Summary of Security Items from August 24 through August 30, 2005
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
| Windows Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference | Risk | Source |
BFCommand & Control Server Manager 1.22_A & prior BFCommand & Control Vietman Server Manager 2.00_A & prior, 2.14_B | Multiple vulnerabilities have been reported in BFCommand & Control Server Manager and BFCommand & Control Vietman Server Manager that could let remote malicious users cause a Denial of Service or obtain elevated privileges. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | BFCommand & Control Server Managers Multiple Vulnerabilities | Medium | Secunia, Advisory: SA16629, August 30, 2005 |
Home FTP Server r1.0.7 b45 | A Directory Traversal vulnerability has been reported in Home FTP Server that could let remote malicious users access arbitrary files. No workaround or patch available at time of publishing. There is no exploit code required. | Home FTP Server Arbitrary File Access | Medium | Secunia, Advisory: SA16556, August 25, 2005 |
LeapFTP 2.7.0 to 2.7.5 | A buffer overflow vulnerability has been reported in LeapFTP that could let local malicious users execute arbitrary code. Upgrade to version 2.7.6: There is no exploit code required; however, a Proof of Concept exploit script has been published. | LeapFTP Arbitrary Code Execution | High | Security Tracker, Alert ID: 1014785, August 24, 2005 |
IMRadio 1.0_pre7, 1.0_pre6-r4, 1.0pre6-3.3.5-20050130 | A vulnerability has been reported in IMRadio that could let local malicious users disclose password information. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | IMRadio Password Disclosure
| Medium | Security Tracker, Alert ID: 1014780, August 24, 2005 |
Internet Explorer 5.5, 6 | A vulnerability has been reported in Internet Explorer ('msdds.dll' COM Object) that could let remote malicious users execute arbitrary code. Vendor workarounds available: Advisory update to specify additional versions of 'msdds.dll' and to include additional mitigating factors. An exploit script has been published. | High | Microsoft Security Advisory 906267, August 18, 2005 Microsoft Security Advisory 906267, August 25, 2005 | |
Symantec AntiVirus Corporate Edition 9.0, 9.0.1, 9.0.2 Symantec Client Security 2.0.1, 2.0.2 | A vulnerability has been reported in Symantec AntiVirus Corporate Edition and Symantec Client Security (help function) that could let local malicious users obtain elevated privileges. Vendor fix available: There is no exploit code required. | Symantec AntiVirus Corporate Edition and Client Security Privilege Elevation href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2017">CAN-2005-2017 | Medium | Symantec Security Response, ID: SYM05-012, August 24, 2005 |
BlueWhaleCRM 1.0, 1.0.2 | A vulnerability has been reported in BlueWhaleCRM that could let remote malicious users perform SQL injection. No workaround or patch available at time of publishing. There is no exploit code required. | BlueWhaleCRM SQL Injection | Medium | Security Focus, ID: 14697, August 30, 2005 |
ZipTorrent 1.3.7.3 | A vulnerability has been reported in ZipTorrent that could let local malicious users disclose password information. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | ZipTorrent Password Disclosure | Medium | Secunia, Advisory: SA16542, August 24, 2005 |
| UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference | Risk | Source |
Backup Manager 0.5.6, 0.5.7 | A vulnerability has been reported because archives are created with insecure permissions, which could let a remote malicious user obtain sensitive information. Upgrades available at: Debian: There is no exploit code required. | Alexis Sukrieh Backup Manager Information Disclosure | Medium | Security Tracker Alert, 1014124, June 7, 2005 Debian Security Advisory, DSA 787-1, August 26, 2005 |
Astaro Security Linux 6.0 01 | A vulnerability has been reported due to a weakness that may allow remote malicious user to connect to arbitrary ports which could lead to access control bypass.
This issue was reportedly fixed by the vendor in Astaro Security Linux 6.002 There is no exploit code required; however, a Proof of Concept exploit has been published. | Astaro Security Linux HTTP CONNECT Unauthorized Access | Medium | Security Focus Bugtraq ID: 14665, August 25, 2005 |
BlueZ 2.18 & prior | A vulnerability has been reported due to insufficient sanitization of input passed as a remote device name, which could let a remote malicious user execute arbitrary code. Upgrades available at: Gentoo: Debian: Mandriva: There is no exploit code required. | BlueZ Arbitrary Command Execution
| High | Security Focus 14572, August 16, 2005 Gentoo Linux Security Advisory, GLSA 200508-09, August 17, 2005 Debian Security Advisory, DSA 782-1, August 23, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:150, August 25, 2005 |
bzip2 1.0.2 | A remote Denial of Service vulnerability has been reported when processing malformed archives. Ubuntu: Mandriva: TurboLinux: SUSE: OpenPKG: RedHat: FreeBSD: Conectiva: Debian: SGI: IPCop: Currently we are not aware of any exploits for this vulnerability. | Low | Ubuntu Security Notice, Mandriva Linux Security Update Advisory, Turbolinux SUSE Security Summary OpenPKG RedHat Security Advisory, FreeBSD Conectiva Debian SGI Security Advisory, 20050605 Security Focus, Bugtraq ID: 13657, August 26, 2005 | |
Courier Mail Server 0.50 | A remote Denial of Service vulnerability has been reported in the 'spf.c' source file when processing Sender Policy Framework (SPF) data. Upgrade available at: Debian: Ubuntu: Currently we are not aware of any exploits for this vulnerability. | Courier Mail Server Remote Denial of Service | Low | Secunia Advisory: SA15901, July 4, 2005 Debian Security Advisory, DSA 784-1, August 25, 2005 Ubuntu Security Notice, USN-174-1, August 26, 2005 |
ELM 2.5.5-2.5.7
| A buffer overflow vulnerability has been reported due to insufficient parsing of SMTP 'Expires' header lines, which could let a remote malicious user execute arbitrary code. Update to Elm 2.5 PL8 available at: RedHat: A Proof of Concept exploit script has been published. | Elm 'Expires' Header Remote Buffer Overflow | High | Security Tracker Alert ID: 1014745, August 20, 2005 RedHat Security Advisory, RHSA-2005:755-07, August 23, 2005 |
FreeRADIUS 1.0.2 | Two vulnerabilities have been reported: a vulnerability was reported in the 'radius_xlat()' function call due to insufficient validation, which could let a remote malicious user execute arbitrary SQL code; and a buffer overflow vulnerability was reported in the 'sql_escape_func()' function, which could let a remote malicious user execute arbitrary code. Gentoo: SuSE: FreeRadius: RedHat: SGI: Fedora: There is no exploit code required. | High | Security Gentoo Linux Security SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005 Security Focus, 13541, RedHat SGI Security Advisory, 20050606- Fedora Update Notification, | |
shtool 2.0.1 & prior | A vulnerability has been reported that could let a local malicious user gain escalated privileges. The vulnerability is caused due to temporary files being created insecurely. Gentoo: OpenPKG: RedHat: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> SGI: Ubuntu: Debian: There is no exploit code required. | GNU shtool Insecure | Medium | Secunia Advisory, SA15496, Gentoo Linux Security Advisory, GLSA 200506 OpenPKG Trustix Secure Linux Security Advisory, SGI Security Advisory, 20050703-01-U, July 15, 2005 Ubuntu Security Notice, USN-171-1, August 20, 2005 Debian Security Advisory, DSA 789-1, August 29, 2005 |
HP-UX B.11.23, B.11.11, B.11.00 | A vulnerability has been reported in systems running the Veritas File System (VxFS), which could let a malicious user obtain sensitive information. Patches information available at: Currently we are not aware of any exploits for this vulnerability. | HP-UX Veritas File System Information Disclosure | Medium | HP Security Bulletin, HPSBUX01218, August 24, 2005 |
SqWebMail 5.0.4, 5.0 .1, 5.0.0, 4.0.5 -4.0.7, 4.0.4.20040524, 3.6.1, 3.6 .0, 3.5.0-3.5.3 , 3.4.1 | A vulnerability has been reported due to insufficient sanitization of HTML emails, which could let a remote malicious user execute arbitrary HTML and script code. Updates available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | SqWebMail HTML Email Arbitrary Code Execution
| Medium | Secunia Advisory: SA16600, August 29, 2005 |
lm_sensors 2.9.1 | A vulnerability has been reported in the 'pwmconfig' script due to the insecure creation of temporary files, which could result in a loss of data or a Denial of Service. Ubuntu: Mandriva: Gentoo: There is no exploit code required. | LM_sensors PWMConfig Insecure Temporary File Creation | Low | Security Focus, Bugtraq ID: 14624, August 22, 2005 Ubuntu Security Notice, USN-172-1, August 23, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:149, August 25, 2005 Gentoo Linux Security Advisory, GLSA 200508-19, August 30, 2005 |
maildrop 1.5.3 | A vulnerability has been reported in lockmail, which could let a malicious user obtain elevated privileges. Debian: There is no exploit code required. | Maildrop Lockmail Privilege Elevation | Medium | Debian Security Advisory, DSA 791-1, August 30, 2005 |
Kismet 2005-07-R1 | Multiple vulnerabilities have been reported: an integer underflow vulnerability was reported when handling pcap files; a vulnerability was reported due to an unspecified error when handling non-printable characters in SSID; and a integer underflow vulnerability was reported in the data frame dissection, which could possibly lead to the execution of arbitrary code. Upgrade available at: Gentoo: Debian: Currently we are not aware of any exploits for these vulnerabilities. | Kismet Multiple Remote Vulnerabilities | High | Security Focus, Bugtraq ID 14430, August 16, 2005 Gentoo Linux Security Advisory, GLSA 200508-10, August 19, 200 Debian Security Advisory, DSA 788-1, August 29, 2005 |
MPlayer 1.0 pre7, .0 pre6-r4, 1.0 pre6-3.3.5-20050130 | A buffer overflow vulnerability has been reported due to insufficient validation of user-supplied strings, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | MPlayer Audio Header Buffer Overflow | High | Security Tracker Alert ID: 1014779, August 24, 2005 |
OpenLDAP 2.1.25; Padl Software pam_ldap Builds 166, 85, 202, 199, 198, 194, 183-192, 181, 180, 173, 172, 122, 121, 113, 107, 105 | A vulnerability has been reported in OpenLDAP, 'pam_ldap,' and 'nss_ldap' when a connection to a slave is established using TLS and the client is referred to a master, which could let a remote malicious user obtain sensitive information. Trustix: Gentoo: Mandriva: Ubuntu: TurboLinux: There is no exploit code required. | Multiple Vendors TLS Plaintext Password | Medium | Trustix Secure Gentoo Linux Security Mandriva Linux Security Update Advisory, Ubuntu Security Notice, USN-152-1, July 21, 2005 Turbolinux Security Advisory, TLSA-2005-86 & 87, August 29, 2006 |
RedHat Fedora Core3; | A remote Denial of Service vulnerability has been reported in the 'bgp_update_print()' function in 'print-bgp.c' when a malicious user submits specially crafted BGP protocol data. Update available at: Fedora: Trustix:
href="ftp://ftp.trustix.org/pub/trustix/updates/"> Mandriva: Fedora: Ubuntu: TurboLinux: Slackware: IPCop: A Proof of Concept exploit script has been published. | TCPDump BGP Decoding Routines Denial of Service | Low | Security Tracker Alert, 1014133, June 8, 2005 Fedora Update Notification, Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005 Mandriva Linux Security Update Advisory, Fedora Update Notification, Ubuntu Security Notice, Turbolinux Slackware Security Security Focus, Bugtraq ID: 13906, August 26, 200-5 |
zlib 1.2.2, 1.2.1, 1.2 .0.7, 1.1-1.1.4, 1.0-1.0.9; Ubuntu Linux 5.0 4, powerpc, i386, amd64, 4.1 ppc, ia64, ia32; SuSE Open-Enterprise-Server 9.0, Novell Linux Desktop 9.0, Linux Professional 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Personal 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Enterprise Server 9; Gentoo Linux; | A buffer overflow vulnerability has been reported due to insufficient validation of input data prior to utilizing it in a memory copy operation, which could let a remote malicious user execute arbitrary code. Debian: FreeBSD: Gentoo: SUSE: Ubuntu: Mandriva: OpenBSD: OpenPKG: RedHat: Trustix: Slackware: TurboLinux: Fedora: zsync: Apple: SCO: IPCop: Currently we are not aware of any exploits for this vulnerability. | Zlib Compression Library Buffer Overflow | High | Debian Security Advisory FreeBSD Security Advisory, Gentoo Linux Security Advisory, GLSA 200507- SUSE Security Announcement, SUSE-SA:2005:039, Ubuntu Security Notice, RedHat Security Advisory, RHSA-2005:569-03, Fedora Update Notifications, Mandriva Linux Security Update Advisory, OpenPKG Trustix Secure Slackware Security Turbolinux Security Fedora Update Notification, FEDORA-2005-565, July 13, 2005 SUSE Security Summary Security Focus, 14162, July 21, 2005 USCERT Vulnerability Note VU#680620, July 22, 2005 Apple Security Update 2005-007, SCO Security Advisory, SCOSA-2005.33, August 19, 2005 Security Focus, Bugtraq ID: 14162, August 26, 2005 |
dhcpcd 1.3.22 | A vulnerability has been reported in dhcpcd that could let a remote user perform a Denial of Service. Debian: Mandriva: Gentoo: Conectiva: RedHat: Debian:
href=" http://security.debian.org/pool/updates/main/q/qpopper/"> IPCop: Currently we are not aware of any exploits for this vulnerability. | dhcpcd Denial of Service | Low | Secunia, Advisory: SA15982, July 11, 2005 Debian Security Advisory, DSA 750-1, July 11, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:117, July 13, 2005 Gentoo Linux Security Advisory, GLSA 200507-16, July 15, 2005 Conectiva, CLSA-2005:983, July 25, 2005 RedHat Security Advisory, RHSA-2005:603-07, July 27, 2005 Debian Security Advisor, DSA 773-1, August 11, 2005 Security Focus, Bugtraq ID: 14206 , August 26, 2005 |
Linux kernel 2.6 | A Denial of Service vulnerability has been reported when processing specially crafted ELF headers on 64 bit x86 platforms.
Updates available at: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel 64 Bit ELF Header Denial of Service | Low | Security Focus, Bugtraq ID: 14661, August 25, 2005 |
Linux kernel 2.6-2.6.12 .1 | A vulnerability has been reported due to insufficient authorization before accessing a privileged function, which could let a malicious user bypass IPSEC policies.
Ubuntu: This issue has been addressed in Linux kernel 2.6.13-rc7. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel IPSec Policies Authorization Bypass | Medium | Ubuntu Security Notice, USN-169-1, August 19, 2005 Security Focus, Bugtraq ID 14609, August 19, 2005 Security Focus, Bugtraq ID 14609, August 25, 2005 |
Simpleproxy 3.0-3.2 , 2.2b; | A format string vulnerability has been reported when handling HTTP proxy replies, which could let a remote malicious user execute arbitrary code. Upgrades available at: Debian: Currently we are not aware of any exploits for this vulnerability. | Simpleproxy HTTP Proxy Reply Format String | High | Debian Security Advisory, DSA 786-1, August 26, 2005 |
Turbolinux
| Multiple vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when a malicious user submits a specially crafted TCP connection that causes the Key Distribution Center (KDC) to attempt to free random memory; a buffer overflow vulnerability was reported in KDC due to a boundary error when a specially crafted TCP or UDP request is submitted, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in 'krb/recvauth.c' which could let a remote malicious user execute arbitrary code. MIT: Mandriva: Fedora: RedHat: Sun: SuSE: Trustix: TurboLinux: SGI: Debian: Conectiva: Sun: Currently we are not aware of any exploits for these vulnerabilities. | Kerberos V5 Multiple Vulnerabilities | High | MIT krb5 Security Advisory, RedHat Security Advisory, Sun(sm) Alert Notification, 101809, July 12, 2005 Fedora Update Notifications, SUSE Security Summary Turbolinux Mandriva Linux Security Update Advisory, Trustix Secure SGI Security Advisory, 20050703-01-U, July 15, 2005 Debian Security Advisory, Conectiva Linux Advisory, Sun(sm) Alert Notification |
Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
| Multiple format string vulnerabilities have been reported: a vulnerability was reported when vCard information is attached to an email message, which could let a remote malicious user execute arbitrary code; a vulnerability was reported when specially crafted contact data that has been retrieved from an LDAP server is displayed, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported when specially crafted task list data that has been retrieved from remote servers and the data that has been saved under the 'Calendars' tab is displayed, which could let a remote malicious user execute arbitrary code. Updates available at: Ubuntu: Mandriva: SUSE: Gentoo: RedHat: Currently we are not aware of any exploits for these vulnerabilities. | High | Secunia Advisory: SA16394, August 11, 2005 Ubuntu Security Notice, USN-166-1, August 11, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:141, August 18, 2005 SUSE Security Summary Report, SUSE-SR:2005:019, August 22, 2005 Gentoo Linux Security Advisory, GLSA 200508-12, August 23, 200 RedHat Security Advisory, RHSA-2005:267-10, August 29, 2005 | |
X.org X11R6 6.7.0, 6.8, 6.8.1; | An integer overflow vulnerability exists in 'scan.c' due to insufficient sanity checks on on the 'bitmap_unit' value, which could let a remote malicious user execute arbitrary code. Patch available at:
link="#999999"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-08.xml"> Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/"> Gentoo:
href=" http://security.gentoo.org/glsa/glsa-200503-15.xml"> Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/x/xfree86/"> ALTLinux: Fedora: RedHat: SGI: RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-044.html"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Mandriva: Debian: RedHat: RedHat: RedHat: Apple: Fedora: Currently we are not aware of any exploits for this vulnerability. | High | Security Focus, Gentoo Linux Ubuntu Security Gentoo Linux Ubuntu Security ALTLinux Security Advisory, March 29, 2005 Fedora Update Notifications, RedHat Security Advisory, SGI Security Advisory, 20050401-01-U, April 6, 2005 RedHat Security Advisory, RHSA-2005:044-15, April 6, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:080, April 29, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:081, May 6, 2005 Debian Security Advisory, DSA 723-1, May 9, 2005 RedHat Security Advisory, RHSA-2005:412-05, May 11, 2005 RedHat Security Advisory, RHSA-2005:473-03, May 24, 2005 RedHat Security Advisory, RHSA-2005:198-35, June 8, 2005 Fedora Update Notifications, | |
Affix 3.0-3.2, | A vulnerability has been reported in the 'event_pin_code_request()' function due to an input validation error, which could let a remote malicious user inject arbitrary shell commands via a specially crafted Bluetooth device name. Patches available at: http://affix.sourceforge.net/ There is no exploit code required. | Nokia Affix BTSRV Device Name Remote Command Execution | High | DMA 2005-0826a Advisory, August 26, 2005 |
pam_ldap Build 179, Build 169 | A vulnerability has been reported when handling a new password policy control, which could let a remote malicious user bypass authentication policies. Upgrades available at: There is no exploit code required. | PADL Software PAM_LDAP Authentication Bypass | Medium | Bugtraq ID: 14649, August 24, 2005 |
PCRE 6.1, 6.0, 5.0 | A vulnerability has been reported in 'pcre_compile.c' due to an integer overflow, which could let a remote/local malicious user potentially execute arbitrary code. Updates available at: Ubuntu: Ubuntu: Fedora: Gentoo: Mandriva: Currently we are not aware of any exploits for this vulnerability. | PCRE Regular Expression Heap Overflow | High | Secunia Advisory: SA16502, August 22, 2005 Ubuntu Security Notice, USN-173-1, August 23, 2005 Ubuntu Security Notices, USN-173-1 & 173-2, August 24, 2005 Fedora Update Notifications, Gentoo Linux Security Advisory, GLSA 200508-17, August 25, 2005 Mandriva Linux Security Update Advisories, MDKSA-2005:151-155, August 25, 26, & 29, 2005 |
paFileDB 3.1 | An SQL injection vulnerability has been reported in 'auth.php' due to insufficient sanitization of the 'user' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PAFileDB 'Auth.PHP' SQL Injection | Medium | SePro Advisory #5, August 24, 2005 |
phpMyAdmin 2.6 .0-2.6.3, 2.5 .0-2.5.7, 2.4 .0, 2.3.2, 2.3.1, 2.2 -2.2.6, 2.1-2.1 .2, 2.0-2.0.5 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability has been reported in 'libraries/auth/cookie.auth.lib.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability has been reported in 'error.php' due to insufficient sanitization of the 'error' parameter, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | PHPMyAdmin Cross-Site Scripting | Medium | Secunia Advisory: SA16605, August 29, 2005 |
Fedora Core3 | A vulnerability has been reported in xntpd when started using the '-u' option and the group is specified by a string, which could let a malicious user obtain elevated privileges. Upgrade available at: There is no exploit code required. | XNTPD Insecure Privileges | Medium | Fedora Update Notification, FEDORA-2005-812, August 26, 2005 |
slocate 2.7 | A Denial of Service vulnerability has been reported when a specially crafted directory structure that contains long paths is submitted. Mandriva: There is no exploit code required. | slocate Long Path Denial of Service | Low | Mandriva Linux Security Update Advisory, MDKSA-2005:147, August 22, 2005 |
Messaging Server 6.2, iPlanet Messaging Server 5.2 | A vulnerability has bee reported in in Sun ONE Messaging Server (iPlanet Messaging Server), which could let a remote malicious user execute arbitrary code. Note: Only target users running Internet Explorer are affected. Sun: There is no exploit code required. | Sun ONE/iPlanet Messaging Server Arbitrary Code Execution | High | Sun(sm) Alert Notification, 101770, June 17, 2005 Sun(sm) Alert Notification, 101770, August 25, 2005 |
Solaris 10.0 _x86, 10.0 | A vulnerability has been reported in the '/lib/svc/method/net-svc' script, which could let a remote malicious user execute arbitrary code on the DHCP client system with ROOT privileges. Patches available at: Currently we are not aware of any exploits for this vulnerability. | Sun Solaris DHCP Client Remote Code Execution | High | Sun(sm) Alert Notification Sun Alert ID: 101897, August 23, 2005 |
Tor 0.1.0.13 & prior | A vulnerability has been reported when performing a Diffie-Hellman handshake due to a failure to reject certain weak keys, which could let a remote malicious user obtain sensitive information. Update available at: Gentoo: Currently we are not aware of any exploits for this vulnerability. | Tor Weak Diffie-Hellman Handshake | Medium | Secunia Advisory: SA16424, August 19, 2005 Gentoo Linux Security Advisory, GLSA 200508-16, August 25, 2005 |
gopherd 3.0.9 | A buffer overflow vulnerability has been reported in the 'VlfromLine()' function when copying an input line, which could let a remote malicious user obtain unauthorized access. No workaround or patch available at time of publishing. An exploit script has been published. | UMN Gopher Client Remote Buffer Overflow | Medium | Secunia Advisory: SA16614, August 30, 2005 |
| Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name / CVE Reference | Risk | Source |
Simple PHP Blog 0.4 | A Directory Traversal vulnerability has been reported in 'Comment_Delete_cgi.php' due to insufficient sanitization which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required; however, an exploit script has been published. | Simple PHP Blog Directory Traversal | Medium | Bugtraq ID: 14681, August 29, 2005 |
Simple PHP Blog 0.4 | A vulnerability has been reported in 'upload_img_cgi.php' due to a failure to validate the extension of an uploaded image file, which could let a remote malicious user upload arbitrary files. No workaround or patch available at time of publishing. There is no exploit code required. | Simple PHP Blog Remote Arbitrary File Upload | Medium | Secunia Advisory: SA16598, August 26, 2005 |
PhotoPost Pro, 5.1 | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of EXIF data stored in certain image files, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PhotoPost Cross-Site Scripting | Medium | Security Tracker Alert ID: 1014803, August 26, 2005 |
CVS 1.12.7-1.12.12, 1.12.5, 1.12.2 , 1.12.1, 1.11.19, 1.11.17 | A vulnerability has been reported in the 'cvsbug.in' script due to the insecure creation of temporary files, which could let a malicious user cause data loss or a Denial of Service. Fedora: There is no exploit code required. | CVS 'Cvsbug.In' Script Insecure Temporary File Creation | Low | Fedora Update Notifications FEDORA-2005-790 & 791, August 23, 2005 |
Looking Glass | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'footer.php' and 'header.php' due to insufficient sanitization of the 'version' array, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in 'lg.php' due to insufficient sanitization of the 'target' parameter before using in a 'system()' call, which could let a remote malicious user inject arbitrary shell commands. No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploits have been published. | Looking Glass Input Validation | High | Secunia Advisory: SA16607, August 29, 2005 |
e107 website system 0.617, 0.616, 0.603 | A vulnerability has been reported in the 'forum_post.php' script due to insufficient verification if a forum exists when posting a message, which could let a remote malicious user create arbitrary forum message posts. No workaround or patch available at time of publishing. There is no exploit code required. | e107 Forum_post.PHP Non-existing Forums | Medium | Security Tracker Alert ID: 1014819, August 30, 2005 |
Ventrilo 2.3, 2.2, 2.1.2-2.1.4 | A remote Denial of Service vulnerability has been reported when handling certain malformed status query packets. No workaround or patch available at time of publishing. An exploit script has been published. | Ventrilo Status Requests Remote Denial of Service | Low | Security Tracker Alert ID: 1014784 , August 24, 2005 |
PHP Weblog | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of input passed to the 'Referer' HTTP header before stored in the 'visits' table, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Foojan PHPWeblog Cross-Site Scripting | Medium | Secunia Advisory: SA16565, August 25, 2005
|
Wiki 3.5.8 | A vulnerability has been reported when validating certain input in the management page, which could let a remote malicious user execute arbitrary Perl commands. Upgrade available at: There is no exploit code required. | FreeStyle Wiki Arbitrary Perl Command Execution | Medium | Secunia Advisory: SA16612, August 30, 2005 |
Gallery 1.5.1 -RC2 & prior | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of EXIF data stored in certain image files, which could let a remote malicious user execute arbitrary HTML and script code. Updates available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | Gallery Cross-Site Scripting | Medium | Security Tracker Alert ID: 1014800, August 26, 2005 |
Hesk 0.92
| A vulnerability has been reported due to insufficient validation of username and password pairs, which could let a remote malicious user bypass authentication and obtain administrative access. Update available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | Helpdesk Software Hesk Authentication Bypass | High | Security Focus, Bugtraq ID: 14692, August 29, 2005 |
OpenView Network Node Manager 7.50 Solaris, 7.50, 6.41 Solaris, 6.41 | A vulnerability has been reported in the 'node' URI parameter of the 'OvCgi/connectedNodes.ovpl' script, which could let a remote malicious user execute arbitrary code. Workaround available at: There is no exploit code required; however, a Proof of Concept exploit script has been published. | HP OpenView Network Node Manager Remote Arbitrary Code Execution | High | Portcullis Security Advisory, 05-014, August 25, 2005 HP Security Advisory, HPSBMA01224, August 26, 2005 |
FUDForum 2.6.15 | A vulnerability has been reported in the 'mid' parameter due to insufficient validation before retrieving a forum post, which could let a remote malicious user bypass certain security restrictions and obtain sensitive information. PHPGroupWare: Gentoo: There is no exploit code required. | FUDForum Security Restriction Bypass | Medium | Secunia Advisory: SA16414, August 12, 2005 Security Focus, Bugtraq ID: 14556, August 25, 2005 Gentoo Linux Security Advisory, GLSA 200508-20, August 30, 2005 |
FUDForum 2.7, 2.6.12 -2.6.15, 2.6.7 -2.6.10, 2.6-2.6.5 | A vulnerability has been reported when an image file is merged with a script file and uploaded, which could let a remote malicious user obtain unauthorized access. No workaround or patch available at time of publishing. There is no exploit code required. | FUDforum Avatar Upload Arbitrary Script Upload | Medium | Security Focus, Bugtraq ID: 14678, August 29, 2005 |
ArticleLive 2005 | A Cross-Site Scripting vulnerability has been reported in 'articles.newcomment' due to insufficient sanitization of the 'Articleld' parameter, which could let a remote malicious user execute arbitrary HTML and script code. Upgrade available at: There is no exploit code required; however, a | High | Secunia Advisory, Security Focus, Bugtraq ID: 12879, August 23, 2005 | |
vBulletin 3.0 | A vulnerability has been reported in the 'backup.php' script due to insufficient password protection and encryption, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | vBulletin 'backup.php' Information Disclosure | Medium | Security Tracker Alert ID: 1014805, August 29, 2005 |
Lithium II Mod 1.24 | A format string vulnerability has been reported when displaying the score at the end of the game, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Lithium Software Quake 2 Lithium II Mod Format String | High | Security Focus, Bugtraq ID: 14664, August 25, 2005 |
Firefox 0.x, 1.x | Multiple vulnerabilities have been reported: a vulnerability was reported due to an error because untrusted events generated by web content are delivered to the browser user interface; a vulnerability was reported because scripts in XBL controls can be executed even when JavaScript has been disabled; a vulnerability was reported because remote malicious users can execute arbitrary code by tricking the user into using the 'Set As Wallpaper' context menu on an image URL that is really a javascript; a vulnerability was reported in the 'InstallTrigger.install()' function due to an error in the callback function, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to an error when handling 'data:' URL that originates from the sidebar, which could let a remote malicious user execute arbitrary code; an input validation vulnerability was reported in the 'InstallVersion.compareTo()' function when handling unexpected JavaScript objects, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because it is possible for remote malicious user to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL; a vulnerability was reported due to an error when handling DOM node names with different namespaces, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to insecure cloning of base objects, which could let a remote malicious user execute arbitrary code.
Updates available at: Gentoo: Mandriva: Fedora: RedHat: Ubuntu: http://security.ubuntu.com/ http://security.ubuntu.com/ SUSE: Debian: http://security.debian. SGI: Gentoo: Slackware: Exploits have been published. | Firefox Multiple Vulnerabilities CAN-2005-2260 | High | Secunia Advisory: SA16043, July 13, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:120, July 13, 2005 Gentoo Linux Security Advisory, GLSA 200507-14, July 15, 2005 Gentoo Linux Security Advisory, GLSA 200507-17, July 18, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:586-11, July 21, 2005 Slackware Security Advisory, SSA:2005-203-01, July 22, 2005 Ubuntu Security Notices, USN-155-1 & 155-2 July 26 & 28, 2005 Ubuntu Security Notices, USN-157-1 & 157-2 August 1& 2, 2005 SUSE Security Announcement, SUSE-SA:2005:045, August 11, 2005 Debian Security Advisory, DSA 775-1, August 15, 2005 SGI Security Advisory, 20050802-01-U, August 15, 2005 Debian Security Advisory, DSA 777-1, August 17, 2005 Debian Security Advisory, DSA 779-1, August 20, 2005 Debian Security Advisory, DSA 781-1, August 23, 2005 Gentoo Linux Security Advisory, GLSA 200507-24, August 26, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:127-1, August 26, 2005 Slackware Security Advisory, SSA:2005-085-01, August 28, 2005 |
Gentoo Linux; | A remote Denial of Service vulnerability has been reported in the HTTP 'Range' header due to an error in the byte-range filter. Patches available at: Gentoo: There is no exploit code required. | Apache Remote Denial of Service | Low | Secunia Advisory: SA16559, August 25, 2005 Security Advisory, GLSA 200508-15, August 25, 2005 |
PHPXMLRPC 1.1.1; | A vulnerability has been reported in XML-RPC due to insufficient sanitization of certain XML tags that are nested in parsed documents being used in an 'eval()' call, which could let a remote malicious user execute arbitrary PHP code.
PHPXMLRPC : Pear: Drupal: eGroupWare: MailWatch: Nucleus: RedHat: Ubuntu: Mandriva: Gentoo: http://security.gentoo.org/ http://security.gentoo.org/ Fedora: Debian: SUSE: There is no exploit code required. | PHPXMLRPC and PEAR XML_RPC Remote Arbitrary Code Execution | High | Security Focus, Bugtraq ID 14560, August 15, 2995 Security Focus, Bugtraq ID 14560, August 18, 2995 RedHat Security Advisory, RHSA-2005:748-05, August 19, 2005 Ubuntu Security Notice, USN-171-1, August 20, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:146, August 22, 2005 Gentoo Linux Security Advisory, GLSA 200508-13 & 14, & 200508-18, Fedora Update Notifications, Debian Security Advisory, DSA 789-1, August 29, 2005 SUSE Security Announcement, SUSE-SA:2005:049, August 30, 2005 |
Xoops 2.0.10-2.0.12, 2.0.9 .3, 2.0.9.2, 2.0.5-2.0.5.2, 2.0- 2.0.3; | A vulnerability was reported due to insufficient sanitization of the 'eval()' call, which could let a remote malicious user execute arbitrary PHP code. Drupal: Mandriva: Pear: PhpMyFaq: S9Y Serendipity: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> WordPress: XML-RPC: Xoops: Gentoo: http://security.gentoo.org/ http://security.gentoo.org/ http://security.gentoo.org/ Fedora: Ubuntu: Debian: http://security.debian.org/ http://security.debian.org/ SGI: SuSE: Trustix: Debian: SUSE: Exploit scripts have been published. | Multiple Vendors XML-RPC for PHP Remote Code Injection | High | Security Focus, 14088, June 29, 2005 Gentoo Linux Security Advisory, GLSA 200507-01, July 3, 2005 Fedora Update Notifications, Ubuntu Security Notice, USN-147-1 & USN-147-2, July 05 & 06, 2005 Gentoo Linux Security Advisory, GLSA 200507-06, July 6, 2005 Gentoo Linux Security Advisory, GLSA 200507-07, July 10, 2005 SuSE Security Announcement, SUSE-SA:2005:041, July 8, 2005 Debian Security Advisories, DSA 745-1, 747-1, & DSA 746-1, July 10 & 13, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0036, July 14, 2005 SGI Security Advisory, 20050703-01-U, July 15, 2005 Gentoo Linux Security Advisory, GLSA 200507-15, July 15, 2005 Debian Security Advisory, DSA 789-1, August 29, 2005 SUSE Security Announcement, SUSE-SA:2005:049, August 30, 2005 |
MyBulletinBoard RC1-RC4 | An SQL injection vulnerability has been reported in the 'member.php' script due to insufficient validation of the 'fid' parameter, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. A Proof of Concept exploit script has been published. | MyBB SQL Injection | Medium | Security Tracker Alert ID: 1014806, August 29, 2005 |
MySQL 4.0 .0-4.0.11, 5.0 .0- 5.0.4 | A vulnerability has been reported in the 'mysql_install_db' script due to the insecure creation of temporary files, which could let a malicious user obtain unauthorized access. Fedora: Debian: There is no exploit code required. | MySQL 'mysql_install_db' Insecure Temporary File Creation | Medium | Security Focus, 13660, Fedora Update Notification, Debian Security Advisory, DSA 783-1, August 24, 2005 |
PHP-Fusion 6.0.107, 6.0.105, 6.0 106, 5.0 1 Service Pack, 5.0 , 4.0 1, 4.00 | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of nested 'URL' bbcode tags before used in a post, which could let a remote malicious user execute arbitrary script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHP-Fusion BBCode URL Tag Cross-Site Scripting | Medium | Security Focus Bugtraq ID: 14688, August 29, 2005 |
phpGraphy 0.9.9 a | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of EXIF data stored in certain image files, which could let a remote malicious user execute arbitrary HTML and script code. Upgrade available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | phpGraphy Cross-Site Scripting | Medium | Security Tracker Alert ID: 1014801, August 26, 2005 |
phpldapadmin 0.9.6 - 0.9.7/alpha5 | Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; a Directory Traversal vulnerability was reported which could let a remote malicious user obtain sensitive information; and a file include vulnerability was reported, which could let a remote malicious user execute arbitrary PHP script code. No workaround or patch available at time of publishing. There is no exploit code required; however; a Proof of Concept exploit has been published. | phpLDAPadmin Multiple Vulnerabilities | Medium | Security Focus, Bugtraq ID: 14695, August 30, 2005 |
phpWebNotes 2.0 | A vulnerability has been reported in the 'php_api.php' script due to insufficient validation of the 't_path_core' parameter, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | phpWebNotes Arbitrary Code Execution | High | Security Tracker Alert ID: 1014807, August 29, 2005 |
PostNuke 0.76 RC4b | Multiple vulnerabilities have been reported: Cross-Site Scripting vulnerabilities were reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'DL-viewdownload.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.
Upgrades available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | PostNuke Multiple Cross-Site Scripting & SQL Injection | Medium | Security Focus Bugtraq ID: 14635 & 14636, August 22, 2005 Security Focus Bugtraq ID: 14635 & 14636, August 25, 2005 |
Beehive Forum V0.6RC2 | Multiple vulnerabilities have been reported in Beehive Forum that could allow remote malicious users to perform SQL injection or Cross-Site Scripting.
Upgrades available at: There is no exploit code required. | Beehive Forum SQL Injection or Cross-Site Scripting | High | Security Focus, 14361, 14363, July 25, 2005 Security Focus, 14361, 14363, August 24, 2005 |
RTOS 6.3 .0, 6.1 .0 | A vulnerability has been reported in the 'inputtrap' utility due to insufficient access control restrictions, which could let a malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | QNX RTOS Information Disclosure | Medium | Secunia Advisory: SA16569, August 25, 2005 |
Autolinks 2.1 | A vulnerability has been reported in 'al_initialize.php' due to insufficient verification of the 'alpath' parameter before used to include files, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | AutoLinks Pro Include File Remote Arbitrary Code Execution | High | NewAngels Advisory #1, August 28, 2005 |
WebCalendar 1.0, RC1-RC3 | A vulnerability has been reported in 'send_reminders.php' due to insufficient verification of the 'includedir' parameter, which could let remote malicious users execute arbitrary files. Upgrades available at: There is no exploit code required. | WebCalendar 'Send_Reminders. | High | Security Focus, Bugtraq ID: 14651, August 24, 2005 |
YaPig 0.95 b & prior | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of EXIF data stored in certain image files, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | YaPiG | Medium | Security Tracker Alert ID: 1014802, August 26, 2005 |
Cosmoshop 8.10 .78 | Several vulnerabilities have been reported: an SQL injection vulnerability was reported due to insufficient sanitization of input passed in the administration login before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a vulnerability was reported in 'bestmail_edit.cgi' because the administration section can be accessed and sensitive information obtained via the 'file' parameter; and a vulnerability was reported because passwords are stored in clear text, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required. | Cosmoshop SQL Injection & Information Disclosure | Medium | Secunia Advisory: SA16625, August 30, 2005 |
[back to top] Wireless
The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.
- Distance detection may help secure Wi-Fi: A new way of locating a Wi-Fi user has been developed by Intel. It times how long it takes for packets to travel to and from a wireless access point, which could help prevent users outside a house or office from accessing a Wi-Fi network indoors. Source: http://www.networkworld.com/news/2005/082505-intel-wi-fi.html.
- More U.S. Cities Pushing Public Wireless Nets: In the past two years more than two dozen cities have built or are planning on building "metropolitan area networks" (MANs). Over the last few years Wi-Fi, technology has found an important place among digital consumers and access providers. An increasing number of U.S. cities are jumping on the bandwagon, ranging from large metropolitan areas to small rural townships. Source: http://abcnews.go.com/Technology/story?id=1048622&page=1.
- Cell Phone 'Most Indispensable' Tool For Financial Execs: According to a survey conducted by Robert Half Management Resources, cell phones remain the most indispensable tool for financial executives.
About 44 percent of the 1400 chief financial officers (CFOs) participating in the survey. Source: http://www.informationweek.com/story/showArticle.jhtml;jsessionid=
VEIHQ1C1EMQAAQSNDBGCKHSCJUMEKJVN?articleID=170100712.
Wireless Vulnerabilities
- WepDecrypt-0.7.tar.gz: A wireless LAN tool based on wepattack that guesses WEP keys using an active dictionary attack, a key generator, a distributed network attack, and some other methods.
- Nokia Affix BTSRV Device Name Remote Command Execution: An input validation vulnerability has been reported which could let a remote malicious user inject arbitrary shell commands. For more information see entry above.
- BlueZ Arbitrary Command Execution: A vulnerability has been reported due to insufficient sanitization of input passed as a remote device name, which could let a remote malicious user execute arbitrary code. Updated information regardin Mandriva patch.
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
[back to
top]
name=trends>Trends
- Hidden-code flaw in Windows renews worries over stealthly malware: A flaw in the way that several security programs and systems utilities detect system changes could allow spyware to spread surreptitiously. This has renewed worries about stealthier attack code. Source: http://www.securityfocus.com/news/11300.
- Ten-Minute Guide To Network Security: Security can be complex and an expensive and time-consuming business. Between upgrading LANs, putting out network fires, deploying new software, and making sure everything runs smoothly has many IT managers stretched to the limit. However, the security process can be started in ten minutes. Source: http://www.informationweek.com/story/show
Article.jhtml?articleID=170101541&tid=6004. - The Threats Get Nastier: According to InformationWeek Research's U.S. Information Security Survey 2005, conducted in July and August in partnership with management-consulting firm Accenture, IT professionals believe that the situation is under control when they were asked if their organizations were more vulnerable to malicious code attacks and security breaches than a year ago. Only 16% of survey participants say things have gotten worse. But the 'ready-for-anything' attitude can be misleading and even dangerous. Source: http://www.informationweek.com/story/showArticle.jhtml?
articleID=170100709&tid=6004 - Chinese Web sites used to target U.S. systems-report: According to the Washington Post, web sites in China are being used as a staging ground for attacks on computer networks in the U.S. Defense Department and other agencies. No classified systems have been compromised but officials are concerned that data pulled together from different agencies could become useful intelligence to an adversary. Source: http://today.reuters.com/news/NewsArticle.aspx?type=
internetNews&storyID=2005-08-25T051455Z_01_DIT518808_RTRIDST_0_
NET-SECURITY-HACKERS-CHINA-DC.XML. - IM worm speaks your language: Security experts are warning that a new MSN Messenger worm often talks to people in their own language. The worm, Kelvir.HI, tailors the language of its attack message to the compromised system. It can send messages in English, Dutch, French, German, Greek (English alphabet), Italian, Portuguese, Swedish, Spanish and Turkish. This is the first time that a worm checks the system settings and then sends a specific message. Source: http://news.com.com/
IM+worm+speaks+your+language/2100-7349_3-5842767.html?tag=cd.lede. - Bots 'Dangerous' to Corporate Networks: Bot attacks are becoming a critical security issue for IT and security administrators. Once the bot has circulated to other machines on the corporate network, a remote malicious user would have the ability to change company information, steal files, encrypt data or even shutting down the network. Source: http://www.esecurityplanet.com/trends/article.php/3529896.
- Trojan Poses As Plug And Play Patch: A new variant of the Downloader Trojan is circulating that presents to be a patch for the vulnerability outlined in the MS05-039 bulletin Microsoft released earlier in August. It is a new way of exploiting the Plug and Play vulnerability by using social engineering. Source: http://www.informationweek.com/story/showArticle.jhtml;jsessionid=
VEIHQ1C1EMQAAQSNDBGCKHSCJUMEKJVN?articleID=170100880 .
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trend | Date |
face="Arial, Helvetica, sans-serif">Description |
| 1 | Netsky-P | Win32 Worm | Stable | March 2004 | A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared files. |
| 2 | Mytob.C | Win32 Worm | Slight Increase | March 2004 | A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. |
| 3 | Zafi-D | Win32 Worm | Slight Decrease | December 2004 | A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. |
| 4 | Netsky-Q | Win32 Worm | Stable | March 2004 | A mass-mailing worm that attempts to launch Denial of Service attacks against several web pages, deletes the entries belonging to several worms, and emits a sound through the internal speaker. |
| 5 | Mytob-BE | Win32 Worm | Slight Decrease | June 2005 | A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data. |
| 6 | Mytob-AS | Win32 Worm | Stable | June 2005 | A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine. |
| 7 | Zafi-B | Win32 Worm | Increase | June 2004 | A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names. |
| 8 | Netsky-D | Win32 Worm | Slight Increase | March 2004 | A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. |
| 9 | Netsky-Z | Win32 Worm | Decrease | April 2004 | A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665. |
| 10 | Lovgate.w | Win32 Worm | Decrease | April 2004 | A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. |
Table updated August 27, 2005
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.