Summary of Security Items from February 2 through February 8, 2005
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Bugs,
Holes, & Patches
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name | Risk | Source |
CodeBank 3.1 & prior | A vulnerability exists because username and passwords are stored in the Registry, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | DelphiTurk CodeBank Password Disclosure | Medium | SecurityTracker Alert, 1013093, February 7, 2005 |
Eternal Lines Web Server 1.0 | A remote Denial of Service vulnerability exists when a malicious user submits approximately 70 simultaneous connections to the target web server from the same originating host. No workaround or patch available at time of publishing. An exploit script has been published.
| Eternal Lines Web Server Remote Denial of Service | Low | GSSIT Advisory, January 31, 2005 SecurityFocus, February 1, 2005 |
Email Server 2.0 | A buffer overflow vulnerability in the 'Mail From:' command due to a boundary error, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code. No workaround or patch available at time of publishing. An exploit script has been published. | Foxmail 'MAIL FROM:' Remote Buffer Overflow | Low/High (High if arbitrary code can be executed) | Secunia Advisory, SA14145, February 8, 2005 |
Web Mail 5.3 | Multiple vulnerabilities exist: a vulnerability exists when accessing 'calendar_d.html,' 'calendar_m.html,' 'calendar_w.html,' and 'calendar_y.html' directly with a valid session ID in the 'id' parameter, which could let a remote malicious user obtain sensitive information; a vulnerability exists due to weak encryption of user credentials in the 'users.cfg,' 'settings.cfg,' 'user.dat,' and 'users.dat' files, which could let a malicious user obtain sensitive information; and multiple Cross-Site Scripting and HTML injection vulnerabilities exist which could let a remote malicious user execute arbitrary HTML and script code. Upgrade available at: There is no exploit code required; however, Proofs of Concept exploits have been published. | IceWarp Web Mail Multiple Remote Vulnerabilities | Medium/ High (High if arbitrary code can be executed) | ShineShadow Security Report, January 29, 2005 SecurityFocus, February 3, 2005 |
Internet Explorer 6.0, SP1 | A Cross-Zone Scripting vulnerability exists when using the 'AddChannel' method to add a channel, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Microsoft Internet Explorer AddChannel Cross-Zone Scripting | High | GreyHats Security Group, February 2, 2005 |
Windows Media Player 9 Series, Windows Messenger 5.0, MSN Messenger 6.1, 6.2 | Several vulnerabilities exist: a vulnerability exists in Media Player due to a failure to properly handle PNG files that contain excessive width or height values, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the Windows and MSN Messenger due to a failure to properly handle corrupt or malformed PNG files, which could let a remote malicious user execute arbitrary code. Patches available at: Currently we are not aware of any exploits for these vulnerabilities. | Microsoft Media Player & Windows/MSN Messenger PNG Processing CVE Names: | High | Microsoft Security Bulletin, MS05-009, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A |
Windows 2000 SP 3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1 (Itanium), Windows XP 64-Bit Edition Version 2003 | A vulnerability exists in the DHTML Edit ActiveX control, which could let a remote malicious user inject arbitrary scripting code into a different window on the target user's system.
Patches available at: A Proof of Concept exploit has been published. | Microsoft Internet Explorer DHTML Edit Control Script CVE Name: | High | Bugtraq, December 15, 2004 Microsoft Security Bulletin, MS05-013, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A |
Windows 2000 SP3 &SP4, Windows XP SP1 & SP2, XP 64-Bit Edition SP1, XP 64-Bit Edition Version 2003, Windows Server 2003, Server 2003 for Itanium-based Systems, Windows 98, SE, ME | A vulnerability exists due to the way Drag-and-Drop events are handled, which could let a remote malicious user execute arbitrary code. Patches available at: Currently we are not aware of any exploits for this vulnerability. | Microsoft Windows Drag and Drop CVE Name: | High | Microsoft Security Bulletin, MS05-008, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A |
ASP.NET 1.x | A vulnerability exists which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to a canonicalization error within the .NET authentication schema. Apply ASP.NET ValidatePath module:
href="http://www.microsoft.com/downloads/details.aspx?FamilyId=DA77B852-DFA0-4631-AAF9-8BCC6C743026">http://www.microsoft.com/downloads/ Patches available at: A Proof of Concept exploit has been published. | Medium | Microsoft, October 7, 2004 Microsoft Security Bulletin, MS05-004, February 8, 2005 | |
Office XP SP2 & SP3, Project 2002, Visio 2002, Works Suite 2002, 2003, 2004 | A buffer overflow vulnerability exists due to a boundary error in the process that passes URL file locations to Office, which could let a remote malicious user execute arbitrary code.
Patches available at: Currently we are not aware of any exploits for this vulnerability. | Microsoft Office URL File Location Handling Buffer Overflow CVE Name: | High | Microsoft Security Bulletin, MS05-005, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A |
Windows 2000 SP3 & SP4, Windows XP 64-Bit Edition SP1 | A buffer overflow vulnerability exists when handling Server Message Block (SMB) traffic, which could let a remote malicious user execute arbitrary code. Patches available at: Currently we are not aware of any exploits for this vulnerability. | Microsoft Windows SMB Buffer Overflow CVE Name: | High | Microsoft Security Bulletin, MS05-011, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A |
Windows 2000 SP3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1 (Itanium), Windows XP 64-Bit Edition Version 2003 | Multiple vulnerabilities exist: a vulnerability exists due to insufficient validation of drag and drop events from the Internet zone to local resources, which could let a remote malicious user execute arbitrary code; a vulnerability exists due to the way certain encoded URLs are parsed, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability exists in the validation of URLs in CDF (Channel Definition Format) files, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability exists due to an input validation error in the 'createControlRange()' javascript function, which could let a remote malicious user execute arbitrary code; a vulnerability exists due to insufficient cross-zone restrictions; a vulnerability exists due to the way web sites are handled inside the 'Temporary Internet Files' folder; and a vulnerability exists in the 'codebase' attribute of the 'object' tag due to a parsing error. Patches available at: Currently we are not aware of any exploits for these vulnerabilities. | Microsoft Internet Explorer Vulnerabilities CVE Names: | High | Microsoft Security Bulletin, MS05-014, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A US-CERT Cyber Security Alert SA05-039A US-CERT Vulnerability Notes VU#580299, VU#823971VU#843771 |
Windows 2000 SP3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1 (Itanium), Windows XP 64-Bit Edition Version 2003 | Two vulnerabilities exist: a vulnerability exists in OLE due to the way input validation is handled, which could let a remote malicious user execute arbitrary code; and a vulnerability exists when processing COM structured storage files, which could let a remote malicious execute arbitrary code. Patches available at: Currently we are not aware of any exploits for these vulnerabilities. | Microsoft Windows OLE / COM Remote Code Execution CVE Names: | High | Microsoft Security Bulletin, MS05-012, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A |
Windows 2000 SP3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1, | A buffer overflow vulnerability exists in the Hyperlink Object Library when handling hyperlinks, which could let a remote malicious user execute arbitrary code. Patches available at: Currently we are not aware of any exploits for this vulnerability. | Microsoft Windows Hyperlink Object Library Buffer Overflow CVE Name: | High | Microsoft Security Bulletin, MS05-015, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A |
Windows NT Server 4.0 SP6a, Windows NT Server 4.0 Terminal Server | A buffer overflow vulnerability exists in the License Logging service due to a boundary error, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code. Patches available at: Currently we are not aware of any exploits for this vulnerability. | Microsoft Windows License Logging Service Buffer Overflow CVE Name: | Low/High (High if arbitrary code can be executed) | Microsoft Security Bulletin, MS05-010, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A |
Windows Server 2003 Datacenter Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Exchange Server 2003 | A remote code execution vulnerability exists in the Windows Server 2003 SMTP component due to the way Domain Name System (DNS) lookups are handled. A malicious user could exploit the vulnerability by causing the server to process a particular DNS response that could potentially allow remote code execution. The vulnerability also exists in the Microsoft Exchange Server 2003 Routing Engine component when installed on Microsoft Windows 2000 Service Pack 3 or on Microsoft Windows 2000 Service Pack 4. Updates available at:
href="http://www.microsoft.com/technet/security/bulletin/MS04-035.mspx"> Bulletin updated to clarify restart requirement for Windows Server 2003 and Windows XP 64-Bit. Bulletin updated to advise of the availability of an update for Exchange 2000 Server. Currently we are not aware of any exploits for this vulnerability. | High | Microsoft Security Bulletin, MS04-035, October 12, 2004 US-CERT Cyber Security Alert, SA04-286A US-CERT Vulnerability Note VU#394792 Microsoft Security Bulletin MS04-035, November 9, 2004 Microsoft Security Bulletin MS04-035 V2.0 February 8, 2005 | |
Windows SharePoint Services for Windows Server 2003, SharePoint Team Services from Microsoft | A Cross-Site Scripting and spoofing vulnerability exists due to insufficient validation of input provided to a HTML redirection query before returning it to a user's browser, which could let a remote malicious user execute arbitrary HTML and script code and spoof web browser content. Patches available at: Currently we are not aware of any exploits for this vulnerability. | Microsoft Windows SharePoint Services Cross-Site Scripting & Spoofing CVE Name: | High | Microsoft Security Bulletin, MS05-006, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A |
Windows XP SP1 & SP2, XP 64-Bit Edition SP1 | A vulnerability exists in the authentication validation process when using named pipe connections, which could let a remote malicious user obtain sensitive information.
Patches available at: Currently we are not aware of any exploits for this vulnerability. | Microsoft Windows XP Named Pipe Information Disclosure CVE Name: | Medium | Microsoft Security Bulletin, MS05-007, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A |
Netscape 7.x | A vulnerability exists when processing International Domain Names (IDNs), which could let a remote malicious user spoof web sites.
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Netscape IDN Implementation URL Spoof | Medium | Secunia Advisory, SA14165, February 7, 2005 |
Painkiller 1.35 & prior | A buffer overflow vulnerability exists due to insufficient bounds checking in the Gamespy CD-key hash, which could let a remote malicious user cause a Denial of Service. Update available at: www.painkillergame.com/ A Proof of Concept exploit has been published. | Painkiller Buffer Overflow Remote Denial of Service | Low | Securiteam, February 3, 2005 |
LANChat Pro Revival1.666c | A remote Denial of Service vulnerability exists due to a failure to process unexpected data.
No workaround or patch available at time of publishing. An exploit script has been published. | Piotr Kowalski LANChat Pro Remote Denial of Service | Low | SecurityTracker Alert ID, 1013082, February 3, 2005 |
Eudora 6.2.0 & prior | Several vulnerabilities exist when viewing emails and handling stationary and mailbox files due to unspecified errors, which could let a remote malicious user execute arbitrary code.
Updates available at: Currently we are not aware of any exploits for these vulnerabilities. | Eudora E-mail, Stationary/Mailbox Files Remote Code Execution
| High | NGSSoftware Advisory, February 2, 2005 |
RaidenHTTPD 1.1.27 | A Directory Traversal vulnerability when handling HTTP requests that contain relative pathnames due to an input validation error, which could let a remote malicious user obtain sensitive information.
Upgrade available at: A Proof of Concept exploit has been published. | RaidenHTTPD Directory Traversal | Medium | Securiteam, February 6, 2005 |
WinRar 3.0 .0, 3.10, beta 5, beta 3, 3.11, 3.20, 3.40-3.42 | A Directory Traversal vulnerability exists when attempting to decompress a file by right clicking, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required. | RARLAB WinRAR Directory Traversal | Medium | 7a69ezine Advisories, 7a69Adv#21, February 2, 2005 |
RealPlayer 10.5 v6.0.12.1056, v6.0.12.1053, v6.0.12.1040, 10.5 Beta v6.0.12.1016, 10.5 | A vulnerability exists due to insufficient enforcement of security zones, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | RealPlayer Security Zone Bypass | High | Bugtraq, February 1, 2005 |
Savant Webserver 3.1 | A buffer overflow vulnerability exists due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. Exploit scripts have been published. | Savant Web Server Remote Buffer Overflow | High | Securiteam, February 2, 2005 |
602LAN SUITE 2004 | A vulnerability exists due to improper validation of user-supplied filenames before uploading files as e-mail attachments, which could let a remote malicious user execute arbitrary code.
Update available at: http://www.software602.com/download/ Currently we are not aware of any exploits for this vulnerability. | 602LAN SUITE Input Validation | High | SIG^2 Vulnerability Research Advisory, February 8, 2005 |
ZipGenius Standard Edition 5.5, Suite Edition 5.5 | Multiple Directory Traversal vulnerabilities exist due to insufficient sanitization of user-supplied input, which could let a remote malicious user obtain sensitive information. Upgrades available at: There is no exploit code required. | ZipGenius Multiple Directory Traversal Vulnerabilities | Medium | 7a69ezine Advisories, 7a69Adv#19 & 20, February 2, 2005 |
| UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name | Risk | Source |
| Alexander Barton
ngIRCd 0.6, 0.6.1, 0.7, 0.7.1, 0.7.5-0.7.7, 0.8-0.8.2 | A format string vulnerability exists in 'log.c' due to insufficient sanitization of the 'Log_Resolver()' function, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing. An exploit script has been published. | Alexander Barton ngIRCd Remote Format String | High | No System Group, Advisory #11, February 3, 2005 |
Safari 1.2.4 v125.12
| An input validation vulnerability exists because the HTTP 'Content-type' header value is ignored by the web server, which could let a remote malicious user modify system information.
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Apple Safari Input Validation | Medium | SecurityTracker Alert ID: 1013087, February 5, 2005 |
Safari 1.2.5 | A vulnerability exists when processing International Domain Names (IDNs), which could let a remote malicious user spoof web sites.
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Apple Safari IDN Implementation URL Spoof | Medium | Secunia Advisory, SA14164, February 7, 2005 |
UNARJ 2.62-2.65
| A buffer overflow vulnerability exists due to insufficient bounds checking on user-supplied strings, which could let a remote malicious user execute arbitrary code.
Fedora: Gentoo: SUSE: Fedora: RedHat: Debian: Avaya: Fedora Legacy: http://download.fedoralegacy.org Currently we are not aware of any exploits for this vulnerability. | ARJ Software UNARJ Remote Buffer Overflow CVE Name: | High | SecurityTracker Alert I,: 1012194, November 11, 2004 Gentoo Linux Security Advisory, GLSA 200411-29, November 19, 2004 SUSE Security Summary Report SUSE-SR:2004:003, December 7, 2004 Fedora Update Notification RedHat Security Advisory, RHSA-2005:007-05, January 12, 2005 Debian Security Advisory, DSA 652-1, January 21, 2005 Avaya Security Advisory, ASA-2005-022, January 25, 2005 Fedora Legacy Update Advisory, FLSA:2272, February 1, 2005 |
FireHOL 1.214 | A vulnerability exists due to the insecure creation of various temporary files, which could let a malicious user overwrite arbitrary files. Update available at: Gentoo: There is no exploit required | FireHOL Insecure Local Temporary File Creation | Medium | Secunia Advisory, SA13970, January 25, 2005 Gentoo Linux Security Advisory, GLSA 200502-01, February 1, 2005 |
D-BUS 0.23 & prior | A vulnerability exists in 'bus/policy.c' due to insufficient restriction of connections, which could let a malicious user hijack a session bus. Patch available at: Fedora: There is no exploit code required. | D-BUS Session Hijack CVE Name: | Medium | SecurityTracker Alert ID,1013075, February 3, 2005 |
FreeRADIUS 0.2-0.5, 0.8, 0.8.1, 0.9-0.9.3. 1.0 | A remote Denial of Service vulnerability exists in 'radius.c' and 'eap_tls.c' due to a failure to handle malformed packets. Upgrades available at: Gentoo: Fedora: RedHat: http://rhn.redhat.com/errata/ Fedora Legacy: There is no exploit code required. | FreeRADIUS Access-Request Denial of Service CVE Names: | Low | Gentoo Linux Security Advisory, GLSA 200409-29, September 22, 2004 US-CERT Vulnerability Note VU#541574, October 11, 2004 Fedora Update Notification, RedHat Security Advisory, RHSA-2004:609-06, November 12, 2004 Fedora Legacy Update Advisory, FLSA:2187, February 1, 2005 |
Frox 0.7.16, 0.7.17 | A vulnerability exists in 'config.c' due to improper parsing of Deny ACLs in the 'parse_match()' function, which could let a remote malicious user bypass security restrictions.
Update available at: Currently we are not aware of any exploits for this vulnerability. | Frox Deny ACL Parsing | Medium | Secunia Advisory, SA14182, February 8, 2005 |
Gallery 1.4 -pl1&pl2, 1.4, 1.4.1, 1.4.2, 1.4.3 -pl1 & pl2; Gentoo Linux | A Cross-Site Scripting vulnerability exists in several files, including 'view_photo.php,' 'index.php,' and 'init.php' due to insufficient input validation, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: Gentoo: Debian: Gentoo: It is reported that the fixes released by the vendor to address this issue are ineffective. Gallery 1.4.4-pl2 is still considered vulnerable to cross-site scripting attacks. The fixes are being removed. There is no exploit code required. | Gallery Cross-Site Scripting CVE Name: | High | Gentoo Linux Security Advisory, GLSA 200411-10:01, November 6, 2004 Debian Security Advisory, DSA 642-1, January 17, 2005 Gentoo Linux Security Advisory, GLSA 200501-45, January 30, 2005 SecurityFocus, February 2, 2005 |
XPDF prior to 3.00pl3 | A buffer overflow vulnerability exists in ' 'xpdf/Decrypt.cc' due to a boundary error in the 'Decrypt::makeFileKey2' function, which could let a remote malicious user execute arbitrary code. Update available at: Patch available at: Debian: http://security.debian.org/pool/ Fedora: Gentoo: KDE: Ubuntu: Conectiva: Mandrake: SUSE: Currently we are not aware of any exploits for this vulnerability. | Glyph and Cog Xpdf 'makeFileKey2()' Buffer Overflow CVE Name: | High | iDEFENSE Security Advisory, January 18, 2005 Conectiva Linux Security Announcement, CLA-2005:921, January 25, 2005 Mandrakelinux Security Update Advisories, MDKSA-2005:016-021, January 26, 2005 SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
|
Emacs prior to 21.4.17
| A format string vulnerability exists in 'movemail.c,' which could let a remote malicious user execute arbitrary code.
Update available at: Currently we are not aware of any exploits for this vulnerability. | Emacs Format String CVE Name: | High | SecurityTracker Alert, 1013100, February 7, 2005 |
GNU Midnight Commander Project Midnight Commander 4.x | Multiple vulnerabilities exist due to various design and boundary condition errors, which could let a remote malicious user cause a Denial of Service, obtain elevated privileges, or execute arbitrary code. Debian: SUSE: Currently we are not aware of any exploits for these vulnerabilities. | Midnight Commander Multiple Vulnerabilities CVE Names: | Low/ Medium/ High (Low if a DoS; Medium is elevated privileges can be obtained; and High if arbitrary code can be executed) | SecurityTracker Alert, 1012903, January 14, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
ChBg 1.5 | A vulnerability was reported in ChBg. A remote malicious user can cause arbitrary code to be executed by the target user. A remote user can create a specially crafted ChBg scenario file that, when processed by the target user with ChBg, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user. The buffer overflow resides in the simplify_path() function in 'config.c.' FreeBSD is not affected because PATH_MAX is set to 1024, preventing the buffer overflow. Debian: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" A Proof of Concept exploit script has been published. | GNU ChBg simplify_path() Buffer Overflow CVE Name: | High | Secunia Advisory ID, SA13529, December 17, 2004 Debian Security Advisory, DSA 644-1, January 18, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:027, February 2, 2005 |
CUPS 1.1.22 | A vulnerability was reported in CUPS in the processing of HPGL files. A remote malicious user can cause arbitrary code to be executed by the target user. A remote user can create a specially crafted HPGL file that, when printed by the target user with CUPS, will execute arbitrary code on the target user's system. The code will run with the privileges of the 'lp' user. The buffer overflow resides in the ParseCommand() function in 'hpgl-input.c.' Fixes are available in the CVS repository and are included in version 1.1.23rc1. Fedora: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> SGI: SuSE: A Proof of Concept exploit script has been published. | GNU CUPS HPGL ParseCommand() Buffer Overflow CVE Name: | High | CUPS Advisory STR #1023, December 16, 2004 Mandrakelinux Security Update Advisory, MDKSA-2005:008, January 17, 2005 SGI Security Advisory, 20050101-01-U, January 19, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
CUPS Ippasswd 1.1.22 | A vulnerability was reported in the CUPS lppasswd utility. A local malicious user can truncate or modify certain files and cause Denial of Service conditions on the target system. There are flaws in the way that lppasswd edits the '/usr/local/etc/cups/passwd' file. Fixes are available in the CVS repository and are included in version 1.1.23rc1. Fedora: RedHat: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" SGI: A Proof of Concept exploit has been published. | Low | SecurityTracker Alert ID, 1012602, December 16, 2004 Mandrakelinux Security Update Advisory, MDKSA-2005:008, January 17, 2005 SGI Security Advisory, 20050101-01-U, January 19, 2005 | |
Xpdf prior to 3.00pl2 | A buffer overflow vulnerability exists that could allow a remote user to execute arbitrary code on the target user's system. A remote user can create a specially crafted PDF file that, when viewed by the target user, will trigger an overflow and execute arbitrary code with the privileges of the target user. A fixed version (3.00pl2) is available at: A patch is available: KDE: Gentoo: Fedora: Ubuntu: Mandrakesoft (update for koffice): Mandrakesoft (update for kdegraphics): Mandrakesoft (update for gpdf): Mandrakesoft (update for xpdf): Mandrakesoft (update for tetex): Debian: Fedora (update for tetex): Fedora: Gentoo: TurboLinux: SGI: Conectiva: SuSE: Currently we are not aware of any exploits for this vulnerability. | GNU Xpdf Buffer Overflow in doImage() CVE Name: | High | iDEFENSE Security Advisory 12.21.04 KDE Security Advisory, December 23, 2004 Mandrakesoft, MDKSA-2004:161,162,163,165, 166, December 29, 2004 Fedora Update Notification, Gentoo Linux Security Advisory, GLSA 200501-13, January 10, 2005 Conectiva Linux Security Announcement, CLA-2005:921, January 25, 2005 SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 Avaya Security Advisory, ASA-2005-027, January 25, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
|
HP-UX 11.x | A vulnerability exists which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an unspecified error in SAM (System Administration Manager). Apply patches: Rev 2: Added B.11.04 patch Currently we are not aware of any exploits for this vulnerability. | Hewlett-Packard HP-UX SAM Privilege Escalation Vulnerability | Medium | HP Advisory, SSRT4699, December 22, 2004 HP Security Bulletin, HPSBUX01104 Rev 2, February 1, 2004 |
AIX 5.3 | A vulnerability exists in the NIS client, which could let a remote malicious user execute arbitrary code. Patch available at: Currently we are not aware of any exploits for this vulnerability. | IBM AIX NIS Client Remote Code Execution | High | SecurityFocus, February 1, 2005 |
AIX 5.1-5.3 | A format string vulnerability exists in '/usr/sbin/chdev,' which could let a malicious user obtain root privileges. Updates available at: Currently we are not aware of any exploits for this vulnerability. | IBM AIX chdev Format String | High | iDEFENSE Security Advisory, February 7, 2005 |
AIX 5.2, 5.3 | A format string vulnerability exists in auditselect, which could let a malicious user obtain root privileges. Updates available at: Currently we are not aware of any exploits for this vulnerability. | IBM AIX auditselect Format String CVE Name: | High | SecurityTracker Alert, 1013103, February 8, 2005 |
Zip 2.3; Avaya CVLAN, Intuity LX, MN100, Modular Messaging (MSS) 1.1, 2.0, Network Routing | A buffer overflow vulnerability exists due to a boundary error when doing recursive compression of directories with 'zip,' which could let a remote malicious user execute arbitrary code.
Ubuntu: Fedora: Gentoo: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" SUSE: Red Hat: Debian: TurboLinux: Avaya: Fedora Legacy: http://download.fedoralegacy.org Currently we are not aware of any exploits for this vulnerability.
| Info-ZIP Zip Remote Recursive Directory Compression Buffer Overflow CVE Name: | High | Bugtraq, November 3, 2004 Ubuntu Security Notice, USN-18-1, November 5, 2004 Fedora Update Notification, Gentoo Linux Security Advisory, GLSA 200411-16, November 9, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:141, November 26, 2004 SUSE Security Summary Report, SUSE-SR:2004:003, December 7, 2004 Red Hat Advisory, RHSA-2004:634-08, December 16, 2004 Debian DSA-624-1, January 5, 2005 Turbolinux Security Announcement, 20050131, January 31, 2005 Avaya Security Advisory, ASA-2005-019, January 25, 200 Fedora Legacy Update Advisory, FLSA:2255, February 1, 2005
|
Newspost 2.0, 2.1.1 | A buffer overflow vulnerability exists in 'socket.c' in the the 'socket_getline()' function when handling NNTP server responses, which could let a remote malicious user execute arbitrary code. Gentoo: A Proof of Concept exploit script has been published. | Newspost Remote Buffer Overflow CVE Name: | High | Secunia Advisory, Gentoo Linux Security Advisory, GLSA 200502-05, February 3, 2004 |
Konqueror 3.x | A vulnerability exists when processing International Domain Names (IDNs), which could let a remote malicious user spoof web sites.
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | KDE Konqueror IDN Implementation URL Spoof | Medium | Secunia Advisory, SA14162, February 7, 2005 |
KDE 3.x, 2.x | A vulnerability exists in kio_ftp, which can be exploited by malicious people to conduct FTP command injection attacks. The vulnerability has been fixed in the CVS repository. Mandrakesoft: Debian: Gentoo: Fedora: SUSE: Currently we are not aware of any exploits for this vulnerability. | KDE kio_ftp FTP Command Injection Vulnerability CVE Name: | Medium | KDE Advisory Bug 95825, December 26, 2004 Debian Security Advisory, DSA 631-1, January 10, 2005 Gentoo Linux Security Advisory, GLSA 200501-18, January 11, 2005 Fedora Update Notifications SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
Konqueror 3.2.2-6
| A vulnerability exists which can be exploited by malicious people to spoof the content of websites. A website can inject content into another site's window if the target name of the window is known. This can be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website. Fedora: Mandrakesoft: Gentoo: SUSE: Currently we are not aware of any exploits for this vulnerability. | KDE Konqueror Window Injection CVE Name: | Medium | Secunia Advisory ID, SA13254, December 8, 2004 Secunia Advisory ID, SA13486, December 16, 2004 Mandrakesoft Security Advisory, MDKSA-2004:150, December 15, 2004 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
|
Konqueror prior to 3.32 | Two vulnerabilities exist in KDE Konqueror, which can be exploited by malicious people to compromise a user's system.The vulnerabilities are caused due to some errors in the restriction of certain Java classes accessible via applets and Javascript. This can be exploited by a malicious applet to bypass the sandbox restriction and read or write arbitrary files. Update to version 3.3.2: Apply patch for 3.2.3: Mandrakesoft: Gentoo: Fedora: SUSE: Currently we are not aware of any exploits for these vulnerabilities. | KDE Konqueror CVE Name: | High | KDE Security Advisory, December 20, 2004 Mandrakesoft MDKSA-2004:154, December 22, 2004 US-CERT Vulnerability Note, VU#420222, January 5, 2005 Gentoo Linux Security Advisory, GLSA 200501-16, January 11, 2005 Fedora Update Notifications SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
PerlDesk 1.x | An input validation vulnerability exists in the 'kb.cgi' script due to insufficient validation of the 'view' parameter, which could let a remote malicious user execute arbitrary SQL commands. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | PerlDesk 'view' Parameter Input Validation | High | SecurityTracker Alert, 1013090, February 7, 2005 |
WWWBoard 2.0 Alpha 2.1, 2.0 Alpha 2 | A vulnerability exists in the password database file due to insufficient access controls, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required. | WWWBoard Password Database Access Controls | Medium | SecurityFocus, February 5, 2005 |
osh 1.7 | A buffer overflow vulnerability exists in 'main.c' due to insufficient bounds checking in the 'iopen()' function, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. An exploit script has been published. | Mike Neuman OSH Command Line Argument Buffer Overflow | High | Secunia Advisory, SA14159, February 8, 2005 |
ClamAV 0.51-0.54, 0.60, 0.65, 0.67, 0.68 -1, 0.68, 0.70, 0.80 rc1-rc4, 0.80; | A remote Denial of Service vulnerability exists due to an error in the handling of file Upgrade available at: Gentoo: Mandrake: SUSE: Currently we are not aware of any exploits for this vulnerability. | Clam Anti-Virus ClamAV Remote Denial of Service CVE Name: | Low | SecurityFocus, January 31, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:025, January 31, 2005 Gentoo Linux Security Advisory, GLSA 200501-46, January 31, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
ht//Dig Group ht://Dig 3.1.5 -8, 3.1.5 -7, 3.1.5, 3.1.6, 3.2 .0, 3.2 0b2-0b6; SuSE Linux 8.0, i386, 8.1, 8.2, 9.0, 9.0 x86_64, 9.1, 9.2 | A Cross-Site Scripting vulnerability exists due to insufficient filtering of HTML code from the 'config' parameter, which could let a remote malicious user execute arbitrary HTML and script code. SuSE: There is no exploit code required; however, a Proof of Concept exploit has been published. | ht://Dig Cross-Site Scripting CVE Name: | High | SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
MandrakeSoft Corporate Server 3.0, x86_64, Linux Mandrake 10.0, AMD64, 10.1, X86_64;Novell Evolution 2.0.2l Ubuntu Linux 4.1 ppc, ia64, ia32; | A buffer overflow vulnerability exists in the main() function of the 'camel-lock-helper.c' source file, which could let a remote malicious user execute arbitrary code. Update available at: Gentoo: Mandrake: Ubuntu: SUSE: Currently we are not aware of any exploits for this vulnerability. | Evolution Camel-Lock-Helper Application Remote Buffer Overflow CVE Name: | High | Gentoo Linux Security Advisory, GLSA 200501-35, January 25, 2005 Ubuntu Security Notice, USN-69-1, January 25, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:024, January 27, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
SuSE Linux 8.0, i386, 8.1, 8.2, 9.0, x86_64, 9.1, 9.2; | A vulnerability exists due to a failure to handle malformed HTTP headers. The impact was not specified. Patches available at: Gentoo: SUSE: Currently we are not aware of any exploits for this vulnerability. | Squid Proxy Malformed HTTP Headers CVE Name: | Not Specified | Gentoo Linux Security Advisory, GLSA 200502-04:02, February 2, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
FileZilla Server 0.7, 0.7.1; OpenBSD -current, 3.5; | A remote Denial of Service vulnerability during the decompression process due to a failure to handle malformed input. Gentoo:
href="http://security.gentoo.org/glsa/glsa-200408-26.xml"> FileZilla:
href="http://sourceforge.net/project/showfiles.php?group_id=21558"> OpenBSD: OpenPKG: Trustix:
href="ftp://ftp.trustix.org/pub/trustix/updates/ "> SuSE:
href="ftp://ftp.suse.com/pub/suse/"> Mandrake: Conectiva: SCO:
href="ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.17"> Fedora: We are not aware of any exploits for this vulnerability. | Low | SecurityFocus, August 25, 2004 SUSE Security Announcement, SUSE-SA:2004:029, September 2, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:090, September 8, 2004 Conectiva Linux Security Announcement, CLA-2004:865, September 13, 2004 US-CERT Vulnerability Note VU#238678, October 1, 2004 SCO Security Advisory, SCOSA-2004.17, October 19, 2004 Conectiva Linux Security Announcement, CLA-2004:878, October 25, 2004 Fedora Update Notification, | |
Hylafax.org Hylafax 4.0 pl0-pl2, 4.0.2, 4.1, beta1-beta3, 4.1.1-4.1.3, 4.1.5-4.1.8; 4.2; | A vulnerability exists because the username is incorrectly compared with an entry in the 'hosts.hfaxd' database, which could let a remote malicious user obtain unauthorized access.
Patches available at: Debian: Gentoo: Mandrake: SUSE: There is no exploit required. | HylaFAX Remote Access Bypass CVE Name: | Medium | SecurityTracker Alert, 101284, January 12, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
Larry Wall Perl 5.8, 5.8.1, 5.8.3, 5.8.4, 5.8.4 -1-5.8.4-5; Ubuntu Linux 4.1 ppc, ia64, ia32
| Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'PERLIO_DEBUG' SuidPerl environment variable, which could let a malicious user execute arbitrary code; and a vulnerability exists due to an error when handling debug message output, which could let a malicious user corrupt arbitrary files.
Ubuntu: Currently we are not aware of any exploits for these vulnerabilities. | Perl SuidPerl Multiple Vulnerabilities CVE Names: | Medium/ High (High if arbitrary code can be executed) | Ubuntu Security Notice, USN-72-1, February 2, 2005 |
Linux Kernel 2.6.x | A Denial of Service vulnerability exists in 'fs/ntfs/debug.c' because kernel error messages are not properly limited.
Update available at: http://kernel.org/ Currently we are not aware of any exploits for this vulnerability. | Linux Kernel NTFS File System Denial of Service | Low | Secunia Advisory, SA14117, February 7, 2005 |
ncpfs 2.2.1 - 2.2.4 | A buffer overflow exists that could lead to local execution of arbitrary code with elevated privileges. The vulnerability is in the handling of the '-T' option in the ncplogin and ncpmap utilities, which are both installed as SUID root by default. Gentoo: Update to 'net-fs/ncpfs-2.2.5' or later SUSE: Apply updated packages. Updated packages are available via YaST Online Update or the SUSE FTP site. Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors ncpfs: ncplogin and ncpmap Buffer Overflow CVE Name: | High | Gentoo Linux Security Advisory, GLSA 200412-09 / ncpfs, December 15, 2004 Secunia SA13617, December 22, 2004 Mandrakelinux Security Update Advisory, MDKSA-2005:028, February 2, 2005 |
Samba 2.2.9, 3.0.8 and prior | An integer overflow vulnerability in all versions of Samba's smbd 0.8 could allow an remote malicious user to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges. Patches available at: Red Hat: Gentoo: Trustix: Red Hat (Updated): Fedora: SUSE: Mandrakesoft: Conectiva: RedHat: TurboLinux: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors Samba smbd Security CVE Name: | High | iDEFENSE Security Advisory 12.16.04 Red Hat Advisory, RHSA-2004:670-10, December 16, 2004 Gentoo Security Advisory, GLSA 200412-13 / Samba, December 17, 2004 US-CERT, Vulnerability Note VU#226184, December 17, 2004 Trustix Secure Linux Advisory #2004-0066, December 17, 2004 Red Hat, RHSA-2004:670-10, December 16, 2004 SUSE, SUSE-SA:2004:045, December 22, 2004 RedHat Security Advisory, RHSA-2005:020-04, January 5, 2005 Conectiva Linux Security Announcement, CLA-2005:913,January 6, 2005 Turbolinux Security Announcement, February 7, 2005 HP Security Advisory, HPSBUX01115, February 3, 2005 |
Squid 2.x; Gentoo Linux;Ubuntu Linux 4.1 ppc, ia64, ia32;Ubuntu Linux 4.1 ppc, ia64, ia32; Conectiva Linux 9.0, 10.0 | A remote Denial of Service vulnerability exists in the NTLM fakeauth_auth helper when running under a high load or for a long period of time, and a specially crafted NTLM type 3 message is submitted.
Patch available at: Gentoo: Ubuntu: Conectiva: Fedora: SUSE: Currently we are not aware of any exploits for this vulnerability. | Low | Secunia Advisory, Gentoo Linux Security Advisor, GLSA 200501-25, January 17, 2005 Ubuntu Security Notice, USN-67-1, January 20, 2005 Conectiva Linux Security Announcement, CLA-2005:923, January 26, 2005 Fedora Update Notifications, SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 | |
SuSE Linux 8.0, i386, 8.1, 8.2, 9.0 x86_64, 9.0-9.2; Wietse Venema Postfix 2.1.3 | A vulnerability exists because arbitrary mail with an IPv6 address can be sent to any MX host, which could let a remote malicious user bypass security.
Ubuntu: SuSE: There is no exploit code required. | Postfix IPv6 Security Bypass | Medium | SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 Ubuntu Security Notice, USN-74-2, February 4, 2005 |
Netatalk Open Source Apple File Share Protocol Suite 1.5 pre6, 1.6.1, 1.6.4 | A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: Gentoo: Mandrake: Fedora: TurboLinux: There is no exploit code required. | NetaTalk Insecure Temporary File Creation CVE Name: | Medium | Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 Gentoo Linux Security Advisory GLSA 200410-25, October 25, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:121, November 2, 2004 Fedora Update Notifications, Turbolinux Security Announcement, 20050131, January 31, 2005 |
Newsgrab prior to 0.5.0pre4 | Two vulnerabilities exist: a vulnerability exists in the 'newsgrab.pl' file due to the insecure creation of downloaded files in the output directory, which could let a remote malicious user overwrite arbitrary files; and a Directory Traversal vulnerability exists due to insufficient sanitization of input from newsgroups messages, which could let a remote malicious user place attachments in arbitrary locations. Update available at: A Proof of Concept exploit has been published. | newsgrab Directory Permissions CVE Names: | Medium | Secunia Advisory, SA14083, February 3, 2005 |
OmniWeb 5.x
| A vulnerability exists when processing International Domain Names (IDNs), which could let a remote malicious user spoof web sites.
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | OmniWeb IDN Implementation URL Spoof | Medium | Secunia Advisory, SA14154, February 7, 2005 |
OpenSSL 0.9.6, 0.9.6 a-0.9.6 m, 0.9.7c | A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: Gentoo: Ubuntu: Debian: Mandrakesoft: TurboLinux: There is no exploit code required. | OpenSSL CVE Name: | Medium | Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 Gentoo Linux Security Advisory, GLSA 200411-15, November 8, 2004 Ubuntu Security Notice, USN-24-1, November 11, 2004 Debian Security Advisory Mandrakesoft Security Advisory, MDKSA-2004:147, December 6, 2004 Turbolinux Security Announcement, 20050131, January 31, 2005 |
ncpfs prior to 2.2.6 | Two vulnerabilities exist: a vulnerability exists in 'ncpfs-2.2.0.18/lib/ncplib.c' due to improper access control in the 'ncp_fopen_nwc()' function, which could let a malicious user obtain unauthorized access; and a buffer overflow vulnerability exists in 'ncpfs-2.2.5/sutil/ncplogin.c' due to insufficient validation of the 'opt_set_volume_after_parsing_all_options()' function, which could let a malicious user execute arbitrary code. Update available at: Gentoo: Debian: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" SUSE: An exploit script has been published. | Petr Vandrovec ncpfs Access Control & Buffer Overflow CVE Names: | Medium/ High (High if arbitrary code can be executed) | SecurityTracker Alert ID: 1013019, January 28, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:028, February 2, 2005 Debian Security Advisory, DSA-665-1, February 4, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
phpMyAdmin 2.4.0 up to 2.6.1-rc1 | Two vulnerabilities exist which can be exploited by malicious people to compromise a vulnerable system and by malicious users to disclose sensitive information.1) An input validation error in the handling of MySQL data allows injection of arbitrary shell commands. 2) Input passed to 'sql_localfile' is not properly sanitized in 'read_dump.php' before being used to disclose files. Gentoo: SUSE: A Proof of Concept exploit has been published. | PHPGroupWare phpMyAdmin Two Vulnerabilities CVE Names: | Medium/ High (High if arbitrary code can be executed) | Exaprobe, Security Advisory, December 13, 2004 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
phpMyAdmin 2.5 .0-2.5.7, 2.6 .0pl1&2 | Multiple Cross-Site Scripting vulnerabilities exist: a vulnerability exists in 'config.inc.php' if the 'PmaAbsoluteUri' parameter is not set, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability exists in 'read_dump.php' due to insufficient validation of the 'zero_rows' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability exists due to insufficient validation of inputs on the confirm page, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrades available at: Gentoo: SUSE: Proofs of Concept exploits have been published. | PHPMyAdmin Multiple Remote Cross-Site Scripting | High | netVigilance Security Advisory 5, November 19, 2004 Gentoo Linux Security Advisory, GLSA 200411-36, November 27, 2004 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
ProZilla Download Accelerator 1.0 x, 1.3.0-1.3.4, 1.3.5.2, 1.3.5 .1, 1.3.5, 1.3.6 | Multiple buffer overflow vulnerabilities exist due to boundary errors in the communication handling, which could let a remote malicious user execute arbitrary code. Gentoo: Debian: Exploit scripts have been published. | ProZilla Multiple Remote Buffer Overflow CVE Name: | High | Secunia Advisory, Debian Security Advisory, DSA 663-1, February 1, 2005 |
Unixware 7.1.1, 7.1.3, 7.1.4; Avaya Intuity Audix R5 | A remote Denial of Service vulnerability exists when the 'mountd' service is registered in 'inetd.conf.'
Patches available at: There is no exploit required. | SCO UnixWare Mountd Remote Denial of Service CVE Name: | Low | SCO Security Advisory, SCOSA-2005.1, January 6, 2005 Avaya Security Advisory, ASA-2005-029, February 2, 2005 |
Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 .STABLE4&5, 2.4 .STABLE6&7, 2.4 .STABLE2, 2.4, 2.5 .STABLE3-7, 2.5 .STABLE1; Conectiva Linux 9.0, 10.0 | Two vulnerabilities exist: remote Denial of Service vulnerability exists in the Web Cache Communication Protocol (WCCP) functionality due to a failure to handle unexpected network data; and buffer overflow vulnerability exists in the 'gopherToHTML()' function due to insufficient validation of user-supplied strings, which could let a remote malicious user execute arbitrary code. Patches available at: http://www.squid-cache.org/Versions/v2/ Gentoo: Debian: Ubuntu: Mandrake: Conectiva: Fedora: SUSE: There is no exploit required. | Squid Proxy Web Cache WCCP Functionality Remote Denial of Service & Buffer Overflow CVE Names: | Low/High (High if arbitrary code can be executed) | Secunia Advisory, SA13825, January 13, 2005 Debian Security Advisory, DSA 651-1, January 20, 2005 Ubuntu Security Notice, USN-67-1, January 20, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:014, January 25, 2005 Conectiva Linux Security Announcement, CLA-2005:923, January 26, 2005 Fedora Update Notifications, SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
|
SquirrelMail prior to 0.6
| A vulnerability exists in the 'viewcert.php' script due to insufficient validation of the 'cert' parameter when passing data to an exec() call, which could let a remote malicious user execute arbitrary code.
Updates available at: http://www.squirrelmail.org/plugin_ Currently we are not aware of any exploits for this vulnerability. | SquirrelMail 'viewcert.php' Remote Code Execution | High | iDEFENSE Security Advisory, February 7, 2005 |
SquirrelMail Vacation Plugin 0.14 -1.2rc2, 0.15 -1.43a | Two vulnerabilities exists in the 'ftpfile' program due to insufficient input validation, which could let a remote malicious user execute arbitrary commands with root privileges or obtain sensitive information. Upgrades available at: Proofs of Concept exploits scripts have been published. | SquirrelMail Vacation Plugin 'FTPFile' Input Validation | Medium/ High High if arbitrary code can be executed) | LSS Security Advisory, LSS-2005-01-03, January 11, 2005 SecurityFocus, February 4, 2005 |
SquirrelMail 1.2.6 | A vulnerability exists in 'src/webmail.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary code. Debian: Currently we are not aware of any exploits for this vulnerability. | SquirrelMail Remote Code Execution CVE Name: | High | Debian Security Advisory, DSA 662-1, February 1, 2005 |
SuSE Linux Open-Xchange 4.1 | A path traversal vulnerability exists, which could let a remote malicious user obtain sensitive information. SuSE: Currently we are not aware of any exploits for this vulnerability. | SuSE Linux Open-Xchange Path Traversal | Medium | SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
Sudo 1.5.6-1.5.9, 1.6-1.6.8 | A vulnerability exists due to an error in the environment cleaning, which could let a malicious user execute arbitrary commands. Patch available at: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" Trustix: Ubuntu: Debian: OpenPKG: TurboLinux: There is no exploit code required. | Sudo Restricted Command Execution Bypass | High | Secunia Advisory, Mandrakelinux Security Update Advisory, MDKSA-2004:133, November 15, 2004 Trustix Secure Linux Security Advisories, TSLSA-2004-0058 & 061, November 16 & 19, 2004 Ubuntu Security Notice, USN-28-1, November 17, 2004 Debian Security Advisory, DSA 596-1, November 24, 2004 OpenPKG Security Advisory, OpenPKG-SA-2005.002, January 17, 2005 Turbolinux Security Announcement, 20050131, January 31, 2005 |
imap 2004b, 2004a, 2004, 2002b-2002e | A vulnerability exists due to a logic error in the Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) code, which could let a remote malicious user bypass authentication. Update available at: Gentoo: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" Currently we are not aware of any exploits for this vulnerability. | University Of Washington IMAP Server CRAM-MD5 Remote Authentication Bypass | Medium | US-CERT Vulnerability Note, VU#702777, January 27, 2005 Gentoo Linux Security Advisory, GLSA 200502-02, February 2, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:026, February 2, 2005 |
VIM 6.0-6.2, 6.3.011, 6.3.025, 6.3 .030, 6.3.044, 6.3 .045 | Multiple vulnerabilities exist in 'tcltags' and 'vimspell.sh' due to the insecure creation of temporary files, which could let a malicious user corrupt arbitrary files. Ubuntu: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" There is no exploit required. | Vim Insecure Temporary File Creation CVE Name: | Medium | Secunia Advisory, Ubuntu Security Notice, USN-61-1, January 18, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:026, February 2, 2005 |
Ruby 1.6, 1.8 | A vulnerability exists in the CGI session management component due to the way temporary files are processed, which could let a malicious user obtain elevated privileges. Upgrades available at: Gentoo: RedHat: Fedora: Fedora: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> TurboLinux: Currently we are not aware of any exploits for this vulnerability. | Ruby CGI Session Management Unsafe Temporary File CVE Name: | Medium | Debian Security Advisory, DSA 537-1, August 16, 2004 Gentoo Linux Security Advisory, GLSA 200409-08, September 3, 2004 RedHat Security Advisory, RHSA-2004:441-18, September 30, 2004 Fedora Update Notification, Mandrakelinux Security Update Advisory, MDKSA-2004:128, November 8, 2004 Fedora Update Notification, Turbolinux Security Announcement, 20050131, January 31, 2005 |
Newsfetch 1.4, 1.21 | A buffer overflow vulnerability exists in 'nntp.c' due to insecure sscanf calls, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Yusuf Motiwala Newsfetch SScanf Remote Buffer Overflow CVE Name: | High | Securiteam, February 2, 2005 |
| Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name | Risk | Source |
An input verification vulnerability exists that may allow disclosure of sensitive information. Input passed to the 'show' parameter in 'index.php' isn't properly verified. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | BXCP 'show' Local File Inclusion | Medium | Secunia SA14141, February 7, 2005 | |
Multiple vulnerabilities exist which could permit SQL injection attacks. Input passed to various scripts isn't properly validated. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Chipmunk Forum SQL Injection Vulnerabilities | High | Secunia SA14143, February 7, 2005 | |
Cisco IPVC-3510-MCU, | A vulnerability exists in some Cisco videoconferencing products that could permit a remote malicious user to gain control of the system using common default SNMP community strings.
Cisco has issued a workaround available at: http://www.cisco.com/public/ Currently we are not aware of any exploits for this vulnerability. | Cisco IP/VC Remote Access | High | Cisco Security Advisory 63894, February 2, 2005 |
Linksys PSUS4 firmware 6032 | A vulnerability exists which can could permit a Denial of Service. The vulnerability is caused due to an error in the HTTP POST request parsing. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Cisco Linksys PSUS4 Denial of Service | Low | SecurityFocus, Bugtraq ID 12443, February 3, 2005 |
Multiple vulnerabilities exist which could permit SQL injection attacks due to improper validation of input passed to the 'EntryID,' 'searchterm,' and 'username' parameters. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for these vulnerabilities. | CMScore Multiple SQL Injection Vulnerabilities | High | Secunia SA14142, February 7, 2005 | |
Claroline 1.5 - 1.5.3 | An input validation vulnerability exists that could permit script insertion attacks. Input passed to the 'wantedCode,' 'faculte,' 'intitule,' Apply patch for version 1.5.3: Currently we are not aware of any exploits for this vulnerability. | GPL Claroline Script Insertion | High | SecurityFocus, Bugtraq ID 12449, February 4, 2004 |
JShop Server prior to 1.2.0 | A vulnerability exists that could permit Cross-Site Scripting attacks. This is due to improper input validation in the 'xProd' and 'xSec' parameters in 'product.php.' Update to version 1.3.0: A Proof of Concept exploit has been published. | JShop Server Cross-Site Scripting | High | SystemSecure, SS#27012005, January 30, 2005 SecurityFocus, Bugtraq ID 12403, January 31, 2005 |
Mambo 4.5.1 | A vulnerability exists that could permit a user to administrative privileges and access the database. Global variables are not properly protected. Apply patch for version 4.5 and 4.5.1: http://www.mamboportal.com/component/ Currently we are not aware of any exploits for this vulnerability. | Miro International Mambo Access | High | MamboPortal Notice, February 2, 2005
|
Mozilla 1.7.5, Firefox 1.0 | A spoofing vulnerability exists that could permit a malicious website to spoof the URL displayed in the address bar, SSL certificate, and status bar. This is due to an unintended result of the IDN (International Domain Name) implementation, which allows using international characters in domain names. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Mozilla / Firefox / Camino IDN Spoofing | Medium | Secunia SA14163, February 7, 2005 |
Mozilla 1.7.3 | A heap overflow vulnerability exists in the processing of NNTP URLs. A remote malicious user can execute arbitrary code on the target system. A remote user can create a specially crafted 'news://' URL that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target user's system. The code will run with the privileges of the target user. The flaw resides in the *MSG_UnEscapeSearchUrl() function in 'nsNNTPProtocol.cpp'.
The vendor has issued a fixed version (1.7.5), available at: http://www.mozilla.org/products/mozilla1.x/ Gentoo: SGI: SuSE: HP: A Proof of Concept exploit has been published. | Mozilla Buffer Overflow in Processing NNTP URLs CVE Name: | High | iSEC Security ResearchAdvisory, December 29, 2004 Gentoo Linux Security Advisor, GLSA 200501-03, January 5, 2005 SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 HP Security Advisory, HPSBTU01114, February 4, 2005 |
Check Point Software FireWall-1 R55 HFA08 with SmartDefense; | A security vulnerability exists due to a failure to decode base64-encoded images in 'data' URIs, which could lead to a false sense of security.
TippingPoint: Gentoo: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" There is no exploit required. | Multiple Vendor Anti-Virus GatewayBase64 Encoded Image Decode Failure | Medium | Bugtraq, January 11, 2005 SecurityFocus, January 18, 2005 Gentoo Linux Security Advisory, GLSA 200501-46, January 31, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:025, February 2, 2005 |
Debian Linux 3.0 spar, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; Ethereal Group Ethereal 0.9-0.9.16, 0.10-0.10.7
| Multiple vulnerabilities exist: a remote Denial of Service vulnerability exists in the DICOM dissector; a remote Denial of Service vulnerability exists in the handling of RTP timestamps; a remote Denial of Service vulnerability exists in the HTTP dissector; and a remote Denial of Service vulnerability exists in the SMB dissector when a malicious user submits specially crafted SMB packets. Potentially these vulnerabilities may also allow the execution of arbitrary code. Upgrades available at: Gentoo: Conectiva: RedHat: SuSE: Currently we are not aware of any exploits for these vulnerabilities. | Ethereal Multiple Denial of Service & Potential Code Execution Vulnerabilities CVE Names: | Low/High (High if arbitrary code can be executed) | Ethereal Security Advisory, enpa-sa-00016, December 15, 2004 Conectiva Linux Security Announcement, CLA-2005:916, January 13, 2005 RedHat Security Advisory, RHSA-2005:011-11, February 2, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
Opera | A spoofing vulnerability exists that could permit a malicious website to spoof the URL displayed in the address bar, SSL certificate, and status bar. This is due to an unintended result of the IDN (International Domain Name) implementation, which allows using international characters in domain names. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Opera IDN Spoofing | Medium | SecurityTracker Alert ID: 1013096, February 7, 2005 |
A vulnerability exists due to a boundary error within the parsing of the PE (Portable Executable) import directory that could allow execution of arbitrary code. Update available at: Currently we are not aware of any exploits for this vulnerability. | PEiD Buffer Overflow CVE Name: | High | iDEFENSE Security Advisory, January 24, 2005 SecurityFocus, January 31, 2005 | |
An information disclosure vulnerability exists due to an error in 'forum_search.php' when handling multiple search words. This may No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | PHP-Fusion 'forum_search.php' Information Disclosure | Medium | Secunia SA14090, February 2, 2005 | |
SimpleXMLRPCServer 2.2 all versions, 2.3 prior to 2.3.5, 2.4 | A vulnerability exists in the SimpleXMLRPCServer library module that could permit a remote malicious user to access internal module data, potentially executing arbitrary code. Python XML-RPC servers that use the register_instance() method to register an object without a _dispatch() method are affected. Patches for Python 2.2, 2.3, and 2.4, available at: http://python.org/security/ The vendor plans to issue fixed versions for 2.3.5, 2.4.1, 2.3.5, and 2.4.1. Debian: Currently we are not aware of any exploits for this vulnerability. | Python SimpleXMLRPCServer Remote Code CVE Name: | High | Python Security Advisory: PSF-2005-001, February 3, 2005 |
RTOS 2.4, 4.25, 6.1 .0, 6.2 .0 Update Patch A, 6.2 .0 | Multiple vulnerabilities exist: a buffer overflow vulnerability exists in '/usr/bin/pppoed,' which could let a malicious user execute arbitrary code; buffer overflow vulnerabilities exist in 'name,' 'en', 'upscript,' 'downscript,' 'retries,' 'timeout,' 'scriptdetach,' 'noscript,' 'nodetach,' 'remote_mac,' and 'local_mac' flags, which could let a malicious user execute arbitrary code; and a vulnerability exists because the $PATH variable can be modified to cause the daemon to execute arbitrary code. No vendor patch available at time of publishing. Workaround available through US-CERT Vulnerability Notes. Proof of Concept exploit has been published. | QNX PPPoEd Buffer Overflows | High | Securiteam, September 6, 2004 |
LiteForum 2.1.1 | A vulnerability exists that could permit a remote user to inject SQL commands. 'enter.php' does not properly validate user-supplied data in the password parameter. No workaround or patch available at time of publishing. A Proof of Concept exploit script has been published. | softtime LiteForum 'enter.php' Input Validation | High | SecurityTracker Alert ID: 1013084, February 4, 2005 |
Squid 2.5 | A vulnerability exists that could permit a remote malicious user to send multiple Content-length headers with special HTTP requests to corrupt the cache on the Squid server. A patch (squid-2.5.STABLE7-header_parsing.patch) is available at: http://www.squid-cache.org/Versions/v2/2.5/bugs/ Conectiva: Gentoo: Debian: Ubuntu: SuSE: Currently we are not aware of any exploits for this vulnerability. | Squid Error in Parsing HTTP Headers CVE Name: | Medium | SecurityTracker Alert ID, 1012992, January 25, 2005 Gentoo GLSA 200502-04, February 2, 2005 Debian Security Advisory SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 |
SquirrelMail 1.x | A Cross-Site Scripting vulnerability exists in the 'decodeHeader()' function in 'mime.php' when processing encoded text in headers due to insufficient input validation, which could let a remote malicious user execute arbitrary HTML and script code. Patch available at: Gentoo: Conectiva: Fedora: Apple: SuSE: Debian: An exploit script is not required. | SquirrelMail Cross-Site Scripting | High | Secunia Advisory, Gentoo Linux Security Advisory, GLSA 200411-25, November 17, 2004 Fedora Update Notifications, Conectiva Linux Security Announcement, CLA-2004:905, December 2, 2004 Apple Security Update, APPLE-SA-2005-01-25, January 26, 2005 SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 Debian DSA-662-1, February 1, 2005 |
Sun Java JRE 1.3.x, 1.4.x, | A vulnerability exists due to a design error because untrusted applets for some private and restricted classes used internally can create and transfer objects, which could let a remote malicious user turn off the Java security manager and disable the sandbox restrictions for untrusted applets. Updates available at: Conectiva: Gentoo: Symantec: SuSE: Currently we are not aware of any exploits for this vulnerability. | Sun Java Plug-in Sandbox Security Bypass CVE Name: | Medium | Sun(sm) Alert Notification, 57591, November 22, 2004 US-CERT Vulnerability Note, VU#760344, November 23, 2004 Conectiva Linux Security Announcement, CLA-2004:900, November 26, 2004 Gentoo Linux Security Advisory, GLSA 200411-38, November 29, 2004 HP Security Bulletin, Sun(sm) Alert Notification, 57591, January 6, 2005 (Updated) Symantec Security Response, SYM05-001, SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
|
SunShop Shopping Cart 3.4 RC4 | A Cross-Site Scripting vulnerability exists due to improper validation of input passed to the 'search' parameter in 'index.php.' No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Turnkey SunShop Shopping Cart Cross-Site Scripting | High | SystemSecure, SS#25012005, February 3, 2005 |
University of California (BSD License) PostgreSQL 7.x, 8.x
| Multiple vulnerabilities exist that could permit malicious users to gain escalated privileges or execute arbitrary code. These vulnerabilities are due to an error in the 'LOAD' option, a missing permissions check, an error in 'contrib/intagg,' and a boundary error in the plpgsql cursor declaration. Update to version 8.0.1, 7.4.7, 7.3.9, or 7.2.7: http://wwwmaster.postgresql.org Ubuntu: Debian: Gentoo: Fedora: Currently we are not aware of any exploits for these vulnerabilities. | University of California PostgreSQL Multiple Vulnerabilities CVE Name: | Medium/ High (High if arbitrary code can be executed) | PostgreSQL Security Release, February 1, 2005 Ubuntu Security Notice USN-71-1 February 01, 2005 Debian Security Advisory Gentoo GLSA 200502-08, February 7, 2005 |
DeskNow Mail and Collaboration Server 2.5.12 | A vulnerability exists that could permit a remote user to upload or delete files to arbitrary locations on the target server. The 'attachment.do' script and the 'file.do' script do not properly validate user-supplied input. A fixed version (2.5.14 and later) is available at: http://www.desknow.com/ Currently we are not aware of any exploits for this vulnerability. | Ventia DeskNow Mail and Collaboration Server File Upload and Deletion | Medium | SIG^2 Vulnerability Research Advisory, February 2, 2005 |
xGB | A vulnerability exists that could permit a remote user to gain administrative access to the guest book. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | x-dev xGB Remote Access | Medium | SecurityTracker Alert, 1013091, February 7, 2005 |
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
Date of Script | Script name | Workaround or Patch Available | Script Description |
| February 6, 2005 | AdvancedSQLInjectionIn OracleDatabases.zip | N/A | A presentation that explores new methods in exploiting SQL injection vulnerabilities that are inherent in Oracle Database. |
| February 6, 2005 | nmbscan-1.2.4.tar.gz | N/A | NMB Scanner scans the shares of a SMB network, using the NMB and SMB protocols. I |
| February 6, 2005 | r57lite211.txt r57lite211.pl | No | Exploits for the softtime LiteForum 'enter.php' Input Validation vulnerability. |
| February 6, 2005 | x_osh.pl oshexploit.pl | No | Perl script that exploits the Mike Neuman OSH Command Line Buffer Overflow vulnerability. |
| February 5, 2005 | amap-4.8.tar.gz | N/A | A next-generation scanning tool that allows you to identify the applications that are running on a specific port by connecting to the port(s) and sending trigger packets. |
| February 5, 2005 | hydra-4.6-src.tar.gz | N/A | A high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more that includes SSL support, parallel scans, and is part of Nessus. |
| February 5, 2005 | newspost.c | Yes | Exploit for the Newspost Remote Buffer Overflow vulnerability. |
| February 5, 2005 | oyxin.py foxmailDoS.txt | No | Scripts that exploit the Foxmail 'MAIL FROM' :Remote Buffer Overflow vulnerability. |
| February 3, 2005 | ngircd_fsexp.c | No | Script that exploits the ngIRCd Remote Format String vulnerability. |
| February 3, 2005 | painkkeybof.zip | Yes | Proof of Concept exploit for the Painkiller Buffer Overflow Remote Denial of Service vulnerability. |
| February 3, 2005 | tinyweb19DoS.pl | No | Exploit for the TinyWeb Server Remote CGI Script Disclosure vulnerability. |
| February 2, 2005 | /LANChatPR[1666c]DoS-poc.zip | No | Script that exploits the LANChat Pro Remote Denial of Service vulnerability. |
| February 2, 2005 | fl0w-s33ker-v1.4.pl | N/A | Simple perl script that can be used to track overflows. |
| February 2, 2005 | flow-adj-paper_en.txt | N/A | Whitepaper that discusses the exploration of adjacent memory against strncpy(). |
| February 2, 2005 | savantOverflowExplot.txt savant_bof.pl savant-explo.pl savant31remote.txt | No | Exploits for the Savant Web Server Remote Buffer Overflow vulnerability. |
| February 1, 2005 | eternaldos.pl | No | A Proof of Concept exploit for the Eternal Lines Web Server Remote Denial of Service vulnerability. |
| February 1, 2005 | newPostBufferOverflowExploit.c | Yes | A Proof of Concept exploit for the Newspost Remote Buffer Overflow vulnerability. |
name=trends>Trends
- In a recent study released by the think tank Ponemon Institute, 69% of companies say data breaches were the result of either malicious employee activities or non-malicious employee error. For more information, see 'Insiders, Not Hackers, Are Main Cause Of Data Breaches: Survey' located at: http://www.networkingpipeline.com/showArticle.jhtml?articleID=59301819.
- According to Websense Security Labs, scammers are taking advantage of recent news that Microsoft is asking users to verify that they have a legitimate copy of Windows. Email messages that have the spoofed address of security@microsoft.com and with the heading "Microsoft Windows Update" ask recipients to update and/or validate both the Windows' serial number and the customer's credit card information on a Web site. For more information, see 'Phishers Fake Message From Microsoft' located at: http://www.techweb.com/wire/security/59301315
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trends |
face="Arial, Helvetica, sans-serif">Date |
1 | Netsky-P | Win32 Worm | Stable | March 2004 |
2 | Zafi-D | Win32 Worm | Increase | December 2004 |
3 | Netsky-Q | Win32 Worm | Increase | March 2004 |
4 | Sober-I | Win32 Worm | Slight Decrease | November 2004 |
5 | Zafi-B | Win32 Worm | Decrease | June 2004 |
6 | Netsky-D | Win32 Worm | Return to Table | March 2004 |
7 | Bagle.bj | Win32 Worm | New to Table | January 2005 |
8 | Netsky-B | Win32 Worm | Increase | February 2004 |
9 | Bagle.z | Win32 Worm | Return to Table | April 2004 |
10 | Bagle-AU | Win32 Worm | Decrease | October 2004 |
Table Updated February 8, 2005
Viruses or Trojans Considered to be a High Level of Threat
- None to report.
The following table provides, in alphabetical order, a list of new viruses, variations of previously encountered viruses, and Trojans that have been discovered during the period covered by this bulletin. This information has been compiled from the following anti-virus vendors: Sophos, Trend Micro, Symantec, McAfee, Network Associates, Central Command, F-Secure, Kaspersky Labs, MessageLabs, Panda Software, Computer Associates, and The WildList Organization International. Users should keep anti-virus software up to date and should contact their anti-virus vendors to obtain specific information on the Trojans and Trojan variants that anti-virus software detects.
NOTE: At times, viruses and Trojans may contain names or content that may be considered offensive.
Name |
face="Arial, Helvetica, sans-serif">Aliases |
face="Arial, Helvetica, sans-serif">Type |
| Admincash.A | Trj/Admincash.A | Trojan |
| Downloader.ALQ | Trj/Downloader.ALQ | Trojan |
| Gaobot.CTX | W32/Gaobot.CTX.worm | Win32 Worm |
| PWSteal.Sagic.B | Trojan | |
| QLowZones-10 | Trojan | |
| SymbOS/Cabir.q | Symbian OS Worm | |
| Troj/Baley-A | Trojan | |
| Troj/Chimo-A | Trojan | |
| Troj/Shine-B | Trojan | |
| Trojan.Comxt.B | Trojan | |
| VBS.Redlof.B | Win32 Worm | |
| W32.Bobax.N | W32/Bobax-H | Win32 Worm |
| W32.Dopbot | Win32 Worm | |
| W32.Gaobot.CII | Win32 Worm | |
| W32.Mydoom.AR@mm | Win32 Worm | |
| W32.Wallz | Net-Worm.Win32.Small.b | Win32 Worm |
| W32/Agobot-PN | Backdoor.Win32.Agobot.gen | Win32 Worm |
| W32/Ahker-B | Email-Worm.Win32.Anker.a | Win32 Worm |
| W32/Bobax.worm | WORM_BOBAX.K | Win32 Worm |
| W32/Bobax-F | Win32 Worm | |
| W32/Bobax-H | Email-Worm.Win32.Bobic.a | Win32 Worm |
| W32/Bropia-D | IM-Worm.Win32.Exir.a WORM_BROPIA.F W32/Bropia.worm.g W32/Bropia.worm.f W32/Rbot-VD Win32/Bropia.D!Worm Win32.Bropia.D | Win32 Worm |
| W32/Bropia-F | IM-Worm.Win32.Slanec.a W32.Bropia.L W32/Bropia-F W32/Bropia.worm W32/Bropia.worm.i Win32.Bropia.F Win32/Bropia.F!Worm WORM_BROPIA.G | Win32 Worm |
| W32/LegMir-Z | Worm.Win32.Viking.a PE_LOOKED.B | Win32 Worm |
| W32/MyDoom-AO | Email-Worm.Win32.Mydoom.ak | Win32 Worm |
| W32/Protorid-AB | Win32 Worm | |
| W32/Rbot-SQ | WORM_RBOT.AJD | Win32 Worm |
| W32/Rbot-UC | Win32 Worm | |
| W32/Rbot-VC | Backdoor.Win32.Rbot.gen | Win32 Worm |
| W32/Rbot-VD | Win32 Worm | |
| W32/Rbot-VM | Win32 Worm | |
| W32/Rbot-VO | Backdoor.Win32.Rbot.gj W32/Sdbot.worm.gen.x | Win32 Worm |
| W32/Sdbot-UN | Backdoor.Win32.SdBot.us W32/Sdbot.BSD WORM_SDBOT.AMS | Win32 Worm |
| W32/Sober-J | Email-Worm.Win32.Sober.j Reblin | Win32 Worm |
| W32/Traxg-C | BKDR_MYWOMAN.A | Win32 Worm |
| Win32.Netmesser.A | AdClicker-BM TROJ_NETMESS.A Win32/Netmesser.A!Trojan | Trojan |
| Win32.Rbot.BPB | Backdoor.Win32.Rbot.hp W32/Rbot-VM W32/Sdbot.worm.gen.t Win32/Rbot.114688!Worm WORM_BROPIA.G | Win32 Worm |
| WORM_AGOBOT.AJC | Win32 Worm | |
| WORM_BROPIA.F | Bropia.E Bropia.F IM-Worm.Win32.Exir.a W32.Bropia.E W32.Bropia.J W32/Bropia.E.worm W32/Bropia.F W32/Bropia.worm.g Win32.Bropia.E Win32.Rbot.BOM | |
| WORM_CISUM.A | Win32 Worm | |
| WORM_MYDOOM.AE | Win32 Worm | |
| WORM_MYDOOM.AF | I-Worm.Mydoom.ab I-Worm.Win32.Swash.31744 I-Worm/Swash.A W32.Mydoom.AG@mm W32/MyDoom-AG W32/Swash.A.worm Win32.Mydoom.AE Win32/Swash.A@mm Win32/Swash.D@mm Worm/MyDoom.AE WORM_SWASH.A | Win32 Worm |
| WORM_MYDOOM.AW | Win32/Mydoom.Variant!Worm | Win32 Worm |
| WORM_MYDOOM.AX | Win32/Mydoom.Variant!Worm | Win32 Worm |
| WORM_MYDOOM.AY | W32/MyDoom-AO Win32/Mydoom.Variant!Worm | Win32 Worm |
| WORM_RBOT.ALJ | Win32 Worm |
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.