Summary of Security Items from February 18 through March 2, 2004

Publications by US-CERT

VU#116182: WinZip vulnerable to buffer overflow in handling of MIME archive parameters
A buffer overflow vulnerability in the WinZip program could allow a remote attacker to execute arbitrary code on a vulnerable system.

VU#150326: Internet Security Systems' BlackICE and RealSecure contain a heap overflow in the processing of SMB packets
Internet Security Systems' BlackICE and RealSecure intrusion detection products contain a remotely exploitable vulnerability. Exploitation of this vulnerability could lead to the compromise of the system with privileges of the vulnerable process, typically the "SYSTEM" user.

VU#194238: Apple Mac OS X Safari fails to properly display URLs in the status bar
Apple Mac OS X Safari fails to properly display URLs in the status bar.

VU#240174: Oracle9i Database contains buffer overflow in TIME_ZONE session parameter
Oracle9i Database contains a buffer overflow in the TIME_ZONE session parameter which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process.

VU#399806: Oracle9i Database contains buffer overflow in FROM_TZ() function
Oracle9i Database contains a buffer overflow in the FROM_TZ() function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process.

VU#445214: Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets
Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets which could allow an unauthenticated, remote attacker to cause a denial-of-service condition.

VU#460350: Apple Quicktime/Darwin Streaming Server fails to properly parse DESCRIBE requests
Apple Quicktime/Darwin Streaming Server fails to properly parse DESCRIBE requests containing overly large User-Agent fields. This could allow an unauthenticated, remote attacker to cause a denial-of-service condition.

VU#513062: metamail contains multiple buffer overflow vulnerabilities
Multiple buffer overflows in the metamail package could allow a remote attacker to execute arbitrary code on a vulnerable system. An attacker may be able to exploit these vulnerabilities via a specially-crafted email message.

VU#518518: metamail contains multiple format string vulnerabilities
Multiple format string vulnerabilities in the metamail package could allow a remote attacker to execute arbitrary code on the vulnerable system. An attacker may be able to exploit these vulnerabilities via a specially-crafted email message.

VU#578886: Apple Mac OS X contains a vulnerability in DiskArbitration when initializing writable removable media
Apple Mac OS X contains a vulnerability in DiskArbitration when initializing writable removable media.

VU#619982: Zone Labs desktop security products fail to properly validate RCPT TO command argument
Zone Labs desktop security products contains a buffer overflow in the code that processes the RCPT TO command argument. This could allow an attacker to execute arbitrary code with SYSTEM privileges.

VU#819126: Oracle9i Database contains buffer overflow in NUMTOYMINTERVAL() function
Oracle9i Database contains a buffer overflow in the NUMTOYMINTERVAL() function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process.

VU#841742: Apple Mac OS X Point-to-Point Protocol daemon (pppd) contains format string vulnerability
Apple Mac OS X Point-to-Point Protocol daemon contains a format string vulnerability in the handling of invalid command line arguments.

VU#846582: Oracle9i Database contains buffer overflow in NUMTODSINTERVAL() function
Oracle9i Database contains a buffer overflow in the NUMTODSINTERVAL() function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process.

VU#972334: IMail Server LDAP daemon buffer overflow
A buffer overflow in the LDAP server component supplied with some versions of the Ipswitch IMail Server could allow a remote attacker to execute arbitrary code on the vulnerable system.

VU#987118: Microsoft Virtual PC for Mac fails to properly validate temporary file
Microsoft Virtual PC for Mac fails to properly validate a temporary file which could allow an attacker to execute arbitrary code with system privileges.

Publications by Vendors

Apple

• Security Update 2004-02-23 for Mac OS X 10.3.2 "Panther" and Mac OS X 10.3.2 Server (02-23-04)
  http://docs.info.apple.com/article.html?artnum=61798

• Security Update 2004-02-23 for Mac OS X 10.2.8 "Jaguar" and Mac OS X 10.2.8 Server (02-23-04)
  http://docs.info.apple.com/article.html?artnum=61798

Cisco

• Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities (02-19-04)
  http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml

Conectiva

• XFree86 - Improper handling of font files (02-20-04)
  http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000821

• kernel - A new vulnerability in the linux memory management code that can be used by local attackers to obtain root privileges. (02-20-04)
  http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000820

• Zebra - A vulnerability has been found in zebra which allows local users to create a denial of service condition (DoS) by sending malicious netlink messages. (02-19-04)
  http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000818

• Mon - An error in the init script prevents mon from starting up correctly. (02-19-04)
  http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000817

Debian

• DSA-454 linux-kernel-2.2.22-alpha - failing function and TLB flush (03-02-04)
  http://www.debian.org/security/2004/dsa-454

• DSA-453 linux-kernel-2.2.20-i386+m68k+powerpc - failing function and TLB flush (03-02-04)
  http://www.debian.org/security/2004/dsa-453

• DSA-452 libapache-mod-python - denial of service (02-29-04)
  http://www.debian.org/security/2004/dsa-452

• DSA-451 xboing - buffer overflows (02-27-04)
  http://www.debian.org/security/2004/dsa-451

• DSA-450 linux-kernel-2.4.19-mips - several vulnerabilities (02-27-04)
  http://www.debian.org/security/2004/dsa-450

• DSA-449 metamail - buffer overflow, format string bugs (02-24-04)
  http://www.debian.org/security/2004/dsa-449

• DSA-448 pwlib - several vulnerabilities (02-22-04)
  http://www.debian.org/security/2004/dsa-448

• DSA-447 hsftp - format string (02-22-04)
  http://www.debian.org/security/2004/dsa-447

• DSA-446 synaesthesia - insecure file creation (02-21-04)
  http://www.debian.org/security/2004/dsa-446

• DSA-445 lbreakout2 - buffer overflow (02-21-04)
  http://www.debian.org/security/2004/dsa-445

• DSA-444 linux-kernel-2.4.17-ia64 - missing function return value check (02-20-04)
  http://www.debian.org/security/2004/dsa-444

• DSA-443 xfree86 - several vulnerabilities (02-19-04)
  http://www.debian.org/security/2004/dsa-443

• DSA-442 linux-kernel-2.4.17-s390 - several vulnerabilities (02-19-04)
  http://www.debian.org/security/2004/dsa-442

• DSA-441 linux-kernel-2.4.17-mips+mipsel - missing function return value check (02-18-04)
  http://www.debian.org/security/2004/dsa-441

• DSA-440 linux-kernel-2.4.17-powerpc-apus - several vulnerabilities (02-18-04)
  http://www.debian.org/security/2004/dsa-440

• DSA-439 linux-kernel-2.4.16-arm - several vulnerabilities (02-18-04)
  http://www.debian.org/security/2004/dsa-439

• DSA-438 linux-kernel-2.4.18-alpha+i386+powerpc - missing function return value check (02-18-04)
  http://www.debian.org/security/2004/dsa-438

Fedora

• Updated kernel packages resolve security vulnerabilities (02-18-04)
  http://www.redhat.com/archives/fedora-announce-list/2004-February/msg00023.html

• Updated kernel packages resolve security vulnerabilities (02-18-04)
  http://www.redhat.com/archives/fedora-announce-list/2004-February/msg00025.html

• Update of libxml2 2.6.6 available (02-25-04)
  http://www.redhat.com/archives/fedora-announce-list/2004-February/msg00029.html

• Fedora Core 1 Update: pwlib-1.5.0-4 (03-02-04)
  http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00004.html

• Fedora Core 1 Update: tcpdump-3.7.2-7.fc1.1 (03-02-04)
  http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00006.html

FreeBSD

• FreeBSD-SA-04:03.jail.asc (02-25-04)
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc

• FreeBSD-SA-04:04.tcp.asc (03-02-04)
  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc

Hewlett Packard

• HPSBUX0402-313 New Mailing List for Security Bulletins Rev.1 (02-29-04)
  http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0402-313

• HPSBGN0402-005 New Mailing List for Security Bulletins (02-21-04)
  http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBGN0402-005

Mandrake

• Updated mtools packages fix local root vulnerability (02-25-04)
  http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:016

• Updated x86_64 kernel packages fix multiple vulnerabilities (02-25-04)
  http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:015-1

• Two format string and two buffer overflow vulnerabilities were discovered in metamail (02-18-04)
  http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:014

Microsoft

• Cumulative Security Update for Internet Explorer - Microsoft Security Bulletin MS04-004. (updated 02-18-04)
  http://www.microsoft.com/technet/security/bulletin/MS04-004.asp

Novell

• iChain 2.2 Field Patch 3c (03-01-04)
  http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968316.htm

Oracle

• Security Vulnerabilities in Oracle9i Lite (02-18-04)
  http://otn.oracle.com/deploy/security/pdf/2004alert63.pdf

• Security Vulnerabilities in Oracle9i Database Server 1 and Server 2 release (02-18-04)
  http://otn.oracle.com/deploy/security/pdf/2004alert64.pdf

• Security Vulnerability in Oracle9i Application and Database Servers involving processing of SOAP messages whose XML contains carefully constructed DTDs (02-18-04)
  http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf

Red Hat

• Updated libxml2 packages fix security vulnerability (03-03-04)
  https://rhn.redhat.com/errata/RHSA-2004-091.html

• Updated kernel packages resolve security vulnerabilities (02-18-04)
  https://rhn.redhat.com/errata/RHSA-2004-065.html

• Updated libxml2 packages fix security vulnerability (02-26-04)
  https://rhn.redhat.com/errata/RHSA-2004-091.html

• Updated mod_python packages fix denial of service vulnerability (02-26-04)
  https://rhn.redhat.com/errata/RHSA-2004-063.html

• Updated SANE packages fix problem with shared libraries (03-01-04)
  https://rhn.redhat.com/errata/RHBA-2004-043.html

SGI

• SGI Advanced Linux Environment security update #11 (02-26-04)
  ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc

• SGI Advanced Linux Environment security update #12 (02-26-04)
  ftp://patches.sgi.com/support/free/security/advisories/20040203-01-U.asc

• SGI ProPack v2.4: Kernel fixes and security update (02-26-04)
  ftp://patches.sgi.com/support/free/security/advisories/20040204-01-U.asc

Slackware

• Kernel security update (SSA:2004-049-01) (02-18-04)
  http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.541911

• metamail security update (SSA:2004-049-02) (02-18-04)
  http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734

Sun Microsystems

• Patches Disable the Auditing Functionality on Basic Security Module (BSM) Enabled Systems (02-23-04)
  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57478

• SunPlex (Sun Cluster) Multiple Security Vulnerabilities in OpenSSL Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Protocols (02-23-04)
  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57475

• Security Issue with kcms_server Daemon (02-25-04)
  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50104

• Sun ONE Web Server Buffer Overflow Vulnerability May Result in "Denial of Service" (DoS) (02-25-04)
  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57464

• Security Vulnerability Involving the passwd(1) Command (02-26-04)
  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57454

• Security Vulnerability in "/usr/lib/print/conv_fix" May Allow Unauthorized Privileges and/or Denial of Service (02-26-04)
  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57509

SuSE Linux

• Linux Kernel (SuSE-SA:2004:005) (02-18-04)
  http://www.suse.de/de/security/2004_05_linux_kernel.html

• xf86/XFree86 (SuSE-SA:2004:006) (02-26-04)
  http://www.suse.de/de/security/2004_06_xf86.html

TurboLinux

• kernel mremap vulnerability (02-23-04)
  http://www.turbolinux.com/security/2004/TLSA-2004-7.txt

Trustix

• local root exploit in mremap (02-18-04)
  http://www.trustix.org/errata/misc/2004/TSL-2004-0007-kernel.asc.txt

Publications by Third Parties

AusCERT

• Squid Proxy Cache Security Update Advisory SQUID-2004:1 (03-02-04)
  http://www.auscert.org.au/render.html?it=3909&cid=1

• Variants of mass-mailing worms Netsky and Bagle spreading rapidly (03-02-04)
  http://www.auscert.org.au/render.html?it=3908&cid=1

• New libapache-mod-python packages fix denial of service (03-01-04)
  http://www.auscert.org.au/render.html?it=3907&cid=1

• WinZip MIME Parsing Buffer Overflow Vulnerability (03-01-04)
  http://www.auscert.org.au/render.html?it=3906&cid=1

• Microsoft Internet Explorer Cross Frame Scripting Restriction Bypass (03-01-04)
  http://www.auscert.org.au/render.html?it=3905&cid=1

• Jailed processes can attach to other jails (03-01-04)
  http://www.auscert.org.au/render.html?it=3904&cid=1

• New Linux 2.4.19 packages fix several local root exploits (mips) (03-01-04)
  http://www.auscert.org.au/render.html?it=3903&cid=1

• Security Vulnerability in "/usr/lib/print/conv_fix" May Allow Unauthorized Privileges and/or Denial of Service (03-01-04)
  http://www.auscert.org.au/render.html?it=3902&cid=1

• Security Vulnerability Involving the passwd(1) Command (03-01-04)
  http://www.auscert.org.au/render.html?it=3901&cid=1

• RealSecure/BlackICE Server Message Block (SMB) Processing Overflow (02-27-04)
  http://www.auscert.org.au/render.html?it=3900&cid=1

• Updated libxml2 packages fix security vulnerability (02-27-04)
  http://www.auscert.org.au/render.html?it=3898&cid=1

• Updated mod_python packages fix denial of service vulnerability (02-27-04)
  http://www.auscert.org.au/render.html?it=3897&cid=1

• Exploit activity for Linux kernel memory management problem via mremap() (02-27-04)
  http://www.auscert.org.au/render.html?it=3899&cid=1

• Sun ONE Web Server Buffer Overflow Vulnerability May Result in "Denial of Service" (DoS) (02-26-04)
  http://www.auscert.org.au/render.html?it=3895&cid=1

• Security Issue with kcms_server Daemon *REVISED* (02-26-04)
  http://www.auscert.org.au/render.html?it=3894&cid=1

• WORM_NETSKY.C (W32/Netsky.C@MM, W32.Netsky.C@mm, Win32.Netsky.C, NetSky.C, I-Worm.Moodown.c) (02-26-04)
  http://www.auscert.org.au/render.html?it=3893&cid=1

• New metamail packages fix arbitrary code execution (02-25-04)
  http://www.auscert.org.au/render.html?it=3892&cid=1

• SunPlex (Sun Cluster) Multiple Security Vulnerabilities in OpenSSL Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Protocols *REVISED* (02-25-04)
  http://www.auscert.org.au/render.html?it=3891&cid=1

• Apple Security Update 2004-02-23 (02-24-04)
  http://www.auscert.org.au/render.html?it=3890&cid=1

• New pwlib packages fix multiple vulnerabilities (02-24-04)
  http://www.auscert.org.au/render.html?it=3889&cid=1

• New hsftp packages fix format string vulnerability (02-24-04)
  http://www.auscert.org.au/render.html?it=3888&cid=1

• New synaesthesia packages fix insecure file creation (02-24-04)
  http://www.auscert.org.au/render.html?it=3887&cid=1

• New mailman packages fix bug introduced in DSA 436-1 (02-24-04)
  http://www.auscert.org.au/render.html?it=3886&cid=1

• New Linux 2.4.17 packages fix local root exploit (ia64) (02-23-04)
  http://www.auscert.org.au/render.html?it=3885&cid=1

• New xfree86 packages fix multiple vulnerabilities (02-23-04)
  http://www.auscert.org.au/render.html?it=3884&cid=1

• New Linux 2.4.17 packages fix local root exploits and more (s390) (02-23-04)
  http://www.auscert.org.au/render.html?it=3883&cid=1

• shmat reference counting bug (02-23-04)
  http://www.auscert.org.au/render.html?it=3882&cid=1

• OpenSSL 0.9.6 ASN.1 parser vulnerability (02-23-04)
  http://www.auscert.org.au/render.html?it=3881&cid=1

• Inconsistent IPv6 path MTU discovery handling (02-23-04)
  http://www.auscert.org.au/render.html?it=3880&cid=1

• Insufficient packet validation in racoon IKE daemon (02-23-04)
  http://www.auscert.org.au/render.html?it=3879&cid=1

• Novell iChain Telnet Service Vulnerability (02-23-04)
  http://www.auscert.org.au/render.html?it=3877&cid=1

• SSRT2336 Rev.5 XDR library (02-23-04)
  http://www.auscert.org.au/render.html?it=3876&cid=1

• SSRT2439 Rev.10 xdrmem_getbytes() (02-23-04)
  http://www.auscert.org.au/render.html?it=3875&cid=1

• SSRT2330 Rev.2 rpc.yppasswdd (02-23-04)
  http://www.auscert.org.au/render.html?it=3874&cid=1

• SSRT3631 Rev.8 sendmail (02-23-04)
  http://www.auscert.org.au/render.html?it=3873&cid=1

• ZoneLabs SMTP Processing Buffer Overflow (02-23-04)
  http://www.auscert.org.au/render.html?it=3878&cid=1

• Updated kernel packages fix security vulnerability (02-20-04)
  http://www.auscert.org.au/render.html?it=3872&cid=1

• Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities (02-20-04)
  http://www.auscert.org.au/render.html?it=3871&cid=1

• Updated kernel packages fix security vulnerability (02-20-04)
  http://www.auscert.org.au/render.html?it=3870&cid=1

• Kernel security update (02-20-04)
  http://www.auscert.org.au/render.html?it=3869&cid=1

• New Linux 2.4.17 packages fix local root exploit (mips+mipsel) (02-20-04)
  http://www.auscert.org.au/render.html?it=3868&cid=1

• New Linux 2.4.17 packages fix several local root exploits (powerpc/apus) (02-20-04)
  http://www.auscert.org.au/render.html?it=3867&cid=1

• New Linux 2.4.16 packages fix several local root exploits (arm) (02-20-04)
  http://www.auscert.org.au/render.html?it=3866&cid=1

• Updated metamail packages fix vulnerabilities (02-20-04)
  http://www.auscert.org.au/render.html?it=3865&cid=1

• Updated samba packages fix security vulnerability (02-20-04)
  http://www.auscert.org.au/render.html?it=3864&cid=1

• Updated PWLib packages fix protocol security issues (02-20-04)
  http://www.auscert.org.au/render.html?it=3863&cid=1

• Updated kernel packages resolve security vulnerabilities (02-19-04)
  http://www.auscert.org.au/render.html?it=3862&cid=1

• New Linux 2.4.18 packages fix local root exploit (alpha+i386+powerpc) (02-19-04)
  http://www.auscert.org.au/render.html?it=3861&cid=1

• W32/Netsky.b (02-19-04)
  http://www.auscert.org.au/render.html?it=3860&cid=1

F-Secure

• Bagle.I (03-02-04)
  http://www.f-secure.com/v-descs/bagle_i.shtml

• Bagle.H (03-02-04)
  http://www.f-secure.com/v-descs/bagle_h.shtml

• Bagle.F (03-02-04)
  http://www.f-secure.com/v-descs/bagle_f.shtml

• Bagle.E (03-02-04)
  http://www.f-secure.com/v-descs/bagle_e.shtml

• Bagle.D (03-02-04)
  http://www.f-secure.com/v-descs/bagle_d.shtml

• Bagle.C (03-02-04)
  http://www.f-secure.com/v-descs/bagle_c.shtml

• NetSky.E (03-01-04)
  http://www.f-secure.com/v-descs/netsky_e.shtml

• NetSky.D (03-01-04)
  http://www.f-secure.com/v-descs/netsky_d.shtml

• NetSky.C (03-01-04)
  http://www.f-secure.com/v-descs/netsky_c.shtml

• MyDoom.F (03-01-04)
  http://www.f-secure.com/v-descs/mydoom_f.shtml

• Bagle.B (02-28-04)
  http://www.f-secure.com/v-descs/bagle_b.shtml

• Bizex (02-27-04)
  http://www.f-secure.com/v-descs/bizex.shtml

• NetSky.B (02-26-04)
  http://www.f-secure.com/v-descs/netsky_b.shtml

• NetSky.A (02-26-04)
  http://www.f-secure.com/v-descs/moodown.shtml

• Swicer (02-23-04)
  http://www.f-secure.com/v-descs/swicer.shtml

• Bagle (02-18-04)
  http://www.f-secure.com/v-descs/bagle.shtml

ISS

• Vulnerability in SMB Parsing in ISS Products (02-26-04)
  http://xforce.iss.net/xforce/alerts/id/165

• AS04-09 (03-01-04)
  http://xforce.iss.net/xforce/alerts/id/AS04-09

• AS04-08 (02-23-04)
  http://xforce.iss.net/xforce/alerts/id/AS04-08

Network Associates

• W32/Mydoom.g@MM (03-02-04)
  http://vil.nai.com/vil/content/v_101072.htm

• W32/Bagle.j@MM (03-02-04)
  http://vil.nai.com/vil/content/v_101071.htm

• W32/Hiton.a@MM (03-02-04)
  http://vil.nai.com/vil/content/v_101070.htm

• W32/Bagle.i@MM (03-02-04)
  http://vil.nai.com/vil/content/v_101069.htm

• W32/Bagle.h@MM (03-01-04)
  http://vil.nai.com/vil/content/v_101068.htm

• W32/Netsky.e@MM (03-01-04)
  http://vil.nai.com/vil/content/v_101067.htm

• W32/Netsky.d@MM (03-01-04)
  http://vil.nai.com/vil/content/v_101064.htm

• W32/Bagle.g@MM (02-29-04)
  http://vil.nai.com/vil/content/v_101063.htm

• W32/Bagle.f@MM (02-29-04)
  http://vil.nai.com/vil/content/v_101062.htm

• W32/Bagle.e@MM (02-28-04)
  http://vil.nai.com/vil/content/v_101061.htm

• W32/Bagle.d@MM (02-28-04)
  http://vil.nai.com/vil/content/v_101060.htm

• W32/Bagle.c@MM (02-27-04)
  http://vil.nai.com/vil/content/v_101059.htm

• W32/Netsky.c@MM (02-25-04)
  http://vil.nai.com/vil/content/v_101048.htm

• W32/Bizex.worm (02-24-04)
  http://vil.nai.com/vil/content/v_101044.htm

• W32/Cone@MM (02-23-04)
  http://vil.nai.com/vil/content/v_101043.htm

• W32/Eyeveg.worm.c (02-20-04)
  http://vil.nai.com/vil/content/v_101041.htm

• W97M/Trugbar.a (02-20-04)
  http://vil.nai.com/vil/content/v_101040.htm

• W32/Mydoom.f@MM (02-19-04)
  http://vil.nai.com/vil/content/v_101038.htm

• W32/Netsky.b@MM (02-18-04)
  http://vil.nai.com/vil/content/v_101034.htm

SANS

• SANS NewsBites #7 (02-18-04)
  http://www.sans.org/newsletters/newsbites/newsbites.php?vol=6&issue=7

• SANS NewsBites #8 (02-25-04)
  http://www.sans.org/newsletters/newsbites/newsbites.php?vol=6&issue=8

• @RISK: The Consensus Security Vulnerability Alert #7 (02-19-04)
  http://www.sans.org/newsletters/risk/vol3_7.php

• @RISK: The Consensus Security Vulnerability Alert #8 (02-26-04)
  http://www.sans.org/newsletters/risk/vol3_8.php

Sophos

• 32/Bagle-J (03-02-04)
  http://www.sophos.com/virusinfo/analyses/w32baglej.html

• W32/Netsky-D (03-02-04)
  http://www.sophos.com/virusinfo/analyses/w32netskyd.html

• W32/Bagle-I (03-02-04)
  http://www.sophos.com/virusinfo/analyses/w32baglei.html

• W32/Bagle-H (03-01-04)
  http://www.sophos.com/virusinfo/analyses/w32bagleh.html

• W32/Netsky-E (03-01-04)
  http://www.sophos.com/virusinfo/analyses/w32netskye.html

• W32/Bagle-G (03-01-04)
  http://www.sophos.com/virusinfo/analyses/w32bagleg.html

• W32/Bagle-F (03-01-04)
  http://www.sophos.com/virusinfo/analyses/w32baglef.html

• W32/Bagle-D (02-28-04)
  http://www.sophos.com/virusinfo/analyses/w32bagled.html

• W32/Bagle-E (02-28-04)
  http://www.sophos.com/virusinfo/analyses/w32baglee.html

• W32/Bagle-C (02-28-04)
  http://www.sophos.com/virusinfo/analyses/w32baglec.html

• W32/Maddis-A (02-28-04)
  http://www.sophos.com/virusinfo/analyses/w32maddisa.html

• W32/Nachi-D (02-27-04)
  http://www.sophos.com/virusinfo/analyses/w32nachid.html

• W32/Agobot-FE (02-27-04)
  http://www.sophos.com/virusinfo/analyses/w32agobotfe.html

• W32/Spybot-BM (02-27-04)
  http://www.sophos.com/virusinfo/analyses/w32spybotbm.html

• Troj/Killproc-B (02-27-04)
  http://www.sophos.com/virusinfo/analyses/trojkillprocb.html

• Troj/Tofger-O (02-27-04)
  http://www.sophos.com/virusinfo/analyses/trojtofgero.html

• JS/Venga-A (02-27-04)
  http://www.sophos.com/virusinfo/analyses/jsvengaa.html

• W32/Wenru-A (02-27-04)
  http://www.sophos.com/virusinfo/analyses/w32wenrua.html

• Troj/Dalixy-A (02-27-04)
  http://www.sophos.com/virusinfo/analyses/trojdalixya.html

• Troj/Dasmin-E (02-27-04)
  http://www.sophos.com/virusinfo/analyses/trojdasmine.html

• W32/Synapse-A (02-27-04)
  http://www.sophos.com/virusinfo/analyses/w32synapsea.html

• W32/Netsky-C (02-26-04)
  http://www.sophos.com/virusinfo/analyses/w32netskyc.html

• Troj/Narhem-A (02-26-04)
  http://www.sophos.com/virusinfo/analyses/trojnarhema.html

• W32/Agobot-DF (02-26-04)
  http://www.sophos.com/virusinfo/analyses/w32agobotdf.html

• Troj/Loony-B (02-26-04)
  http://www.sophos.com/virusinfo/analyses/trojloonyb.html

• W32/Darby-E (02-26-04)
  http://www.sophos.com/virusinfo/analyses/w32darbye.html

• mIRC/Darby-E (02-26-04)
  http://www.sophos.com/virusinfo/analyses/mircdarbye.html

• W32/Capside-B (02-26-04)
  http://www.sophos.com/virusinfo/analyses/w32capsideb.html

• Troj/Multidr-K (02-26-04)
  http://www.sophos.com/virusinfo/analyses/trojmultidrk.html

• Troj/Sandbox-A (02-26-04)
  http://www.sophos.com/virusinfo/analyses/trojsandboxa.html

• W32/Bizex-A (02-24-04)
  http://www.sophos.com/virusinfo/analyses/w32bizexa.html

• W32/MyDoom-F (02-20-04)
  http://www.sophos.com/virusinfo/analyses/w32mydoomf.html

• Troj/KeyHost-A (02-19-04)
  http://www.sophos.com/virusinfo/analyses/trojkeyhosta.html

• W32/Netsky-B (02-19-04)
  http://www.sophos.com/virusinfo/analyses/w32netskyb.html

• Troj/DDosSmal-B (02-19-04)
  http://www.sophos.com/virusinfo/analyses/trojddossmalb.html

• W32/Netsky-A (02-19-04)
  http://www.sophos.com/virusinfo/analyses/w32netskya.html

• W32/Nachi-C (02-19-04)
  http://www.sophos.com/virusinfo/analyses/w32nachic.html

• W32/SdBot-FQ (02-19-04)
  http://www.sophos.com/virusinfo/analyses/w32sdbotfq.html

• W32/SdBot-HH (02-19-04)
  http://www.sophos.com/virusinfo/analyses/w32sdbothh.html

• W32/SdBot-HI (02-19-04)
  http://www.sophos.com/virusinfo/analyses/w32sdbothi.html

• W32/SdBot-HJ (02-19-04)
  http://www.sophos.com/virusinfo/analyses/w32sdbothj.html

• JS/NoClose-B (02-19-04)
  http://www.sophos.com/virusinfo/analyses/jsnocloseb.html

Symantec

• W32.Beagle.J@mm (03-02-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.j@mm.html

• W32.Hiton@mm (03-02-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.hiton@mm.html

• W32.Mydoom.G@mm (03-02-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.g@mm.html

• W32.Beagle.I@mm (03-01-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.i@mm.html

• W32.Beagle.H@mm (03-01-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.h@mm.html

• W32.Netsky.E@mm (03-01-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.e@mm.html

• W32.Netsky.D@mm (03-01-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.d@mm.html

• W32.Beagle.G@mm (02-29-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.g@mm.html

• W32.Beagle.F@mm (02-29-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.f@mm.html

• W32.Cone.B@mm (02-29-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.cone.b@mm.html

• W32.HLLW.Cult.P@mm (02-29-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cult.p@mm.html

• Trojan.Bookmarker.F (02-29-04)
  http://securityresponse.symantec.com/avcenter/venc/data/trojan.bookmarker.f.html

• W32.Beagle.E@mm (02-28-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.e@mm.html

• W32.HLLW.Evianc (02-28-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.evianc.html

• W32.HLLW.Moega.AP (02-28-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.moega.ap.html

• W32.Beagle.C@mm (02-27-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.c@mm.html

• Trojan.Tilser (02-27-04)
  http://securityresponse.symantec.com/avcenter/venc/data/trojan.tilser.html

• PWSteal.Bancos.E (02-26-04)
  http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.e.html

• Backdoor.IRC.Loonbot (02-26-04)
  http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.loonbot.html

• PWSteal.Tarno.B (02-26-04)
  http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.b.html

• W32.Mockbot.A.Worm (02-25-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.mockbot.a.worm.html

• Backdoor.IRC.Aladinz.M (02-25-04)
  http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.m.html

• W32.Netsky.C@mm (02-24-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.c@mm.html

• W32.Bizex.Worm (02-24-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.bizex.worm.html

• W32.Welchia.D.Worm (02-23-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.d.worm.html

• Downloader.Botten (02-23-04)
  http://securityresponse.symantec.com/avcenter/venc/data/downloader.botten.html

• W97M.Ortant@mm (02-22-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w97m.ortant@mm.html

• W32.Cone@mm (02-22-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.cone@mm.html

• Backdoor.IRC.Aladinz.L (02-21-04)
  http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.l.html

• Java.StartPage (02-20-04)
  http://securityresponse.symantec.com/avcenter/venc/data/java.startpage.html

• W32.Mydoom.F@mm (02-20-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.f@mm.html

• Backdoor.Kaitex.E (02-20-04)
  http://securityresponse.symantec.com/avcenter/venc/data/backdoor.kaitex.e.html

• W97M.Saver.H (02-19-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w97m.saver.h.html

• Backdoor.IRC.Aladinz.K (02-19-04)
  http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.k.html

• W32.Netsky.B@mm (02-18-04)
  http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.b@mm.html

Trend Micro

• WORM_MYDOOM.G (03-02-04)
  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.G

• WORM_BAGLE.I (03-02-04)
  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.I

• WORM_BAGLE.D (03-01-04)
  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.D

• WORM_BAGLE.H (03-01-04)
  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.H

• WORM_NETSKY.E (03-01-04)
  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY.E

• WORM_NETSKY.D (03-01-04)
  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY.D

• WORM_AGOBOT.ZF (03-01-04)
  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ZF

• WORM_BAGLE.G (02-29-04)
  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.G

• WORM_BAGLE.F (02-29-04)
  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.F

• WORM_BAGLE.E (02-28-04)
  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.E

• WORM_BAGLE.C (02-27-04)
  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.C

• WORM_NETSKY.C (02-26-04)
  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY.C

• WORM_NACHI.D (02-25-04)
  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NACHI.D

• WORM_BIZEX.A (02-24-04)
  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BIZEX.A

• WORM_CASPID.B (02-24-04)
  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_CASPID.B

• WORM_AGOBOT.DE (02-23-04)
  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.DE

• WORM_DARBY.D (02-23-04)
  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DARBY.D

• WORM_MYDOOM.F (02-20-04)
  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.F

• WORM_RUSTY.A (02-19-04)
  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RUSTY.A

• WORM_NETSKY.B (02-18-04)
  http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY.B

UNIRAS

• Malicious Software Report: NetSky.D ALIAS: I-Worm.Moodown.D, W32/Netsky.D@mm, Moodown.D, Worm.Somefool (03-01-04)
  http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-0904.txt

• Malicious Software Report:W32/Bagle.c@MM & W32/Bagle.e@MM (03-01-04)
  http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-0804.txt

• Malicious Software Report - W32/Netsky.c@MM (02-25-04)
  http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-0704.txt

• Malicious Software Report - W32/Netsky.b AKA Worm.Moodown.B, W32/Netsky.B, Moodown.B (02-18-04)
  http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-0604.txt

• Jailed processes can attach to other jails (03-01-04)
  http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-9804.txt

• Two iDefense Security Advisories:
  1. WinZip MIME Parsing Buffer Overflow Vulnerability.
  2. Microsoft Internet Explorer Cross Frame Scripting Restriction Bypass (03-01-04)
     http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-9704.txt

• Two Debian Security Advisories:
  1. New Linux 2.4.19 packages fix several local root exploits (mips).
  2. New libapache-mod-python packages fix denial of service (03-01-04)
     http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-9604.txt

• RealSecure/BlackICE Server Message Block (SMB) Processing Overflow (03-01-04)
  http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-9504.txt

• Three Sun Microsystems Advisories:
  1. SunPlex (Sun Cluster) Multiple Security Vulnerabilities in OpenSSL Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Protocols.
  2. Security Vulnerability Involving the passwd(1) Command.
  3. Security Vulnerability in /usr/lib/print/conv_fix May Allow Unauthorized Privileges and/or Denial of Service (03-01-04)
     http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-9404.txt

• Updated mod_python packages fix denial of service vulnerability and Updated libxml2 packages fix security vulnerability (02-27-04)
  http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-9304.txt

• DSA 449-1 - New metamail packages fix arbitrary code execution (02-27-04)
  http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-9204.txt

• Two Mandrake Security Advisories:
  1. Updated x86_64 kernel packages fix multiple vulnerabilities
  2. Updated mtools packages fix local root vulnerability (02-27-04)
     http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-9104.txt

• Cisco Security Bulletin: ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities (02-26-04)
  http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-9004.txt

• Debian Security Bulletins:
  1. New gnupg packages fix cryptographic weakness.
  2. New mailman packages fix bug introduced in DSA 436-1.
  3. New Linux 2.4.18 packages fix local root exploit.
  4. New Linux 2.4.17 packages fix local root exploits and more.
  5. New xfree86 packages fix multiple vulnerabilities.
  6. New lbreakout2 packages fix buffer overflow.
  7. New synaesthesia packages fix insecure file creation.
  8. New hsftp packages fix format string vulnerability.
  9. New pwlib packages fix multiple vulnerabilities (02-26-04)
     http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-8904.txt

• Apple Security Bulletin: Security Update (02-26-04)
  http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-8804.txt

• eEye Security Bulletin: ZoneLabs SMTP Processing Buffer Overflow (02-26-04)
  http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-8704.txt

• CIAC Security Bulletin: Novell iChain Telnet Service Vulnerability (02-26-04)
  http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-8604.txt

• Slackware Security Bulletin: Kernel security update (02-26-04)
  http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-8504.txt

• Red Hat Security Bulletin: Updated kernel packages fix security vulnerability (02-25-04)
  http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-8404.txt

• Four Hewlett-Packard Security Advisories:
  1. Potential security vulnerability in sendmail
  2. Potential security vulnerability in rpc.yppasswdd.
  3. Potential buffer overflow in xdrmem_getbytes() and related functions.
  4. Potential buffer overflow in XDR library (02-25-04)
     http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-8304.txt

• Debian Security Briefings:
  1. DSA 439-1 - New Linux 2.4.16 packages fix several local root exploits (arm)
  2. DSA 440-1 - New Linux 2.4.17 packages fix several local root exploits (powerpc/apus)
  3. DSA 441-1 - New Linux 2.4.17 packages fix local root exploit (mips+mipsel) (02-25-04)
     http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-8204.txt

• Three Red Hat Security Bulletins:
  1. Updated PWLib packages fix protocol security issues.
  2. Updated samba packages fix security vulnerability.
  3. Updated metamail packages fix vulnerabilities (02-24-04)
     http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-8104.txt

• Five SCO Security Advisories:
  1. cache poisoning BIND 8 prior to 8.3.7 and BIND 8.4.x prior 8.4.2
  2. OpenLinux: Fetchmail 6.2.4 and earlier remote dennial of service.
  3. OpenLinux: mpg123 remote denial of service and heap-based buffer overflow
  4. OpenLinux: Multiple vulnerabilities were discovered in the saned daemon
  5. OpenLinux: Perl Safe.pm unsafe access (02-24-04)
     http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-8004.txt