 |
Summary of Security Items from September 1 through September 7, 2004
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends and viruses identified between August 31 and September 7, 2004. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Bugs,
Holes, & Patches
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the
following tables has been discussed in newsgroups and
on web sites.
Risk is defined as follows: (Note: The risks levels applied to vulnerabilities in the Cyber Bulletin are based on how the "system" may be impacted.)
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only |
|
Vendor & Software
Name
|
Vulnerability
- Impact
Patches - Workarounds
Attacks Scripts
|
Common Name |
Risk |
Source
|
ACLogic
CesarFTP 0.98b, 0.99 g, 0.99 e |
A buffer overflow vulnerability exists during authentication due to insufficient bounds checking, which could let a remote user cause a Denial of Service or execute arbitrary code.
No workaround or patch available at time of publishing.
Proof of Concept exploit script has been published. |
CesarFTP Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
Securiteam, August 31, 2003 |
Comersus Open Technologies
Comersus Cart 5.0 991 |
A vulnerability exists in the 'comersus_customerLoggedVerify.asp' script due to insufficient validation of the 'redirecturl' parameter, which could let a remote malicious user obtain or modify sensitive information or execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
|
Comersus Shopping Cart 'redirecturl' Input Validation |
Medium/High
(High if arbitrary code can be executed)
|
SecurityTracker Alert ID: 1011135, September 1, 2004 |
Diebold
GEMS Central Tabulator 1.17.7, 1.18 |
A vulnerability exists due to an undocumented backdoor account, which could a local or remote authenticated malicious user modify votes.
No workaround or patch available at time of publishing.
We are not aware of any exploits for this vulnerability. |
GEMS Central Tabulator Vote Database Vote Modification |
Medium |
BlackBoxVoting.org, August 31, 2004 |
IPSwitch
IMail 5.0, 5.0.5-5.0.8, 6.0-6.0.6, 6.1-6.4, 7.0.1-7.0.7, 7.1, 7.12, 8.0.3, 8.0.5, 8.1 |
Multiple buffer overflow vulnerabilities exist: a remote Denial of Service vulnerability exists in the Queue Manager when a malicious user submits an overly long sender field; a remote Denial of Service vulnerability exists in Web Calendaring when a ca lender entry that contains certain content is viewed; and a remote Denial of Service vulnerability exists in Web Messaging when a malicious user submits an overly long 'To:' line. The execution of arbitrary code may also be possible.
Patches available at: http://www.ipswitch.com/support/imail/releases/imail_professional/im813.html
We are not aware of any exploits for this vulnerability. |
Ipswitch IMail Server Multiple Buffer Overflow Remote Denial of Service |
Low/High
(High if arbitrary code can be executed)
|
Secunia Advisory, SA12453, September 3, 2004 |
IPSwitch
WhatsUp Gold 7.0 4, 7.0 3, 7.0, 8.03 hotfix 1, 8.03, 8.0 1, 8.0 |
Two vulnerabilities exist: a buffer overflow vulnerability exists when processing Notification instance names, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability exists in 'prn.htm' when a malicious user submits a certain GET request.
Hotfixes available at:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/WhatsUp/wug803HF2.exe
We are not aware of any exploits for this vulnerability. |
WhatsUpGold Web Interface Vulnerabilities |
Low/High
(High if arbitrary code can be executed)
|
SecurityTracker Alert ID: 1011157, September 4, 2004 |
IPSwitch
WS FTP Server 5.0.2 |
A remote Denial of Service vulnerability exists in the 'cd' command when a malicious user submits a malformed file path.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit script has been published.
|
IPSwitch WS_FTP Remote Denial of Service |
Low |
Bugtraq, August 29, 2004 |
Jerod Moemeka
Xedus 1.0 |
Multiple vulnerabilities exist: a remote Denial of Service vulnerability exists when a malicious user submits multiple simultaneous connections; a Cross-Site Scripting vulnerability exists in the sample scripts due to insufficient sanitization of user-supplied URI input, which could let a remote malicious user execute arbitrary HTML and script code; and a Directory Traversal vulnerability exists which could let a remote malicious obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proofs of Concept exploit scripts have been published. |
Xedus Web Server Input Validation Vulnerabilities |
Low/Medium/ High
(Low if a DoS; Medium if sensitive information can be obtained; and High if arbitrary code can be executed)
|
GulfTech Security Research Security Advisory, August 30, 2004 |
Keene Software Corporation
Keene Digital Media Server 1.0.2 |
Multiple vulnerabilities exist: a Cross-Site Scripting vulnerability exists because input passed to various parameters is not properly sanitized, which could let a remote malicious user execute arbitrary code; and a vulnerability exists because access is not restricted to all administrative pages and users' permissions are not checked before an administrative task is performed, which could let a remote malicious user user performed arbitrary administrative tasks.
No workaround or patch available at time of publishing.
Proofs of Concept exploits have been published. |
Keene Digital Media Server Cross-Site Scripting |
High |
SecurityFocus, September 4, 2004 |
Kerio Technologies
Kerio Personal Firewall 4.0.6-4.0.10, 4.0.16 |
A vulnerability exists in the 'Application Security' functionality, which could let a malicious user bypass certain security features.
No workaround or patch available at time of publishing.
We are not aware of any exploits for this vulnerability. |
Kerio Personal Firewall Security Bypass |
Medium |
SIG^2 Vulnerability Research Advisory, September 2, 2004 |
Multiple Vendors
Altnet ADM;
Grokster Grokster 1.3, 1.3.3, 2.6; KaZaA KaZaA Media Desktop 1.3-1.3.2, 1.6.1, 2.0, 2.0.2, 2.6.4 |
A buffer overflow vulnerability exists in Altnet Download Manager in the 'IsValidFile()' method, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
|
Altnet ADM ActiveX Control Remote Buffer Overflow |
High |
SecurityFocus, September 3, 2004 |
Newintelligence
DasBlog 1.3-1.6 |
A Cross-Site Scripting vulnerability exists in the 'User-Agent:' and 'Referer:' headers due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.
Patches available at: http://www.dasblog.net/documentation/CategoryView.aspx?category=Download
There is no exploit code required; however, Proofs of Concept exploit scripts have been published. |
DasBlog Cross-Site Scripting |
High |
ERNW Security Advisory, September 1, 2004 |
Nullsoft
Winamp 5.04 & prior |
A buffer overflow vulnerability exists in an ActiveX control installed by the application, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
|
Winamp ActiveX Control Remote Buffer Overflow
CVE Name: CAN-2004-0820 |
High |
SecurityTracker Alert ID: 1011071, September 2, 2004 |
South River Technologies
Titan FTP Server 2.2, 2.10, 3.0 1, 3.10, 3.21 |
A heap overflow vulnerability exists in the 'cwd' command due to insufficient boundary checks, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Proof of Concept exploit script has been published. |
Titan FTP Server CWD Command Remote Heap Overflow |
High |
www.cnhonker.com
Security Advisory, August 29, 2004 |
Symantec
PowerQuest DeployCenter 5.5 |
A password disclosure vulnerability exists in the 'stuffit.dat' file due to a failure to handle exceptional conditions, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required. |
PowerQuest DeployCenter Password Disclosure |
Medium |
SecurityTracker Alert ID: 1011081, August 28, 2004 |
Texas Imperial Software
WFTPD Pro 3.21, R1-R3 |
A remote Denial of Service vulnerability exists due to insufficient validation of the 'MLST' command.
No workaround or patch available at time of publishing.
Exploit script has been published.
|
WFTPD Remote Denial of Service |
Low |
www.cnhonker.com
Security Advisory, August 30, 2004 |
Web Animations
Password Protect |
Multiple vulnerabilities exist: vulnerabilities exist in the 'LoginId,' 'OPass,' 'NPass,'and 'CPass' parameters in 'ChangePassword.asp,' the 'admin' and 'Pass' parameters in 'index_next.asp,' and ' users_add.asp' and 'users_edit.asp' scripts due to insufficient sanitization, which could let a remote malicious user obtain administrative access to the application or to view or modify the database; and vulnerabilities exist in 'ChangePassword.asp,' 'index.asp,' 'users_list.asp,' 'users_add.asp,' and 'users_edit.asp' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proofs of Concept exploit scripts have been published. |
Password Protect Input Validation |
High |
CRIOLABS Advisory, August 30, 2004 |
WinZip Computing, Inc.
WinZip 7.0, 8.0, 8.1, SR-1, 9.0 |
Multiple unspecified buffer overflow vulnerabilities exist due to insufficient bounds checking when processing zip archives, which could let a local/remote malicious user execute arbitrary code.
Upgrades available at:
http://www.winzip.com/downauto.cgi?winzip90.exe
We are not aware of any exploits for this vulnerability. |
WinZip Multiple Buffer Overflows |
High |
Securiteam, September 6, 2004 |
[back to
top]
| UNIX / Linux Operating Systems Only |
Vendor & Software Name |
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts |
Common Name |
Risk |
Source |
Apache Software Foundation
Apache 2.0 a9, 2.0, 2.0.28 Beta, 2.0.28, 2.0.32, 2.0.35-2.0.50 |
A remote Denial of Service vulnerability exists in Apache 2 mod_ssl during SSL connections.
Apache: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964
RedHat:http://rhn.redhat.com/errata/RHSA-2004-349.html
SuSE: ftp://ftp.suse.com/pub/suse/i386/update/
We are not aware of any exploits for this vulnerability. |
|
Low |
SecurityFocus, September 6, 2004 |
Apple
MacOS X 10.2.8, 10.3.4, 10.3.5 |
Two vulnerabilities exist: a vulnerability exists in CoreFoundation 'CFPlugin' facilities, which could let a malicious user obtain elevated privileges; and a buffer overflow vulnerability exists in CoreFoundation, which could let a malicious user execute arbitrary code.
Patches available at:
http://www.apple.com/support/downloads/
We are not aware of any exploits for this vulnerability. |
|
Medium/ High
(High if arbitrary code can be executed)
|
Apple Security Update, APPLE-SA-0024-09-07, September 7, 2004 |
Bharat Mediratta
Gallery 1.4.4 |
A vulnerability exists in the 'set_time_limit' function due to insufficient validation of user-supplied input, which could let a remote malicious user execute arbitrary code.
Upgrade available at: http://prdownloads.sourceforge.net/gallery/
Gentoo: http://security.gentoo.org/glsa/glsa-200409-05.xml
Proof of Concept exploit script has been published. |
|
High |
SecurityTracker Alert ID: 1010971, August 18, 2004
SecurityFocus, September 2, 2004
Gentoo Linux Security Advisory GLSA 200409-05, September 2, 2004 |
Double Precision, Inc.
Inter7 Courier-IMAP 1.6, 1.7, 2.0 .0, 2.1- 2.1.2, 2.2 .0. 2.2.1 |
A format string vulnerability exists in the 'auth_debug()' function used for login debugging, which could let a remote malicious user execute arbitrary code.
Upgrade available at: http://prdownloads.sourceforge.net/courier/courier-imap-3.0.7.tar.bz2
Gentoo: http://security.gentoo.org/glsa/glsa-200408-19.xml
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
Exploit script has been published. |
|
High |
iDEFENSE Security Advisory 08.18.04
SecurityFocus, September 2, 2004 |
Fujitsu
Fujitsu ServerView 3.0 |
A vulnerability exists because the '.index' file is world writeable, which could let a malicious user modify MIB values.
No workaround or patch available at time of publishing.
We are not aware of any exploits for this vulnerability. |
Fujitsu ServerView MIB Modification |
Medium |
SecurityTracker Alert ID: 1011168, September 6, 2004 |
Inter7
vpopmail (vchkpw) 3.4.1-3.4.11, 4.5, 4.6, 4.7, 4.8, 4.9, 4.9.10, 4.10, 5.2.1, 5.2.2, 5.3.20-5.3.30, 5.4-5.4.2 |
Multiple buffer overflow and format string vulnerabilities exist in the 'vsybase.c' file, which could let a malicious user cause a Denial of Service, obtain unauthorized access, or execute arbitrary code.
Upgrades available at:
http://prdownloads.sourceforge.net/vpopmail/vpopmail-5.4.6.tar.gz?download
Gentoo: http://security.gentoo.org/glsa/glsa-200409-01.xml
We are not aware of any exploits for this vulnerability. |
Inter7 Vpopmail Vsybase.c Multiple Vulnerabilities |
Low/ Medium/High
Low if a DoS; Medium if unauthorized access can be obtained; and High if arbitrary code can be executed.
|
Bugtraq, August 17, 2004
Gentoo Linux Security Advisory GLSA 200409-01, September 1, 2004 |
Inter7
vpopmail (vchkpw) 3.4.1-3.4.11, 4.5-4.10, 5.2.1, 5.2.2, 5.3.20-5.3.30, 5.4-5.4.5 |
An SQL injection vulnerability exists due to insufficient sanitization of user-supplied input data before using it in an SQL query, which could let a remote malicious user insert additional SQL commands into data passed into POP/IMAP login, SMTP AUTH, or a QmailAdmin login. Note: Vpopmail is only vulnerable if SQL servers are utilized by the application. Sites using the 'cdb' backend for data storage are not affected.
Upgrades available at:
http://prdownloads.sourceforge.net/vpopmail/vpopmail-5.4.6.tar.gz?download
Gentoo: http://security.gentoo.org/glsa/glsa-200409-01.xml
There is no exploit code required. |
Vpopmail SQL Injection |
Medium |
SecurityFocus, August 20, 2004
Gentoo Linux Security Advisory GLSA 200409-01, September 1, 2004 |
J. Schilling
CDRTools 2.0, 2.0.1 a18, 2.0.3. |
A vulnerability exists in 'cdrecord,' which could let a malicious user obtain root privileges.
No workaround or patch available at time of publishing.
We are not aware of any exploits for this vulnerability. |
CDRTools Unspecified Privilege Escalation
|
|
SecurityFocus, August 31, 2004 |
JamieCameron
Usermin 1.070, 1.080 |
Several vulnerabilities exist: an input validation vulnerability exists in the mail functionality, which could let a remote malicious user execute arbitrary code; and a vulnerability exists due to an unspecified error in the installation routine.
Update available at: http://www.webmin.com/index6.html
We are not aware of any exploits for this vulnerability. |
Usermin Web Mail |
High |
SNS Advisory No.77, September 7, 2004 |
John Bradley
XV 3.10 a |
Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'xvbmp.c' source file, which could let a remote malicious user execute arbitrary code; multiple heap overflow vulnerabilities exist in the 'xviris.c' source file due to integer handling problems, which could let a remote malicious user execute arbitrary code; a heap overflow vulnerability exists in the 'xvpcx.c' source file due to integer handling problems, which could let a remote malicious user execute arbitrary code; and a heap overflow vulnerability exists in the 'xvpm.c' source file due to integer handling problems, which could let a remote malicious user execute arbitrary code.
Gentoo: http://security.gentoo.org/glsa/glsa-200409-07.xml
Exploit script has been published. |
XV Multiple Buffer Overflow and Integer Handling |
High |
Bugtraq, August 24, 2004
Gentoo Linux Security Advisory, GLSA 200409-07, September 3, 2004 |
Mr. S.K.
LHA 1.14 |
Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the parsing of archives, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in the parsing of command-line arguments, which could let a remote malicious user execute arbitrary code; and a vulnerability exists due to insufficient validation of shell meta characters in directories, which could let a remote malicious user execute arbitrary shell commands.
RedHat: http://rhn.redhat.com/errata/RHSA-2004-323.html
We are not aware of any exploits for this vulnerability. |
|
High |
SecurityFocus, September 2, 2004 |
mpg123.de
mpg123 0.x
|
A buffer overflow vulnerability exists in the 'do_layer2()' function, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
We are not aware of any exploits for this vulnerability. |
mpg123 'do_layer2() Function' Remote Buffer Overflow |
High |
Securiteam, September 7,2 004 |
Multiple Vendors
Cisco VPN 3000 Concentrator 4.0 .x, 4.0, 4.0.1, 4.1 .x; Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; Gentoo Linux 1.4 _rc1-rc3, 1.4; MandrakeSoft Corporate Server 2.1, x86_64, Linux Mandrake 9.1, ppc,
9.2, amd64, 10.0, AMD64,
MandrakeSoft Multi Network Firewall 8.2; MIT Kerberos 5 1.2.2-1.2.8, 1.3 -1.3.4; RedHat Desktop 3.0, Enterprise Linux WS 3, ES 3, AS 3, Fedora Core2, Core1;
Sun Solaris 9.0, 9.0 _x86 |
A remote Denial of Service vulnerability exists in the ASN.1 decoder when decoding a malformed ASN.1 buffer.
MIT Kerberos: http://web.mit.edu/kerberos/advisories/
Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20040831-krb5.shtml
Debian: http://security.debian.org/pool/updates/main/k/krb5/
Fedora: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/
Gentoo: http://security.gentoo.org/glsa/glsa-200409-09.xml
Mandrake: http://www.mandrakesecure.net/en/ftp.php
Sun: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57631-1&searchclause=
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
We are not aware of any exploits for this vulnerability. |
MIT Kerberos 5 ASN.1 Decoder Remote Denial of Service
CVE Name:
CAN-2004-0644
|
Low |
MIT krb5 Security Advisory, MITKRB5-SA-2004-002, August 31, 2004
US-CERT Technical Cyber Security Alert TA04-247A, September 5, 2004
US-CERT Vulnerability Note VU#550464, September 3, 2004 |
Multiple Vendors
Cisco VPN 3000 Concentrator 4.0 .x, 4.0, 4.0.1, 4.1 .x; Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; Gentoo Linux 1.4 _rc1-rc3, 1.4; MandrakeSoft Corporate Server 2.1, x86_64, Linux Mandrake 9.1, ppc,
9.2, amd64, 10.0, AMD64,
MandrakeSoft Multi Network Firewall 8.2; MIT Kerberos 5 1.0, 1.0.6, 1.0.8, 1.1, 1.1.1, 1.2-1.2.8, 1.3 -1.3.4; RedHat Desktop 3.0, Enterprise Linux WS 3, ES 3, AS 3, Fedora Core2, Core1;
Sun SEAM 1.0.2 |
Multiple double-free vulnerabilities exist due to inconsistent memory handling routines in the krb5 library: various double-free errors exist in the KDC (Key Distribution Center) cleanup code and in client libraries, which could let a remote malicious user execute arbitrary code; various double-free errors exist in the 'krb5_rd_cred()' function, which could let a remote malicious user execute arbitrary code; a double-free vulnerability exists in krb524d, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in ASN.1 decoder when handling indefinite length BER encodings, which could let a remote malicious user cause a Denial of Service.
MIT Kerberos: http://web.mit.edu/kerberos/advisories/
Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20040831-krb5.shtml
Debian: http://security.debian.org/pool/updates/main/k/krb5/
Fedora: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/
Gentoo: http://security.gentoo.org/glsa/glsa-200409-09.xml
Mandrake: http://www.mandrakesecure.net/en/ftp.php
Sun: http://sunsolve.sun.com/search/document.do?assetkey=1-21-112908-15-1
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/
We are not aware of any exploits for this vulnerability. |
|
Low/High
(High if arbitrary code can be executed)
|
MIT krb5 Security Advisory, MITKRB5-SA-2004-002, August 31, 2004
US-CERT Technical Cyber Security Alert TA04-247A, September 5, 2004
US-CERT Vulnerability Notes, VU#350792, VU#795632, VU#866472, September 3, 2004 |
Multiple Vendors
Enlightenment Imlib2 1.0-1.0.5, 1.1, 1.1.1;
ImageMagick ImageMagick 5.4.3, 5.4.4 .5, 5.4.8 .2-1.1.0 , 5.5.3 .2-1.2.0, 5.5.6 .0- 2003040, 5.5.7,6.0.2;
Imlib Imlib 1.9-1.9.14 |
Multiple buffer overflow vulnerabilities exist in the Iimlib/Imlib2 libraries when handling malformed bitmap images, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
lmlib: http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/
ImageMagick: http://www.imagemagick.org/www/download.html
We are not aware of any exploits for this vulnerability.
|
IMLib/IMLib2 Multiple BMP Image Decoding Buffer Overflows
CVE Names:
CAN-2004-0817,
CAN-2004-0802 |
Low/High
(High if arbitrary code can be executed)
|
SecurityFocus, September 1, 2004 |
Multiple Vendors
Gentoo Linux 1.4;
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1, Desktop 3.0, t Enterprise Linux WS 3, WS 2.1 IA64, WS 2.1, ES 3, 2.1 IA64, 2.1, AS 3, AS 2.1 IA64, AS 2.1'
Trolltech Qt 3.0, 3.0.5, 3.1, 3.1.1, 3.1.2, 3.2.1, 3.2.3, 3.3 .0, 3.3.1, 3.3.2 |
Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'read_dib()' function when handling 8-bit RLE encoded BMP files, which could let a malicious user execute arbitrary code; and buffer overflow vulnerabilities exist in the in the XPM, GIF, and JPEG image file handlers, which could let a remote malicious user execute arbitrary code.
Debian: http://security.debian.org/pool/updates/main/q/qt-copy/
Fedora: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
Gentoo: http://security.gentoo.org/glsa/glsa-200408-20.xml
Mandrake: http://www.mandrakesecure.net/en/ftp.php
Slackware: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kde/qt-3.1.2-i486-4.tgz
SuSE: ftp://ftp.suse.com/pub/suse/i386/update
Trolltech Upgrade: http://www.trolltech.com/download/index.html
TurboLinux: ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/
Sun: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57637-1&searchclause=security
Proof of Concept exploit has been published. |
|
High |
Secunia Advisory, SA12325, August 10, 2004
Sun Alert ID: 57637, September 3, 2004 |
MySQL AB
MySQL 3.23.49, 4.0.20 |
A vulnerability exists in the 'mysqlhotcopy' script due to predictable files names of temporary files, which could let a malicious user obtain elevated privileges.
Debian: http://security.debian.org/pool/updates/main/m/
Gentoo: http://security.gentoo.org/glsa/glsa-200409-02.xml
There is no exploit code required. |
MySQL 'Mysqlhotcopy' Script Elevated Privileges
CVE Name:
CAN-2004-0457
|
Medium |
Debian Security Advisory, DSA 540-1, August 18, 2004
Gentoo Linux Security Advisory GLSA 200409-02, September 1, 2004 |
openca.org
OpenCA 0.x |
A Cross-Site Scripting vulnerability exists due to insufficient sanitization of input passed to the web frontends, which could let a remote malicious user execute arbitrary HTML and script code.
Update available at: http://www.openca.org/openca/
We are not aware of any exploits for this vulnerability. |
|
High |
Secunia Advisory, SA12473, September 7, 2004 |
Oracle Corporation
Oracle Application Server 10g 9.0.4, 9.0.4 .0, Oracle10g Application Server 10.1.0.2, Oracle10g Enterprise Edition 9.0.4.0, 10.1.0.2, Oracle10g Personal Edition 9.0.4.0, 10.1.0.2, Oracle10g Standard Edition 9.0.4.0, 10.1.0.2 |
Multiple buffer overflow vulnerabilities exist which could let a remote malicious user execute arbitrary commands.
Patches available at:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocu ment?p_database_id=NOT&p_id=281189.1
We are not aware of any exploits for this vulnerability. |
Oracle Multiple Buffer Overflows |
High |
Technical Cyber Security Alert TA04-245A, September 1, 2004
US-CERT Vulnerability Notes VU#316206, VU#170830, VU#435974, September 1, 2004 |
Oracle Corporation
Oracle8i Enterprise Edition 8.1.7.4, Standard Edition 8.1.7.4, Oracle9i Enterprise Edition 9.2.0.4, Personal Edition 9.2.0.4, Standard Edition 9.0.1.3, 9.2.0.4 |
A vulnerability exists in the 'ctxsys.driload' package, which could let a remote malicious user obtain administrative privileges.
Patches available at:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p
_database_id=NOT&p_id=281189.1
A Proof of Concept exploit has been published. |
Oracle Database Server ctxsys.driload Access Validation
CVE Name:
CAN-2004-0637
|
High |
Technical Cyber Security Alert TA04-245A, September 1, 2004
|
| Oracle Corporation
Oracle8i Enterprise Edition 8.1.7.4, Standard Edition 8.1.7.4, Enterprise Edition 9.0.1.5, 9.0.1.4, 9.2.0.4, 9.2.0.3, Oracle9i Personal Edition 9.0.1.5
Oracle Oracle9i Personal Edition 9.0.1.4, 9.2.0.4, 9.2.0.3, Oracle9i Standard Edition 9.0.1.5, 9.0.1.4, 9.2.0.4, 9.2.0.3 |
A buffer overflow vulnerability exists in the 'bms_system.ksdwrt()' function, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
Patches available at:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p
_database_id=NOT&p_id=281189.1
We are not aware of any exploits for this vulnerability. |
Oracle Database Server dbms_system.ksdwrt Remote Buffer Overflow
CVE Name:
CAN-2004-0638
|
Low/High
(High if arbitrary code can be executed)
|
Technical Cyber Security Alert TA04-245A, September 1, 2004
|
Redhat
GNOME VFS
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64;
Red Hat Linux Advanced Workstation 2.1 - ia64;
Red Hat Enterprise Linux ES version 2.1 - i386;
Red Hat Enterprise Linux WS version 2.1 - i386;
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64;
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64;
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 |
Multiple vulnerabilities exist in several of the GNOME VFS extfs backend scripts. Red Hat Enterprise Linux ships with vulnerable scripts, but they are not used by default. A malicious user who is able to influence a user to open a specially-crafted URI using gnome-vfs could perform actions as that user. Users of Red Hat Enterprise Linux should upgrade to these updated packages, which remove these unused scripts.
Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/
Fedora: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/
We are not aware of any exploits for this vulnerability. |
GNOME VFS updates address extfs vulnerability
CVE Name:
CAN-2004-0494 |
High |
Red Hat Security Advisory ID: RHSA-2004:373-01, August 4, 2004
Fedora Update Notification
FEDORA-2004-272 & 273, September 1, 2004 |
Regents of University of California
bsdmainutils 6.0.14 |
An information disclosure vulnerability exists in the calendar utility when run with the '-a' option due to improper authorization checks, which could let a malicious user obtain root access.
Debian: http://ftp.debian.org/debian/pool/main/b/bsdmainutils /bsdmainutils_6.0.15.tar.gz
There is no exploit code required; however, Proofs of Concept exploit scripts have been published. |
Bsdmainutils Calendar Information Disclosure
CVE Name:
CAN-2004-0793
|
High |
SecurityTracker Alert ID: 1011131, September 1, 2004 |
rsync 2.6.2 and prior
Debian
SuSE
Trustix |
A vulnerability exists in rsync when running in daemon mode with chroot disabled. A remote user may be able read or write files on the target system that are located outside of the module's path. A remote user can supply a specially crafted path to cause the path cleaning function to generate an absolute filename instead of a relative one. The flaw resides in the sanitize_path() function.
Updates and patches are available at: http://rsync.samba.org/
SuSE: http://www.suse.de/de/security/2004_26_rsync.html
Debian: http://www.debian.org/security/2004/dsa-538
Trustix: http://www.trustix.net/errata/2004/0042/
Fedora: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/
Mandrake: http://www.mandrakesecure.net/en/ftp.php
OpenPKG: ftp://ftp.openpkg.org/release/2.0/UPD/
Tinysofa:
http://http.tinysofa.org/pub/tinysofa/updates/server-2.0/i386/tinysofa/rpms.updates/rsync-2.6.2-2ts.i386.rpm
TurboLinux: ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/
We are not aware of any exploits for this vulnerability. |
Rsync Input Validation Error in sanitize_path() May Let Remote Users Read or Write Arbitrary Files
CVE Name:
CAN-2004-0792
|
High |
SecurityTracker 1010940, August 12, 2004
rsync August 2004 Security Advisory
SecurityFocus, September 1, 2004 |
Squid-cache.org
Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 STABLE5, 2.4, STABLE7, 2.5 STABLE1-STABLE6, Squid Web Proxy Cache 3.0 PRE1-PRE3 |
A remote Denial of Service vulnerability exists in 'lib/ntlmauth.c' due to insufficient validation of negative values in the 'function "ntlm_fetch_string()' function.
Patches available at:
http://www1.uk.squid-cache.org/squid/Versions/v2/2.5/bugs/squid-2.5.STABLE6-ntlm_fetch_string.patch
Gentoo: http://security.gentoo.org/glsa/glsa-200409-04.xml
We are not aware of any exploits for this vulnerability.
|
Squid Proxy NTLM Authentication Remote Denial of Service |
Low |
Secunia Advisory, SA12444, September 3, 2004 |
Sun Microsystems, Inc.
Solaris 8.0, 8.0_x86
|
A remote Denial of Service vulnerability exists in 'in.named.'
Patch available at: sunsolve.sun.com/search/document.do?assetkey=1-26-57614-1
We are not aware of any exploits for this vulnerability. |
Solaris 'in.named' Remote Denial of Service |
Low |
Sun(sm) Alert Notification, 57614 , September 3, 2004 |
SuSE
Linux 8.1, 8.2, 9.0, x86_64, 9.1, Linux Connectivity Server, Linux Database Server, Linux Enterprise Server 9, 8, Linux Office Server, SuSE eMail Server III |
A Denial of Service vulnerability exists in '/dev/ptmx.'
Updates available at: ftp://ftp.suse.com/pub/suse/
We are not aware of any exploits for this vulnerability.
|
SuSE Linux PTMX Unspecified Local Denial of Service |
Low |
SUSE Security Announcement,
SA:2004:028, September 1, 2004 |
Ulrich Callmeier
Net-Acct 0.x
|
A vulnerability exists in the 'write_list()' and 'dump_curr_list()' functions due to the insecure creation of temporary files, which could let a malicious user modify information.
Patch available at:
http://exorsus.net/projects/net-acct/net-acct-notempfiles.patch
We are not aware of any exploits for this vulnerability. |
Net-acct Insecure Temporary File |
Medium |
Secunia Advisory, September 7, 2004 |
http://security.debian.org/pool/updates/main/r/ruby/
Yukihiro Matsumoto
Ruby 1.6, 1.8 |
A vulnerability exists in the CGI session management component due to the way temporary files are processed, which could let a malicious user obtain elevated privileges.
Upgrades available at: http://security.debian.org/pool/updates/main/r/ruby/
Gentoo: http://security.gentoo.org/glsa/glsa-200409-08.xml
We are not aware of any exploits for this vulnerability. |
Ruby CGI Session Management Unsafe Temporary File
CVE Name:
CAN-2004-0755 |
Medium |
Debian Security Advisory, DSA 537-1, August 16, 2004
Gentoo Linux Security Advisory, GLSA 200409-08, September 3, 2004 |
[back to
top]
| Multiple Operating Systems - Windows / UNIX / Linux / Other |
|
Vendor & Software Name
|
Vulnerability
- Impact
Patches - Workarounds
Attacks Scripts
|
Common Name |
Risk |
Source
|
America Online
AOL Instant Messenger (AIM) 5.5 |
A buffer overflow vulnerability exists in America Online's Instant Messenger (AIM) which can allow remote malicious users to execute arbitrary code. The vulnerability specifically exists due to insufficient bounds checking on user-supplied values passed to the 'goaway' function of the AOL Instant Messenger 'aim:' URI handler.
Upgrade to AIM beta version available at: www.aim.com
Proofs of Concept exploit scripts have been published. |
AOL Instant Messenger aim:goaway URI Handler Buffer Overflow Vulnerability |
High |
iDEFENSE Security Advisory 08.09.04
Secunia, SA12198, August 9, 2004
US-CERT Vulnerability Note VU#735966, August 10, 2004
SecurityFocus, September 2, 2004 |
Axis Communications
Firmware Version 2.40; Axis 2100/2110/2120/2420/2130, Network Camera, 2400/2401 Video Server |
Multiple vulnerabilities exist: an input validation vulnerability exists in the '/axis-cgi/io/virtualinput.cgi' script, which could let a remote malicious user execute arbitrary commands; and a Directory Traversal vulnerability exists, which could let a remote malicious user obtain sensitive information.
Upgrade available at:
ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400/sr/2_34_1/
There is no exploit code required; however, Proofs of Concept exploits have been published. |
Axis Network Camera And Video Server Multiple Vulnerabilities
|
Medium/ High
(High if arbitrary commands can be executed)
|
Bugtraq, August 22, 2004
SecurityFocus, August 31, 2004 |
C. Szymanski
Cerbère Proxy Server 1.2 |
A remote Denial of Service vulnerability exists when a malicious user submits a malformed HTTP GET request.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit script has been published. |
Cerbère Proxy Server Remote Denial of Service |
Low |
GSSIT - Global Security Solution IT Security Advisory, September 1, 2004 |
Infinity Ward
Call of Duty 1.4 & prior |
A vulnerability exists which could let a remote malicious user shutdown the game service when a query or reply is submitted that contains more than 1024 characters.
No workaround or patch available for Windows at time of publishing.
Linux version patch:
http://www.icculus.org/betas/cod/
Proof of Concept exploit has been published. |
Call of Duty Game Shutdown |
Low |
Securiteam, September 7, 2004 |
CutePHP
CuteNews 0.88, 1.3, 1.3.1, 1.3.2, 1.3.6 |
A Cross-Site Scripting vulnerability exists in 'show_archives' due to insufficient sanitization of the 'cutepath' variable, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit script has been published.
|
CutePHP Cross-Site Scripting |
High |
Hackgen Advisory, hackgen-2004-#001, September 2, 2004 |
D-Link
DCS-900 Internet Camera 2.10, 2.20, 2.28 |
A vulnerability exists due to insufficient authentication checks for received UDP broadcast packets on port 62976, which could let a remote malicious user manipulate configuration settings and cause a Denial of Service.
No workaround or patch available at time of publishing.
Exploit script has been published. |
DCS-900 Internet Camera Configuration Manipulation |
Low |
Bugtraq, August 31, 2004 |
Dynalink
RTA 230 ADSL Router |
A vulnerability exists due to a default backdoor account, which could let a remote malicious user obtain control of the device.
No workaround or patch available at time of publishing.
There is no exploit code required. |
Dynalink RTA 230 ADSL Router Default Backdoor Account
|
High |
Bugtraq, September 3, 2004 |
eGroupWare.org
GroupWare 1.0, 1.0.3 |
Multiple Cross-Site Scripting vulnerabilities exist in the 'addressbook' and 'calendar' modules and HTML injections vulnerabilities exist in the 'Messenger' and 'Ticket' modules, which could let a remote malicious user execute arbitrary HTML and script code.
Gentoo: http://security.gentoo.org/glsa/glsa-200409-06.xml
There is no exploit code required; however, a Proof of Concept exploit has been published. |
EGroupWare Multiple Input Validation |
High |
Bugtraq, August 22, 2004
Gentoo Linux Security Advisory GLSA 200409-06, September 2, 2004 |
Hitachi
Cosminexus Portal Framework 02-03 & prior |
A vulnerability exists when the <ut:cache> tag library is used, which could let a remote malicious user obtain sensitive information.
Patches available at: http://www.hitachi-support.com/security_e/vuls_e/HS04-006_e/01-e.html
We are not aware of any exploits for this vulnerability. |
Cosminexus Portal Framework Information Disclosure |
Medium |
SecurityTracker Alert ID: 1011171, September 7, 2004 |
IBM
DB2 Universal Database for AIX 7.0-7.2, 8.1, Universal Database for HP-UX 7.0-7.2, 8.1, Universal Database for Linux 7.0-7.2, 8.1, DB2 Universal Database for Solaris 7.0-7.2, 8.1, Universal Database for Windows 7.1, 7.2, 8.1 |
Several buffer overflow vulnerabilities exist, which could let a remote malicious user execute arbitrary code.
Upgrades available at:
http://www-306.ibm.com/software/data/db2/udb/support
We are not aware of any exploits for this vulnerability. |
IBM DB2 Remote Buffer Overflows |
High |
NGSSoftware Insight Security Research Advisory, September 1, 2004 |
Multiple Vendors
Brocade Fabric OS 2.1.2, 2.2, 3.1, SilkWorm 3200, 3250, 3800, 3850, 3900, SilkWorm Fiber Channel Switch 2010, 2040, 2050;
Engenio 2822 Storage Controller, 2882 Storage Controller, 4884 Storage Controller, 5884 Storage Controller; IBM DS4100;
Storagetek D280 |
A remote Denial of Service vulnerability exists in hardware that is based on Engenio Storage Controllers due to an unspecified error in the handling of incoming TCP packets.
No workaround or patch available at time of publishing.
We are not aware of any exploits for this vulnerability. |
Engenio Storage Controller Remote Denial Of Service |
Low |
Bugtraq, September 4, 2004 |
Multiple Vendors
HP HP-UX B.11.23, 11.11, 11.00;
Mozilla Network Security Services (NSS) 3.2, 3.2.1, 3.3-3.3.2, 3.4-3.4.2, 3.5, 3.6, 3.6.1, 3.7-3.7.3, 3.7.5, 3.7.7, 3.8, 3.9; Netscape Certificate Server 1.0 P1, 4.2, Directory Server 1.3, P1&P5, 3.12, 4.1, 4.11-.4.13, Enterprise Server 2.0 a, 2.0, 2.0.1 C, 3.0 L, 3.0, 3.0.1 B, 3.0.1, 3.1, 3.2, 3.5, 3.6, SP1-SP3, 3.51, 4.0, 4.1, SP3-SP8, Enterprise Server for NetWare 4/5 3.0.7 a, 4/5 4.1.1, 4/5 5.0, Enterprise Server for Solaris 3.5, 3.6,
Netscape Personalization Engine; Sun ONE Application Server 6.0, SP1-SP4, 6.5, SP1 MU1&MU2, 6.5 SP1, 6.5 MU1-MU3, 7.0 UR2 Upgrade Standard, 7.0 UR2 Upgrade Platform, Standard Edition, Platform Edition, 7.0 UR1 Standard Edition, Platform Edition, 7.0 Standard Edition, Platform Edition, Certificate Server 4.1, Directory Server 4.16, SP1, 5.0, SP1&SP2, 5.1 x86
SP3 x86, 5.1, SP1-SP3, 5.2, Web Server 4.1, SP1-SP14, 6.0, SP1-SP7, 6.1 |
A buffer overflow vulnerability exists in the Netscape Network Security Services (NSS) library suite due to insufficient boundary checks, which could let a remote malicious user which may result in remote execute arbitrary code.
Mozilla:/ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/
releases/NSS_3_9_2_RTM/
Netscape and HP workarounds available at: http://www.securityfocus.com/bid/11015/solution/
Sun: http://sunsolve.sun.com/search/document.do?
assetkey=1-26-57632-1&searchclause=
We are not aware of any exploits for this vulnerability. |
NSS Buffer Overflow |
High |
Internet Security Systems Advisory, August 23, 2004
SecurityFocus, September 1, 2004 |
Nagl
XOOPS Dictionary Module 1.0 |
A Cross-Site Scripting vulnerability exists in 'letter.php' due to insufficient sanitization of the 'letter' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit script has been published. |
XOOPS Dictionary Cross-Site Scripting |
High |
Secunia Advisory, SA12424, September 1, 2004 |
Opera Software
Opera Web Browser 7.23 |
A remote Denial of Service vulnerability exists in the 'embed' tag when a specific JavaScript command is executed.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit script has been published. |
Opera Embed Tag Remote Denial of Service |
Low |
Bugtraq, September 1, 2004 |
phpMyBackupPro
phpMyBackupPro 0.6.2 |
Multiple input validation vulnerabilities exist due to insufficient validation of some configuration entries and validation of mySQL username and password values, which could let a malicious user obtain unauthorized access or sensitive information.
Upgrade available at:
http://prdownloads.sourceforge.net/phpmybackup
/phpMyBackupPro.v.1.0.zip?download
We are not aware of any exploits for this vulnerability. |
PhpMyBackupPro Input Validation |
Medium |
SecurityFocus, September 3, 2004 |
phpscheduleit.sourceforge.net
phpScheduleIt 1.0 .0RC1 |
Cross-Site Scripting vulnerabilities exist in the 'Name' and 'Last Name' fields in the new user registration script and the 'Schedule Name' field in the new schedule creation script due to insufficient sanitization of user-supplied HTML input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required. |
phpScheduleIt Cross-Site Scripting |
High |
Bugtraq, August 31, 2004 |
phpWebSite Development Team
phpWebsite 0.7.3, e 0.8.2, 0.8.3, 0.9.3 -4, 0.9.3 |
Multiple input validation vulnerabilities exist: a vulnerability exists in 'index.php' due to insufficient sanitization of the 'pid' parameter, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability exists in the calendar module due to insufficient sanitization of the 'cal_template' field, which could let a remote malicious user execute arbitrary code; and a vulnerability exists due to insufficient sanitization of input passed to the subject and message fields, which could let a remote malicious user execute arbitrary code.
Patches available at:
http://www.phpwebsite.appstate.edu/downloads/security
/phpwebsite-core-security-patch.tar.gz
There is no exploit code required; however, a Proof of Concept exploit script has been published.
|
PHPWebSite Multiple Input Validation
|
High |
GulfTech Security Research Security Advisory, August 31, 2004 |
plogworld.org
pLog 0.1-0.1.2, 0.2, 0.2.1, 0.3-0.3.2 |
An input validation vulnerability exists in the 'register.php' script due to insufficient sanitization of the 'userName' and 'blogName" parameters, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required. |
pLog 'regoster.php' Input Validation |
High |
Secunia Advisory, SA12415, September 1, 2004 |
pvpgn.org
PvPGN 1.6.0-1.6.5 |
A buffer overflow vulnerability exists in the 'watchall' and 'unwatchall' commands, which could let a remote malicious user execute arbitrary code.
Patches available at: http://sourceforge.net/tracker/download.php?group_
id=53514&atid=470607&file_id=99656&aid=1018716
There is no exploit code required. |
PvPGN Remote Buffer Overflow |
High |
PvPGN Security Advisory, PSA-20040829, August 31, 2004 |
QNX Software Systems Ltd.
RTOS 2.4, 4.25, 6.1 .0, 6.2 .0 Update Patch A, 6.2 .0 |
Multiple vulnerabilities exist: a buffer overflow vulnerability exists in '/usr/bin/pppoed,' which could let a malicious user execute arbitrary code; buffer overflow vulnerabilities exist in 'name,' 'en', 'upscript,' 'downscript,' 'retries,' 'timeout,' 'scriptdetach,' 'noscript,' 'nodetach,' 'remote_mac,' and 'local_mac' flags, which could let a malicious user execute arbitrary code; and a vulnerability exists because the $PATH variable can be modified to cause the daemon to execute arbitrary code.
No workaround or patch available at time of publishing.
Proof of Concept exploit has been published. |
QNX PPPoEd Buffer Overflows |
High |
Securiteam, September 6, 2004 |
SiteCubed
MailWorks Professional |
A vulnerability exists because the authentication process may be bypassed, which could let a remote malicious user obtain administrative access.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit script has been published.
|
MailWorks Professional Authentication Bypass |
High |
SecurityTracker Alert ID: 1011145, September 3, 2004 |
TorrentTrader
BitTorrent Tracker 1.0 beta, RC1&RC2, alpha, 2.0 |
An input validation vulnerability exists in the 'download.php' script due to insufficient verification of the 'id' parameter, which could let a remote malicious user obtain sensitive information.
Fix available at: http://forum.tutoriaux.net/index.php?showtopic=299&st=0&#entry1342
A Proof of Concept exploit script has been published. |
TorrentTrader Download.PHP SQL Injection |
Medium |
Secunia Advisory, SA12439, September 2, 2004 |
| VICE
VICE 1.6, 1.13, 1.14 |
A format string vulnerability exists in the handling of the monitor ‘memory dump’ command, which could let a malicious user cause a Denial or Service or execute arbitrary code.
Upgrade available at:
ftp://ftp.funet.fi/pub/cbm/crossplatform/emulators
/VICE/vice-1.15.tar.gz
Currently we are not aware of any exploits for this vulnerability. |
|
High |
VICE Security Advisory, VSA-2004-1, June 13, 2004
SecurityFocus, September 1, 2004 |
YaBBSE.org
YaBB SE 1.5.1 |
A vulnerability exists in 'sources/Admin.php,' which could let a remote malicious user obtain the installation path.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published. |
YaBB SE 'Admin.php' Information Disclosure |
Medium |
ECHO_ADV_
05$2004, September 4, 2004 |
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may
contain names or content that may be considered offensive.
Date of Script
(Reverse Chronological Order) |
Script name |
Workaround or Patch Available |
Script Description |
| September 3, 2004 |
installer.htm |
Yes |
Proof of concept exploit for Microsoft Internet Explorer vulnerability that may permit cross-zone access, allowing an attacker to execute malicious script code in the context of the Local Zone. |
| September 3, 2004 |
None |
No |
Proof of concept exploit has been published for the Nullsoft Winamp ActiveX Control remote buffer overflow vulnerability. |
| September 3, 2004 |
None |
No |
Proof of concept exploit has been published for the Altnet remote buffer overflow vulnerability. |
| September 3, 2004 |
SelenaTeamTrackLoginPagePOC.pl |
Yes |
Proof of concept exploit for the Serena TeamTrack remote authentication bypass vulnerability. |
| September 3, 2004 |
xv_bmpslap.c |
Yes |
Proof of concept exploit for the xv buffer overflow and integer overflow vulnerabilities. |
| September 2, 2004 |
00047-8302004.txt |
Yes |
Proof of concept exploit for the Xedus version 1.0 denial of service, cross site scripting, and directory traversal vulnerabilities. |
| September 2, 2004 |
courier_fstr.c |
Yes |
Script that exploits the Courier-IMAP Remote Format String vulnerability. |
| September 2, 2004 |
galfakeimg.php |
Yes |
Proof of concept exploit for the Gallery vulnerability that may allow a remote attacker to execute malicious scripts on a vulnerable system. |
| September 2, 2004 |
mandragore-aolim.c
aolInstantMessengerMessageBOExp2.c |
Yes |
Proof of concept exploits for the AOL Instant Messenger remote buffer overflow vulnerability. |
| September 2, 2004 |
passprotect.txt |
No |
Proof of concept exploit for the Password Protect cross site scripting and SQL injection attack vulnerabilities. |
| September 2, 2004 |
titanftp.c |
Yes |
Proof of concept exploit for the heap overflow in Titan FTP server versions 3.21 and below. |
| September 2, 2004 |
wftpdDoS.c |
Yes |
Proof of concept exploit for the denial of service vulnerability in WFTPD Pro Server 3.21. |
| September 1, 2004 |
Courier IMAP exploit script |
Yes |
Proof of concept exploit for the Courier-IMAP remote format string vulnerability in versions prior to 3.0.7. |
| September 1, 2004 |
torrentTraderDownloadSQLPOC.php |
Yes |
Proof of Concept for the TorrentTrader 'id' SQL Injection vulnerability. |
| August 31, 2004 |
dLinkNetCamIPAddressSetExploit.c |
No |
Proof of concept exploit for the D-Link Securicam Network DCS-900 Internet Camera remote configuration vulnerability. An attacker trigger a denial of service condition. |
| August 30, 2004 |
cesarftp_dos.c |
No |
Proof of Concept exploit Denial of Service script for the CesarFTP Buffer Overflow vulnerability. |
| August 30, 2004 |
titan_hof.c |
No |
Proof of Concept exploit script that exploits the Titan FTP Server Remote Heap Overflow vulnerability. |
| August 30, 2004 |
wftpd.c
|
No |
Script that exploits the WFTPD Server Remote Denial of Service vulnerability. |
[back to
top]
Trends
[back to top]
Viruses/Trojans
New Viruses / Trojans
Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported during the latest three months), and approximate date first found.
Rank |
Common Name |
Type of Code |
Trends |
Date |
1 |
Netsky-P |
Win32 Worm |
Stable |
March 2004 |
2 |
Zafi-B |
Win32 Worm |
Stable |
June 2004 |
3 |
Netsky-Z |
Win32 Worm |
Increase |
April 2004 |
4 |
Mydoom.q |
Win32 Worm |
Increase |
August 2004 |
5 |
Netsky-B |
Win32 Worm |
Stable |
February 2004 |
6 |
Netsky-D |
Win32 Worm |
Decrease |
March 2004 |
7 |
Mydoom.m |
Win32 Worm |
Slight Decrease |
July 2004 |
8 |
Bagle-AA |
Win32 Worm |
Slight Decrease |
April 2004 |
9 |
Bagle.AI |
Win32 Worm |
Stable |
July 2004 |
10 |
MyDoom-O |
Win32 Worm |
Slight Decrease |
July 2004 |
10 |
Netsky-Q |
Win32 Worm |
Decrease |
March 2004 |
Viruses or Trojans Considered to be a High Level of Threat
- Bagle: New variants of the Bagle virus were bulk e-mailed to Internet users. The malware arrives in e-mail with subject and email body "foto" and attachment called foto.zip that poses as a file containing photographs. This zip file contains a HTML file and an executable called foto1.exe. The executable is a dropper that, if activated, it will kill DLL files related to the updating components of various anti-virus programs and open backdoors.
The following table provides, in alphabetical order, a list of new viruses, variations of previously encountered viruses, and Trojans that have been discovered during the period covered by this bulletin. This information has been compiled from the following anti-virus vendors: Sophos, Trend Micro, Symantec, McAfee, Network Associates, Central Command, F-Secure, Kaspersky Labs, MessageLabs, Panda Software, Computer Associates, and The WildList Organization International. Users should keep anti-virus software up to date and should contact their anti-virus vendors to obtain specific information on the Trojans and Trojan variants that anti-virus software detects.
NOTE: At times, viruses and Trojans may contain names or content that may be considered offensive.
Name |
Aliases |
Type |
| Backdoor.Akak |
|
Trojan: Server |
| Backdoor.Alets |
|
Trojan |
| Backdoor.Balkart |
|
Trojan: HTTP proxy or FTP server |
| Bagle.AI |
Bagle.AK
Bagle.AN
Bagle.AV
Download.Ject.C
Download.Ject.D
HTML_BAGLE.AI
JScript/IE.VM.Exploit
Troj/BagleDl-A
TrojanDropper.Win32.Small.kv
W32.Beagle.AQ@mm
W32/Bagle.AK.downloader
W32/Bagle.AK.dropper
W32/Bagle.AV.worm
W32/Bagle.dll.dr
W32/Mitglieder.AA
Win32.Bagle.AI
Win32.Bagle.AI!downloader
Win32.Glieder.H
Win32.Glieder.I
Win32/Bagle.Downloader.Trojan
WORM_BAGLE.AI
WORM_BAGLE.AL |
Win32 Worm |
| Bagle.AJ |
Bagle.AO
I-Worm.Bagle.ao
W32/Bagle.AO
Win32.Bagle.AJ
W32/Bagle.at@MM
Win32/Bagle.AJ.Worm |
Win32 Worm |
| Bagle.AT |
W32/Bagle-AT
W32/Bagle.at@MM
I-Worm.Bagle.an |
Win32 Worm |
| Bagle.AW |
W32/Bagle.AW.worm |
Win32 Worm |
| Bagle.AY |
W32/Bagle.AY.worm |
Win32 Worm |
| Bugbear.L |
I-Worm.Tanatos.k
W32/Bugbear.L
W32/Bugbear.L@mm |
Win32 Worm |
| Del-457 |
|
Trojan: Adware Downloader |
| Glieder.H |
Trojan.Win32.Glieder.h
TrojanDownloader.Win32.Agent.cj
TrojanDropper.Win32.Small.kv
W32/Agent.BJ@dl
W32/Bagle.dll.dr
W32/Bagle.dll.gen
W32/Glieder.H
Win32.Glieder.F
Win32/Glieder.F.Trojan
Win32/SMProxy.Trojan
Win32/TrojanDownloader.Agent.CJ.gen
|
Trojan |
| Mywife.D |
W32/Mywife.D.worm |
Win32 Worm |
| Neededware |
Adware/Neededware
|
Trojan: Adware Downloader |
| PWSteal.Tarno.I |
Troj/Tofger-BG |
Trojan: Password Stealer |
Troj/BagleDl-A
|
W32/Bagle.dll.dr
Glieder.H
Glieder.I
Download.Ject.C |
Trojan |
| Trojan.Hiva |
|
Trojan |
| Trojan.Yipid |
|
Trojan |
| W32.Bugbear.M@mm |
|
Win32 Worm |
| W32.IRCBot.F |
|
Trojan |
| W32/Britney-B |
TROJ_BRITY.A
W32.Britney
|
Win32 Worm |
| W32/Bugbear.i@MM |
|
Win32 Worm |
| W32/Forbot-C |
Backdoor.Win32.Wootbot.c
W32/Sdbot.worm.gen.h
|
Win32 Worm |
| W32/Forbot-M |
Backdoor.Win32.Agobot.vf
|
Win32 Worm |
| W32/MyWife.c@MM |
Blackmal.C
Blackworm.C
I-Worm.Nixen.c
I-Worm.Nyxem.d
Mywife.C
Nyxem.D
W32.Blackmal.C@mm
W32/Mywife.C.worm
W32/Mywife.c@mm
Win32.Blackmal.C
Win32/Blackmal.C.Worm
WORM_BLUEWORM.C |
Win32 Worm |
| W32/Neveg-C |
W32/Neveg.c@MM
|
Win32 Worm |
| W32/Nyxem-C |
W32/MyWife.c@MM
I-Worm.Nyxem.d
|
Win32 Worm |
| W32/Rbot-FL |
Sdbot.worm.gen.x
Backdoor.Rbot.gen
|
Win32 Worm |
| W32/Rbot-HQ |
|
Win32 Worm |
W32/Rbot-HR
|
|
Win32 Worm |
| W32/Rbot-HT |
Backdoor.Rbot.gen
W32/Sdbot.worm.gen.h
|
Win32 Worm |
| W32/Rbot-HU |
Backdoor.Win32.Rbot.bh
W32/Sdbot.worm.gen.h
|
Win32 Worm |
| W32/Rbot-IA |
Trojan.Win32.Pakes
|
Win32 Worm |
| W32/Rbot-IE |
Backdoor.Rbot.gen
W32/Sdbot.worm.gen.j
WORM_RBOT_JP
|
Win32 Worm |
| W32/Rbot-IH |
Backdoor.Rbot.gen
|
Win32 Worm |
W32/Rbot-IP
|
|
Win32 Worm |
| W32/Rbot-KO |
|
Win32 Worm |
| W32/Rbot-MG |
Backdoor.Rbot.gen |
Win32 Worm |
| W32/Sdbot.worm!ftp |
|
Win32 Worm |
W97M.Sun.B
|
|
MS Word Macro Virus |
| Win32.Harbag.B |
W32.Beagle.gen
Win32/Mitglieder.Trojan |
Win32 Worm: E-mail Harvester |
| Win32.Paps.C |
W32/Paps
|
Win32 Worm |
| Win32.Sced.C |
Downloader-MB
TrojanDownloader.Win32.Small.rk
Win32/Sced.A.Trojan
|
Win32 Worm |
| Win32.Secdrop.D |
Win32/ChangeSecure.Trojan |
Trojan: Lowers Security Settings |
| WORM_MYDOOM.T |
I-Worm.Mydoom.r
I-Worm.Mydoom.ren
Mydoom.T
W32.Mydoom.R@mm
W32/Mydoom.S@mm
W32/Mydoom.t.dll
W32/Mydoom.T.worm
W32/Mydoom.T@MM
Win32.Mydoom.T
Win32/Mydoom.T.Worm
Win32/Mydoom.U |
Win32 Worm |
| WUpd |
Adware/WUpd
TrojanDownloader.Win32.Agent.bf
|
Trojan: Adware Downloader |
[back to
top]
|
|
|
|
Last updated
February 13, 2008
|
|
