Latest Advisories

Live Virus Advisory Feeds
2004-01-22

*Live Feeds are from Panda, Trend Micro, and Symantec

Live Virus Advisory Feeds

Secunia

Secunia Highlights:
Internet Explorer URL Spoofing Vulnerability
A vulnerability has been identified in Internet Explorer, which can be exploited by malicious people to display a fake URL in the address and status bars.
Microsoft ISA Server 2000 H.323 Protocol Filter Vulnerability
Microsoft Internet Security and Acceleration Server 2000 contain a vulnerability in the H.323 protocol implementation, which can be exploited by malicious people to cause a DoS (Denial of Service) or gain system access.
Symantec Automatic LiveUpdate Privilege Escalation Vulnerability
KF has discovered a vulnerability in Symantec LiveUpdate, which can be exploited by malicious, local users to gain escalated privileges on a vulnerable system.

Latest 15 Secunia Security Advisories:
2004-01-22
- Cisco Voice Products Director Agent Insecure Default Installation

- Gentoo update for honeyd

- Honeyd Remote Identification Vulnerability

2004-01-21
- HP-UX update for Mozilla

- Sun Cluster OpenSSL Vulnerabilities

- Sun Solaris update for IKE

- WebTrends Exposure of Installation Path

- NetCam Directory Traversal Vulnerability

- DUware Products Admin Area Authentication Bypass Vulnerability

- Trustix update for slocate

- Red Hat update for mc

- Red Hat update for ethereal

- Debian update for slocate

- 2Wire HomePortal Directory Traversal Vulnerability

2004-01-20
- Conectiva update for cvs

Top 5 Most Read Secunia Security Advisories (Last 24 hours):
- Internet Explorer URL Spoofing Vulnerability

- Sun Solaris update for IKE

- Sun Cluster OpenSSL Vulnerabilities

- HP-UX update for Mozilla

- Advanced Poll Execution of Arbitrary Code


Security Tracker

Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services

A vulnerability was reported in mod_perl for the Apache web server. A local user can hijack the Apache http and https services.

Impact: Execution of arbitrary code via local system, User access via local system

PointBase Database Lack of Policy File Permits Remote Users to Crash the System

A vulnerability was reported in the PointBase database. A remote user can crash the target system that is running the database.

Impact: Denial of service via network

Mephistoles httpd Input Validation Flaw Permits Cross-Site Scripting Attacks

An input validation vulnerability was reported in Mephistoles Httpd. A remote user can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

Honeyd TCP Response Flaw Lets Remote Users Detect the Honey Pot

A vulnerability was reported in Honeyd. A remote user can identify the honey pot system.

Impact: Disclosure of system information

Cisco Internet Service Node Default Configuration on IBM Servers Grants Administrative Access to Remote Users

A vulnerability was reported in Cisco Internet Service Node (ISN) when installed on IBM servers. A remote user can gain administrative access to the system. A remote user can also cause denial of service conditions on the target system.

Impact: Denial of service via network, Root access via network


SecurityFocus BugTraq
SecurityFocus Vulnerabilities

01/22/2004 [Fwd: [TH-research] Bagle remote uninstall] Gadi Evron
01/21/2004 Paper announcement: Is finding security holes a good idea? Eric Rescorla
01/21/2004 Hijacking Apache 2 via mod_perl Steve Grubb
01/21/2004 [ GLSA 200401-02 ] Honeyd remote detection vulnerability via a probe packet Tim Yamin
01/21/2004 Re: What is the point here? Jason Coombs
01/21/2004 Cisco Security Advisory: Voice Product Vulnerabilities on IBM Servers Cisco Systems Product Security Incident Response Team
01/21/2004 Mephistoles Httpd 0.6.0final XSS Donato Ferrante
01/21/2004 Re: [Full-Disclosure] RE: Internet Explorer - Multiple Vulnerabilities Berend-Jan Wever
01/21/2004 TSLSA-2004-0005 - slocate Trustix Security Advisor
01/21/2004 [RHSA-2004:034-01] Updated mc packages resolve buffer overflow vulnerability bugzilla redhat com
01/21/2004 Honeyd Security Advisory 2004-001: Remote Detection Via Simple Probe Packet Niels Provos
01/21/2004 Re: HP printers and currency anti-copying measures Sasha
01/21/2004 Re: HP printers and currency anti-copying measures Sami Haahtinen
01/21/2004 WebcamXP v1.06.945 Cross Site Scripting Vulnerabillity Rafel Ivgi, The-Insider
01/21/2004 RE: Internet Explorer - Multiple Vulnerabilities Thor Larholm
01/20/2004 [SCSA-026] DUWARE Products Admin Access and Arbitrary File Upload Vulnerability advisory security-corporation com
01/20/2004 WebTrends Reporting Center Path Disclosure vulnerability Oliver Karow
01/20/2004 2Wire-Gateway Cross Site Scripting and Directory Transversal bug in SSL Form Rafel Ivgi, The-Insider
01/20/2004 OwnServer 1.0 Directory Transversal Vulnerability Rafel Ivgi, The-Insider
01/20/2004 Internet Explorer - Multiple Vulnerabilities Rafel Ivgi, The-Insider
01/20/2004 RE: vBulletin Security Vulnerability Ferruh Mavituna
01/20/2004 [SECURITY] [DSA 428-1] New slocate packages fix buffer overflow Matt Zimmerman
01/20/2004 vBulletin Security Vulnerability gcf hush com
01/20/2004 NETCam webserver Directory traversal bug Rafel Ivgi, The-Insider
01/20/2004 Re: What is the point here? Adam Shostack
01/20/2004 [SuSE 9.0] possible symlink attacks in some scripts Rene
01/20/2004 Re: HP printers and currency anti-copying measures mightye[removethis] mightye[removethis]@mightye.org
01/20/2004 Re: What is the point here? Mariusz Woloszyn
01/20/2004 [CLA-2004:810] Conectiva Security Announcement - kdepim Conectiva Updates
01/20/2004 [CLA-2004:809] Conectiva Security Announcement - screen Conectiva Updates
01/20/2004 [CLA-2004:808] Conectiva Security Announcement - cvs Conectiva Updates
01/20/2004 Re: Lame crash in qmail-smtpd and memory overwrite according to gdb, yet still qmail much better than windows Scott Gifford
01/20/2004 Re: a method for bypassing cookie restrictions in web browsers Michal Zalewski
01/19/2004 Re: What is the point here? Systems Administrator
01/19/2004 RE: What is the point here? ken kousky
01/19/2004 RE: What is the point here? PM Systems - Rick Woehler
01/19/2004 RE: What is the point here? Andrew Hintz ( Drew )
01/19/2004 Re: What is the point here? Damian Menscher
01/19/2004 Re: a method for bypassing cookie restrictions in web browsers Dave McKinney
01/19/2004 a method for bypassing cookie restrictions in web browsers Michal Zalewski
01/19/2004 Bagle worm status + more blocking information Gadi Evron
01/19/2004 RE: Bagle worm status + more blocking information David Brodbeck
01/19/2004 Denial of service in Getware's built-in webserver (Webcam Live and Photohost) Luigi Auriemma
01/19/2004 Directories management bypassing in Goahead webserver 2.1.8 Luigi Auriemma
01/19/2004 Resources consumption in Goahead webserver 2.1.8 Luigi Auriemma
01/19/2004 Yabb SE SQL Injection backspace
01/19/2004 Networker 6.0 - possible symlink attack Rene
01/19/2004 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities. EnGarde Secure Linux
01/19/2004 Re: Get admin rights using Doro (pdf creator) the_sz gmx co uk
01/19/2004 [SECURITY] [DSA 427-1] New Linux 2.4.17 packages fix local root exploit (mips+mipsel) joey infodrom org (Martin Schulze)
01/19/2004 More info on blocking the Bagle worm Gadi Evron
01/19/2004 new outbreak warning - Bagle Gadi Evron
01/19/2004 What is the point here? Alun Jones
01/19/2004 Proof-Of-Concept Denial-Of-Service Pointbase 4.6 Java SQL-DB Marc Schoenefeld
01/19/2004 New release of Patchfinder2 (windows rootkit detector) Joanna Rutkowska
2004-01-19: Linux Kernel do_mremap Function Boundary Condition Vulnerability
2004-01-19: Pablos FTP Server Unauthorized File Existence Disclosure Vulnerability
2004-01-18: Netpbm Temporary File Vulnerabilities
2004-01-18: Agnitum Outpost Firewall Local Privilege Escalation Vulnerability
2004-01-17: Ultr@VNC ShellExecute() Local Privilege Escalation Vulnerability
2004-01-16: PHPShop Project Multiple Vulnerabilities
2004-01-16: XtremeASP PhotoGallery Adminlogin.ASP SQL Injection Vulnerability
2004-01-16: OpenBSD 3.4 Crypto Card Handlers File Descriptor Leak Vulnerability
2004-01-16: ISAKMPD Initial Contact Notification SA Deletion Vulnerability
2004-01-16: SuSE 3Ddiag Insecure Temporary File Handling Symbolic Link Vulnerability
2004-01-16: OpenCA Crypto-Utils.Lib Signature Verification Vulnerability
2004-01-16: Xerox MicroServer Web Server Remote Directory Traversal Vulnerability
2004-01-16: Rit Research Labs The Bat! PGP Message Memory Writing Vulnerability
2004-01-16: TCPDump Malformed RADIUS Packet Denial Of Service Vulnerability
2004-01-16: TCPDump Malformed ISAKMP Packet Denial Of Service Vulnerability
2004-01-16: TCPDump Malformed BGP Packet Memory Corruption Vulnerability
2004-01-16: TCPDump Malformed NFS Packet Buffer Overflow Vulnerability
2004-01-15: ELM frm Command Remote Buffer Overflow Vulnerability
2004-01-15: Whale Communications e-Gap Security Appliance Login Page Source Code Disclosure Vulnerability
2004-01-15: Linux Kernel 32 Bit Ptrace Emulation Full Kernel Rights Vulnerability
2004-01-15: Vicomsoft RapidCache Server Directory Traversal Vulnerability
2004-01-15: Vicomsoft RapidCache Server Host Argument Denial of Service Vulnerability
2004-01-15: ISC INN Control Message Handling Buffer Overrun Vulnerability

Symantec SSR

Backdoor.OptixPro.13b
Backdoor.Optix.Pro.13 [Kaspersky] January 21, 2004 January 21, 2004
Backdoor.Tuxder January 20, 2004 January 20, 2004
Trojan.Httpdos
Backdoor.Snart.j[Kaspersky] January 20, 2004 January 20, 2004
Trojan.Mitglieder.C
Mitglieder [F-Secure] January 20, 2004 January 20, 2004
VBS.Zsyang.B@mm
I-Worm.Zsyang [Kaspersky] January 19, 2004 January 19, 2004
W32.Beagle.A@mm
I-Worm.Bagle [Kaspersky], WORM_BAGLE.A [Trend], W32/Bagle-A [Sophos], W32/Bagle@MM [McAfee], Win32.Bagle.A [Computer Associates] January 18, 2004 January 18, 2004
Backdoor.IRC.Aladinz.H January 18, 2004 January 18, 2004
Trojan.Bookmarker.C January 15, 2004 January 16, 2004
W32.Protoride.Worm January 16, 2004 January 16, 2004
W97M.Twopey.E
Macro.Word97.Racaga [Kaspersky] January 15, 2004 January 16, 2004
W32.Stuplo January 15, 2004 January 16, 2004
Backdoor.IRC.Aladinz.G
Worm.Win32.Randon.o [Kaspersky] January 15, 2004 January 15, 2004
Downloader.Mimail.B
Downloader-GN [McAfee], Troj/Mmdload-A [Sophos] January 14, 2004 January 16, 2004
W32.HLLC.Elpmis January 14, 2004 January 15, 2004
W32.HLLW.Nettrash
Backdoor.NetTrash, Backdoor/NetTrash.10.a [Kaspersky] January 12, 2004 January 13, 2004
Trojan.Bookmarker.B January 12, 2004 January 13, 2004
W32.HLLW.Gaobot.FQ
W32/Gaobot.worm.gw [McAfee] January 12, 2004 January 13, 2004
PWSteal.Freemega January 11, 2004 January 12, 2004
PWSteal.Leox January 11, 2004 January 12, 2004
Backdoor.Threadsys January 10, 2004 January 12, 2004
Trojan.Xombe
Xombe [FSecure], Downloader-GJ [McAfee], Troj/Dloader-L [Sophos] January 9, 2004 January 9, 2004
Backdoor.Sdbot.S
Backdoor.SdBot.gen [Kaspersky] January 8, 2004 January 8, 2004
W32.Opaserv.AE.Worm January 7, 2004 January 8, 2004
W32.Mimail.P@mm
W32/Mimail.p@MM [McAfee], Win32.Mimail.P [Computer Associates], WORM_MIMAIL.P [Trend], W32/Mimail-N [Sophos], I-Worm.Mimail.p [Kaspersky] January 7, 2004 January 8, 2004
W32.HLLW.Gaobot.FL January 6, 2004 January 7, 2004
W32.Bizten
Trojan.Win32.Bizten [Kaspersky] January 6, 2004 January 6, 2004
W32.HLLW.Gaobot.FB
Backdoor.Agobot.3.gen [Kaspersky] January 4, 2004 January 5, 2004
Backdoor.Graybird.H January 4, 2004 January 5, 2004
W32.Miroot.Worm
W32/Legemer.worm [McAfee] January 3, 2004 January 5, 2004
W32.Bugbros@mm January 2, 2004 January 5, 2004
Backdoor.IRC.Aladinz.F
Win32.Randon.AC [Kaspersky] January 1, 2004 January 2, 2004
W32.Tupeg January 1, 2004 January 2, 2004
Download.Berbew.dam
Downloader-DI.dam [McAfee], Troj/Antikl-Dam [Sophos] December 31, 2003 January 2, 2004
W32.Jitux.Worm
W32/Jitux.worm [McAfee], WORM_JITUX.A [Trend] December 31, 2003 December 31, 2003
W32.Mumo December 29, 2003 December 30, 2003
Backdoor.Gaster December 29, 2003 December 30, 2003
W32.Torun
W32.Torun.dr, Worm.W32.Torun [Kaspersky], PE_TORUN.A [Trend] December 28, 2003 December 29, 2003
Trojan.Download.Revird December 27, 2003 December 29, 2003
Backdoor.Portless December 26, 2003 December 29, 2003
PWSteal.Bancos.D December 22, 2003 December 23, 2003
W32.Cissi.A@mm December 22, 2003 December 23, 2003





NAV Daily Definitions (Go)


*Note: The i32 Intelligent Updater package cannot be used to update Symantec AntiVirus Corporate Edition 8.0 servers or Norton AntiVirus Corporate Edition 7.6 servers, but can be used to update Corporate Edition clients. The x86 Intelligent Updater package can be used to update corporate Edition clients and servers.


Live Virus Advisory Feed