U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB05-180)

Summary of Security Items from June 22 through June 28, 2005

Original release date: June 29, 2005

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.

Wireless

Vulnerabilities The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.

Note: All the information included in the following tables has been discussed in newsgroups and on web sites.

The Risk levels defined below are based on how the system may be impacted:

Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.

  • High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
  • Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
  • Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.

Windows Operating Systems Only

Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name/
CVE Reference
Risk
Source

Active Web Softwares

ActiveBuy
andSell V6.X

A vulnerability has been reported in ActiveBuyandsell that could let a malicious remote user perform SQL injection or Cross-Site Scripting attacks.

No workaround or patch available at time of publishing.

Proofs of Concept exploits have been published.

ActiveBuy
andSell SQL Injection & Cross-Site Scripting

CAN-2005-2062
CAN-2005-2063

High Secunia Advisory, SA15837, June 27, 2005

Advanced Browser

Advanced Browser V8.0.2

A javascript spoofing vulnerability has been reported in Advanced Browser that could let remote malicious users spoof Javascript dialog boxes.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Advanced Browser Javascript Spoofing Medium Security Tracker Alert ID: 1014270, June 23, 2005

ASP Nuke

ASP Nuke V0.8

Multiple vulnerabilities have been reported in ASP Nuke that could allow a remote malicious user to perform SQL injection or Cross-Site Scripting attacks.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ASP Nuke SQL Injection & Cross Site Scripting

CAN-2005-2064
CAN-2005-2065
CAN-2005-2066

 

High Security Focus, Bugtraq ID: 14062, 13318, 14063,14064, June 27, 2005

ASP
Playground

ASP
Playground
.NET V3.2SP1

A vulnerability has been reported in ASPPlayground.NET that could allow a remote malicious user to upload arbitrary files.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ASPPlayground .NET Arbitrary Upload
High Security Tracker Alert ID: 1014309, June 27, 2005

Fast Browser

Fast Browser Pro V8.1

A javascript spoofing vulnerability has been reported in Fast Browser Pro that could let remote malicious users spoof Javascript dialog boxes.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Fast Browser Pro Javascript Spoofing
Medium Security Tracker Alert ID: 1014296, June 27, 2005

Flashpeak

Slim Browser V4.05.007

A javascript spoofing vulnerability has been reported in Slim Browser that could let remote malicious users spoof Javascript dialog boxes.

No workaround or patch available at time of publishing.

There is no exploit code required.

Slim Browser Javascript Spoofing Medium Security Tracker Alert ID: 1014266, June 22, 2005

Hewlett Packard

HP Version Control Repository Manager V2.x

 

A password disclosure vulnerability has been reported in HP Version Control Repository Manager that could disclose the proxy password to local users.

An update is available: http://h18023.www1.hp.com/
support/files/
server/us/
download/22563.html

There is no exploit code required.

HP VCRM Password Disclosure

CAN-2005-2076

Medium Secunia, Advisory: SA15790, June 23, 2005

Hosting Controller

Hosting Controller Error.ASP

A vulnerability has been reported in Error.ASP that could allow a remote malicious user to perform Cross-Site Scripting attacks.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Hosting Controller Error.ASP
Cross-Site Scripting

CAN-2005-2077

High Security Focus, Bugtraq ID: 14080, June 28, 2005

IPSwitch

WhatsUp Professional V2005SP1

An input validation vulnerability has been reported in Ipswitch WhatsUp Professional that could let malicious users perform SQL injection.

Update to Service Pack 1a: http://www.ipswitch.com/Support/
whatsup_professional/releases/
wup2005sp1a.html

There is no exploit code required; however, a Proof of Concept exploit has been published.

Ipswitch WhatsUp Professional SQL Injection Vulnerability

CAN-2005-1250

High iDEFENSE, Security Advisory 06.22.05, June 22, 2005

Microsoft

Microsoft Internet Explorer 6.0, SP1&SP2

A vulnerability has been reported in Microsoft Internet Explorer, which could let malicious websites to spoof dialog boxes.

Advisory available at:
http://www.microsoft.com/
technet/security/advisory/
902333.mspx

Currently we are not aware of any exploit for this vulnerability.

Microsoft Internet Explorer Dialog Origin Spoofing Medium

Secunia, Advisory, SA15491, June 21, 2005

Microsoft Security Advisory (902333), June 21, 2005

Microsoft

Visio 2002, SP1, SharePoint Portal Server 2001, SP1, Office XP, SP1-SP3,

A vulnerability has been reported in Microsoft Log Sink Class ActiveX Control that could allow a remote malicious user to create arbitrary files.

Update available at:
http://www.microsoft.com/
downloads/details.aspx?
familyid=0dd4c99a-9196
-421b-83f0-3d2f93189028&
displaylang=en

An exploit has been published.

Microsoft Log Sink Class ActiveX Control

CAN-2005-0360

High US-CERT VU#165022

Microsoft

Outlook Express 5.5, 6

A remote code execution vulnerability has been reported in Outlook Express when it is used as a newsgroup reader. A malicious user could exploit the vulnerability by constructing a malicious newsgroup server that could that potentially allow remote code execution if a user queried the server for news.

Updates available: http://www.microsoft.com
/technet/security/Bulletin/
MS05-030.mspx

An exploit has been published.

Microsoft Outlook Express Could Allow Remote Code Execution

CAN-2005-1213

 

High

Microsoft, MS05-030, June 14, 2004

US-CERT VU#130614

Security Focus, Bugtraq ID: 13951, June 24, 2005

Microsoft

Windows 2000 SP3 & SP4, Windows XP 64-Bit Edition SP1
(Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems

A buffer overflow vulnerability exists when handling Server Message Block (SMB) traffic, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www.microsoft.com/
technet/security/bulletin/
MS05-011.mspx

Microsoft Windows NT 4.0 has also been found vulnerable to the issue; however, this platform is no longer publicly supported by Microsoft. A patch is available for customers that have an active end-of-life support agreement including extended Windows NT 4.0 support. Information regarding the end-of-life support agreement can be found at the following location:
http://www.microsoft.com/
presspass/features/2004/
dec04/12-03NTSupport.asp

An exploit has been published.

Microsoft Windows SMB Buffer Overflow

CAN-2005-0045

High

Microsoft Security Bulletin, MS05-011, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#652537

Security Focus, 12484, March 9, 2005

Security Focus, Bugtraq ID: 12484, June 23, 2005

MyInternet

MyInternet Browser V10.0.0.0

A javascript spoofing vulnerability has been reported in MyInternet Browser that could let remote malicious users spoof Javascript dialog boxes.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

MyInternet Browser Javascript Spoofing
Medium Security Tracker Alert ID: 1014295, June 27, 2005

NetCaptor

NetCaptor Browse V7.5.4

A javascript spoofing vulnerability has been reported in NetCaptor Browser that could let remote malicious users spoof Javascript dialog boxes.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

NetCaptor Browser Javascript Spoofing
Medium Security Tracker Alert ID: 1014265, June 22, 2005

Omni

Omni Browser 2.0

A javascript spoofing vulnerability has been reported in NetCaptor Browser that could let remote malicious users spoof Javascript dialog boxes.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Omni Browser Javascript Spoofing Medium Security Tracker Alert ID: 1014286, June 23, 2005

Optimal Access

Optimal Desktop V4.00

A javascript spoofing vulnerability has been reported in Optimal Desktop that could let remote malicious users spoof Javascript dialog boxes.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Optimal Desktop Javascript Spoofing
Medium Security Tracker Alert ID: 1014298, June 27, 2005

Sofotex

BisonFTP Server V4R1

A vulnerability has been reported in BisonFTP Server that could allow remote malicious users to perform a Denial of Service.

No workaround or patch available at time of publishing.

An exploit has been published.

BisonFTP Server Denial of Service

CAN-2005-2078

Low Security Focus, Bugtraq ID: 14079, June 28, 2005

Sukru Alatas

Sukru Alatas Guestbook V3.1

A vulnerability has been reported in Sukru Alatas Guestbook that could allow database disclosure to remote malicious users.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Sukru Alatas Guestbook Database Disclosure
Medium Secunia Advisory: SA15832, June 28, 2005
TCP-IP Datalook 1.3

A vulnerability has been reported in TCP-IP Datalook that could let a local malicious user perform a Denial of Service.

No workaround or patch available at time of publishing.

An exploit has been published.

TCP-IP Datalook Denial of Service
Low Security Tracker Alert ID: 1014291, June 26, 2005

Telligent Systems

Community Server Forums

A vulnerability has been reported in Community Server Forums that could let a remote malicious user perform Cross-Site Scripting attacks.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Community Server Forums Cross-Site Scripting High Security Focus, Bugtraq ID: 14078, June 28, 2005

True North Software Inc.

IA eMailServer V5.2.2

An IMAP list command validation vulnerability has been reported in IA eMailServer that could let remote malicious users perform a Denial of Service.

Upgrade to version 5.3.4 Build 2019.

An exploit script has been published.

IA eMailServer Denial of Service
Low Secunia Advisory: SA15838, June 28, 2005

Veritas

Veritas Backup Exec 10.0

Multiple vulnerabilities have been reported in Veritas Backup Exec that could let remote malicious users perform arbitrary code execution, elevate privileges, perform a DoS, or even crash systems.

A patch is available from the vendor: http://seer.support.veritas.com/
docs/277429.htm

Currently we are not aware of any exploits for this vulnerability.

Veritas Backup Exec Multiple Vulnerabilities

CAN-2005-0771
CAN-2005-0772
CAN-2005-0773

High

Secunia, Advisory: SA15789, June 23, 2005

VERITAS Security Advisory VX05-006, VX05-007, VX05-008, June 23, 3005

US-CERT VU#584505, VU#352625, VU#492105

Wichio

Wichio 27Tools-in-1 Browser V4.2

A javascript spoofing vulnerability has been reported in Wichio 27Tools-in-1 Browser that could let remote malicious users spoof Javascript dialog boxes.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Wichio 27Tools-in-1 Browser Javascript Spoofing
Medium Security Tracker Alert ID: 1014297, June 27, 2005

[back to top]

UNIX / Linux Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Adobe

Acrobat Reader 7.0.1, 7.0, Acrobat 7.0.1, 7.0

Several vulnerabilities have been reported: a vulnerability was reported due to an unspecified error, which could let a remote malicious user execute arbitrary programs via a specially crafted PDF document that contains JavaScript; and a vulnerability was reported in the updater because Safari Frameworks folder permissions can be elevated for all users when downloading updates. Only UNIX running on Mac OS is affected.

Upgrades available at:
http://www.adobe.com
/support/downloads/

There is no exploit code required.

Adobe Reader / Acrobat Arbitrary Code Execution & Elevated Privileges

CAN-2005-1623
CAN-2005-1624

Medium
Secunia
Advisory, SA15827,
June 28, 2005

Apache

Spam
Assassin 3.0.1, 3.0.2, 3.0.3

A vulnerability has been reported that could let remote malicious users cause a Denial of Service. A remote user can send e-mail containing special message headers to cause the application to take an excessive amount of time to check the message.

A fixed version (3.0.4) is available at: http://spamassassin.
apache.org/
downloads.cgi

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-17.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-498.html

Mandriva:
http://www.mandriva.com/
security/advisories

There is no exploit code required.

Apache SpamAssassin Lets Remote Users Deny Service

CAN-2005-1266

Low

Security Tracker Alert ID: 1014219,
June 16, 2005

Fedora Update Notifications,
FEDORA-
2005-427 &
428,
June 16 & 17, 2005

Gentoo Linux Security
Advisory,
GLSA 200506-17,
June 21, 200

SUSE Security Announce-
ment, SUSE-SA:2005:033, June 22, 2005

RedHat
Security Advisory,
RHSA-2005:
498-10,
June 23, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:106,
June 28, 2005

Freedesk
top.org

D-BUS 0.23 & prior

A vulnerability exists in 'bus/policy.c' due to insufficient restriction of connections, which could let a malicious user hijack a session bus.

Patch available at:
https://bugs.freedesktop.org/
show_bug.cgi?id=2436

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-102.html

Mandriva:
http://www.mandriva.com/
security/advisories

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/d
/dbus/dbus

There is no exploit code required.

D-BUS Session Hijack

CAN-2005-0201

Medium

Security Tracker Alert ID,1013075, February 3, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:105,
June 24, 2005

Ubuntu Security Notice,
USN-144-1,
June 27, 2005

FreeRADIUS Server
Project

FreeRADIUS 1.0.2

Two vulnerabilities have been reported: a vulnerability was reported in the 'radius_xlat()' function call due to insufficient validation, which could let a remote malicious user execute arbitrary SQL code; and a buffer overflow vulnerability was reported in the 'sql_escape_func()' function, which could let a remote malicious user execute arbitrary code.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-13.xml

SuSE:
ftp://ftp.suse.com/pub/suse/

FreeRadius:
ftp://ftp.freeradius.org/pub/
radius/freeradius-1.0.3.tar.gz

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-524.html

There is no exploit code required.

FreeRadius 'rlm_sql.c' SQL Injection & Buffer Overflow

CAN-2005-1454
CAN-2005-1455

High

Security Tracker Alert ID: 1013909, May 6, 2005

Gentoo Linux Security
Advisory, GLSA 200505-13,
May 17, 2005

SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005

Security Focus, 13541, June 10, 2005

RedHat
Security Advisory,
RHSA-2005:
524-05,
June 23, 2005

GD Graphics Library

gdlib 2.0.23, 2.0.26-2.0.28; Avaya Converged Communi-cations Server 2.0, Intuity LX
Avaya MN100, Modular Messaging (MSS) 1.1, 2.0, Network Routing
Avaya S8300 R2.0.1,R2.0.0, S8500 R2.0.1, R2.0.0, S8700 R2.0.1, R2.0.0, S8710 R2.0.1, R2.0.0

A vulnerability exists in the 'gdImageCreateFromPngCtx()' function when processing PNG images due to insufficient sanity checking on size values, which could let a remote malicious user execute arbitrary code.

OpenPKG:
ftp://ftp.openpkg.org/release/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
libg/libgd2/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-08.xml

Debian:
http://security.debian.org/
pool/updates/main/libg

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

Trustix:
http://http.trustix.org/pub/
trustix/updates/

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Debian:
http://security.debian.org/pool
/updates/main/libg/libgd/

Red Hat:
http://rhn.redhat.com/
errata/RHSA-2004-638.html

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-017_
RHSA-2004-638.pdf

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/3/
updates/

An exploit script has been published.

GD Graphics Library Remote Integer Overflow

CAN-2004-0990
CAN-2004-0941

High

Secunia Advisory,
SA12996, October 28, 2004

Gentoo Linux Security Advisory, GLSA 200411-08, November 3, 2004

Ubuntu Security Notice, USN-21-1, November 9, 2004

Debian Security Advisories, DSA 589-1 & 591-1, November 9, 2004

Fedora Update Notifications,
FEDORA-2004-411 & 412, November 11, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:132, November 15, 2004

Trustix Secure Linux Security Advisory, TSLSA-2004-0058, November 16, 2004

Ubuntu Security Notice, USN-25-1, November 16, 2004

SUSE Security Summary Report, SUSE-SR:2004:001, November 24, 2004

Debian Security Advisories, DSA 601-1 & 602-1, November 29, 2004

Red Hat Advisory, RHSA-2004:638-09, December 17, 2004

Avaya Security Advisory, ASA-2005-017, January 18, 2005

SGI Security Advisory, 20050602-
01-U, June 23, 2005

gFTP

gFTP 0.1, 0.2, 0.21, 1.0, 1.1-1.13, 2.0-2.0.17

A Directory Traversal vulnerability exists due to insufficient sanitization of input, which could let a remote malicious user obtain sensitive information.

Upgrades available at:
http://www.gftp.org/
gftp-2.0.18.tar.gz

Debian:
http://security.debian.org/
pool/updates/main/g/gftp/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-27.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=
a&anuncio=000957

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-410.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

There is no exploit code required.

gFTP Remote Directory Traversal

CAN-2005-0372

Medium

Security Focus, February 14, 2005

Debian Security Advisory, DSA 686-1, February 17, 2005

SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005

Gentoo Linux Security Advisory, GLSA 200502-27, February 19, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:050, March 4, 2005

RedHat Security Advisory, RHSA-2005:410-07, June 13, 2005

Conectiva Security Advisory, CLSA-2005:957, May 31, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

GNOME

gEdit 2.0.2, 2.2 .0, 2.10.2

A format string vulnerability has been reported when invoking the program with a filename that includes malicious format specifiers, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gedit/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-09.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-499.html

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
ia32/Desktop/10/updates/

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/

An exploit has been published.

Gedit Filename Format String

CAN-2005-1686

High

Securiteam, May 22, 2005

Ubuntu Security Notice, USN-138-1, June 09, 2005

Gentoo Linux Security Advisory, GLSA 200506-09, June 11, 2005

RedHat Security Advisory, RHSA-2005:499-05, June 13, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:102, June 16, 2005

Turbolinux Security Advisory,
TLSA-2005-70, June 22, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

GNU

cpio 1.0-1.3, 2.4.2, 2.5, 2.5.90, 2.6

A vulnerability has been reported when an archive is extracted into a world or group writeable directory because non-atomic procedures are used, which could let a malicious user modify file permissions.

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/

There is no exploit code required.

CPIO CHMod File Permission Modification

CAN-2005-1111

Medium

Bugtraq, 395703, April 13, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005

GNU

cpio 2.6

A Directory Traversal vulnerability has been reported when invoking cpio on a malicious archive, which could let a remote malicious user obtain sensitive information.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-16.xml

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/

A Proof of Concept exploit has been published.

CPIO Directory Traversal

CAN-2005-1229

 

Medium

Bugtraq, 396429, April 20, 2005

Gentoo Linux Security Advisory, GLSA 200506-16, June 20, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005

GNU

gzip 1.2.4 a, 1.2.4, 1.3.3-1.3.5

A Directory Traversal vulnerability has been reported due to an input validation error when using 'gunzip' to extract a file with the '-N' flag, which could let a remote malicious user obtain sensitive information.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-05.xml

IPCop:
http://ipcop.org/modules.php?
op=modload&name=
Downloads&file=index
&req=viewdownload
&cid=3&orderby=dateD

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:11/gzip.patch

OpenPKG:
http://www.openpkg.org/
security/OpenPKG-
SA-2005.009-openpkg.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

Proof of Concept exploit has been published.

GNU GZip
Directory Traversal

CAN-2005-1228

Medium

Bugtraq, 396397, April 20, 2005

Ubuntu Security Notice,
USN-116-1,
May 4, 2005

Trustix Secure Linux Security Advisory,
TSLSA-2005-0018,
May 6, 2005

Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005

Security Focus,13290, May 11, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005

Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005

FreeBSD
Security Advisory, FreeBSD-SA-05:11, June 9, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.009, June 10, 2005

RedHat Security Advisory,
RHSA-2005:357-19, June 13, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

GNU

shtool 2.0.1 & prior

A vulnerability has been reported that could let a local malicious user gain escalated privileges. The vulnerability is caused due to temporary files being created insecurely.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-08.xml

OpenPKG:
ftp://ftp.openpkg.org/
release/2.3

There is no exploit code required.

GNU shtool Insecure Temporary File Creation

CAN-2005-1751

Medium

Secunia Advisory, SA15496, May 25, 2005

Gentoo Linux Security Advisory, GLSA 200506-08, June 11, 200

OpenPKG Security Advisory, OpenPKG-SA-2005.011,
June 23, 2005

GNU

gzip 1.2.4, 1.3.3

A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-05.xml

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:11/gzip.patch

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/

There is no exploit code required.

GNU GZip File Permission Modification

CAN-2005-0988

Medium

Security Focus,
12996,
April 5, 2005

Ubuntu Security Notice,
USN-116-1,
May 4, 2005

Trustix Secure Linux Security Advisory,
TSLSA-2005-0018,
May 6, 2005

Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092,
May 19, 2005

Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:11, June 9, 2005

RedHat Security Advisory,
RHSA-2005:357-19, June 13, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

GNU

wget 1.9.1

A vulnerability exists which could permit a remote malicious user to create or overwrite files on the target user's system. wget does not properly validate user-supplied input. A remote user can bypass the filtering mechanism if DNS can be modified so that '..' resolves to an IP address. A specially crafted HTTP response can include control characters to overwrite portions of the terminal window.

SUSE:
ftp://ftp.SUSE.com
/pub/SUSE

Mandriva:
http://www.mandriva.com/
security/advisories

Trustix:
http://http.trustix.org/
pub/trustix/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/w/wget/

A Proof of Concept exploit script has been published.

GNU wget File Creation & Overwrite

CAN-2004-1487
CAN-2004-1488

Medium

Security Tracker Alert ID: 1012472, December 10, 2004

SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005

SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:011, April 15, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:098, June 9, 2005

Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005

Turbolinux Security Advisory, TLSA-2005-66, June 15, 2005

Ubuntu Security Notice, USN-145-1, June 28, 2005

GNU

zgrep 1.2.4

A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.

A patch for 'zgrep.in' is available in the following bug report:
http://bugs.gentoo.org/
show_bug.cgi?id=90626

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-474.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

There is no exploit code required.

Gzip Zgrep Arbitrary Command Execution

CAN-2005-0758

High

Security Tracker Alert, 1013928, May 10, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005

Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005

RedHat Security Advisory, RHSA-2005:357-19, June 13, 2005

RedHat Security Advisory, RHSA-2005:474-15, June 16, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

Fedora Update Notification,
FEDORA-2005-471, June 27, 2005

LibTIFF

LibTIFF 3.4, 3.5.1-3.5.5, 3.5.7, 3.6 .0, 3.6.1, 3.7, 3.7.1

A buffer overflow vulnerability has been reported in the 'TIFFOpen()' function when opening malformed TIFF files, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://bugzilla.remotesensing.org/
attachment.cgi?id=238

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-07.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tiff/

SuSE:
ftp://ftp.suse.com/pub/suse/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

Currently we are not aware of any exploits for this vulnerability.

LibTIFF TIFFOpen Remote Buffer Overflow

CAN-2005-1544
CAN-2005-1472

High

Gentoo Linux Security Advisory, GLSA 200505-07, May 10, 2005

Ubuntu Security Notice, USN-130-1, May 19, 2005

SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005

Turbolinux Security Advisory, TLSA-2005-72, June 28, 2005

Linux Support Services, Inc.

Asterisk 1.0.7, Asterisk CVS HEAD

A buffer overflow vulnerability has been reported in the manager interface due to insufficient bounds checks, which could let a remote malicious user execute arbitrary code. Note: The manager interface is not enabled by default.

Updates available at:
http://www.asterisk.org/
index.php?menu=download

Currently we are not aware of any exploits for this vulnerability.

Linux Support Services Asterisk Manager Interface Remote Buffer Overflow
High
Security Tracker Alert, 1014268, June 22, 2005

Multiple Vendors

FreeBSD 5.4 & prior

A vulnerability was reported in FreeBSD when using Hyper-Threading Technology due to a design error, which could let a malicious user obtain sensitive information and possibly elevated privileges.

Patches and updates available at:
ftp://ftp.freebsd.org/pub/FreeBSD/
CERT/advisories/
FreeBSD-SA-05:09.htt.asc

SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.24

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-476.html

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101739-1

Mandriva:
http://www.mandriva.com/
security/advisories

Trustix:
ftp://ftp.trustix.org/pub/trustix/
updates/

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendor FreeBSD Hyper-Threading Technology Support Information Disclosure

CAN-2005-0109

Medium

FreeBSD Security Advisory, FreeBSD-SA-05:09, May 13, 2005

SCO Security Advisory, SCOSA-2005.24, May 13, 2005

Ubuntu Security Notice, USN-131-1, May 23, 2005

US-CERT VU#911878

RedHat Security Advisory, RHSA-2005:476-08, June 1, 2005

Sun(sm) Alert Notification, 101739, June 1, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:096, June 7, 2005

Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005

SGI Security Advisory, 20050602-01-U, June 23, 2005

Multiple Vendors

Gentoo Linux;
Samba Samba 3.0-3.0.7

 

A remote Denial of Service vulnerability exists in 'ms_fnmatch()' function due to insufficient input validation.

Patch available at:
http://us4.samba.org/samba/
ftp/patches/security/samba-
3.0.7-CAN-2004-0930.patch

Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-21.xml

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

SuSE:
ftp://ftp.suse.com/pub/suse/
i386/update/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/samba/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2004-632.html

Trustix:
http://http.trustix.org/pub/
trustix/updates/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

SGI:
http://www.sgi.com/
support/security/

TurboLinux:
ftp://ftp.turbolinux.co.jp
/pub/TurboLinux
/TurboLinux/ia32/
Server/10/updates/

OpenPKG:
http://www.openpkg.org/
security.html

SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.17

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101783-1

There is no exploit code required.

Multiple Vendors Samba Remote Wild Card Denial of Service

CAN-2004-0930

Low

Security Focus, November 15, 2004

Trustix Secure Linux Security Advisory, TSLSA-2004-0058, November 16, 2004

RedHat Security Advisory, RHSA-2004:632-17, November 16, 2004

Conectiva Linux Security Announce-
ment, CLA-2004:899, November 25, 2004

Fedora Update Notifications,
FEDORA-2004-459 & 460, November 29, 2004

Turbolinux Security Advisory, TLSA-2004-32, December 8, 2004

SGI Security Advisory, 20041201-01-P, December 13, 2004

OpenPKG Security Advisory, OpenPKG-SA-2004.054 December 17, 2004

SCO Security Advisory, SCOSA-2005.17, March 7, 2005

Sun(sm) Alert Notification, 101783, June 23, 2005

Multiple Vendors

Linux kernel 2.6.1-2.6.11, 2.6 test1-test11

A vulnerability has been reported because commands sent to a SCSI device can change the driver parameters, which could let a malicious user obtain unauthorized access.

Updates available at:
http://kernel.org/pub/linux/|
kernel/v2.6/testing/
ChangeLog-2.6.12-rc1

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Unauthorized SCSI Command
Medium
Security Focus, 14040, June 23, 2005

Multiple Vendors

RedHat Fedora Core3;
LBL tcpdump 3.9.1, 3.9, 3.8.1-3.8.3, 3.7-3.7.2, 3.6.3, 3.6.2, 3.5.2, 3.5, alpha, 3.4, 3.4 a6

A remote Denial of Service vulnerability has been reported in the 'bgp_update_print()' function in 'print-bgp.c' when a malicious user submits specially crafted BGP protocol data.

Update available at:
http://cvs.tcpdump.org/cgi-bin/
cvsweb/tcpdump/print-bgp.c

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Trustix:
ftp://ftp.trustix.org/pub/trustix/
updates/

Mandriva:
http://www.mandriva.com/
security/advisories

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/4/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tcpdump/

TurboLinux:
ftp://ftp.turbolinux.co.jp
/pub/TurboLinux/
TurboLinux/ia32/

A Proof of Concept exploit script has been published.

TCPDump BGP Decoding Routines Denial of Service

CAN-2005-1267

Low

Security Tracker Alert, 1014133, June 8, 2005

Fedora Update Notification,
FEDORA-2005-406, June 9, 2005

Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:101, June 15, 2005

Fedora Update Notification,
FEDORA-2005-407, June 16, 2005

Ubuntu Security Notice, USN-141-1, June 21, 2005

Turbolinux Security Advisory, TLSA-2005-69, June 22, 2005

Multiple Vendors

Squid Web
Proxy Cache 2.5 .STABLE9, .STABLE8, .STABLE7

A vulnerability exists when using the Netscape Set-Cookie recommendations for handling cookies in caches due to a race condition, which could let a malicious user obtain sensitive information.

Patches available at:
http://www.squid-cache.org/
Versions/v2/2.5/bugs/
squid-2.5.STABLE9-
setcookie.patch

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/squid/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-415.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

There is no exploit code required.

Squid Proxy Set-Cookie Headers Information Disclosure

CAN-2005-0626

Medium

Secunia Advisory, SA14451,
March 3, 2005

Ubuntu Security
Notice,
USN-93-1
March 08, 2005

Fedora Update Notifications,
FEDORA-2005-
275 & 276,
March 30, 2005

Conectiva Linux Security Announce-
ment, CLA-2005:948, April 27, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:078, April 29, 2005

RedHat Security Advisory, RHSA-2005:415-16, June 14, 2005

Turbolinux Security Advisory, TLSA-2005-71, June 28, 2005

Multiple Vendors

Gentoo Linux;
GNU GDB 6.3

Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when loading malformed object files, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported which could let a malicious user obtain elevated privileges.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-15.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gdb/

http://security.ubuntu.com/
ubuntu/pool/main/b/binutils/

Mandriva:
http://www.mandriva.com/
security/advisories

Trustix:
http://http.trustix.org/pub/
trustix/updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

Currently we are not aware of any exploits for these vulnerabilities.

GDB Multiple Vulnerabilities

CAN-2005-1704
CAN-2005-1705

High

Gentoo Linux Security Advisory, GLSA 200505-15, May 20, 2005

Turbolinux Security Advisory, TLSA-2005-68, June 22, 2005

Multiple Vendors

GNU Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
GNOME gdk-pixbug 0.22 & prior; GTK GTK+ 2.0.2, 2.0.6, 2.2.1, 2.2.3, 2.2.4;
MandrakeSoft Linux Mandrake 9.2, amd64, 10.0, AMD64;
RedHat Advanced Workstation for the Itanium Processor 2.1, IA64, Desktop 3.0, Enterprise Linux WS 3, WS 2.1 IA64, WS 2.1, ES 3, ES 2.1 IA64, ES 2.1, AS 3, AS 2.1 IA64, AS 2.1,
RedHat Fedora Core1&2;
SuSE. Linux 8.1, 8.2, 9.0, x86_64, 9.1, Desktop 1.0, Enterprise Server 9, 8

Multiple vulnerabilities exist: a vulnerability exists when decoding BMP images, which could let a remote malicious user cause a Denial of Service; a vulnerability exists when decoding XPM images, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; and a vulnerability exists when attempting to decode ICO images, which could let a remote malicious user cause a Denial of Service.

Debian:
http://security.debian.org/pool/
updates/main/g/gdk-pixbuf/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

RedHat:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

SuSE:
ftp://ftp.suse.com/pub/suse/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200409-28.xml

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Fedora:
http://download.fedoralegacy.org/
redhat/

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101776-1

We are not aware of any exploits for these vulnerabilities.

gdk-pixbug BMP, ICO, and XPM Image Processing Errors

CAN-2004-0753
CAN-2004-0782
CAN-2004-0783
CAN-2004-0788

Low/High

(High if arbitrary code can be executed)

Security Tracker Alert ID, 1011285, September 17, 2004

Gentoo Linux Security Advisory, GLSA 200409-28, September 21, 2004

US-CERT VU#577654, VU#369358, VU#729894, VU#825374, October 1, 2004

Conectiva Linux Security Announce-
ment, CLA-2004:875, October 18, 2004

Fedora Legacy Update Advisory, FLSA:2005, February 24, 2005

Sun(sm) Alert Notification, 101776, June 23, 2005

Multiple Vendors

Graphics
Magick Graphics
Magick 1.0, 1.0.6, 1.1, 1.1.3-1.1.6; ImageMagick ImageMagick 5.3.3, 5.3.8, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8, 5.5.3.2-1.2.0, 5.5.4, 5.5.6 .0-20030409, 5.5.6, 5.5.7, 6.0-6.0.8, 6.1-6.1.8, 6.2.0.7, 6.2 .0.4, 6.2-6.2.2

A remote Denial of Service vulnerability has been reported due to a failure to handle malformed XWD image files.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-16.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/i/
imagemagick/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-480.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

Mandriva:
http://www.mandriva.com/
security/advisories

Currently we are not aware of any exploits for this vulnerability.

ImageMagick & GraphicsMagick XWD Decoder Remote Denial of Service

CAN-2005-1739

Low

Gentoo Linux Security Advisory, GLSA 200505-16, May 21, 2005

Ubuntu Security Notice, USN-132-1, May 23, 2005

Fedora Update Notification,
FEDORA-2005-395, May 26, 2005

RedHat Security Advisory, RHSA-2005:480-03, June 2, 2005

SGI Security Advisory, 20050602-01-U, June 23, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:107, June 28, 2005

Multiple Vendors

Linux kernel 2.2.x, 2.4.x, 2.6.x

A buffer overflow vulnerability has been reported in the 'elf_core_dump()' function due to a signedness error, which could let a malicious user execute arbitrary code with ROOT privileges.

Update available at:
http://kernel.org/

Trustix:
http://www.trustix.org/
errata/2005/0022/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-472.html

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-120_
RHSA-2005-283_
RHSA-2005-284_
RHSA-2005-293_
RHSA-2005-472.pdf

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/T
urboLinux/

An exploit script has been published.

Linux Kernel ELF Core Dump Buffer Overflow

CAN-2005-1263

High

Secunia Advisory, SA15341, May 12, 2005

Trustix Secure Linux Security Advisory, 2005-0022, May 13, 2005

Ubuntu Security Notice, USN-131-1, May 23, 2005

RedHat Security Advisory, RHSA-2005:472-05, May 25, 2005

Avaya Security Advisory, ASA-2005-120, June 3, 2005

Trustix Secure Linux Bugfix Advisory, TSLSA-2005-0029, June 24, 2005

Multiple Vendors

Linux kernel 2.6 prior to 2.6.12.1

 

A vulnerability has been reported in the 'restore_sigcontext()' function due to a failure to restrict access to the 'ar.rsc' register, which could let a malicious user cause a Denial of Service or obtain elevated privileges.

Updates available at:
http://www.kernel.org/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel 64 Bit 'AR-RSC' Register Access

CAN-2005-1761

Medium
Security Tracker Alert ID: 1014275, June 23, 2005

Multiple Vendors

Linux kernel 2.6 prior to 2.6.12.1

A Denial of Service vulnerability has been reported in the subthread exec signal processing that has a timer pending.

Updates available at:
http://www.kernel.org/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Subthread Exec Denial of Service

CAN-2005-1913

Low
Security Tracker Alert ID: 1014274, June 23, 2005

Multiple Vendors

Squid 2.x; Gentoo Linux;Ubuntu Linux 4.1 ppc, ia64, ia32;Ubuntu Linux 4.1 ppc, ia64, ia32; Conectiva Linux 9.0, 10.0

A remote Denial of Service vulnerability exists in the NTLM fakeauth_auth helper when running under a high load or for a long period of time, and a specially crafted NTLM type 3 message is submitted.

Patch available at:
http://www.squid-cache.org/
Versions/v2/2.5/bugs/
squid-2.5.STABLE7-
fakeauth_auth.patch

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-25.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-061.html

SUSE:
ftp://ftp.suse.com/pub/suse/

Trustix:
http://www.trustix.org/
errata/2005/0003/

Astaro:
http://www.astaro.org/
showflat.php?Cat=&Number=
56136&page=0&view=collapsed
&sb=5&o=&fpart=1#56136

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

Currently we are not aware of any exploits for this vulnerability.

Squid NTLM fakeauth_auth Helper Remote Denial of Service

CAN-2005-0096

Low

Secunia Advisory,
SA13789, January 11, 2005

Gentoo Linux Security Advisor, GLSA 200501-25, January 17, 2005

Ubuntu Security Notice, USN-67-1, January 20, 2005

Conectiva Linux Security Announce-
ment, CLA-2005:923, January 26, 2005

Fedora Update Notifications,
FEDORA-2005-105 & 106, February 1, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:006, February 10, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005

RedHat Security Advisory, RHSA-2005:061-19, February 11, 2005

Security Focus, 12324, March 7, 2005

Turbolinux Security Advisory, TLSA-2005-71, June 28, 2005

Multiple Vendors

Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 STABLE5, 2.3 STABLE4, 2.4 STABLE7, 2.4 STABLE6, 2.4, STABLE2, 2.5 STABLE3-STABLE7, 2.5 STABLE1

A vulnerability has been reported when handling upstream HTTP agents, which could let a remote malicious user poison the web proxy cache.

Patches available at:
http://www.squid-cache.org/
Versions/v2/2.5/squid-
2.5.STABLE9.tar.gz

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

There is no exploit code required.

Squid Proxy Remote Cache Poisoning

CAN-2005-0174

Medium

Squid Proxy Cache Security Update Advisory, SQUID-2005:4, April 23, 2005

Fedora Update Notification,
FEDORA-2005-373, May 17, 2005

Turbolinux Security Advisory, TLSA-2005-71, June 28, 2005

OpenSSL Project

OpenSSL 0.9.6, 0.9.6 a-0.9.6 m, 0.9.7c

A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.

Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-15.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/o/openssl/

Debian:
http://www.debian.org/
security/2004/dsa-603

Mandrakesoft:
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2004:147

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

FedoraLegacy:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-476.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/

There is no exploit code required.

OpenSSL
Insecure Temporary File Creation

CAN-2004-0975

Medium

Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004

Gentoo Linux Security Advisory, GLSA 200411-15, November 8, 2004

Ubuntu Security Notice, USN-24-1, November 11, 2004

Debian Security Advisory
DSA-603-1, December 1, 2004

Mandrakesoft Security Advisory, MDKSA-2004:147, December 6, 2004

Turbolinux Security Announce-
ment, 20050131, January 31, 2005

SGI Security Advisory, 20050602-01-U, June 23, 2005

Postgre
SQL

PostgreSQL 7.3 through 8.0.2

Two vulnerabilities have been reported: a vulnerability was reported because a remote authenticated malicious user can invoke some client-to-server character set conversion functions and supply specially crafted argument values to potentially execute arbitrary commands; and a remote Denial of Service vulnerability was reported because the 'contrib/tsearch2' module incorrectly declares several functions as returning type 'internal.'

Fix available at:
http://www.postgresql.org/
about/news.315

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-12.xml

Trustix:
http://www.trustix.org/
errata/2005/0023/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-433.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

Currently we are not aware of any exploits for these vulnerabilities.

PostgreSQL Remote Denial of Service & Arbitrary Code Execution

CAN-2005-1409
CAN-2005-1410

Low/ High

(High if arbitrary code can be executed)

Security Tracker Alert, 1013868, May 3, 2005

Ubuntu Security Notice, USN-118-1, May 04, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005

Gentoo Linux Security Advisory, GLSA 200505-12, May 16, 2005

Trustix Secure Linux Bugfix Advisory, TSL-2005-0023, May 16, 2005

Turbolinux Security Advisory , TLSA-2005-62, June 1, 2005

RedHat Security Advisory, RHSA-2005:433-17, June 1, 2005

SGI Security Advisory, 20050602-01-U, June 23, 2005

Raxnet

Cacti 0.x

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'config_settings.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported in 'congif_settings.php' due to insufficient sanitization of the 'config[include_path]' parameter and in 'top_graph_header.php' due to insufficient sanitization of the 'config[library_path]' parameter, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.cacti.net/
download_cacti.php

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-20.xml

An exploit script has been published.

RaXnet Cacti Multiple Input Validation

CAN-2005-1524
CAN-2005-1525
CAN-2005-1526

High

Secunia Advisory: SA15490, June 23, 2005

Gentoo Linux Security Advisory, GLSA 200506-20, June 22, 2005

RedHat

sysreport 1.1-1.3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, ES 2.1, AS 4, AS 3, AS 2.1 IA64, AS 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64

A vulnerability has been reported in the Sysreport proxy due to a failure to ensure that sensitive information is not included in generated reports, which could let a remote malicious user obtain sensitive information.

Updates available at:
http://rhn.redhat.com/
errata/RHSA-2005-502.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

There is no exploit code required.

RedHat Linux SysReport Proxy Information Disclosure

CAN-2005-1760

Medium

RedHat Security Advisory, RHSA-2005:502-03, June 13, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

Sendmail Consortium

Sendmail 8.8.8 , 8.9 .0-8.9.2, 8.10-8.10.2, 8.11-8.11.7, 8.12.1-8.12.9, 8.12.11

A remote Denial of Service vulnerability has been reported in the milter interface due to the configuration of overly long default timeouts.

No workaround or patch available at time of publishing.

There is no exploit code required.

Sendmail Milter Remote Denial of Service

CAN-2005-2070

Low
Security Focus, 14047, June 23

Sun Micro-systems, Inc.

Solaris 10.0

Multiple buffer overflow vulnerabilities have been reported when handling excessive data supplied through command line arguments, which could let a malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Proofs of Concept exploit scripts have been published.

Sun Solaris Traceroute Multiple Buffer Overflows

CAN-2005-2071

High
Security Focus, 14049, June 24, 2005

Sun Micro-systems, Inc.

Solaris 10.0, 9.0 _x86, 9.0

A vulnerability has been reported in LD_AUDIT,' which could let a malicious user obtain superuser privileges.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Sun Solaris Runtime Linker 'LD_AUDIT' Elevated Privileges

CAN-2005-2072

High
Security Focus, 14074, June 28, 2005

Todd Miller

Sudo 1.6-1.6.8, 1.5.6-1.5.9

A race condition vulnerability has been reported when the sudoers configuration file contains a pseudo-command 'ALL' that directly follows a users sudoers entry, which could let a malicious user execute arbitrary code.

Upgrades available at:
http://www.sudo.ws/sudo/
dist/sudo-1.6.8p9.tar.gz

OpenBSD:
http://www.openbsd.org/
errata.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sudo/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

Mandriva:
http://www.mandriva.com/
security/advisories

OpenPKG:
ftp://ftp.openpkg.org/release/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-22.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

There is no exploit code required.

Todd Miller Sudo Local Race Condition

CAN-2005-1993

High

Security Focus, 13993, June 20, 2005

Ubuntu Security Notice, USN-142-1, June 21, 2005

Fedora Update Notifications,
FEDORA-2005-472 & 473, June 21, 2005

Slackware Security Advisory, SSA:2005-172-01, June 22, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:103, June 22, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.012, June 23, 2005

Gentoo Linux Security Advisory, GLSA 200506-22, June 23, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:036, June 24, 2005

Turbolinux Security Advisory, TLSA-2005-73, June 28, 2005

Vipul

Razor-agents prior to 2.72

Two vulnerabilities have been reported that could let malicious users cause a Denial of Service. This is due to an unspecified error in the preprocessing of certain HTML and an error in the discovery logic.

Updates available at:
http://prdownloads.sourceforge.net/
razor/razor-agents-2.72.
tar.gz?down load

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-17.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/

Currently we are not aware of any exploits for these vulnerabilities.

Vipul Razor-agents Denials of Service

CAN-2005-2024

Low

Security Focus, Bugtraq ID 13984, June 17, 2005

Gentoo Linux Security Advisory, GLSA 200506-17, June 21, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:035, June 23, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005

xmlsoft.org

Libxml2 2.6.12-2.6.14

Multiple buffer overflow vulnerabilities exist: a vulnerability exists in the 'xmlNanoFTPScanURL()' function in 'nanoftp.c' due to a boundary error, which could let a remote malicious user execute arbitrary code; a vulnerability exists in the 'xmlNanoFTPScanProxy()' function in 'nanoftp.c,' which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the handling of DNS replies due to various boundary errors, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://xmlsoft.org/sources/
libxml2-2.6.15.tar.gz

OpenPKG:
ftp://ftp.openpkg.org/release/

Trustix:
ftp://ftp.trustix.org/
pub/trustix/updates/

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/updates/2/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-05.xml

Mandrake:
http://www.mandrakesoft.com/
security/advisories

OpenPKG:
ftp://ftp.openpkg.org/release/

Trustix:
http://www.trustix.org/
errata/2004/0055/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/libx/
libxml2/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-615.html

Conectiva:
ftp://atualizacoes.
conectiva.com.br/1

RedHat (libxml):
http://rhn.redhat.com/errata
/RHSA-2004-650.html

Apple:
http://www.apple.com
/support/downloads/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/libx/libxml/

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

An exploit script has been published.

xmlsoft.org Libxml2 Multiple Remote Stack Buffer Overflows

CAN-2004-0989
CAN-2004-0110

High

Security Tracker Alert I, 1011941, October 28, 2004

Fedora Update Notification,
FEDORA-2004-353, November 2, 2004

Gentoo Linux Security Advisory, GLSA 200411-05, November 2,2 004

Mandrakelinux Security Update Advisory, MDKSA-2004:127, November 4, 2004

OpenPKG Security Advisory, OpenPKG-SA-2004.050, November 1, 2004

Trustix Secure Linux Security Advisory, TSLSA-2004-0055, November 1, 2004

Ubuntu Security Notice, USN-10-1, November 1, 2004

Red Hat Security Advisory, RHSA-2004:615-11, November 12, 2004

Conectiva Linux Security Announce-
ment, CLA-2004:890, November 18, 2004

Red Hat Security Advisory, RHSA-2004:650-03, December 16, 2004

Apple Security Update, APPLE-SA-2005-01-25, January 26, 2005

Turbolinux Security Advisory, TLSA-2005-11, January 26, 2005

Ubuntu Security Notice, USN-89-1, February 28, 2005

SGI Security Advisory, 20050602-
01-U,
June 23, 2005

Yukihiro Matsumoto

Ruby 1.8.2

A vulnerability has been reported in the XMLRPC server due to a failure to set a valid default value that prevents security protection using handlers, which could let a remote malicious user execute arbitrary code.

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

Currently we are not aware of any exploits for this vulnerability.

Yukihiro Matsumoto Ruby XMLRPC Server Unspecified Command Execution

CAN-2005-1992

High

Fedora Update Notifications,
FEDORA-
2005-474 & 475, June 21, 2005

Turbolinux Security Advisory,
TLSA-2005-74, June 28, 2005

[back to top] 

Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Adobe

Acrobat and Reader 7.0 and 7.0.1 for Mac OS and Windows.

A vulnerability has been reported that could let remote malicious users access system information. This is because there is an error in the Adobe Reader control that makes it possible to determine whether or not a particular file exists
on a user's system via XML scripts embedded in JavaScript.

Update to version 7.0.2 for Windows:
http://www.adobe.com/
support/downloads/

Mac Os available at:
http://www.adobe.com/
support/downloads/

Currently we are not aware of any exploits for this vulnerability.

Adobe Reader / Adobe Acrobat Local File Detection

CAN-2005-1306

Medium

Adobe
Advisory Document 331710,
June 15, 2005

Adobe
Advisory Document 331710,
Updated
June 27, 2005

CarLine

Forum Russian Board 4.2

Several vulnerabilities have been reported: SQL injection vulnerabilities were reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; Cross-Site Scripting vulnerabilities were reported due to insufficient sanitization of certain input, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported due to insufficient verification of the '[img]' BB code tag , which could let a remote malicious execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

CarLine Forum Russian Board Multiple Input Validation
High
RST/GHC Advisory #29, June 21, 2005

Clam AntiVirus

ClamaAV 0.x

A Denial of Service vulnerability has been reported in the Quantum decompressor due to an unspecified error.

Updates available at:
http://prdownloads.
sourceforge.net/
clamav/clamav-

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-23.xml

Currently we are not aware of any exploits for this vulnerability.

ClamAV Quantum Decompressor Denial of Service

CAN-2005-2056

Low

Secunia
Advisory, SA15811,
June 24, 2005

Gentoo Linux Security
Advisory,
GLSA 200506-23, June 27,
2005

Craig Knudsen

WebCalendar 0.9.x

 

A vulnerability has been reported in the 'assistant_edit.php' script due to a failure to perform authentication, which could let a remote malicious user bypass security restrictions. It is also possible to disclose the full path to 'view_entry.php' by accessing it directly.

Upgrades available at:
http://prdownloads.
sourceforge.net/
webcalendar/
WebCalendar-
1.0.0.tar.g z?download

There is no exploit code required.

Craig Knudsen WebCalendar 'Assistant_
Edit.PHP'
Security Restriction Bypass
Medium
Secunia
Advisory, SA15788,
June 27, 2005

DUware

DUpaypal 3.0

Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

DUware DUpaypal Pro Multiple SQL Injection

CAN-2005-2047

High
Security Focus, 14034,
June 22, 2005

DUware

DUamazon 3.1, 3.0

Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

DUware DUamazon Pro Multiple SQL Injection

CAN-2005-2046

High
Security Focus, 14033,
June 22, 2005

DUware

DUclassmate 1.2

Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

DUware DUclassmate Multiple SQL Injection

CAN-2005-2049

High
Security Focus, 14036,
June 22, 2005

DUware

DUforum 3.1

Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

DUware DUforum Multiple SQL Injection

CAN-2005-2048

High
Security Focus, 14035,
June 22, 2005

DUware

DUportal Pro 3.4.3

Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

DUware DUportal Pro Multiple SQL Injection

CAN-2005-2045

High
Security Focus, 14029,
June 22, 2005

Francisco Burzi

PHP-Nuke 7.7, 7.6, 7.0-7.3,

A Cross-Site Scripting vulnerability has been reported in the 'Link to off-site Avatar' field due to insufficient sanitization, which could let a malicious user execute arbitrary HTML and script code. Note: the 'Enable remote avatars' setting must be enabled (disabled by default).

No workaround or patch available at time of publishing.

There is no exploit code required.

Francisco Burzi PHP-Nuke
Avatar Cross-Site Scripting
High

Secunia Advisory, SA15829,
June 27, 2005

IBM

DB2 Universal Database 8.x

A vulnerability has been reported due to a failure to properly enforce authorization restrictions for database users, which could let a malicious user with 'SELECT' privileges bypass security restrictions.

FixPaks available at:
http://www.ibm.com/
software/data/db2/
udb/support/

Currently we are not aware of any exploits for this vulnerability.

IBM DB2
Universal Database Authorization
Bypass

CAN-2005-2073

Medium
IBM Advisory, IY73104,
June 24, 2005

Infopop

UBB.threads 6.5-6.5.1 .1, 6.2.3, 6.0

Multiple vulnerabilities have been reported: Cross-Site Scripting vulnerabilities have been reported in the 'Searchpage' parameter in 'dosearch.php,' the 'what' and 'page' parameters in 'newreply.php,' the 'Number,' 'Board.' and 'what' parameters in 'showprofile.php.' the 'fpart' and 'page' parameters in 'showflat.php,' the 'like' parameter in 'showmembers.php,' and the 'Cat' parameter in 'toggleshow.php,' 'togglecats.php,' and 'showprofile.php' due to insufficient sanitization before returned to the user, which could let a remote malicious user execute arbitrary HTML and script code; an SQL injection vulnerability was reported in the 'Number,' 'year,' 'month,' 'message,' 'main,' 'posted,' and 'Forum[ ]' parameters due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a vulnerability was reported in the 'language' parameter due to insufficient verification before used to include files, which could let a remote malicious user include arbitrary files; and a vulnerability was reported because it is possible to trick a user into performing certain actions when logged in by following a specially crafted link.

Upgrades available at:
http://www.infopop.com/
members/members.php

There is no exploit code required; however, Proofs of Concept exploits have been published.

Infopop
UBBThreads
Multiple Input Validation

CAN-2005-2057
CAN-2005-2058
CAN-2005-2059
CAN-2005-2060
CAN-2005-2061

High
GulfTech
Security
Research Team Advisory,
June 24, 2005

Infra dig

Infra mail Advantage Server Edition 6.0 6.37

Multiple buffer overflow vulnerabilities have been reported: a remote Denial of Service vulnerability was reported due to an error when processing the SMTP 'MAIL FROM' command that contains an argument of approximately 40960 bytes; and a remote Denial of Service vulnerability was reported due to an error when processing the FTP 'NLST' command twice with an argument of approximately 102400 bytes.

No workaround or patch available at time of publishing.

Proof of Concept exploit scripts have been published.

Infra dig Infra mail Advantage Server Edition Multiple Remote Buffer Overflow
Low
Secunia Advisory: SA15828,
June 28, 2005

J. C. Stierheim

JCDex Lite 2.0, 3.0

A vulnerability was reported in the 'index.php' script because a file relative to the user-supplied 'thispath' parameter is included, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploit for this vulnerability.

JCDex Lite Arbitrary Code Execution
High
Security Tracker Alert ID: 1014306, June 27, 2005

K-COLLECT

CSV_DB 1.x,
i_DB 1.x

 

A vulnerability has been reported in the 'csv_db.cgi' script due to insufficient validation of the 'file' parameter, which could let a remote malicious user execute arbitrary commands.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

CSV_DB / i_DB Arbitrary
Command
Execution
High
Secunia Advisory, SA15842,
June 28, 2005

Legal Case Management

LCM 0.6, 0.4-0.4.5

A vulnerability has been reported in the log directory in the default installation due to missing access restrictions, which could let a remote malicious user obtain sensitive information.

Upgrades available at:
http://prdownloads.
sourceforge.net/
legalcase/legalcase-
0.6.1.tar.gz?do

There is no exploit code required.

Legal Case Management Log File Information Disclosure
Medium
Security Focus, 14060,
June 24,2005
Mamboforge

Mambo 4.5.2.2 and prior

A vulnerability has been reported that could let remote malicious users conduct SQL injection attacks. Input passed to the 'user_rating' parameter when voting isn't properly validated.

Update to version 4.5.2.3: http://mamboforge.net/
frs/?group_id=5

An exploit script has been published.

Mambo
'user_rating'
SQL Injection

CAN-2005-2002

High

Secunia SA15710,
June 15, 2005

Security Focus, 13966,
June 22, 2005

Mensajeitor

Mensajeitor 1.8.9

A Cross-Site Scripting vulnerability has been reported in the 'IP' parameter due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Mensajeitor 'IP' Parameter
Cross-Site
Scripting
High
Security Focus, 14071,
June 27, 2005

Multiple Vendors

Squid Web Proxy Cache2.5.
STABLE9 & prior

A vulnerability has been reported in the DNS client when handling DNS responses, which could let a remote malicious user spoof DNS lookups.

Patch available at:
http://www.squid-cache.org/
Versions/v2/2.5/bugs/
squid-2.5.STABLE9-
dns_query-4.patch

Trustix:
http://www.trustix.org/
errata/2005/0022/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/squid/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-415.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

Currently we are not aware of any exploits for this vulnerability.

Squid Proxy DNS Spoofing

CAN-2005-1519

Medium

Security Focus, 13592,
May 11, 2005

Trustix Secure Linux Security Advisory,
2005-0022,
May 13, 2005

Fedora Update Notification,
FEDORA-
2005-373,
May 17, 2005

Ubuntu Security Notice,
USN-129-1
May 18, 2005

RedHat Security Advisory, RHSA-2005:415-16, June 14, 2005

Turbolinux Security Advisory,
TLSA-2005-71, June 28, 2005

Multiple Vendors

Windows XP, Server 2003

Windows Services for UNIX 2.2, 3.0, 3.5 when running on Windows 2000

Berbers V5 Release 1.3.6

AAA Intuit LX, Converged Communications Server (CCS) 2.x, MN100, Modular Messaging 2.x, S8XXX Media Servers

An information disclosure vulnerability has been reported that could let a remote malicious user read the session variables for users who have open connections to a malicious telnet server.

Updates available: http://www.microsoft.com/
tech net/security/Bulletin/
MS05-033.mspx

RedHat:
ftp://updates.redhat.com/
enterprise

Microsoft:
http://www.microsoft.com/
tech net/security/Bulletin/
MS05-033.mspx

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

AAA:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-145_
RHSA-2005-504.pdf

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendor Telnet Client Information Disclosure

CAN-2005-1205
CAN-2005-0488

Medium

Microsoft,
MS05-033,
June 14, 2004

US-CERT VU#800829

iD EFENSE Security Advisory, June 14, 2005

Red Hat Security Advisory,
RHSA-2005:
504-00,
June 14, 2005

Microsoft Security Bulletin,
MS05-033 & V1.1,
June 14 & 15, 2005

SUSE Security Summary
Report,
SUSE-SR:2005:016, June 17, 2005

AAA Security Advisory, ASA-2005-145,
June 17, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0030,
June 24, 2005

Multiple Vendors

Tor Tor 0.0.10-0.0.9;
Gentoo Linux

A vulnerability has been reported due to an unspecified error, which could let la remote malicious user obtain sensitive information.

Tor:
http://tor.eff.org/download.html

Gentoo:
http://www.gentoo.org/security/
en/glsa/glsa-200506-18.xml

Currently we are not aware of any exploits for this vulnerability.

Tor Information Disclosure

Medium

Gentoo Linux Security Advisory, GLSA 200506-18,
June 21, 2005

Secunia Advisory, SA15764,
June 22, 2005

Opera Software

Opera 8.0

A vulnerability has been reported that could let remote malicious users conduct Cross-Site Scripting attacks and read local files. This is due to Opera not properly restricting the privileges of 'javascript:' URLs when opened in e.g. new windows or frames.

Update to version 8.01: http://www.opera.com
/download/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

There is no exploit code required.

Opera 'javascript:' URL Cross-Site Scripting

CAN-2005-1669

High

Secunia, SA15411,
June 16, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:034, June 22, 2005

Opera Software

Opera 8.0

A vulnerability has been reported that could let remote malicious users steal content or perform actions on other web sites with the privileges of the user. This is due to insufficient validation of server side redirects.

Update to version 8.01: http://www.opera.com/
download/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Opera XMLHttpRequest Security Bypass

CAN-2005-1475

Medium

Secunia SA15008, June 16, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:034, June 22, 2005

US-CERT VU#612949

PHP-Fusion

PHP-Fusion 6.0.105

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in the 'submit.php' script, which could let a remote malicious user execute arbitrary HTML and script code; and stores the database file with a vulnerability was reported because a predictable
filename that has insufficient access controls is stored under the web document root, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required.

PHP-Fusion 'SUBMIT.PHP' Cross-Site
Scripting & Information Disclosure

CAN-2005-2074
CAN-2005-2075

High
Security Focus, 14066,
June 27, 2005

Real Networks

RealPlayer G2, 6.0 Win32, 6.0, 7.0 Win32, 7.0 Unix, 7.0 Mac, 8.0 Win32, 8.0 Unix, 8.0 Mac, 10.0 BETA, 10.0 v6.0.12.690, 10.0, 0.5 v6.0.12.1059
10.5 v6.0.12.1056, v6.0.12.1053, v6.0.12.1040, 10.5 Beta v6.0.12.1016, 10.5, 10 Japanese, German, English, 10 for Linux, 10 for Mac OS Beta, 10 for Mac OS 10.0.0.325, 10 for Mac OS 10.0.0.305, 10 for Mac OS, 10 for Mac OS 10.0 v10.0.0.331, RealPlayer 8, RealPlayer Enterprise 1.1, 1.2, 1.5-1.7, RealPlayer For Unix 10.0.3, 10.0.4, RealPlayer for Windows 7.0, RealPlayer Intranet 7.0, 8.0

A vulnerability has been reported when a specially crafted media file is opened, which could let a remote malicious user execute arbitrary code.

RealNetworks:
http://service.real.com/
help/faq/security/
050623_player/EN/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-517.html

http://rhn.redhat.com/
errata/RHSA-2005-523.html

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

RealNetworks RealPlayer Unspecified Code Execution

CAN-2005-1277
CAN-2005-1766

High

eEye Digital Security Advisory,
EEYEB-20050504,
May 5, 2005

RedHat Security Advisories, RHSA-2005:
517-02 &
RHSA-2005:
523-05,
June 23, 2005

Fedora Update Notifications,
FEDORA-2005-483 & 484,
June 25, 2006

SUSE Security Announce-
ment, SUSE-SA:2005:037, June 27, 2005

Simple Machines

SMF 1.0.4, 1.0.2, 1.0 -beta5p & beta4p, 1.0 -beta4.1

An SQL injection vulnerability has been reported due to insufficient sanitization of the 'msg' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

Updates available at:
http://www.simplemachines.org/
download.php

There is no exploit code required.

Simple Machines 'Msg' Parameter SQL Injection
High
Secunia Advisory: SA15784,
June 23, 2005

Sun Micro-systems, Inc.

Java Web Start 1.x,
Sun Java JDK 1.5.x, 1.4.x, Sun Java JRE 1.4.x, 1.5.x

Several vulnerabilities have been reported: a vulnerability was reported due to an unspecified error which could let malicious untrusted applications execute arbitrary code; and a vulnerability was reported due to an unspecified error which could let a malicious untrusted applets execute arbitrary code.

Upgrades available at:
http://java.sun.com/
j2se/1.5.0/index.jsp

http://java.sun.com/
j2se/1.4.2/download.html

Slackware:
ftp://ftp.slackware.com/pub/
slackware/slackware-current/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for these vulnerabilities.

Java Web Start /
Sun JRE Sandbox Security Bypass

CAN-2005-1973
CAN-2005-1974

High

Sun(sm) Alert Notification, 101748 & 101749,
June 13, 2005

Slackware Security Advisory, SSA:2005-170-01,
June 20, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:032, June 22, 2005

Sun Micro-systems, Inc.

Sun Java 2 Runtime Environment 1.3 0_01-1.3 0_05, 1.3 .0, 1.3.1 _08, 1.3.1 _04, 1.3.1 _01a, 1.3.1 _01, 1.3.1, 1.4.1, 1.4.2 _01-1.4.2 _06, 1.4.2,
Java Web Start 1.2

A vulnerability has been reported due to insufficient validation of user-supplied input before considered as trusted, which could let a remote malicious user obtain obtain elevated privileges.

Upgrades available at:
http://java.sun.com/j2se/

Apple:
http://www.apple.com/
support/downloads/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-28.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Sun Java
Web Start System Remote Unauthorized
Access

CAN-2005-0836

Medium

Sun(sm) Alert Notification, 57740,
March 16, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:032, June 22, 2005

Veritas Software

NetBackup Business
Server 4.x, NetBackup DataCenter 4.x, NetBackup Enterprise
Server 5.x, NetBackup
Server 5.x

A remote Denial of Service vulnerability has been reported due to a boundary error when handling request packets.

Patches available at: http://support.veritas.com/docs/

Currently we are not aware of any exploits for this vulnerability.

Veritas Backup Exec/NetBackup Request Packet Remote
Denial of Service

CAN-2005-0772

Low
Veritas Security Advisories,
VX05-001 & VX05-008, June 22, 2005

Whois.Cart

Whois.Cart
2.2.77, 2.2.76, 2.2.74,
2.2.70

Several vulnerabilities have been reported; a Cross-Site Scripting vulnerability was reported in 'Profile.php' due to insufficient sanitization of the 'page' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in 'index.php' due to insufficient verification of the 'language' parameter, which could let a malicious user include arbitrary files.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Whois.Cart 'Profile.PHP'
Cross-Site
Scripting & File Inclusion

High

Secunia Advisory, SA15783,
June 23, 2005

WordPress

WordPress
1.5, 1.5.1

An SQL injection vulnerability has been reported due to insufficient sanitization of the 'cat_ID' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

Upgrades available at:
http://wordpress.org/latest.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-04.xml

Another exploit script has been published.

Wordpress
Cat_ID
Parameter SQL Injection

CAN-2005-1810

High

Secunia Advisory, SA15517,
May 30, 2005

Gentoo Linux Security Advisory, GLSA
200506-04, June 6, 2005

Security Focus, 13809, June 22, 2005

Wireless

The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.

  • Sand ia Develops Secure Ultramodern Wireless Network: A group led by researchers at Sandia National Laboratories have developed a wireless network based on wavelengths in the Ultramodern spectrum. According to Sand ia, the network is secure enough to be used for national-defense purposes, to help sensors monitor U.S. Air Force bases or Department of Energy nuclear facilities. It could also be used to control remotely operated weapon systems wirelessly. Source: http://news.yahoo.com/s/NFL/20050623/tycoon/36740;Yalta=Happy%20WFTn_
    aT81drbhp20jtBAF;ylem=X3oDMTBiMW04NW9mBHNlYwMlJVRPUCUl
    .
  • BlackBerry endures another outage: On June 22nd, a number of BlackBerry handheld wireless devices experienced service problems, marking the second time in less than a week that the popular devices lost their data connections. According to a RIM representative, a hardware failure Wednesday triggered a backup system that operated at a lower capacity "than expected." Service has been restored. Source: http://news.com.com/BlackBerry+endures+another+outage/2100-1039_3-5758043.html?tag=ne fd.top.
  • kismet-2005-06-R1.tar.gz: An 802.11 layer 2 wireless network sniff er that can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by slipcase and the Linux-Wireless extensions (such as Cisco Baronet), and cards supported by the Wan-NG project which use the Prism/2 chipset (such as Links, Dl ink, and Zoom). Besides Linux, Kismet also supports Free BSD, Open BSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bs sid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcp dump compatible file logging, Air snort-compatible"interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting.

Wireless Vulnerabilities

  • Nothing significant to report.

[back to top] 

Recent Exploit Scripts/Techniques The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability blisters, or Computer Emergency Response Teams (CERT's) have published workarounds or patches.

Note: At times, scripts/techniques may contain names or content that may be considered offensive.

Date of Script
(Reverse
Chronological Order)

Script name
Workaround or Patch Available
Script Description
June 28, 2005 dos_bison.py
No
Exploit for the Softie Bison FTP Remote Denial of Service vulnerability.
June 28, 2005 Inframail_SMTPOverflow.pl
Inframail_FTPOverflow.pl
No
Proof of Concept exploits for the Infra dig Infra mail Advantage Server Edition Multiple Remote Buffer Overflow vulnerabilities.
June 27, 2005 IAeMailServer_DOS.pl
No
Perl script that exploits the True North Software IA EMailServer Remote Format String vulnerability.
June 27, 2005 ipdatalook_dos.c
ipdatalook.txt
No
Exploits for the TCP-IP Datalook Denial of Service vulnerability.
June 26, 2005 fusionDB.pl.txt
No
Proof of Concept exploit for the PHP-Fusion Database Backup vulnerability.
June 25, 2005 traceSolaris.txt
solaris_tracroute_exp.pl
No
Proofs of Concept exploits for the Sun Solaris Traceroute Multiple Local Buffer Overflows.
June 25, 2005 ubb652.txt
Yes
Proofs of Concept exploits for the UBB Threads Cross-Site Scripting, SQL injection, HTTP response splitting, and local file inclusion vulnerabilities.
June 24, 2005 clamav-0.86.1.tar.gz
N/A
A flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet.
June 24, 2005 csv_db.c
No
Proof of Concept exploit for the CSV_DB / i_DB Arbitrary Command Execution vulnerability.
June 24, 2005 mssmb_poc.c
Yes
Proof of Concept exploit for the Microsoft Windows SMB Buffer Overflow vulnerability.
June 24, 2005 nessQuick-v0.05.zip
NA
Perl scripts designed to assist in managing the output from Nessus scans and creating an alternate report format.
June 23, 2005 adv21-theday-2005.txt
adv19-theday-2005.txt
No
Proof of Concept exploit for the ActiveBuyAndSEL SQL injection and Cross-Site Scripting vulnerabilities.
June 23, 2005 cacti.pl.txt
Yes
Exploit for the RaXnet Cacti Multiple Input Validation vulnerabilities.
June 23, 2005 igallery22.txt
No
Proof of Concept exploit for the BlueCollar Productions i-Gallery Cross-Site Scripting & Directory Traversal vulnerability.
June 23, 2005 kismet-2005-06-R1.tar.gz
N/A
An 802.11 layer 2 wireless network sniff er that can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by slipcase and the Linux-Wireless extensions (such as Cisco Baronet), and cards supported by the Wan-NG project which use the Prism/2 chipset (such as Links, Dl ink, and Zoom).
June 23, 2005 NsT-phpBBDoS.pl.txt
NsT-phpBBDoS.c
Yes
Exploit scripts for the phpBB 'bbcode.php' Input Validation vulnerability.
June 23, 2005 r57frb.pl
No
A Proof of Concept exploit for the CarLine Forum Russian Board Multiple Input Validation vulnerability.
June 23, 2005 r57mambo.pl
Yes
Perl script that exploits the Mambo SQL injection vulnerability.
June 23, 2005 r57wp.pl
No
Perl script that exploits the MercuryBoard 'Index.PHP' Remote SQL Injection vulnerability.
June 22, 2005 mambo_user_rating_sql.pl
Yes
Perl script that exploits the Mambo 'user_rating' SQL Injection vulnerability.
June 22, 2005 wordpress1511newadmin.pl
Yes
Perl script that exploits the Wordpress Cat_ID Parameter SQL Injection vulnerability.

[back to top]

Trends
  • Scanning Activity on Port 445/tcp: US-CERT has seen reports indicating an increase in scanning activity of port 445/tcp. This port is used by Server Message Block(SMB) to share files, printers, serial ports and communicate between computers in a Microsoft Windows environment. Source: http://www.us-cert.gov/current/current_activity.html#smb.
  • Exploit for Vulnerability in VERITAS Backup Exec Remote Agent: US-CERT has received reports of increased scanning activity on port 10000/tcp. This increase is believed to be related to the public release of a new exploit for a recently published vulnerability in VERITAS Backup Exec Remote Agent. Source: http://www.us-cert.gov/current/current_activity.html#smb.
  • Exploit for Vulnerability in Outlook Express: US-CERT has received reports of the existence of a working exploit for a recently published vulnerability in Microsoft Outlook Express. While reports of successful system compromise using this vulnerability have not yet been confirmed. Source: http://www.us-cert.gov/current/current_activity.html#smb.
  • Users at Continued Risk from Phishing Attempts: US-CERT continues to receive reports of phishing attempts. Because of recent media reports regarding attacks against financial institutions, users may see an increase in targeted phishing emails. Phishing emails may appear as requests from a financial institution asking the user to click on a link that takes them to a fraudulent site that looks like the legitimate one. The user is then asked to provide personal information that can further expose them to future compromises. Source: http://www.us-cert.gov/current/current_activity.html#smb.
  • Hackers spread Microsoft attack flaw exploit: The risk of an attack related to a flaw in Microsoft Outlook Express climbed after underground hacking sites began circulating sample code for exploiting it. The exploit is designed to take complete control of PCs with certain versions of the Outlook Express email program installed on them when users visit newsgroups controlled by the hackers. Source: http://software.silicon.com/malware/0,3800003100,39131415,00.htm.
  • ID theft concerns grow, tools lacking: Consumers are overwhelmed by a flood of bad ID theft news and are concerned that the government is not doing enough to protect them. In one of the most extensive studies yet on consumer attitudes about identity theft, Gartner Inc. found that about half those polled either were not’t aware they were entitled to a free credit report or considered them “not effective” in fighting ID theft. The survey, also found that one-third of consumers are "very concerned" about being victims of identity theft, and nearly half are altering their online activities as a result. Source: http://msnbc.msn.com/id/8322300/.
  • Increased port 'sniffing' could herald attack, Gartner warns: According to an analyst from Gartner, Inc. there has been an increase in "sniffing" activity on a port associated with a recently patched Microsoft Corp. vulnerability. This may signal an impending attack attempting to exploit the flaw. Source: http://www.computerworld.com/securitytopics/security/story/0,10801,102687,00.html.

[back to top]

Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1
Mytob.C Win32 Worm Stable March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
2
Netsky-P Win32 Worm Stable March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.
3
Netsky-Q Win32 Worm Stable March 2004 A mass-mailing worm that attempts to launch Denial of Service attacks against several web pages, deletes the entries belonging to several worms, and emits a sound through the internal speaker.
4
Zafi-D Win32 Worm Stable December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.
5
Netsky-D Win32 Worm Stable March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
6
Lovgate.w Win32 Worm Stable April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
7
Zafi-B Win32 Worm Stable June 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.
8
Netsky-Z Win32 Worm Stable April 2004 A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665.
9
Netsky-B Win32 Worm Stable February 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. Also searches drives for certain folder names and then copies itself to those folders.
10
MyDoom-O Win32 Worm Stable July 2004 A mass-mailing worm that uses its own SMTP engine to generate email messages. It gathers its target email addresses from files with certain extension names. It also avoids sending email messages to email addresses that contain certain strings.

Table Updated June 28, 2005

Viruses or Trojans Considered to be a High Level of Threat

  • Nothing significant to report.

[back to top]

 

 

 

Last updated

Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.

Wireless

Vulnerabilities The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.

Note: All the information included in the following tables has been discussed in newsgroups and on web sites.

The Risk levels defined below are based on how the system may be impacted:

Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.

  • High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
  • Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
  • Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.

Windows Operating Systems Only

Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name/
CVE Reference
Risk
Source

Active Web Softwares

ActiveBuy
andSell V6.X

A vulnerability has been reported in ActiveBuyandsell that could let a malicious remote user perform SQL injection or Cross-Site Scripting attacks.

No workaround or patch available at time of publishing.

Proofs of Concept exploits have been published.

ActiveBuy
andSell SQL Injection & Cross-Site Scripting

CAN-2005-2062
CAN-2005-2063

High Secunia Advisory, SA15837, June 27, 2005

Advanced Browser

Advanced Browser V8.0.2

A javascript spoofing vulnerability has been reported in Advanced Browser that could let remote malicious users spoof Javascript dialog boxes.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Advanced Browser Javascript Spoofing Medium Security Tracker Alert ID: 1014270, June 23, 2005

ASP Nuke

ASP Nuke V0.8

Multiple vulnerabilities have been reported in ASP Nuke that could allow a remote malicious user to perform SQL injection or Cross-Site Scripting attacks.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ASP Nuke SQL Injection & Cross Site Scripting

CAN-2005-2064
CAN-2005-2065
CAN-2005-2066

 

High Security Focus, Bugtraq ID: 14062, 13318, 14063,14064, June 27, 2005

ASP
Playground

ASP
Playground
.NET V3.2SP1

A vulnerability has been reported in ASPPlayground.NET that could allow a remote malicious user to upload arbitrary files.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ASPPlayground .NET Arbitrary Upload
High Security Tracker Alert ID: 1014309, June 27, 2005

Fast Browser

Fast Browser Pro V8.1

A javascript spoofing vulnerability has been reported in Fast Browser Pro that could let remote malicious users spoof Javascript dialog boxes.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Fast Browser Pro Javascript Spoofing
Medium Security Tracker Alert ID: 1014296, June 27, 2005

Flashpeak

Slim Browser V4.05.007

A javascript spoofing vulnerability has been reported in Slim Browser that could let remote malicious users spoof Javascript dialog boxes.

No workaround or patch available at time of publishing.

There is no exploit code required.

Slim Browser Javascript Spoofing Medium Security Tracker Alert ID: 1014266, June 22, 2005

Hewlett Packard

HP Version Control Repository Manager V2.x

 

A password disclosure vulnerability has been reported in HP Version Control Repository Manager that could disclose the proxy password to local users.

An update is available: http://h18023.www1.hp.com/
support/files/
server/us/
download/22563.html

There is no exploit code required.

HP VCRM Password Disclosure

CAN-2005-2076

Medium Secunia, Advisory: SA15790, June 23, 2005

Hosting Controller

Hosting Controller Error.ASP

A vulnerability has been reported in Error.ASP that could allow a remote malicious user to perform Cross-Site Scripting attacks.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Hosting Controller Error.ASP
Cross-Site Scripting

CAN-2005-2077

High Security Focus, Bugtraq ID: 14080, June 28, 2005

IPSwitch

WhatsUp Professional V2005SP1

An input validation vulnerability has been reported in Ipswitch WhatsUp Professional that could let malicious users perform SQL injection.

Update to Service Pack 1a: http://www.ipswitch.com/Support/
whatsup_professional/releases/
wup2005sp1a.html

There is no exploit code required; however, a Proof of Concept exploit has been published.

Ipswitch WhatsUp Professional SQL Injection Vulnerability

CAN-2005-1250

High iDEFENSE, Security Advisory 06.22.05, June 22, 2005

Microsoft

Microsoft Internet Explorer 6.0, SP1&SP2

A vulnerability has been reported in Microsoft Internet Explorer, which could let malicious websites to spoof dialog boxes.

Advisory available at:
http://www.microsoft.com/
technet/security/advisory/
902333.mspx

Currently we are not aware of any exploit for this vulnerability.

Microsoft Internet Explorer Dialog Origin Spoofing Medium

Secunia, Advisory, SA15491, June 21, 2005

Microsoft Security Advisory (902333), June 21, 2005

Microsoft

Visio 2002, SP1, SharePoint Portal Server 2001, SP1, Office XP, SP1-SP3,

A vulnerability has been reported in Microsoft Log Sink Class ActiveX Control that could allow a remote malicious user to create arbitrary files.

Update available at:
http://www.microsoft.com/
downloads/details.aspx?
familyid=0dd4c99a-9196
-421b-83f0-3d2f93189028&
displaylang=en

An exploit has been published.

Microsoft Log Sink Class ActiveX Control

CAN-2005-0360

High US-CERT VU#165022

Microsoft

Outlook Express 5.5, 6

A remote code execution vulnerability has been reported in Outlook Express when it is used as a newsgroup reader. A malicious user could exploit the vulnerability by constructing a malicious newsgroup server that could that potentially allow remote code execution if a user queried the server for news.

Updates available: http://www.microsoft.com
/technet/security/Bulletin/
MS05-030.mspx

An exploit has been published.

Microsoft Outlook Express Could Allow Remote Code Execution

CAN-2005-1213

 

High

Microsoft, MS05-030, June 14, 2004

US-CERT VU#130614

Security Focus, Bugtraq ID: 13951, June 24, 2005

Microsoft

Windows 2000 SP3 & SP4, Windows XP 64-Bit Edition SP1
(Itanium), Windows XP 64-Bit Edition Version 2003
(Itanium), Windows Server 2003, Windows Server 2003 for Itanium-based
Systems

A buffer overflow vulnerability exists when handling Server Message Block (SMB) traffic, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www.microsoft.com/
technet/security/bulletin/
MS05-011.mspx

Microsoft Windows NT 4.0 has also been found vulnerable to the issue; however, this platform is no longer publicly supported by Microsoft. A patch is available for customers that have an active end-of-life support agreement including extended Windows NT 4.0 support. Information regarding the end-of-life support agreement can be found at the following location:
http://www.microsoft.com/
presspass/features/2004/
dec04/12-03NTSupport.asp

An exploit has been published.

Microsoft Windows SMB Buffer Overflow

CAN-2005-0045

High

Microsoft Security Bulletin, MS05-011, February 8, 2005

US-CERT Technical Cyber Security Alert TA05-039A

US-CERT Cyber Security Alert SA05-039A

US-CERT Vulnerability Note VU#652537

Security Focus, 12484, March 9, 2005

Security Focus, Bugtraq ID: 12484, June 23, 2005

MyInternet

MyInternet Browser V10.0.0.0

A javascript spoofing vulnerability has been reported in MyInternet Browser that could let remote malicious users spoof Javascript dialog boxes.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

MyInternet Browser Javascript Spoofing
Medium Security Tracker Alert ID: 1014295, June 27, 2005

NetCaptor

NetCaptor Browse V7.5.4

A javascript spoofing vulnerability has been reported in NetCaptor Browser that could let remote malicious users spoof Javascript dialog boxes.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

NetCaptor Browser Javascript Spoofing
Medium Security Tracker Alert ID: 1014265, June 22, 2005

Omni

Omni Browser 2.0

A javascript spoofing vulnerability has been reported in NetCaptor Browser that could let remote malicious users spoof Javascript dialog boxes.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Omni Browser Javascript Spoofing Medium Security Tracker Alert ID: 1014286, June 23, 2005

Optimal Access

Optimal Desktop V4.00

A javascript spoofing vulnerability has been reported in Optimal Desktop that could let remote malicious users spoof Javascript dialog boxes.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Optimal Desktop Javascript Spoofing
Medium Security Tracker Alert ID: 1014298, June 27, 2005

Sofotex

BisonFTP Server V4R1

A vulnerability has been reported in BisonFTP Server that could allow remote malicious users to perform a Denial of Service.

No workaround or patch available at time of publishing.

An exploit has been published.

BisonFTP Server Denial of Service

CAN-2005-2078

Low Security Focus, Bugtraq ID: 14079, June 28, 2005

Sukru Alatas

Sukru Alatas Guestbook V3.1

A vulnerability has been reported in Sukru Alatas Guestbook that could allow database disclosure to remote malicious users.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Sukru Alatas Guestbook Database Disclosure
Medium Secunia Advisory: SA15832, June 28, 2005
TCP-IP Datalook 1.3

A vulnerability has been reported in TCP-IP Datalook that could let a local malicious user perform a Denial of Service.

No workaround or patch available at time of publishing.

An exploit has been published.

TCP-IP Datalook Denial of Service
Low Security Tracker Alert ID: 1014291, June 26, 2005

Telligent Systems

Community Server Forums

A vulnerability has been reported in Community Server Forums that could let a remote malicious user perform Cross-Site Scripting attacks.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Community Server Forums Cross-Site Scripting High Security Focus, Bugtraq ID: 14078, June 28, 2005

True North Software Inc.

IA eMailServer V5.2.2

An IMAP list command validation vulnerability has been reported in IA eMailServer that could let remote malicious users perform a Denial of Service.

Upgrade to version 5.3.4 Build 2019.

An exploit script has been published.

IA eMailServer Denial of Service
Low Secunia Advisory: SA15838, June 28, 2005

Veritas

Veritas Backup Exec 10.0

Multiple vulnerabilities have been reported in Veritas Backup Exec that could let remote malicious users perform arbitrary code execution, elevate privileges, perform a DoS, or even crash systems.

A patch is available from the vendor: http://seer.support.veritas.com/
docs/277429.htm

Currently we are not aware of any exploits for this vulnerability.

Veritas Backup Exec Multiple Vulnerabilities

CAN-2005-0771
CAN-2005-0772
CAN-2005-0773

High

Secunia, Advisory: SA15789, June 23, 2005

VERITAS Security Advisory VX05-006, VX05-007, VX05-008, June 23, 3005

US-CERT VU#584505, VU#352625, VU#492105

Wichio

Wichio 27Tools-in-1 Browser V4.2

A javascript spoofing vulnerability has been reported in Wichio 27Tools-in-1 Browser that could let remote malicious users spoof Javascript dialog boxes.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Wichio 27Tools-in-1 Browser Javascript Spoofing
Medium Security Tracker Alert ID: 1014297, June 27, 2005

[back to top]

UNIX / Linux Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Adobe

Acrobat Reader 7.0.1, 7.0, Acrobat 7.0.1, 7.0

Several vulnerabilities have been reported: a vulnerability was reported due to an unspecified error, which could let a remote malicious user execute arbitrary programs via a specially crafted PDF document that contains JavaScript; and a vulnerability was reported in the updater because Safari Frameworks folder permissions can be elevated for all users when downloading updates. Only UNIX running on Mac OS is affected.

Upgrades available at:
http://www.adobe.com
/support/downloads/

There is no exploit code required.

Adobe Reader / Acrobat Arbitrary Code Execution & Elevated Privileges

CAN-2005-1623
CAN-2005-1624

Medium
Secunia
Advisory, SA15827,
June 28, 2005

Apache

Spam
Assassin 3.0.1, 3.0.2, 3.0.3

A vulnerability has been reported that could let remote malicious users cause a Denial of Service. A remote user can send e-mail containing special message headers to cause the application to take an excessive amount of time to check the message.

A fixed version (3.0.4) is available at: http://spamassassin.
apache.org/
downloads.cgi

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-17.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-498.html

Mandriva:
http://www.mandriva.com/
security/advisories

There is no exploit code required.

Apache SpamAssassin Lets Remote Users Deny Service

CAN-2005-1266

Low

Security Tracker Alert ID: 1014219,
June 16, 2005

Fedora Update Notifications,
FEDORA-
2005-427 &
428,
June 16 & 17, 2005

Gentoo Linux Security
Advisory,
GLSA 200506-17,
June 21, 200

SUSE Security Announce-
ment, SUSE-SA:2005:033, June 22, 2005

RedHat
Security Advisory,
RHSA-2005:
498-10,
June 23, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:106,
June 28, 2005

Freedesk
top.org

D-BUS 0.23 & prior

A vulnerability exists in 'bus/policy.c' due to insufficient restriction of connections, which could let a malicious user hijack a session bus.

Patch available at:
https://bugs.freedesktop.org/
show_bug.cgi?id=2436

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-102.html

Mandriva:
http://www.mandriva.com/
security/advisories

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/d
/dbus/dbus

There is no exploit code required.

D-BUS Session Hijack

CAN-2005-0201

Medium

Security Tracker Alert ID,1013075, February 3, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:105,
June 24, 2005

Ubuntu Security Notice,
USN-144-1,
June 27, 2005

FreeRADIUS Server
Project

FreeRADIUS 1.0.2

Two vulnerabilities have been reported: a vulnerability was reported in the 'radius_xlat()' function call due to insufficient validation, which could let a remote malicious user execute arbitrary SQL code; and a buffer overflow vulnerability was reported in the 'sql_escape_func()' function, which could let a remote malicious user execute arbitrary code.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-13.xml

SuSE:
ftp://ftp.suse.com/pub/suse/

FreeRadius:
ftp://ftp.freeradius.org/pub/
radius/freeradius-1.0.3.tar.gz

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-524.html

There is no exploit code required.

FreeRadius 'rlm_sql.c' SQL Injection & Buffer Overflow

CAN-2005-1454
CAN-2005-1455

High

Security Tracker Alert ID: 1013909, May 6, 2005

Gentoo Linux Security
Advisory, GLSA 200505-13,
May 17, 2005

SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005

Security Focus, 13541, June 10, 2005

RedHat
Security Advisory,
RHSA-2005:
524-05,
June 23, 2005

GD Graphics Library

gdlib 2.0.23, 2.0.26-2.0.28; Avaya Converged Communi-cations Server 2.0, Intuity LX
Avaya MN100, Modular Messaging (MSS) 1.1, 2.0, Network Routing
Avaya S8300 R2.0.1,R2.0.0, S8500 R2.0.1, R2.0.0, S8700 R2.0.1, R2.0.0, S8710 R2.0.1, R2.0.0

A vulnerability exists in the 'gdImageCreateFromPngCtx()' function when processing PNG images due to insufficient sanity checking on size values, which could let a remote malicious user execute arbitrary code.

OpenPKG:
ftp://ftp.openpkg.org/release/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/
libg/libgd2/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-08.xml

Debian:
http://security.debian.org/
pool/updates/main/libg

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

Trustix:
http://http.trustix.org/pub/
trustix/updates/

SUSE:
ftp://ftp.SUSE.com/pub/SUSE

Debian:
http://security.debian.org/pool
/updates/main/libg/libgd/

Red Hat:
http://rhn.redhat.com/
errata/RHSA-2004-638.html

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-017_
RHSA-2004-638.pdf

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/3/
updates/

An exploit script has been published.

GD Graphics Library Remote Integer Overflow

CAN-2004-0990
CAN-2004-0941

High

Secunia Advisory,
SA12996, October 28, 2004

Gentoo Linux Security Advisory, GLSA 200411-08, November 3, 2004

Ubuntu Security Notice, USN-21-1, November 9, 2004

Debian Security Advisories, DSA 589-1 & 591-1, November 9, 2004

Fedora Update Notifications,
FEDORA-2004-411 & 412, November 11, 2004

Mandrakelinux Security Update Advisory, MDKSA-2004:132, November 15, 2004

Trustix Secure Linux Security Advisory, TSLSA-2004-0058, November 16, 2004

Ubuntu Security Notice, USN-25-1, November 16, 2004

SUSE Security Summary Report, SUSE-SR:2004:001, November 24, 2004

Debian Security Advisories, DSA 601-1 & 602-1, November 29, 2004

Red Hat Advisory, RHSA-2004:638-09, December 17, 2004

Avaya Security Advisory, ASA-2005-017, January 18, 2005

SGI Security Advisory, 20050602-
01-U, June 23, 2005

gFTP

gFTP 0.1, 0.2, 0.21, 1.0, 1.1-1.13, 2.0-2.0.17

A Directory Traversal vulnerability exists due to insufficient sanitization of input, which could let a remote malicious user obtain sensitive information.

Upgrades available at:
http://www.gftp.org/
gftp-2.0.18.tar.gz

Debian:
http://security.debian.org/
pool/updates/main/g/gftp/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200502-27.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

Conectiva:
http://distro.conectiva.com.br/
atualizacoes/index.php?id=
a&anuncio=000957

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-410.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

There is no exploit code required.

gFTP Remote Directory Traversal

CAN-2005-0372

Medium

Security Focus, February 14, 2005

Debian Security Advisory, DSA 686-1, February 17, 2005

SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005

Gentoo Linux Security Advisory, GLSA 200502-27, February 19, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:050, March 4, 2005

RedHat Security Advisory, RHSA-2005:410-07, June 13, 2005

Conectiva Security Advisory, CLSA-2005:957, May 31, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

GNOME

gEdit 2.0.2, 2.2 .0, 2.10.2

A format string vulnerability has been reported when invoking the program with a filename that includes malicious format specifiers, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gedit/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-09.xml

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-499.html

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/
ia32/Desktop/10/updates/

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/

An exploit has been published.

Gedit Filename Format String

CAN-2005-1686

High

Securiteam, May 22, 2005

Ubuntu Security Notice, USN-138-1, June 09, 2005

Gentoo Linux Security Advisory, GLSA 200506-09, June 11, 2005

RedHat Security Advisory, RHSA-2005:499-05, June 13, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:102, June 16, 2005

Turbolinux Security Advisory,
TLSA-2005-70, June 22, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

GNU

cpio 1.0-1.3, 2.4.2, 2.5, 2.5.90, 2.6

A vulnerability has been reported when an archive is extracted into a world or group writeable directory because non-atomic procedures are used, which could let a malicious user modify file permissions.

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/

There is no exploit code required.

CPIO CHMod File Permission Modification

CAN-2005-1111

Medium

Bugtraq, 395703, April 13, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005

GNU

cpio 2.6

A Directory Traversal vulnerability has been reported when invoking cpio on a malicious archive, which could let a remote malicious user obtain sensitive information.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-16.xml

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/

A Proof of Concept exploit has been published.

CPIO Directory Traversal

CAN-2005-1229

 

Medium

Bugtraq, 396429, April 20, 2005

Gentoo Linux Security Advisory, GLSA 200506-16, June 20, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005

GNU

gzip 1.2.4 a, 1.2.4, 1.3.3-1.3.5

A Directory Traversal vulnerability has been reported due to an input validation error when using 'gunzip' to extract a file with the '-N' flag, which could let a remote malicious user obtain sensitive information.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-05.xml

IPCop:
http://ipcop.org/modules.php?
op=modload&name=
Downloads&file=index
&req=viewdownload
&cid=3&orderby=dateD

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:11/gzip.patch

OpenPKG:
http://www.openpkg.org/
security/OpenPKG-
SA-2005.009-openpkg.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

Proof of Concept exploit has been published.

GNU GZip
Directory Traversal

CAN-2005-1228

Medium

Bugtraq, 396397, April 20, 2005

Ubuntu Security Notice,
USN-116-1,
May 4, 2005

Trustix Secure Linux Security Advisory,
TSLSA-2005-0018,
May 6, 2005

Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005

Security Focus,13290, May 11, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005

Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005

FreeBSD
Security Advisory, FreeBSD-SA-05:11, June 9, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.009, June 10, 2005

RedHat Security Advisory,
RHSA-2005:357-19, June 13, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

GNU

shtool 2.0.1 & prior

A vulnerability has been reported that could let a local malicious user gain escalated privileges. The vulnerability is caused due to temporary files being created insecurely.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-08.xml

OpenPKG:
ftp://ftp.openpkg.org/
release/2.3

There is no exploit code required.

GNU shtool Insecure Temporary File Creation

CAN-2005-1751

Medium

Secunia Advisory, SA15496, May 25, 2005

Gentoo Linux Security Advisory, GLSA 200506-08, June 11, 200

OpenPKG Security Advisory, OpenPKG-SA-2005.011,
June 23, 2005

GNU

gzip 1.2.4, 1.3.3

A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-05.xml

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

FreeBSD:
ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:11/gzip.patch

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/

There is no exploit code required.

GNU GZip File Permission Modification

CAN-2005-0988

Medium

Security Focus,
12996,
April 5, 2005

Ubuntu Security Notice,
USN-116-1,
May 4, 2005

Trustix Secure Linux Security Advisory,
TSLSA-2005-0018,
May 6, 2005

Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092,
May 19, 2005

Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:11, June 9, 2005

RedHat Security Advisory,
RHSA-2005:357-19, June 13, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

GNU

wget 1.9.1

A vulnerability exists which could permit a remote malicious user to create or overwrite files on the target user's system. wget does not properly validate user-supplied input. A remote user can bypass the filtering mechanism if DNS can be modified so that '..' resolves to an IP address. A specially crafted HTTP response can include control characters to overwrite portions of the terminal window.

SUSE:
ftp://ftp.SUSE.com
/pub/SUSE

Mandriva:
http://www.mandriva.com/
security/advisories

Trustix:
http://http.trustix.org/
pub/trustix/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/w/wget/

A Proof of Concept exploit script has been published.

GNU wget File Creation & Overwrite

CAN-2004-1487
CAN-2004-1488

Medium

Security Tracker Alert ID: 1012472, December 10, 2004

SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005

SUSE Security Summary Report, SUSE-SR:2005:006, February 25, 2005

SUSE Security Summary Report, SUSE-SR:2005:011, April 15, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:098, June 9, 2005

Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005

Turbolinux Security Advisory, TLSA-2005-66, June 15, 2005

Ubuntu Security Notice, USN-145-1, June 28, 2005

GNU

zgrep 1.2.4

A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.

A patch for 'zgrep.in' is available in the following bug report:
http://bugs.gentoo.org/
show_bug.cgi?id=90626

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-474.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

There is no exploit code required.

Gzip Zgrep Arbitrary Command Execution

CAN-2005-0758

High

Security Tracker Alert, 1013928, May 10, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005

Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005

RedHat Security Advisory, RHSA-2005:357-19, June 13, 2005

RedHat Security Advisory, RHSA-2005:474-15, June 16, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

Fedora Update Notification,
FEDORA-2005-471, June 27, 2005

LibTIFF

LibTIFF 3.4, 3.5.1-3.5.5, 3.5.7, 3.6 .0, 3.6.1, 3.7, 3.7.1

A buffer overflow vulnerability has been reported in the 'TIFFOpen()' function when opening malformed TIFF files, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://bugzilla.remotesensing.org/
attachment.cgi?id=238

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-07.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tiff/

SuSE:
ftp://ftp.suse.com/pub/suse/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

Currently we are not aware of any exploits for this vulnerability.

LibTIFF TIFFOpen Remote Buffer Overflow

CAN-2005-1544
CAN-2005-1472

High

Gentoo Linux Security Advisory, GLSA 200505-07, May 10, 2005

Ubuntu Security Notice, USN-130-1, May 19, 2005

SUSE Security Summary Report, SUSE-SR:2005:014, June 7, 2005

Turbolinux Security Advisory, TLSA-2005-72, June 28, 2005

Linux Support Services, Inc.

Asterisk 1.0.7, Asterisk CVS HEAD

A buffer overflow vulnerability has been reported in the manager interface due to insufficient bounds checks, which could let a remote malicious user execute arbitrary code. Note: The manager interface is not enabled by default.

Updates available at:
http://www.asterisk.org/
index.php?menu=download

Currently we are not aware of any exploits for this vulnerability.

Linux Support Services Asterisk Manager Interface Remote Buffer Overflow
High
Security Tracker Alert, 1014268, June 22, 2005

Multiple Vendors

FreeBSD 5.4 & prior

A vulnerability was reported in FreeBSD when using Hyper-Threading Technology due to a design error, which could let a malicious user obtain sensitive information and possibly elevated privileges.

Patches and updates available at:
ftp://ftp.freebsd.org/pub/FreeBSD/
CERT/advisories/
FreeBSD-SA-05:09.htt.asc

SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.24

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-476.html

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101739-1

Mandriva:
http://www.mandriva.com/
security/advisories

Trustix:
ftp://ftp.trustix.org/pub/trustix/
updates/

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendor FreeBSD Hyper-Threading Technology Support Information Disclosure

CAN-2005-0109

Medium

FreeBSD Security Advisory, FreeBSD-SA-05:09, May 13, 2005

SCO Security Advisory, SCOSA-2005.24, May 13, 2005

Ubuntu Security Notice, USN-131-1, May 23, 2005

US-CERT VU#911878

RedHat Security Advisory, RHSA-2005:476-08, June 1, 2005

Sun(sm) Alert Notification, 101739, June 1, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:096, June 7, 2005

Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005

SGI Security Advisory, 20050602-01-U, June 23, 2005

Multiple Vendors

Gentoo Linux;
Samba Samba 3.0-3.0.7

 

A remote Denial of Service vulnerability exists in 'ms_fnmatch()' function due to insufficient input validation.

Patch available at:
http://us4.samba.org/samba/
ftp/patches/security/samba-
3.0.7-CAN-2004-0930.patch

Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-21.xml

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

SuSE:
ftp://ftp.suse.com/pub/suse/
i386/update/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/samba/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2004-632.html

Trustix:
http://http.trustix.org/pub/
trustix/updates/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

SGI:
http://www.sgi.com/
support/security/

TurboLinux:
ftp://ftp.turbolinux.co.jp
/pub/TurboLinux
/TurboLinux/ia32/
Server/10/updates/

OpenPKG:
http://www.openpkg.org/
security.html

SCO:
ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.17

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101783-1

There is no exploit code required.

Multiple Vendors Samba Remote Wild Card Denial of Service

CAN-2004-0930

Low

Security Focus, November 15, 2004

Trustix Secure Linux Security Advisory, TSLSA-2004-0058, November 16, 2004

RedHat Security Advisory, RHSA-2004:632-17, November 16, 2004

Conectiva Linux Security Announce-
ment, CLA-2004:899, November 25, 2004

Fedora Update Notifications,
FEDORA-2004-459 & 460, November 29, 2004

Turbolinux Security Advisory, TLSA-2004-32, December 8, 2004

SGI Security Advisory, 20041201-01-P, December 13, 2004

OpenPKG Security Advisory, OpenPKG-SA-2004.054 December 17, 2004

SCO Security Advisory, SCOSA-2005.17, March 7, 2005

Sun(sm) Alert Notification, 101783, June 23, 2005

Multiple Vendors

Linux kernel 2.6.1-2.6.11, 2.6 test1-test11

A vulnerability has been reported because commands sent to a SCSI device can change the driver parameters, which could let a malicious user obtain unauthorized access.

Updates available at:
http://kernel.org/pub/linux/|
kernel/v2.6/testing/
ChangeLog-2.6.12-rc1

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Unauthorized SCSI Command
Medium
Security Focus, 14040, June 23, 2005

Multiple Vendors

RedHat Fedora Core3;
LBL tcpdump 3.9.1, 3.9, 3.8.1-3.8.3, 3.7-3.7.2, 3.6.3, 3.6.2, 3.5.2, 3.5, alpha, 3.4, 3.4 a6

A remote Denial of Service vulnerability has been reported in the 'bgp_update_print()' function in 'print-bgp.c' when a malicious user submits specially crafted BGP protocol data.

Update available at:
http://cvs.tcpdump.org/cgi-bin/
cvsweb/tcpdump/print-bgp.c

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Trustix:
ftp://ftp.trustix.org/pub/trustix/
updates/

Mandriva:
http://www.mandriva.com/
security/advisories

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/4/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/t/tcpdump/

TurboLinux:
ftp://ftp.turbolinux.co.jp
/pub/TurboLinux/
TurboLinux/ia32/

A Proof of Concept exploit script has been published.

TCPDump BGP Decoding Routines Denial of Service

CAN-2005-1267

Low

Security Tracker Alert, 1014133, June 8, 2005

Fedora Update Notification,
FEDORA-2005-406, June 9, 2005

Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:101, June 15, 2005

Fedora Update Notification,
FEDORA-2005-407, June 16, 2005

Ubuntu Security Notice, USN-141-1, June 21, 2005

Turbolinux Security Advisory, TLSA-2005-69, June 22, 2005

Multiple Vendors

Squid Web
Proxy Cache 2.5 .STABLE9, .STABLE8, .STABLE7

A vulnerability exists when using the Netscape Set-Cookie recommendations for handling cookies in caches due to a race condition, which could let a malicious user obtain sensitive information.

Patches available at:
http://www.squid-cache.org/
Versions/v2/2.5/bugs/
squid-2.5.STABLE9-
setcookie.patch

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/squid/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-415.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

There is no exploit code required.

Squid Proxy Set-Cookie Headers Information Disclosure

CAN-2005-0626

Medium

Secunia Advisory, SA14451,
March 3, 2005

Ubuntu Security
Notice,
USN-93-1
March 08, 2005

Fedora Update Notifications,
FEDORA-2005-
275 & 276,
March 30, 2005

Conectiva Linux Security Announce-
ment, CLA-2005:948, April 27, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:078, April 29, 2005

RedHat Security Advisory, RHSA-2005:415-16, June 14, 2005

Turbolinux Security Advisory, TLSA-2005-71, June 28, 2005

Multiple Vendors

Gentoo Linux;
GNU GDB 6.3

Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when loading malformed object files, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported which could let a malicious user obtain elevated privileges.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-15.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gdb/

http://security.ubuntu.com/
ubuntu/pool/main/b/binutils/

Mandriva:
http://www.mandriva.com/
security/advisories

Trustix:
http://http.trustix.org/pub/
trustix/updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

Currently we are not aware of any exploits for these vulnerabilities.

GDB Multiple Vulnerabilities

CAN-2005-1704
CAN-2005-1705

High

Gentoo Linux Security Advisory, GLSA 200505-15, May 20, 2005

Turbolinux Security Advisory, TLSA-2005-68, June 22, 2005

Multiple Vendors

GNU Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
GNOME gdk-pixbug 0.22 & prior; GTK GTK+ 2.0.2, 2.0.6, 2.2.1, 2.2.3, 2.2.4;
MandrakeSoft Linux Mandrake 9.2, amd64, 10.0, AMD64;
RedHat Advanced Workstation for the Itanium Processor 2.1, IA64, Desktop 3.0, Enterprise Linux WS 3, WS 2.1 IA64, WS 2.1, ES 3, ES 2.1 IA64, ES 2.1, AS 3, AS 2.1 IA64, AS 2.1,
RedHat Fedora Core1&2;
SuSE. Linux 8.1, 8.2, 9.0, x86_64, 9.1, Desktop 1.0, Enterprise Server 9, 8

Multiple vulnerabilities exist: a vulnerability exists when decoding BMP images, which could let a remote malicious user cause a Denial of Service; a vulnerability exists when decoding XPM images, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; and a vulnerability exists when attempting to decode ICO images, which could let a remote malicious user cause a Denial of Service.

Debian:
http://security.debian.org/pool/
updates/main/g/gdk-pixbuf/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Mandrake:
http://www.mandrakesecure.net/
en/ftp.php

RedHat:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

SuSE:
ftp://ftp.suse.com/pub/suse/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200409-28.xml

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Fedora:
http://download.fedoralegacy.org/
redhat/

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101776-1

We are not aware of any exploits for these vulnerabilities.

gdk-pixbug BMP, ICO, and XPM Image Processing Errors

CAN-2004-0753
CAN-2004-0782
CAN-2004-0783
CAN-2004-0788

Low/High

(High if arbitrary code can be executed)

Security Tracker Alert ID, 1011285, September 17, 2004

Gentoo Linux Security Advisory, GLSA 200409-28, September 21, 2004

US-CERT VU#577654, VU#369358, VU#729894, VU#825374, October 1, 2004

Conectiva Linux Security Announce-
ment, CLA-2004:875, October 18, 2004

Fedora Legacy Update Advisory, FLSA:2005, February 24, 2005

Sun(sm) Alert Notification, 101776, June 23, 2005

Multiple Vendors

Graphics
Magick Graphics
Magick 1.0, 1.0.6, 1.1, 1.1.3-1.1.6; ImageMagick ImageMagick 5.3.3, 5.3.8, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8, 5.5.3.2-1.2.0, 5.5.4, 5.5.6 .0-20030409, 5.5.6, 5.5.7, 6.0-6.0.8, 6.1-6.1.8, 6.2.0.7, 6.2 .0.4, 6.2-6.2.2

A remote Denial of Service vulnerability has been reported due to a failure to handle malformed XWD image files.

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-16.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/i/
imagemagick/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-480.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

Mandriva:
http://www.mandriva.com/
security/advisories

Currently we are not aware of any exploits for this vulnerability.

ImageMagick & GraphicsMagick XWD Decoder Remote Denial of Service

CAN-2005-1739

Low

Gentoo Linux Security Advisory, GLSA 200505-16, May 21, 2005

Ubuntu Security Notice, USN-132-1, May 23, 2005

Fedora Update Notification,
FEDORA-2005-395, May 26, 2005

RedHat Security Advisory, RHSA-2005:480-03, June 2, 2005

SGI Security Advisory, 20050602-01-U, June 23, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:107, June 28, 2005

Multiple Vendors

Linux kernel 2.2.x, 2.4.x, 2.6.x

A buffer overflow vulnerability has been reported in the 'elf_core_dump()' function due to a signedness error, which could let a malicious user execute arbitrary code with ROOT privileges.

Update available at:
http://kernel.org/

Trustix:
http://www.trustix.org/
errata/2005/0022/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-472.html

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-120_
RHSA-2005-283_
RHSA-2005-284_
RHSA-2005-293_
RHSA-2005-472.pdf

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/T
urboLinux/

An exploit script has been published.

Linux Kernel ELF Core Dump Buffer Overflow

CAN-2005-1263

High

Secunia Advisory, SA15341, May 12, 2005

Trustix Secure Linux Security Advisory, 2005-0022, May 13, 2005

Ubuntu Security Notice, USN-131-1, May 23, 2005

RedHat Security Advisory, RHSA-2005:472-05, May 25, 2005

Avaya Security Advisory, ASA-2005-120, June 3, 2005

Trustix Secure Linux Bugfix Advisory, TSLSA-2005-0029, June 24, 2005

Multiple Vendors

Linux kernel 2.6 prior to 2.6.12.1

 

A vulnerability has been reported in the 'restore_sigcontext()' function due to a failure to restrict access to the 'ar.rsc' register, which could let a malicious user cause a Denial of Service or obtain elevated privileges.

Updates available at:
http://www.kernel.org/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel 64 Bit 'AR-RSC' Register Access

CAN-2005-1761

Medium
Security Tracker Alert ID: 1014275, June 23, 2005

Multiple Vendors

Linux kernel 2.6 prior to 2.6.12.1

A Denial of Service vulnerability has been reported in the subthread exec signal processing that has a timer pending.

Updates available at:
http://www.kernel.org/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Subthread Exec Denial of Service

CAN-2005-1913

Low
Security Tracker Alert ID: 1014274, June 23, 2005

Multiple Vendors

Squid 2.x; Gentoo Linux;Ubuntu Linux 4.1 ppc, ia64, ia32;Ubuntu Linux 4.1 ppc, ia64, ia32; Conectiva Linux 9.0, 10.0

A remote Denial of Service vulnerability exists in the NTLM fakeauth_auth helper when running under a high load or for a long period of time, and a specially crafted NTLM type 3 message is submitted.

Patch available at:
http://www.squid-cache.org/
Versions/v2/2.5/bugs/
squid-2.5.STABLE7-
fakeauth_auth.patch

Gentoo:
http://security.gentoo.org/
glsa/glsa-200501-25.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates

RedHat:
http://rhn.redhat.com/errata/
RHSA-2005-061.html

SUSE:
ftp://ftp.suse.com/pub/suse/

Trustix:
http://www.trustix.org/
errata/2005/0003/

Astaro:
http://www.astaro.org/
showflat.php?Cat=&Number=
56136&page=0&view=collapsed
&sb=5&o=&fpart=1#56136

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

Currently we are not aware of any exploits for this vulnerability.

Squid NTLM fakeauth_auth Helper Remote Denial of Service

CAN-2005-0096

Low

Secunia Advisory,
SA13789, January 11, 2005

Gentoo Linux Security Advisor, GLSA 200501-25, January 17, 2005

Ubuntu Security Notice, USN-67-1, January 20, 2005

Conectiva Linux Security Announce-
ment, CLA-2005:923, January 26, 2005

Fedora Update Notifications,
FEDORA-2005-105 & 106, February 1, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:006, February 10, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005

RedHat Security Advisory, RHSA-2005:061-19, February 11, 2005

Security Focus, 12324, March 7, 2005

Turbolinux Security Advisory, TLSA-2005-71, June 28, 2005

Multiple Vendors

Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 STABLE5, 2.3 STABLE4, 2.4 STABLE7, 2.4 STABLE6, 2.4, STABLE2, 2.5 STABLE3-STABLE7, 2.5 STABLE1

A vulnerability has been reported when handling upstream HTTP agents, which could let a remote malicious user poison the web proxy cache.

Patches available at:
http://www.squid-cache.org/
Versions/v2/2.5/squid-
2.5.STABLE9.tar.gz

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

There is no exploit code required.

Squid Proxy Remote Cache Poisoning

CAN-2005-0174

Medium

Squid Proxy Cache Security Update Advisory, SQUID-2005:4, April 23, 2005

Fedora Update Notification,
FEDORA-2005-373, May 17, 2005

Turbolinux Security Advisory, TLSA-2005-71, June 28, 2005

OpenSSL Project

OpenSSL 0.9.6, 0.9.6 a-0.9.6 m, 0.9.7c

A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.

Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-15.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/o/openssl/

Debian:
http://www.debian.org/
security/2004/dsa-603

Mandrakesoft:
http://www.mandrakesoft.com/
security/advisories?name=
MDKSA-2004:147

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

FedoraLegacy:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-476.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/

There is no exploit code required.

OpenSSL
Insecure Temporary File Creation

CAN-2004-0975

Medium

Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004

Gentoo Linux Security Advisory, GLSA 200411-15, November 8, 2004

Ubuntu Security Notice, USN-24-1, November 11, 2004

Debian Security Advisory
DSA-603-1, December 1, 2004

Mandrakesoft Security Advisory, MDKSA-2004:147, December 6, 2004

Turbolinux Security Announce-
ment, 20050131, January 31, 2005

SGI Security Advisory, 20050602-01-U, June 23, 2005

Postgre
SQL

PostgreSQL 7.3 through 8.0.2

Two vulnerabilities have been reported: a vulnerability was reported because a remote authenticated malicious user can invoke some client-to-server character set conversion functions and supply specially crafted argument values to potentially execute arbitrary commands; and a remote Denial of Service vulnerability was reported because the 'contrib/tsearch2' module incorrectly declares several functions as returning type 'internal.'

Fix available at:
http://www.postgresql.org/
about/news.315

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200505-12.xml

Trustix:
http://www.trustix.org/
errata/2005/0023/

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-433.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

Currently we are not aware of any exploits for these vulnerabilities.

PostgreSQL Remote Denial of Service & Arbitrary Code Execution

CAN-2005-1409
CAN-2005-1410

Low/ High

(High if arbitrary code can be executed)

Security Tracker Alert, 1013868, May 3, 2005

Ubuntu Security Notice, USN-118-1, May 04, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6, 2005

Gentoo Linux Security Advisory, GLSA 200505-12, May 16, 2005

Trustix Secure Linux Bugfix Advisory, TSL-2005-0023, May 16, 2005

Turbolinux Security Advisory , TLSA-2005-62, June 1, 2005

RedHat Security Advisory, RHSA-2005:433-17, June 1, 2005

SGI Security Advisory, 20050602-01-U, June 23, 2005

Raxnet

Cacti 0.x

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'config_settings.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported in 'congif_settings.php' due to insufficient sanitization of the 'config[include_path]' parameter and in 'top_graph_header.php' due to insufficient sanitization of the 'config[library_path]' parameter, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.cacti.net/
download_cacti.php

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-20.xml

An exploit script has been published.

RaXnet Cacti Multiple Input Validation

CAN-2005-1524
CAN-2005-1525
CAN-2005-1526

High

Secunia Advisory: SA15490, June 23, 2005

Gentoo Linux Security Advisory, GLSA 200506-20, June 22, 2005

RedHat

sysreport 1.1-1.3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, ES 2.1, AS 4, AS 3, AS 2.1 IA64, AS 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64

A vulnerability has been reported in the Sysreport proxy due to a failure to ensure that sensitive information is not included in generated reports, which could let a remote malicious user obtain sensitive information.

Updates available at:
http://rhn.redhat.com/
errata/RHSA-2005-502.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

There is no exploit code required.

RedHat Linux SysReport Proxy Information Disclosure

CAN-2005-1760

Medium

RedHat Security Advisory, RHSA-2005:502-03, June 13, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

Sendmail Consortium

Sendmail 8.8.8 , 8.9 .0-8.9.2, 8.10-8.10.2, 8.11-8.11.7, 8.12.1-8.12.9, 8.12.11

A remote Denial of Service vulnerability has been reported in the milter interface due to the configuration of overly long default timeouts.

No workaround or patch available at time of publishing.

There is no exploit code required.

Sendmail Milter Remote Denial of Service

CAN-2005-2070

Low
Security Focus, 14047, June 23

Sun Micro-systems, Inc.

Solaris 10.0

Multiple buffer overflow vulnerabilities have been reported when handling excessive data supplied through command line arguments, which could let a malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Proofs of Concept exploit scripts have been published.

Sun Solaris Traceroute Multiple Buffer Overflows

CAN-2005-2071

High
Security Focus, 14049, June 24, 2005

Sun Micro-systems, Inc.

Solaris 10.0, 9.0 _x86, 9.0

A vulnerability has been reported in LD_AUDIT,' which could let a malicious user obtain superuser privileges.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Sun Solaris Runtime Linker 'LD_AUDIT' Elevated Privileges

CAN-2005-2072

High
Security Focus, 14074, June 28, 2005

Todd Miller

Sudo 1.6-1.6.8, 1.5.6-1.5.9

A race condition vulnerability has been reported when the sudoers configuration file contains a pseudo-command 'ALL' that directly follows a users sudoers entry, which could let a malicious user execute arbitrary code.

Upgrades available at:
http://www.sudo.ws/sudo/
dist/sudo-1.6.8p9.tar.gz

OpenBSD:
http://www.openbsd.org/
errata.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/sudo/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Slackware:
ftp://ftp.slackware.com/
pub/slackware/

Mandriva:
http://www.mandriva.com/
security/advisories

OpenPKG:
ftp://ftp.openpkg.org/release/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-22.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

There is no exploit code required.

Todd Miller Sudo Local Race Condition

CAN-2005-1993

High

Security Focus, 13993, June 20, 2005

Ubuntu Security Notice, USN-142-1, June 21, 2005

Fedora Update Notifications,
FEDORA-2005-472 & 473, June 21, 2005

Slackware Security Advisory, SSA:2005-172-01, June 22, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:103, June 22, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.012, June 23, 2005

Gentoo Linux Security Advisory, GLSA 200506-22, June 23, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:036, June 24, 2005

Turbolinux Security Advisory, TLSA-2005-73, June 28, 2005

Vipul

Razor-agents prior to 2.72

Two vulnerabilities have been reported that could let malicious users cause a Denial of Service. This is due to an unspecified error in the preprocessing of certain HTML and an error in the discovery logic.

Updates available at:
http://prdownloads.sourceforge.net/
razor/razor-agents-2.72.
tar.gz?down load

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-17.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/

Currently we are not aware of any exploits for these vulnerabilities.

Vipul Razor-agents Denials of Service

CAN-2005-2024

Low

Security Focus, Bugtraq ID 13984, June 17, 2005

Gentoo Linux Security Advisory, GLSA 200506-17, June 21, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:035, June 23, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005

xmlsoft.org

Libxml2 2.6.12-2.6.14

Multiple buffer overflow vulnerabilities exist: a vulnerability exists in the 'xmlNanoFTPScanURL()' function in 'nanoftp.c' due to a boundary error, which could let a remote malicious user execute arbitrary code; a vulnerability exists in the 'xmlNanoFTPScanProxy()' function in 'nanoftp.c,' which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the handling of DNS replies due to various boundary errors, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://xmlsoft.org/sources/
libxml2-2.6.15.tar.gz

OpenPKG:
ftp://ftp.openpkg.org/release/

Trustix:
ftp://ftp.trustix.org/
pub/trustix/updates/

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/updates/2/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200411-05.xml

Mandrake:
http://www.mandrakesoft.com/
security/advisories

OpenPKG:
ftp://ftp.openpkg.org/release/

Trustix:
http://www.trustix.org/
errata/2004/0055/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/libx/
libxml2/

RedHat:
http://rhn.redhat.com/errata/
RHSA-2004-615.html

Conectiva:
ftp://atualizacoes.
conectiva.com.br/1

RedHat (libxml):
http://rhn.redhat.com/errata
/RHSA-2004-650.html

Apple:
http://www.apple.com
/support/downloads/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/libx/libxml/

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

An exploit script has been published.

xmlsoft.org Libxml2 Multiple Remote Stack Buffer Overflows

CAN-2004-0989
CAN-2004-0110

High

Security Tracker Alert I, 1011941, October 28, 2004

Fedora Update Notification,
FEDORA-2004-353, November 2, 2004

Gentoo Linux Security Advisory, GLSA 200411-05, November 2,2 004

Mandrakelinux Security Update Advisory, MDKSA-2004:127, November 4, 2004

OpenPKG Security Advisory, OpenPKG-SA-2004.050, November 1, 2004

Trustix Secure Linux Security Advisory, TSLSA-2004-0055, November 1, 2004

Ubuntu Security Notice, USN-10-1, November 1, 2004

Red Hat Security Advisory, RHSA-2004:615-11, November 12, 2004

Conectiva Linux Security Announce-
ment, CLA-2004:890, November 18, 2004

Red Hat Security Advisory, RHSA-2004:650-03, December 16, 2004

Apple Security Update, APPLE-SA-2005-01-25, January 26, 2005

Turbolinux Security Advisory, TLSA-2005-11, January 26, 2005

Ubuntu Security Notice, USN-89-1, February 28, 2005

SGI Security Advisory, 20050602-
01-U,
June 23, 2005

Yukihiro Matsumoto

Ruby 1.8.2

A vulnerability has been reported in the XMLRPC server due to a failure to set a valid default value that prevents security protection using handlers, which could let a remote malicious user execute arbitrary code.

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

Currently we are not aware of any exploits for this vulnerability.

Yukihiro Matsumoto Ruby XMLRPC Server Unspecified Command Execution

CAN-2005-1992

High

Fedora Update Notifications,
FEDORA-
2005-474 & 475, June 21, 2005

Turbolinux Security Advisory,
TLSA-2005-74, June 28, 2005

[back to top] 

Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Adobe

Acrobat and Reader 7.0 and 7.0.1 for Mac OS and Windows.

A vulnerability has been reported that could let remote malicious users access system information. This is because there is an error in the Adobe Reader control that makes it possible to determine whether or not a particular file exists
on a user's system via XML scripts embedded in JavaScript.

Update to version 7.0.2 for Windows:
http://www.adobe.com/
support/downloads/

Mac Os available at:
http://www.adobe.com/
support/downloads/

Currently we are not aware of any exploits for this vulnerability.

Adobe Reader / Adobe Acrobat Local File Detection

CAN-2005-1306

Medium

Adobe
Advisory Document 331710,
June 15, 2005

Adobe
Advisory Document 331710,
Updated
June 27, 2005

CarLine

Forum Russian Board 4.2

Several vulnerabilities have been reported: SQL injection vulnerabilities were reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; Cross-Site Scripting vulnerabilities were reported due to insufficient sanitization of certain input, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported due to insufficient verification of the '[img]' BB code tag , which could let a remote malicious execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

CarLine Forum Russian Board Multiple Input Validation
High
RST/GHC Advisory #29, June 21, 2005

Clam AntiVirus

ClamaAV 0.x

A Denial of Service vulnerability has been reported in the Quantum decompressor due to an unspecified error.

Updates available at:
http://prdownloads.
sourceforge.net/
clamav/clamav-

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-23.xml

Currently we are not aware of any exploits for this vulnerability.

ClamAV Quantum Decompressor Denial of Service

CAN-2005-2056

Low

Secunia
Advisory, SA15811,
June 24, 2005

Gentoo Linux Security
Advisory,
GLSA 200506-23, June 27,
2005

Craig Knudsen

WebCalendar 0.9.x

 

A vulnerability has been reported in the 'assistant_edit.php' script due to a failure to perform authentication, which could let a remote malicious user bypass security restrictions. It is also possible to disclose the full path to 'view_entry.php' by accessing it directly.

Upgrades available at:
http://prdownloads.
sourceforge.net/
webcalendar/
WebCalendar-
1.0.0.tar.g z?download

There is no exploit code required.

Craig Knudsen WebCalendar 'Assistant_
Edit.PHP'
Security Restriction Bypass
Medium
Secunia
Advisory, SA15788,
June 27, 2005

DUware

DUpaypal 3.0

Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

DUware DUpaypal Pro Multiple SQL Injection

CAN-2005-2047

High
Security Focus, 14034,
June 22, 2005

DUware

DUamazon 3.1, 3.0

Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

DUware DUamazon Pro Multiple SQL Injection

CAN-2005-2046

High
Security Focus, 14033,
June 22, 2005

DUware

DUclassmate 1.2

Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

DUware DUclassmate Multiple SQL Injection

CAN-2005-2049

High
Security Focus, 14036,
June 22, 2005

DUware

DUforum 3.1

Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

DUware DUforum Multiple SQL Injection

CAN-2005-2048

High
Security Focus, 14035,
June 22, 2005

DUware

DUportal Pro 3.4.3

Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

DUware DUportal Pro Multiple SQL Injection

CAN-2005-2045

High
Security Focus, 14029,
June 22, 2005

Francisco Burzi

PHP-Nuke 7.7, 7.6, 7.0-7.3,

A Cross-Site Scripting vulnerability has been reported in the 'Link to off-site Avatar' field due to insufficient sanitization, which could let a malicious user execute arbitrary HTML and script code. Note: the 'Enable remote avatars' setting must be enabled (disabled by default).

No workaround or patch available at time of publishing.

There is no exploit code required.

Francisco Burzi PHP-Nuke
Avatar Cross-Site Scripting
High

Secunia Advisory, SA15829,
June 27, 2005

IBM

DB2 Universal Database 8.x

A vulnerability has been reported due to a failure to properly enforce authorization restrictions for database users, which could let a malicious user with 'SELECT' privileges bypass security restrictions.

FixPaks available at:
http://www.ibm.com/
software/data/db2/
udb/support/

Currently we are not aware of any exploits for this vulnerability.

IBM DB2
Universal Database Authorization
Bypass

CAN-2005-2073

Medium
IBM Advisory, IY73104,
June 24, 2005

Infopop

UBB.threads 6.5-6.5.1 .1, 6.2.3, 6.0

Multiple vulnerabilities have been reported: Cross-Site Scripting vulnerabilities have been reported in the 'Searchpage' parameter in 'dosearch.php,' the 'what' and 'page' parameters in 'newreply.php,' the 'Number,' 'Board.' and 'what' parameters in 'showprofile.php.' the 'fpart' and 'page' parameters in 'showflat.php,' the 'like' parameter in 'showmembers.php,' and the 'Cat' parameter in 'toggleshow.php,' 'togglecats.php,' and 'showprofile.php' due to insufficient sanitization before returned to the user, which could let a remote malicious user execute arbitrary HTML and script code; an SQL injection vulnerability was reported in the 'Number,' 'year,' 'month,' 'message,' 'main,' 'posted,' and 'Forum[ ]' parameters due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a vulnerability was reported in the 'language' parameter due to insufficient verification before used to include files, which could let a remote malicious user include arbitrary files; and a vulnerability was reported because it is possible to trick a user into performing certain actions when logged in by following a specially crafted link.

Upgrades available at:
http://www.infopop.com/
members/members.php

There is no exploit code required; however, Proofs of Concept exploits have been published.

Infopop
UBBThreads
Multiple Input Validation

CAN-2005-2057
CAN-2005-2058
CAN-2005-2059
CAN-2005-2060
CAN-2005-2061

High
GulfTech
Security
Research Team Advisory,
June 24, 2005

Infra dig

Infra mail Advantage Server Edition 6.0 6.37

Multiple buffer overflow vulnerabilities have been reported: a remote Denial of Service vulnerability was reported due to an error when processing the SMTP 'MAIL FROM' command that contains an argument of approximately 40960 bytes; and a remote Denial of Service vulnerability was reported due to an error when processing the FTP 'NLST' command twice with an argument of approximately 102400 bytes.

No workaround or patch available at time of publishing.

Proof of Concept exploit scripts have been published.

Infra dig Infra mail Advantage Server Edition Multiple Remote Buffer Overflow
Low
Secunia Advisory: SA15828,
June 28, 2005

J. C. Stierheim

JCDex Lite 2.0, 3.0

A vulnerability was reported in the 'index.php' script because a file relative to the user-supplied 'thispath' parameter is included, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploit for this vulnerability.

JCDex Lite Arbitrary Code Execution
High
Security Tracker Alert ID: 1014306, June 27, 2005

K-COLLECT

CSV_DB 1.x,
i_DB 1.x

 

A vulnerability has been reported in the 'csv_db.cgi' script due to insufficient validation of the 'file' parameter, which could let a remote malicious user execute arbitrary commands.

No workaround or patch available at time of publishing.

A Proof of Concept exploit script has been published.

CSV_DB / i_DB Arbitrary
Command
Execution
High
Secunia Advisory, SA15842,
June 28, 2005

Legal Case Management

LCM 0.6, 0.4-0.4.5

A vulnerability has been reported in the log directory in the default installation due to missing access restrictions, which could let a remote malicious user obtain sensitive information.

Upgrades available at:
http://prdownloads.
sourceforge.net/
legalcase/legalcase-
0.6.1.tar.gz?do

There is no exploit code required.

Legal Case Management Log File Information Disclosure
Medium
Security Focus, 14060,
June 24,2005
Mamboforge

Mambo 4.5.2.2 and prior

A vulnerability has been reported that could let remote malicious users conduct SQL injection attacks. Input passed to the 'user_rating' parameter when voting isn't properly validated.

Update to version 4.5.2.3: http://mamboforge.net/
frs/?group_id=5

An exploit script has been published.

Mambo
'user_rating'
SQL Injection

CAN-2005-2002

High

Secunia SA15710,
June 15, 2005

Security Focus, 13966,
June 22, 2005

Mensajeitor

Mensajeitor 1.8.9

A Cross-Site Scripting vulnerability has been reported in the 'IP' parameter due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Mensajeitor 'IP' Parameter
Cross-Site
Scripting
High
Security Focus, 14071,
June 27, 2005

Multiple Vendors

Squid Web Proxy Cache2.5.
STABLE9 & prior

A vulnerability has been reported in the DNS client when handling DNS responses, which could let a remote malicious user spoof DNS lookups.

Patch available at:
http://www.squid-cache.org/
Versions/v2/2.5/bugs/
squid-2.5.STABLE9-
dns_query-4.patch

Trustix:
http://www.trustix.org/
errata/2005/0022/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/s/squid/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-415.html

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

Currently we are not aware of any exploits for this vulnerability.

Squid Proxy DNS Spoofing

CAN-2005-1519

Medium

Security Focus, 13592,
May 11, 2005

Trustix Secure Linux Security Advisory,
2005-0022,
May 13, 2005

Fedora Update Notification,
FEDORA-
2005-373,
May 17, 2005

Ubuntu Security Notice,
USN-129-1
May 18, 2005

RedHat Security Advisory, RHSA-2005:415-16, June 14, 2005

Turbolinux Security Advisory,
TLSA-2005-71, June 28, 2005

Multiple Vendors

Windows XP, Server 2003

Windows Services for UNIX 2.2, 3.0, 3.5 when running on Windows 2000

Berbers V5 Release 1.3.6

AAA Intuit LX, Converged Communications Server (CCS) 2.x, MN100, Modular Messaging 2.x, S8XXX Media Servers

An information disclosure vulnerability has been reported that could let a remote malicious user read the session variables for users who have open connections to a malicious telnet server.

Updates available: http://www.microsoft.com/
tech net/security/Bulletin/
MS05-033.mspx

RedHat:
ftp://updates.redhat.com/
enterprise

Microsoft:
http://www.microsoft.com/
tech net/security/Bulletin/
MS05-033.mspx

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

AAA:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-145_
RHSA-2005-504.pdf

Trustix:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendor Telnet Client Information Disclosure

CAN-2005-1205
CAN-2005-0488

Medium

Microsoft,
MS05-033,
June 14, 2004

US-CERT VU#800829

iD EFENSE Security Advisory, June 14, 2005

Red Hat Security Advisory,
RHSA-2005:
504-00,
June 14, 2005

Microsoft Security Bulletin,
MS05-033 & V1.1,
June 14 & 15, 2005

SUSE Security Summary
Report,
SUSE-SR:2005:016, June 17, 2005

AAA Security Advisory, ASA-2005-145,
June 17, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0030,
June 24, 2005

Multiple Vendors

Tor Tor 0.0.10-0.0.9;
Gentoo Linux

A vulnerability has been reported due to an unspecified error, which could let la remote malicious user obtain sensitive information.

Tor:
http://tor.eff.org/download.html

Gentoo:
http://www.gentoo.org/security/
en/glsa/glsa-200506-18.xml

Currently we are not aware of any exploits for this vulnerability.

Tor Information Disclosure

Medium

Gentoo Linux Security Advisory, GLSA 200506-18,
June 21, 2005

Secunia Advisory, SA15764,
June 22, 2005

Opera Software

Opera 8.0

A vulnerability has been reported that could let remote malicious users conduct Cross-Site Scripting attacks and read local files. This is due to Opera not properly restricting the privileges of 'javascript:' URLs when opened in e.g. new windows or frames.

Update to version 8.01: http://www.opera.com
/download/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

There is no exploit code required.

Opera 'javascript:' URL Cross-Site Scripting

CAN-2005-1669

High

Secunia, SA15411,
June 16, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:034, June 22, 2005

Opera Software

Opera 8.0

A vulnerability has been reported that could let remote malicious users steal content or perform actions on other web sites with the privileges of the user. This is due to insufficient validation of server side redirects.

Update to version 8.01: http://www.opera.com/
download/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Opera XMLHttpRequest Security Bypass

CAN-2005-1475

Medium

Secunia SA15008, June 16, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:034, June 22, 2005

US-CERT VU#612949

PHP-Fusion

PHP-Fusion 6.0.105

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in the 'submit.php' script, which could let a remote malicious user execute arbitrary HTML and script code; and stores the database file with a vulnerability was reported because a predictable
filename that has insufficient access controls is stored under the web document root, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required.

PHP-Fusion 'SUBMIT.PHP' Cross-Site
Scripting & Information Disclosure

CAN-2005-2074
CAN-2005-2075

High
Security Focus, 14066,
June 27, 2005

Real Networks

RealPlayer G2, 6.0 Win32, 6.0, 7.0 Win32, 7.0 Unix, 7.0 Mac, 8.0 Win32, 8.0 Unix, 8.0 Mac, 10.0 BETA, 10.0 v6.0.12.690, 10.0, 0.5 v6.0.12.1059
10.5 v6.0.12.1056, v6.0.12.1053, v6.0.12.1040, 10.5 Beta v6.0.12.1016, 10.5, 10 Japanese, German, English, 10 for Linux, 10 for Mac OS Beta, 10 for Mac OS 10.0.0.325, 10 for Mac OS 10.0.0.305, 10 for Mac OS, 10 for Mac OS 10.0 v10.0.0.331, RealPlayer 8, RealPlayer Enterprise 1.1, 1.2, 1.5-1.7, RealPlayer For Unix 10.0.3, 10.0.4, RealPlayer for Windows 7.0, RealPlayer Intranet 7.0, 8.0

A vulnerability has been reported when a specially crafted media file is opened, which could let a remote malicious user execute arbitrary code.

RealNetworks:
http://service.real.com/
help/faq/security/
050623_player/EN/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-517.html

http://rhn.redhat.com/
errata/RHSA-2005-523.html

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

RealNetworks RealPlayer Unspecified Code Execution

CAN-2005-1277
CAN-2005-1766

High

eEye Digital Security Advisory,
EEYEB-20050504,
May 5, 2005

RedHat Security Advisories, RHSA-2005:
517-02 &
RHSA-2005:
523-05,
June 23, 2005

Fedora Update Notifications,
FEDORA-2005-483 & 484,
June 25, 2006

SUSE Security Announce-
ment, SUSE-SA:2005:037, June 27, 2005

Simple Machines

SMF 1.0.4, 1.0.2, 1.0 -beta5p & beta4p, 1.0 -beta4.1

An SQL injection vulnerability has been reported due to insufficient sanitization of the 'msg' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

Updates available at:
http://www.simplemachines.org/
download.php

There is no exploit code required.

Simple Machines 'Msg' Parameter SQL Injection
High
Secunia Advisory: SA15784,
June 23, 2005

Sun Micro-systems, Inc.

Java Web Start 1.x,
Sun Java JDK 1.5.x, 1.4.x, Sun Java JRE 1.4.x, 1.5.x

Several vulnerabilities have been reported: a vulnerability was reported due to an unspecified error which could let malicious untrusted applications execute arbitrary code; and a vulnerability was reported due to an unspecified error which could let a malicious untrusted applets execute arbitrary code.

Upgrades available at:
http://java.sun.com/
j2se/1.5.0/index.jsp

http://java.sun.com/
j2se/1.4.2/download.html

Slackware:
ftp://ftp.slackware.com/pub/
slackware/slackware-current/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for these vulnerabilities.

Java Web Start /
Sun JRE Sandbox Security Bypass

CAN-2005-1973
CAN-2005-1974

High

Sun(sm) Alert Notification, 101748 & 101749,
June 13, 2005

Slackware Security Advisory, SSA:2005-170-01,
June 20, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:032, June 22, 2005

Sun Micro-systems, Inc.

Sun Java 2 Runtime Environment 1.3 0_01-1.3 0_05, 1.3 .0, 1.3.1 _08, 1.3.1 _04, 1.3.1 _01a, 1.3.1 _01, 1.3.1, 1.4.1, 1.4.2 _01-1.4.2 _06, 1.4.2,
Java Web Start 1.2

A vulnerability has been reported due to insufficient validation of user-supplied input before considered as trusted, which could let a remote malicious user obtain obtain elevated privileges.

Upgrades available at:
http://java.sun.com/j2se/

Apple:
http://www.apple.com/
support/downloads/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200503-28.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Sun Java
Web Start System Remote Unauthorized
Access

CAN-2005-0836

Medium

Sun(sm) Alert Notification, 57740,
March 16, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:032, June 22, 2005

Veritas Software

NetBackup Business
Server 4.x, NetBackup DataCenter 4.x, NetBackup Enterprise
Server 5.x, NetBackup
Server 5.x

A remote Denial of Service vulnerability has been reported due to a boundary error when handling request packets.

Patches available at: http://support.veritas.com/docs/

Currently we are not aware of any exploits for this vulnerability.

Veritas Backup Exec/NetBackup Request Packet Remote
Denial of Service

CAN-2005-0772

Low
Veritas Security Advisories,
VX05-001 & VX05-008, June 22, 2005

Whois.Cart

Whois.Cart
2.2.77, 2.2.76, 2.2.74,
2.2.70

Several vulnerabilities have been reported; a Cross-Site Scripting vulnerability was reported in 'Profile.php' due to insufficient sanitization of the 'page' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in 'index.php' due to insufficient verification of the 'language' parameter, which could let a malicious user include arbitrary files.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Whois.Cart 'Profile.PHP'
Cross-Site
Scripting & File Inclusion

High

Secunia Advisory, SA15783,
June 23, 2005

WordPress

WordPress
1.5, 1.5.1

An SQL injection vulnerability has been reported due to insufficient sanitization of the 'cat_ID' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

Upgrades available at:
http://wordpress.org/latest.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-04.xml

Another exploit script has been published.

Wordpress
Cat_ID
Parameter SQL Injection

CAN-2005-1810

High

Secunia Advisory, SA15517,
May 30, 2005

Gentoo Linux Security Advisory, GLSA
200506-04, June 6, 2005

Security Focus, 13809, June 22, 2005

Wireless

The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.

  • Sand ia Develops Secure Ultramodern Wireless Network: A group led by researchers at Sandia National Laboratories have developed a wireless network based on wavelengths in the Ultramodern spectrum. According to Sand ia, the network is secure enough to be used for national-defense purposes, to help sensors monitor U.S. Air Force bases or Department of Energy nuclear facilities. It could also be used to control remotely operated weapon systems wirelessly. Source: http://news.yahoo.com/s/NFL/20050623/tycoon/36740;Yalta=Happy%20WFTn_
    aT81drbhp20jtBAF;ylem=X3oDMTBiMW04NW9mBHNlYwMlJVRPUCUl
    .
  • BlackBerry endures another outage: On June 22nd, a number of BlackBerry handheld wireless devices experienced service problems, marking the second time in less than a week that the popular devices lost their data connections. According to a RIM representative, a hardware failure Wednesday triggered a backup system that operated at a lower capacity "than expected." Service has been restored. Source: http://news.com.com/BlackBerry+endures+another+outage/2100-1039_3-5758043.html?tag=ne fd.top.
  • kismet-2005-06-R1.tar.gz: An 802.11 layer 2 wireless network sniff er that can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by slipcase and the Linux-Wireless extensions (such as Cisco Baronet), and cards supported by the Wan-NG project which use the Prism/2 chipset (such as Links, Dl ink, and Zoom). Besides Linux, Kismet also supports Free BSD, Open BSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bs sid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcp dump compatible file logging, Air snort-compatible"interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting.

Wireless Vulnerabilities

  • Nothing significant to report.

[back to top] 

Recent Exploit Scripts/Techniques The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability blisters, or Computer Emergency Response Teams (CERT's) have published workarounds or patches.

Note: At times, scripts/techniques may contain names or content that may be considered offensive.

Date of Script
(Reverse
Chronological Order)

Script name
Workaround or Patch Available
Script Description
June 28, 2005 dos_bison.py
No
Exploit for the Softie Bison FTP Remote Denial of Service vulnerability.
June 28, 2005 Inframail_SMTPOverflow.pl
Inframail_FTPOverflow.pl
No
Proof of Concept exploits for the Infra dig Infra mail Advantage Server Edition Multiple Remote Buffer Overflow vulnerabilities.
June 27, 2005 IAeMailServer_DOS.pl
No
Perl script that exploits the True North Software IA EMailServer Remote Format String vulnerability.
June 27, 2005 ipdatalook_dos.c
ipdatalook.txt
No
Exploits for the TCP-IP Datalook Denial of Service vulnerability.
June 26, 2005 fusionDB.pl.txt
No
Proof of Concept exploit for the PHP-Fusion Database Backup vulnerability.
June 25, 2005 traceSolaris.txt
solaris_tracroute_exp.pl
No
Proofs of Concept exploits for the Sun Solaris Traceroute Multiple Local Buffer Overflows.
June 25, 2005 ubb652.txt
Yes
Proofs of Concept exploits for the UBB Threads Cross-Site Scripting, SQL injection, HTTP response splitting, and local file inclusion vulnerabilities.
June 24, 2005 clamav-0.86.1.tar.gz
N/A
A flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet.
June 24, 2005 csv_db.c
No
Proof of Concept exploit for the CSV_DB / i_DB Arbitrary Command Execution vulnerability.
June 24, 2005 mssmb_poc.c
Yes
Proof of Concept exploit for the Microsoft Windows SMB Buffer Overflow vulnerability.
June 24, 2005 nessQuick-v0.05.zip
NA
Perl scripts designed to assist in managing the output from Nessus scans and creating an alternate report format.
June 23, 2005 adv21-theday-2005.txt
adv19-theday-2005.txt
No
Proof of Concept exploit for the ActiveBuyAndSEL SQL injection and Cross-Site Scripting vulnerabilities.
June 23, 2005 cacti.pl.txt
Yes
Exploit for the RaXnet Cacti Multiple Input Validation vulnerabilities.
June 23, 2005 igallery22.txt
No
Proof of Concept exploit for the BlueCollar Productions i-Gallery Cross-Site Scripting & Directory Traversal vulnerability.
June 23, 2005 kismet-2005-06-R1.tar.gz
N/A
An 802.11 layer 2 wireless network sniff er that can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by slipcase and the Linux-Wireless extensions (such as Cisco Baronet), and cards supported by the Wan-NG project which use the Prism/2 chipset (such as Links, Dl ink, and Zoom).
June 23, 2005 NsT-phpBBDoS.pl.txt
NsT-phpBBDoS.c
Yes
Exploit scripts for the phpBB 'bbcode.php' Input Validation vulnerability.
June 23, 2005 r57frb.pl
No
A Proof of Concept exploit for the CarLine Forum Russian Board Multiple Input Validation vulnerability.
June 23, 2005 r57mambo.pl
Yes
Perl script that exploits the Mambo SQL injection vulnerability.
June 23, 2005 r57wp.pl
No
Perl script that exploits the MercuryBoard 'Index.PHP' Remote SQL Injection vulnerability.
June 22, 2005 mambo_user_rating_sql.pl
Yes
Perl script that exploits the Mambo 'user_rating' SQL Injection vulnerability.
June 22, 2005 wordpress1511newadmin.pl
Yes
Perl script that exploits the Wordpress Cat_ID Parameter SQL Injection vulnerability.

[back to top]

Trends
  • Scanning Activity on Port 445/tcp: US-CERT has seen reports indicating an increase in scanning activity of port 445/tcp. This port is used by Server Message Block(SMB) to share files, printers, serial ports and communicate between computers in a Microsoft Windows environment. Source: http://www.us-cert.gov/current/current_activity.html#smb.
  • Exploit for Vulnerability in VERITAS Backup Exec Remote Agent: US-CERT has received reports of increased scanning activity on port 10000/tcp. This increase is believed to be related to the public release of a new exploit for a recently published vulnerability in VERITAS Backup Exec Remote Agent. Source: http://www.us-cert.gov/current/current_activity.html#smb.
  • Exploit for Vulnerability in Outlook Express: US-CERT has received reports of the existence of a working exploit for a recently published vulnerability in Microsoft Outlook Express. While reports of successful system compromise using this vulnerability have not yet been confirmed. Source: http://www.us-cert.gov/current/current_activity.html#smb.
  • Users at Continued Risk from Phishing Attempts: US-CERT continues to receive reports of phishing attempts. Because of recent media reports regarding attacks against financial institutions, users may see an increase in targeted phishing emails. Phishing emails may appear as requests from a financial institution asking the user to click on a link that takes them to a fraudulent site that looks like the legitimate one. The user is then asked to provide personal information that can further expose them to future compromises. Source: http://www.us-cert.gov/current/current_activity.html#smb.
  • Hackers spread Microsoft attack flaw exploit: The risk of an attack related to a flaw in Microsoft Outlook Express climbed after underground hacking sites began circulating sample code for exploiting it. The exploit is designed to take complete control of PCs with certain versions of the Outlook Express email program installed on them when users visit newsgroups controlled by the hackers. Source: http://software.silicon.com/malware/0,3800003100,39131415,00.htm.
  • ID theft concerns grow, tools lacking: Consumers are overwhelmed by a flood of bad ID theft news and are concerned that the government is not doing enough to protect them. In one of the most extensive studies yet on consumer attitudes about identity theft, Gartner Inc. found that about half those polled either were not’t aware they were entitled to a free credit report or considered them “not effective” in fighting ID theft. The survey, also found that one-third of consumers are "very concerned" about being victims of identity theft, and nearly half are altering their online activities as a result. Source: http://msnbc.msn.com/id/8322300/.
  • Increased port 'sniffing' could herald attack, Gartner warns: According to an analyst from Gartner, Inc. there has been an increase in "sniffing" activity on a port associated with a recently patched Microsoft Corp. vulnerability. This may signal an impending attack attempting to exploit the flaw. Source: http://www.computerworld.com/securitytopics/security/story/0,10801,102687,00.html.

[back to top]

Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1
Mytob.C Win32 Worm Stable March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
2
Netsky-P Win32 Worm Stable March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.
3
Netsky-Q Win32 Worm Stable March 2004 A mass-mailing worm that attempts to launch Denial of Service attacks against several web pages, deletes the entries belonging to several worms, and emits a sound through the internal speaker.
4
Zafi-D Win32 Worm Stable December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.
5
Netsky-D Win32 Worm Stable March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
6
Lovgate.w Win32 Worm Stable April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
7
Zafi-B Win32 Worm Stable June 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.
8
Netsky-Z Win32 Worm Stable April 2004 A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665.
9
Netsky-B Win32 Worm Stable February 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. Also searches drives for certain folder names and then copies itself to those folders.
10
MyDoom-O Win32 Worm Stable July 2004 A mass-mailing worm that uses its own SMTP engine to generate email messages. It gathers its target email addresses from files with certain extension names. It also avoids sending email messages to email addresses that contain certain strings.

Table Updated June 28, 2005

Viruses or Trojans Considered to be a High Level of Threat

  • Nothing significant to report.

[back to top]

 

 

 

Last updated

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top