:612-07, July 27, 2005 Conectiva Linux Announcement, CLSA-2005:988, August 4, 2005 |
OpenBB 1.1 .0 | Multiple SQL injection vulnerabilities have been reported in 'board.php,' read.php,' and member.php' due to insufficient sanitization of the 'FID,' 'TID,' and 'UID' parameters before used in a SQL query, which could let a malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploits have been published. | OpenBB Multiple SQL Injection | Medium | Secunia Advisory: SA16369, August 9, 2005 |
Logicampus 1.1 .0 | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of input passed to the helpdesk before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. Upgrade available at: There is no exploit code required. | Medium | Security Focus, 14472, August 4, 2005 | |
Sphereon Fabric Switch 4500, 4300, Intrepid Director Switch 6140, 6064, | A remote Denial of Service vulnerability has been reported due to a failure to recover from network broadcast storms. Update to E/OS 6.0.0 or later (E/OS 7.01.00 in patch 119550-01 also contains the fix). Sun: There is no exploit code required. | McDATA E/OS Remote Denial of Service | Low | Sun(sm) Alert Notification, 101833, August 3, 2005 Secunia Advisory: SA16295, August 4, 2005 |
Metasploit Framework 2.0-2.4, 1.0 | A vulnerability has been reported in the 'StateToOptions()' function because the '_Defanged' environment variable can be overwritten, which could let a remote malicious user bypass security restrictions. Contact the vendor for further information on obtaining fixes. There is no exploit code required. | Metasploit Framework MSFWeb Defanged Mode Restriction Bypass | Medium | Secunia Advisory: SA16318, August 2, 2005 |
myFAQ 1.0 | SQL injection vulnerabilities have been reported due to insufficient sanitization of the 'Theme,' 'SousTheme,' 'Question,' and 'Faq' parameters before using in SQL queries, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. | MyFAQ Multiple SQL Injection | Medium | SVadvisory#13, August 6, 2005 |
MySQL 5.0 .0-0-5.0.4, 4.1 .0-0-4.1.5, 4.0.24, 4.0.21, 4.0.20 , 4.0.18, 4.0 .0-4.0.15 | A buffer overflow vulnerability has been reported due to insufficient bounds checking of data that is supplied as an argument in a user-defined function, which could let a remote malicious user execute arbitrary code. This issue is reportedly addressed in MySQL versions 4.0.25, 4.1.13, and 5.0.7-beta available at: Currently we are not aware of any exploits for this vulnerability. | MySQL User-Defined Function Buffer Overflow | High | Security Focus 14509 , August 8, 2005 |
PHP-Fusion 6.0.105, 6.0.106, 5.0 1 Service Pack, 5.0, 4.0 1, 4.00 | An SQL injection vulnerability was reported in 'Messages.php' script due to insufficient input validation before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHP-Fusion 'Messages.PHP' SQL Injection | Medium | Security Focus 14489, August 6, 2005 |
Calendar Express 2.0 | Several vulnerabilities have been reported: an SQL injection vulnerability was reported in several scripts due to insufficient sanitization of the 'cid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported in 'search.php' due to insufficient sanitization of the 'allwords' parameter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploits have been published. | Calendar Express SQL Injection & Cross-Site Scripting | Medium | Secunia Advisory: SA16353, August 9, 2005 |
PHPMailer 1.7-1.7.2 | A remote Denial of Service vulnerability has been reported in 'class.smtp.php' due to an error when processing overly long headers in the 'Data()' function. PHPMailer: Xoops: There is no exploit code required; however, a Proof of Concept exploit has been published. | PHPMailer 'Data()' Function Remote Denial of Service | Low | Security Tracker Alert, 1014069, May 28, 2005 Security Focus, 13805, August 9, 2005 |
PHPOpenChat 3.0.2 | Multiple Cross-Site Scripting vulnerabilities. have been reported due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | PHPOpenChat Multiple Cross-SIte Scripting | Medium | HSC Security Group Advisory, August 5, 2005 |
PHPSiteStats 1.0 | A vulnerability has been reported in the login script due to an unspecified error, which could let a remote malicious user bypass authentication routines. Update available at: There is no exploit code required. | PHPSiteStats Authentication Bypass | Medium | Secunia Advisory: SA16361, August 8, 2005 |
PortailPHP 2.4 | An SQL injection vulnerability has been reported in 'Index.php' due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PortailPHP 'Index.PHP' SQL Injection | Medium | Security Focus, 14474, August 4, 2005 |
SilverNews 2.0.3 | An SQL injection vulnerability has been reported in 'Admin.php' due to insufficient sanitization of the username before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code or bypass authentication to obtain access to the administrative section. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | SilverNews 'Admin.PHP' SQL Injection | Medium | Security Focus, 14466, August 3, 2005 |
SquirrelMail 1.4.0 through 1.4.4 | Multiple vulnerabilities have been reported that could let remote malicious users conduct Cross-Site Scripting attacks. Upgrade to 1.4.4 and apply patch: http://prdownloads. Gentoo: Mandriva: Debian: RedHat: There is no exploit code required. | SquirrelMail Cross-Site Scripting Vulnerabilities | Medium | SquirrelMail Advisory, June 15, 2005 Gentoo Linux Security Advisory, GLSA 200506-19, June 21, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:108, July 1, 2005 Debian Security Advisory , DSA 756-1, July 13, 2005 RedHat Security Advisory, RHSA-2005:595-12, August 3, 2005 |
SquirrelMail 1.4.0-1.4.5-RC1. | A vulnerability has been reported in 'options_identities.php' because parameters are insecurely extracted, which could let a remote malicious user execute arbitrary HTML and script code, or obtain/manipulate sensitive information. Upgrades available at: Debian: RedHat: There is no exploit code required. | SquirrelMail Variable Handling | High | GulfTech Security Research Debian Security Advisory, RedHat Security Advisory, RHSA-2005:595-12, August 3, 2005 |
tDiary 2.1.1, 2.0.1 | A vulnerability has been reported due to a failure to perform validity checks on user's requests, which could let a remote malicious user edit/delete entries or configurations. Upgrades available at: There is no exploit code required. | TDiary Cross-Site Request Forgery | Medium | Security Focus, 14500, August 8, 2005 |
Web Content Management | A Cross-Site Scripting vulnerability has been reported a vulnerability in 'Includes/validsession.php' due to insufficient due to insufficient satiation of the 'strRootpath' parameter and in 'Admin/News/List.php' due to insufficient sanitization of the 'strTable' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'Admin/Users/ No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploits and script have been published. | Web Content Management Cross-Site Scripting & Authentication Bypass | Medium | Security Tracker Alert ID: 1014616, August 3, 2005 |
XMB Forum .9.1 | An SQL injection vulnerability has been reported in 'U2U.Inc.PHP' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. | XMB Forum U2U.Inc.PHP SQL Injection | Medium | Security Focus 14523, August 9, 2005 |
[back to top] Wireless
The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.
- Bluetooth: Those Spying Eyes: Security concerns regarding the use of Bluetooth technology is on the rise. According to Ollie Whitehouse, architect of Symantec's research division, infiltration is possible anywhere large groups of people are using Bluetooth for extended periods, e.g., in an airport. Whitehouse and his colleagues have coined the term "war nibbling" to describe the act of taking a lot of small bits of data. Source: http://www.varbusiness.com/showArticle.jhtml;jsessionid=SAPFFS2NWZRBOQS
NDBCSKHSCJUMEKJVN?articleID=166403057. - Wireless Networking Moves Into the Mainstream: Infonetics Research, a networking market analyst and consulting firm based in the United States and Europe, recently published a study to determine product requirements and implementation plans of organizations that have implemented WLANs or will do so in the next year. Another goal of the study was to understand key deployment drivers. Source: http://www.varbusiness.com/showArticle.jhtml;jsessionid=SAPFFS2NWZRBOQSNDBCSKH
SCJUMEKJVN?articleID=166403050. - Groups team up for Wi-Fi spec: Three competing groups have agreed to work together on the proposed 802.11n wireless protocol. This is a move that could speed up ratification of the standard.
Source: http://www.itweek.co.uk/itweek/news/2140913/groups-team-wi-spec.
Wireless Vulnerabilities
- Nothing significant to report.
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
Date of Script | Script name | Workaround or Patch Available | Script Description |
| August 10, 2005 | aircrack-2.21.tgz | N/A | An 802.11 WEP cracking program that can recover a 40-bit or 104-bit WEP key once enough encrypted packets have been gathered. |
| August 10, 2005 | funkboard066.txt | No | Exploit details for the FunkBoard Multiple Cross-Site Scripting vulnerability. |
| August 10, 2005 | openSQL.txt | No | Sample exploit for the OpenBB Multiple SQL Injection vulnerability. |
| August 10, 2005 | scapy-1.0.0.tar.gz | N/A | A powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. |
| August 8, 2005 | GBX-CSS-exp.zip | No | Exploit script for the Gravity Board Cross-Site Scripting vulnerability. |
| August 6, 2005 | citiBypass.txt | N/A | Write up that discusses a methodology to bypass Citibank Virtual Keyboard Protection, a mechanism to help protect against keyloggers and spyware. |
| August 6, 2005 | JaxXSS.txt | No | Exploitation details for the Jax PHP Scripts Multiple Cross-Site Scripting vulnerabilities. |
| August 6, 2005 | nbSMTP_fsexp.c | Yes | Exploit for the no-brainer SMTP Client 'log_msg' Format String vulnerability. |
| August 5, 2005 | aircrack-2.2.tgz | N/A | Aircrack is an 802.11 WEP cracking program that can recover a 40-bit or 104-bit WEP key once enough encrypted packets have been gathered. |
| August 5, 2005 | Easyxp41.txt | No | Exploit for the Easy PX41 CMS Cross-Site Scripting or Information Disclosure vulnerability. |
| August 5, 2005 | edituserxp.sh | Yes | Proof of Concept exploit for the Lantronix Secure Console Server 'edituser' Buffer Overflow vulnerability. |
| August 5, 2005 | eventum.pl.txt | Yes | Proof of Concept exploit for the MySQL Eventum SQL Injection vulnerability. |
| August 5, 2005 | FlatNuke-codexec.zip flatnuke.html | No | Exploits for the FlatNuke User Data Arbitrary PHP Code Execution , Cross-Site Scripting, and Path Disclosure vulnerabilities. |
| August 5, 2005 | phrack63.tar.gz | N/A | Phrack Magazine Issue 63 includes: Phrack Prophile on Tiago, OSX heap exploitation techniques, Hacking Windows CE, Games with kernel Memory...FreeBSD Style, Raising The Bar For Windows Rootkit Detection, Embedded ELF Debugging, Hacking Grub for Fun and Profit, Advanced antiforensics : SELF, Process Dump and Binary Reconstruction, Next-Gen. Runtime Binary Encryption, Shifting the Stack Pointer, NT Shellcode Prevention Demystified, PowerPC Cracking on OSX with GDB, Hacking with Embedded Systems, Process Hiding and The Linux Scheduler, Breaking Through a Firewall, Phrack World News. |
| August 5, 2005 | pluggedBlog.txt | No | Detailed exploitation technique for the Plugged-Blog Multiple Vulnerabilities. |
| August 5, 2005 | qlite.html | No | Proof of Concept exploit for the qliteNews arbitrary database manipulation and Cross-Site Scripting vulnerabilities. |
| August 5, 2005 | webc.html | No | Proof of Concept exploit fir the Web Content Management Cross-Site Scripting & Authentication Bypass vulnerability. |
| August 5, 2005 | yersinia-0.5.5.tar.gz | N/A | Yersinia implements several attacks for the following protocols: Spanning Tree (STP), Cisco Discovery (CDP), Dynamic Host Configuration (DHCP), Hot Standby Router (HSRP), Dynamic Trunking (DTP), 802.1q and VLAN Trunking (VTP), helping a pen-tester with different tasks. |
| August 3, 2005 | CABrightStorSQL.c | Yes | Exploit for the the Computer Associates BrightStor ARCserve Backup Remote Buffer Overflow vulnerability. |
| August 2, 2005 | prorat_server_dos.c | No | Proof of Concept Denial of Service exploit for the ProRat Server Remote Buffer Overflow vulnerability. |
[back to
top]
name=trends>Trends
- Get Up, Stand Up, Pharming Is On The Rise: Pharming is one of the latest online scams and a rapidly growing threat that has been showing up on the Internet. It’s a new way for criminals to try to get into your computer so they can steal your personal data that works by redirecting your Internet browser.
Source: http://www.crime-research.org/news/09.08.2005/1416/ . - Scanning Activity on Port 6070/tcp: US-CERT has seen reports indicating an increase in scanning activity of port 6070/tcp. This port is used by Computer Associates BrightStor ARCserve. Source: http://www.us-cert.gov/current/.
- ID theft ring hits 50 banks, security firm says: A major identity theft ring discovered last weekly by Sunbelt Software, a security firm, has affected the customers of at least 50 banks. In a statement made by Sunbelt, the operation, which is being investigated by the FBI, is gathering personal data from "thousands of machines" using keystroke logging software. The data collected includes credit card details, Social Security numbers, usernames, passwords, instant messaging chat sessions and search term. Source: http://news.zdnet.com/2100-1009_22-5823591.html.
- Government computers top target for cyberattacks: According to IBM's Global Business Security Index report, cyberattacks on computer systems escalated in the first half of 2005 and government agencies were targeted more than any other business sector, In the first half of 2005, there were more than 237 million security attacks worldwide, with 54 million directed at the U.S. government. The manufacturing sector received about 36 million attacks, followed by the financial services industry with 34 million and health care with 17 million. Source: http://www.govexec.com/dailyfed/0805/080505p1.htm.
- New Trend Found In IM Enterprise Threats: A security firm, Akonix Systems, reported that nearly a quarter more new viruses threatening corporate computers through employee use of public instant-messaging networks were discovered in July. Including one that reflected a new trend of attacking multiple IM systems. A total of 42 new threats were tracked in July, a 24 percent increase over the previous month. Source: http://www.techweb.com/wire/security/167101004.
- U.S. Passes the Buck on Identity Theft: A year ago President George W. Bush signed into law the Identity Theft Penalty Enhancement Act in response to the growing proliferation of Internet scams, such as phishing, pharming and other ploys aimed at stealing consumers' private information electronically. However, the evidence suggests that this new law has done nothing to reduce identity theft or fraud.
The number of publicly known identity theft cases has increased dramatically over the past year. Since January of 2005, there have been over 63 data-security breaches exposing nearly 50 million identities. Source: http://www.newsfactor.com/story.xhtml?story_id=37545. - First potential virus risk for Windows Vista found: Virus writers are targeting a new Microsoft tool that will be part of Windows and is set to ship as part of the next Exchange e-mail server release. According to F-Secure, a virus writer has published the first examples of malicious code that targets Microsoft's upcoming command-line shell, code-named Monad. If the technology is included in Windows Vista, these could be one of the first viruses to target the new operating system formerly known as Longhorn. Source: http://news.zdnet.com/2100-1009_22-5819428.html?tag=zdfd.newsfeed.
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trend | Date |
face="Arial, Helvetica, sans-serif">Description |
| 1 | Netsky-P | Win32 Worm | Stable | March 2004 | A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared files. |
| 2 | Mytob.C | Win32 Worm | Slight Increase | March 2004 | A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. |
| 3 | Zafi-D | Win32 Worm | Slight Decrease | December 2004 | A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. |
| 4 | Netsky-Q | Win32 Worm | Stable | March 2004 | A mass-mailing worm that attempts to launch Denial of Service attacks against several web pages, deletes the entries belonging to several worms, and emits a sound through the internal speaker. |
| 5 | Mytob-BE | Win32 Worm | Slight Decrease | June 2005 | A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data. |
| 6 | Mytob-AS | Win32 Worm | Stable | June 2005 | A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine. |
| 7 | Zafi-B | Win32 Worm | Increase | June 2004 | A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names. |
| 8 | Netsky-D | Win32 Worm | Slight Increase | March 2004 | A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. |
| 9 | Netsky-Z | Win32 Worm | Decrease | April 2004 | A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665. |
| 10 | Lovgate.w | Win32 Worm | Decrease | April 2004 | A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. |
Table updated August 6, 2005
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we welcome your feedback.