Latest Advisories

Live Virus Advisory Feeds
2004-01-21

*Live Feeds are from Panda, Trend Micro, and Symantec

Live Virus Advisory Feeds

Secunia

Secunia Highlights:
Internet Explorer URL Spoofing Vulnerability
A vulnerability has been identified in Internet Explorer, which can be exploited by malicious people to display a fake URL in the address and status bars.
Microsoft ISA Server 2000 H.323 Protocol Filter Vulnerability
Microsoft Internet Security and Acceleration Server 2000 contain a vulnerability in the H.323 protocol implementation, which can be exploited by malicious people to cause a DoS (Denial of Service) or gain system access.
Symantec Automatic LiveUpdate Privilege Escalation Vulnerability
KF has discovered a vulnerability in Symantec LiveUpdate, which can be exploited by malicious, local users to gain escalated privileges on a vulnerable system.

Latest 15 Secunia Security Advisories:
2004-01-21
- Sun Cluster OpenSSL Vulnerabilities

- Sun Solaris update for IKE

- WebTrends Exposure of Installation Path

- NetCam Directory Traversal Vulnerability

- DUware Products Admin Area Authentication Bypass Vulnerability

- Red Hat update for mc

- Red Hat update for ethereal

- Debian update for slocate

- 2Wire HomePortal Directory Traversal Vulnerability

2004-01-20
- Conectiva update for cvs

- Conectiva update for kdepim

- Conectiva update for screen

- GetWare Products Denial of Service Vulnerability

- GoAhead WebServer Denial of Service Vulnerability

- Mambo Arbitrary File Inclusion Vulnerability

Top 5 Most Read Secunia Security Advisories (Last 24 hours):
- Internet Explorer URL Spoofing Vulnerability

- qmail Long SMTP Session Handling Vulnerability

- NetScreen-Security Manager Communication Disclosure

- Symantec Automatic LiveUpdate Privilege Escalation Vulnerability

- Mambo Arbitrary File Inclusion Vulnerability


Security Tracker

Sun Solaris in.iked Internet Key Exchange ASN.1 Buffer Overflow May Let Remote Users Execute Arbitrary Code

A buffer overflow vulnerability was reported in the Sun Solaris Internet Key Exchange (IKE) daemon. A remote user may be able to execute arbitrary code with root privileges.

Impact: Denial of service via network, Execution of arbitrary code via network, Root access via network

SEH InterCon Smart Print Server Grants Administrative Access to Remote Users

Rafel Ivgi (The-Insider) reported a vulnerability in the SEH InterCon Smart Print Server. A remote user can perform administrative functions without authenticating.

Impact: User access via network

GeoHttpServer Can Be Crashed By a Remote User Sending a Long Password

Rafel Ivgi (The-Insider) reported a vulnerability in the GeoHttpServer for GeoVision cameras. A remote user can cause the target web service to crash.

Impact: Denial of service via network

webcamXP Web Interface Input Validation Flaw Permits Cross-Site Scripting Attacks

Rafel Ivgi (The-Insider) reported an input validation vulnerability in the webcamXP video software. A remote user can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

SuSE 3ddiag Unsafe Temporary Files May Let Local Users Gain Elevated Privileges

A vulnerability was reported in SuSE's 3ddiag configuration verification tool. A local user may be able to obtain elevated privileges.

Impact: Modification of system information, Root access via local system, User access via local system

SecurityFocus BugTraq
SecurityFocus Vulnerabilities

01/20/2004 [SCSA-026] DUWARE Products Admin Access and Arbitrary File Upload Vulnerability advisory security-corporation com
01/20/2004 WebTrends Reporting Center Path Disclosure vulnerability Oliver Karow
01/20/2004 2Wire-Gateway Cross Site Scripting and Directory Transversal bug in SSL Form Rafel Ivgi, The-Insider
01/20/2004 OwnServer 1.0 Directory Transversal Vulnerability Rafel Ivgi, The-Insider
01/20/2004 Internet Explorer - Multiple Vulnerabilities Rafel Ivgi, The-Insider
01/20/2004 RE: vBulletin Security Vulnerability Ferruh Mavituna
01/20/2004 [SECURITY] [DSA 428-1] New slocate packages fix buffer overflow Matt Zimmerman
01/20/2004 vBulletin Security Vulnerability gcf hush com
01/20/2004 NETCam webserver Directory traversal bug Rafel Ivgi, The-Insider
01/20/2004 Re: What is the point here? Adam Shostack
01/20/2004 [SuSE 9.0] possible symlink attacks in some scripts Rene
01/20/2004 Re: HP printers and currency anti-copying measures mightye[removethis] mightye[removethis]@mightye.org
01/20/2004 Re: What is the point here? Mariusz Woloszyn
01/20/2004 [CLA-2004:810] Conectiva Security Announcement - kdepim Conectiva Updates
01/20/2004 [CLA-2004:809] Conectiva Security Announcement - screen Conectiva Updates
01/20/2004 [CLA-2004:808] Conectiva Security Announcement - cvs Conectiva Updates
01/20/2004 Re: Lame crash in qmail-smtpd and memory overwrite according to gdb, yet still qmail much better than windows Scott Gifford
01/20/2004 Re: a method for bypassing cookie restrictions in web browsers Michal Zalewski
01/19/2004 Re: What is the point here? Systems Administrator
01/19/2004 RE: What is the point here? ken kousky
01/19/2004 RE: What is the point here? PM Systems - Rick Woehler
01/19/2004 RE: What is the point here? Andrew Hintz ( Drew )
01/19/2004 Re: What is the point here? Damian Menscher
01/19/2004 Re: a method for bypassing cookie restrictions in web browsers Dave McKinney
01/19/2004 a method for bypassing cookie restrictions in web browsers Michal Zalewski
01/19/2004 Bagle worm status + more blocking information Gadi Evron
01/19/2004 RE: Bagle worm status + more blocking information David Brodbeck
01/19/2004 Denial of service in Getware's built-in webserver (Webcam Live and Photohost) Luigi Auriemma
01/19/2004 Directories management bypassing in Goahead webserver 2.1.8 Luigi Auriemma
01/19/2004 Resources consumption in Goahead webserver 2.1.8 Luigi Auriemma
01/19/2004 Yabb SE SQL Injection backspace
01/19/2004 Networker 6.0 - possible symlink attack Rene
01/19/2004 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities. EnGarde Secure Linux
01/19/2004 Re: Get admin rights using Doro (pdf creator) the_sz gmx co uk
01/19/2004 [SECURITY] [DSA 427-1] New Linux 2.4.17 packages fix local root exploit (mips+mipsel) joey infodrom org (Martin Schulze)
01/19/2004 More info on blocking the Bagle worm Gadi Evron
01/19/2004 new outbreak warning - Bagle Gadi Evron
01/19/2004 What is the point here? Alun Jones
01/19/2004 Proof-Of-Concept Denial-Of-Service Pointbase 4.6 Java SQL-DB Marc Schoenefeld
01/19/2004 New release of Patchfinder2 (windows rootkit detector) Joanna Rutkowska
01/18/2004 Lame crash in qmail-smtpd and memory overwrite according to gdb, yet still qmail much better than windows Serafino Sorrenti
01/18/2004 [SECURITY] [DSA 426-1] New netpbm-free packages fix insecure temporary file creation Matt Zimmerman
01/18/2004 Pablo Sofware Solutions FTP server can detect if a file exists outside the FTP root directory scrap
01/18/2004 Mambo OS v4.5/v4.6: remote command execution FraMe
2004-01-17: Ultr@VNC ShellExecute() Local Privilege Escalation Vulnerability
2004-01-16: PHPShop Project Multiple Vulnerabilities
2004-01-16: XtremeASP PhotoGallery Adminlogin.ASP SQL Injection Vulnerability
2004-01-16: OpenBSD 3.4 Crypto Card Handlers File Descriptor Leak Vulnerability
2004-01-16: ISAKMPD Initial Contact Notification SA Deletion Vulnerability
2004-01-16: SuSE 3Ddiag Insecure Temporary File Handling Symbolic Link Vulnerability
2004-01-16: OpenCA Crypto-Utils.Lib Signature Verification Vulnerability
2004-01-16: Xerox MicroServer Web Server Remote Directory Traversal Vulnerability
2004-01-16: Rit Research Labs The Bat! PGP Message Memory Writing Vulnerability
2004-01-16: TCPDump Malformed RADIUS Packet Denial Of Service Vulnerability
2004-01-16: TCPDump Malformed ISAKMP Packet Denial Of Service Vulnerability
2004-01-16: TCPDump Malformed BGP Packet Memory Corruption Vulnerability
2004-01-16: TCPDump Malformed NFS Packet Buffer Overflow Vulnerability
2004-01-15: OpenSSL ASN.1 Parsing Vulnerabilities
2004-01-15: ELM frm Command Remote Buffer Overflow Vulnerability
2004-01-15: Whale Communications e-Gap Security Appliance Login Page Source Code Disclosure Vulnerability
2004-01-15: Linux Kernel 32 Bit Ptrace Emulation Full Kernel Rights Vulnerability
2004-01-15: Vicomsoft RapidCache Server Directory Traversal Vulnerability
2004-01-15: Vicomsoft RapidCache Server Host Argument Denial of Service Vulnerability
2004-01-15: ISC INN Control Message Handling Buffer Overrun Vulnerability
2004-01-15: Linux Kernel do_brk Function Boundary Condition Vulnerability
2004-01-15: Linux /proc Filesystem Potential Information Disclosure Vulnerability
2004-01-15: Linux 2.4 Kernel execve() System Call Race Condition Vulnerability
2004-01-15: Linux Kernel Privileged Process Hijacking Vulnerability
2004-01-15: Linux O_DIRECT Direct Input/Output Information Leak Vulnerability
2004-01-15: Multiple Vendor Network Device Driver Frame Padding Information Disclosure Vulnerability
2004-01-15: Multiple Linux 2.4 Kernel Vulnerabilities
2004-01-14: FishNet FishCart Rounding Function Integer Wrapping Vulnerability
2004-01-14: LionMax Software WWW File Share Pro Multiple Remote Vulnerabilities
2004-01-14: nCipher payShield SPP Library Bad Request Verification Vulnerability
2004-01-14: SuSE YaST SuSEconfig.gnome-filesystem Local Insecure File Creation Symlink Vulnerability
2004-01-14: KAME Racoon Authentication SA Deletion Vulnerability
2004-01-14: KAME Racoon Initial Contact SA Deletion Vulnerability
2004-01-14: Real Networks Helix Server/Gateway Administration Service HTTP Post Denial Of Service Vulnerability
2004-01-14: HP SharedX Unspecified Local Insecure File Access Vulnerability
2004-01-14: ISAKMPD Invalid SPI SA Deletion Vulnerability
2004-01-14: Symantec Web Security Block Page Message Cross-Site Scripting Vulnerability
2004-01-14: CDE LibDTSvc Unspecified Privilege Escalation Vulnerability
2004-01-14: DTTerm Window Title Reporting Escape Sequence Command Execution Vulnerability
2004-01-14: Multiple Vendor calloc() Implementation Integer Overflow Vulnerability

Symantec SSR

Backdoor.Tuxder January 20, 2004 January 20, 2004
Trojan.Httpdos
Backdoor.Snart.j[Kaspersky] January 20, 2004 January 20, 2004
Trojan.Mitglieder.C
Mitglieder [F-Secure] January 20, 2004 January 20, 2004
VBS.Zsyang.B@mm
I-Worm.Zsyang [Kaspersky] January 19, 2004 January 19, 2004
W32.Beagle.A@mm
I-Worm.Bagle [Kaspersky], WORM_BAGLE.A [Trend], W32/Bagle-A [Sophos], W32/Bagle@MM [McAfee], Win32.Bagle.A [Computer Associates] January 18, 2004 January 18, 2004
Backdoor.IRC.Aladinz.H January 18, 2004 January 18, 2004
Trojan.Bookmarker.C January 15, 2004 January 16, 2004
W32.Protoride.Worm January 16, 2004 January 16, 2004
W97M.Twopey.E
Macro.Word97.Racaga [Kaspersky] January 15, 2004 January 16, 2004
W32.Stuplo January 15, 2004 January 16, 2004
Backdoor.IRC.Aladinz.G
Worm.Win32.Randon.o [Kaspersky] January 15, 2004 January 15, 2004
Downloader.Mimail.B
Downloader-GN [McAfee], Troj/Mmdload-A [Sophos] January 14, 2004 January 16, 2004
W32.HLLC.Elpmis January 14, 2004 January 15, 2004
W32.HLLW.Nettrash
Backdoor.NetTrash, Backdoor/NetTrash.10.a [Kaspersky] January 12, 2004 January 13, 2004
Trojan.Bookmarker.B January 12, 2004 January 13, 2004
W32.HLLW.Gaobot.FQ
W32/Gaobot.worm.gw [McAfee] January 12, 2004 January 13, 2004
PWSteal.Freemega January 11, 2004 January 12, 2004
PWSteal.Leox January 11, 2004 January 12, 2004
Backdoor.Threadsys January 10, 2004 January 12, 2004
Trojan.Xombe
Xombe [FSecure], Downloader-GJ [McAfee], Troj/Dloader-L [Sophos] January 9, 2004 January 9, 2004
Backdoor.Sdbot.S
Backdoor.SdBot.gen [Kaspersky] January 8, 2004 January 8, 2004
W32.Opaserv.AE.Worm January 7, 2004 January 8, 2004
W32.Mimail.P@mm
W32/Mimail.p@MM [McAfee], Win32.Mimail.P [Computer Associates], WORM_MIMAIL.P [Trend], W32/Mimail-N [Sophos], I-Worm.Mimail.p [Kaspersky] January 7, 2004 January 8, 2004
W32.HLLW.Gaobot.FL January 6, 2004 January 7, 2004
W32.Bizten
Trojan.Win32.Bizten [Kaspersky] January 6, 2004 January 6, 2004
W32.HLLW.Gaobot.FB
Backdoor.Agobot.3.gen [Kaspersky] January 4, 2004 January 5, 2004
Backdoor.Graybird.H January 4, 2004 January 5, 2004
W32.Miroot.Worm
W32/Legemer.worm [McAfee] January 3, 2004 January 5, 2004
W32.Bugbros@mm January 2, 2004 January 5, 2004
Backdoor.IRC.Aladinz.F
Win32.Randon.AC [Kaspersky] January 1, 2004 January 2, 2004
W32.Tupeg January 1, 2004 January 2, 2004
Download.Berbew.dam
Downloader-DI.dam [McAfee], Troj/Antikl-Dam [Sophos] December 31, 2003 January 2, 2004
W32.Jitux.Worm
W32/Jitux.worm [McAfee], WORM_JITUX.A [Trend] December 31, 2003 December 31, 2003
W32.Mumo December 29, 2003 December 30, 2003
Backdoor.Gaster December 29, 2003 December 30, 2003
W32.Torun
W32.Torun.dr, Worm.W32.Torun [Kaspersky], PE_TORUN.A [Trend] December 28, 2003 December 29, 2003
Trojan.Download.Revird December 27, 2003 December 29, 2003
Backdoor.Portless December 26, 2003 December 29, 2003
PWSteal.Bancos.D December 22, 2003 December 23, 2003
W32.Cissi.A@mm December 22, 2003 December 23, 2003
W32.Gluber.B@mm December 21, 2003 December 22, 2003


NAV Daily Definitions (Go)

*Note: The i32 Intelligent Updater package cannot be used to update Symantec AntiVirus Corporate Edition 8.0 servers or Norton AntiVirus Corporate Edition 7.6 servers, but can be used to update Corporate Edition clients. The x86 Intelligent Updater package can be used to update corporate Edition clients and servers.


Live Virus Advisory Feed