U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB05-222)

Summary of Security Items from August 3 through August 9, 2005

Original release date: August 11, 2005

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.

Wireless

Vulnerabilities The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.

Note: All the information included in the following tables has been discussed in newsgroups and on web sites.

The Risk levels defined below are based on how the system may be impacted:

Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.

  • High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
  • Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
  • Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Acunetix

Web Vulnerability Scanner 2.0

A vulnerability has been reported in Web Vulnerability Scanner (Web Sniffer) that could let remote malicious users cause a Denial of Service.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Web Vulnerability Scanner Denial of Service Low Security Tracker, Alert ID: 1014628, August 5, 2005

Computer Associates

BrightStor ARCserve Backup 9.01, 10, 10.5, 11.0, 11.1

Multiple buffer overflow vulnerabilities have been reported in BrightStor ARCserve Backup that could let remote malicious users execute arbitrary code.

A vendor patch is available:
http://www3.ca.com/securityadvisor/
vulninfo/vuln.aspx?id=33239

An exploit has been published.

BrightStor ARCserve Backup Arbitrary Code

CAN-2005-1272
CAN-2005-0260

High

Computer Associates, Vulnerability ID: 33239, August 2, 2005

US-CERT, VU#279774, VU#966880, VU#864801

Microsoft

Windows 2000, XP, Server 2003, 98, 98 (SE), (ME)

A spoofing vulnerability has been reported that could enable a malicious user to spoof trusted Internet content.

Updates available: http://www.microsoft.com/technet/
security/Bulletin/MS05-032.mspx

V2.0: Update available for x64-based systems, Microsoft Windows Server 2003 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems.

Currently we are not aware of any exploits for this vulnerability.

Microsoft Agent Could Allow Spoofing

CAN-2005-1214

Medium

Microsoft, MS05-032, June 14, 2004

US-CERT VU#718542

Microsoft Security Bulletin MS05-032, August 9, 2005

Microsoft

ActiveSync 3.8, 3.7.1

Multiple vulnerabilities have been reported in ActiveSync's network synchronization protocol that could let remote malicious users to disclose information or cause a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required.

Microsoft ActiveSync Information Disclosure or Denial of Service Medium Security Focus, 14457, August 2, 2005

Microsoft

Internet Explorer

A memory corruption vulnerability has been reported in Internet Explorer COM Object instantiation that could let remote malicious users execute arbitrary code.

Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-038.mspx

A Proof of Concept exploit has been published.

Microsoft Internet Explorer Arbitrary Code Execution

CAN-2005-1990

High

Microsoft Security Bulletin MS05-038, August 9, 2005

US-CERT VU#959049

Microsoft

Internet Explorer 6.0SP2

Multiple vulnerabilities have been reported in Internet Explorer, JPEG Rendering, that could let remote malicious users perform a Denial of Service.

Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-038.mspx

A Proof of Concept exploit has been published.

Microsoft Internet Explorer Denial of Service

CAN-2005-2308
CAN-2005-1988

Low

Security Focus, 14284, 14285, 14286, July 15, 2005

Microsoft Security Bulletin MS05-038, August 9, 2005

US-CERT VU#965206

Microsoft

Internet Explorer Web Folder Behaviors

A vulnerability has been reported in Internet Explorer that could let remote malicious users disclose information or execute arbitrary code.

Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-038.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Internet Explorer Web Folder Behaviors Information Disclosure or Arbitrary Code Execution

CAN-2005-1989

High Microsoft Security Bulletin MS05-038, August 9, 2005

Microsoft

Plug and Play

A vulnerability has been reported in Plug and Play that could let local or remote malicious users execute arbitrary code or obtain elevated privileges.

Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-039.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Plug and Play Arbitrary Code Execution or Elevated Privileges

CAN-2005-1983

High

Microsoft Security Bulletin MS05-039, August 9, 2005

US-CERT VU#998653

Microsoft

Remote Desktop Protocol

A vulnerability has been reported in Remote Desktop Protocol that could let remote malicious users cause a Denial of Service.

Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-041.mspx

A Proof of Concept exploit has been published.

Microsoft Remote Desktop Protocol Denial of Service

CAN-2005-1218

Low

Microsoft Security Bulletin MS05-041, August 9, 2005

US-CERT VU#490628

Microsoft

Telephony Service

 

A buffer overflow vulnerability has been reported in Microsoft Telephony Service that could let local or remote malicious users execute arbitrary code.

Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-040.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Telephony Service Remote Code Execution

CAN-2005-0058

High Microsoft Security Bulletin MS05-040, August 9, 2005

Microsoft

Windows Kerberos PKINT

 

Multiple vulnerabilities have been reported in Windows Kerberos PKINT that could let remote malicious users disclose information or cause a Denial of Service.

Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-042.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows Kerberos PKINIT Information Disclosure or Denial of Service

CAN-2005-1981
CAN-2005-1982

Low Microsoft Security Bulletin MS05-042, August 9, 2005

Microsoft

Windows Print Spooler in XP, 2000, Server 2003

A buffer overflow vulnerability has been reported in Windows Print Spooler that could let local or remote malicious users execute arbitrary code.

Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-043.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows Print Spooler Arbitrary Code Execution

CAN-2005-1984

High

Microsoft Security Bulletin MS05-043, August 9, 2005

US-CERT VU#220821

Microsoft

Word 2000, 2002

Works Suite 2001, 2002, 2003, and 2004

Office Word 2003

Microsoft Word 2003 Viewer

A buffer overflow vulnerability has been reported that could lead to remote execution of arbitrary code or escalation of privilege.

V1.1 Bulletin updated to point to the correct Exchange 2000 Server Post-Service Pack 3 (SP3) Update Rollup and to advise on the scope and caveats of workaround "Unregister xlsasink.dll and fallback to Active Directory for distribution of route information."

V2.0 Microsoft Word 2003 Viewer also affected.

Updates available:
http://www.microsoft.com/technet/
security/Bulletin/MS05-023.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Word Remote Code Execution and Escalation of Privilege Vulnerabilities

CAN-2004-0963
CAN-2005-0558

High

Microsoft Security Bulletin MS05-023, April 12, 2005

US-CERT VU#442567

US-CERT VU#752591

Microsoft Security Bulletin MS05-023 V1.1, April 14, 2005

Microsoft Security Bulletin MS05-023 V1.1, August 9, 2005

Naxtor Technologies

Naxtor e-Directory 1.0

A vulnerability has been reported in Naxtor e-Directory that could let remote malicious users to conduct Cross-Site Scripting and perform SQL injection.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

Naxtor e-Directory Cross-Site Scripting or SQL Injection

Medium Secunia, Advisory: SA16314, August 3, 2005

Naxtor Technologies

Naxtor Shopping Cart 1.0, Pro 1.0

Multiple vulnerabilities has been reported in Naxtor Shopping Cart that could let remote malicious users to conduct Cross-Site Scripting or perform SQL injection.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

Naxtor Shopping Cart Cross-Site Scripting or SQL Injection

CAN-2005-2476
CAN-2005-2477

Medium Security Focus, 14454, 14456, August 2, 2005

NetowrkActiv

NetworkActiv Web Server 3.5.13 and previous

An input validation vulnerability has been reported in NetworkActiv Web Server that could let remote malicious users conduct Cross-Site Scripting.

Upgrade to V3.5.14:
http://www.networkactiv.com/
WebServer.html

There is no exploit code required; however, Proof of Concept exploits have been published.

NetworkActiv Web Server Cross-Site Scripting

CAN-2005-2453

Medium

Secunia, Advisory: SA16301, August 4, 2005

Pablo Software Solutions

Quick 'n Easy FTP Server 3.0

An input validation vulnerability has been reported in Quick 'n Easy FTP Server (USER Command) that could let remote malicious users cause a Denial of Service.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Quick 'n Easy FTP Server Denial of Service

CAN-2005-2479

Low Security Tracker, Alert ID: 1014615, August 3, 2005

ProRat Server 1.9 Fix2

A buffer overflow vulnerability has been reported in ProRat Server that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

ProRat Server Arbitrary Code Execution High Security Focus, 14458, August 2, 2005

Symantec

Norton GoBack 4.0

A vulnerability has been reported in Norton GoBack that could let local malicious users bypass authentication.

No workaround or patch available at time of publishing.

There is no exploit code required.

Norton GoBack Authentication Bypass
Medium Security Tracker Alert ID: 1014612, August 2, 2005

[back to top]

UNIX / Linux Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source
Clam
AntiVirus
0.86.1

Multiple vulnerabilities have been reported in Clam AntiVirus that could let remote malicious users cause a Denial of Service.

Upgrade to version 0.86.2:
http://www.clamav.net/
stable.php#pagestart

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Mandriva:
http://www.mandriva.com/
security/advisories?name=
MDKSA-2005:125

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-25.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Clam AntiVirus Multiple Vulnerabilities

CAN-2005-2450

Low

Secunia, Advisory: SA16180, July 25, 2005

Gentoo Linux Security Advisory GLSA 200507-25, July 26, 2005

Mandriva Security Advisory, MDKSA-2005:125, July 27, 2005

SUSE Security Summary Report, SUSE-SR:2005:018, July 28, 2005

Conectiva Linux Announce-
ment, CLSA-2005:987, July 29, 2005

Debian

apt-cacher
0.9.9, 0.9.4

A vulnerability has been reported due to an unspecified input validation error, which could let a remote malicious user execute arbitrary code.

Debian:
http://www.debian.org/
security/2005/dsa-772

There is no exploit code required.

Debian
Apt-Cacher Remote Arbitrary Code Execution

CAN-2005-1854

High Debian Security Advisory, DSA 772-1, August 3, 2005

GNU

zgrep 1.2.4

A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.

A patch for 'zgrep.in' is available in the following bug report:
http://bugs.gentoo.org/
show_bug.cgi?id=90626

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-474.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

SGI:
http://www.sgi.com/
support/security/

F5:
http://tech.f5.com/home/
bigip/solutions/advisories/
sol4532.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/

Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/

There is no exploit code required.

Gzip Zgrep Arbitrary
Command Execution

CAN-2005-0758

High

Security Tracker Alert, 1013928,
May 10, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
092, May 19,
2005

Turbolinux
Security Advisory, TLSA-2005-59, June 1, 2005

RedHat Security Advisory,
RHSA-2005:
357-19,
June 13, 2005

RedHat Security Advisory,
RHSA-2005:
474-15,
June 16, 2005

SGI Security Advisory, 20050603
-01-U, June 23, 2005

Fedora Update Notification,
FEDORA-
2005-471,
June 27, 2005

SGI Security Advisory, 20050605
-01-U, July 12, 2005

Secunia Advisory: SA16159, July 21, 2005

Ubuntu Security Notice,
USN-158-1, August 01, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005

High Availability
Linux Project

Heartbeat 1.2.3

An insecure file creation vulnerability has been reported in Heartbeat that could let local users arbitrarily overwrite files.

Debian:
http://security.debian.org/
pool/updates/main/
h/heartbeat/

Conectiva:
ftp://atualizacoes.
conectiva.com.br

Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-05.xml

There is no exploit code required.

Heartbeat Arbitrary File Overwrite

CAN-2005-2231

Medium

Secunia Advisory: SA16039,
July 12, 2005

Debian Security Advisory,
DSA 761-1,
July 19, 2005

Conectiva Linux Announce-
ment,
CLSA-2005:
991, August 4, 2005

Gentoo Linux Security Advisory, GLSA 200508-05, August 7, 2005

Kadu

Kadu 0.4.0

An integer overflow vulnerability has been reported in Kadu (libgadu) which could let remote malicious users cause a Denial of Service.

Upgrade to version 0.4.1:
http://www.kadu.net/wiki/
index.php/English:Main_Page

Gentoo:
http://www.gentoo.org/
security/en/glsa/
glsa-200507-26.xml

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e/ekg/

Currently we are not aware of any exploits for this vulnerability.

Kadu Denial of Service

CAN-2005-1852

Low

Secunia, Advisory: SA16238, July 27, 2005

Gentoo Security Advisory, GLSA 200507-26, July 27, 2005

Conectiva Linux Announce-
ment, CLSA-2005:989, August 4, 2005

Ubuntu Security Notice,
USN-162-1, August 08, 2005


Lantronix

Lantronix SCS82, SCS1620

Multiple vulnerabilities have been reported: a vulnerability was reported due in '/tmp' due to insecure pipe permissions, which could let a malicious user read arbitrary files with elevated privileges; a Directory Traversal vulnerability was reported in the console command interface, which could let a malicious user obtain sensitive information; a vulnerability was reported in the command-line interface, which could let a malicious user obtain superuser privileges; and a buffer overflow vulnerability was reported in the 'edituser' binary due to a boundary error, which could let a malicious user execute arbitrary code with root privileges.

Updated firmware available at:
ftp://ftp.lantronix.com/
pub/scs1620/

A Proof of Concept exploit has been published for the 'edituser' buffer overflow vulnerability.

Lantronix Secure Console Server SCS820/
SCS1620 Multiple Local Vulnerabilities
High
Security Focus, 14486, August 5, 2005

Multiple Vendors

Turbolinux
Server 10.0, 8.0, Desktop 10.0, Turbolinux
Home
Appliance
Server 1.0 Workgroup Edition,
Hosting Edition; Trustix Secure Linux 3.0, 2.2, Secure Enterprise
Linux 2.0; Sun Solaris 10.0 _x86, 10.0, 9.0 _x86 Update 2, 9.0 _x86,
9.0, Sun SEAM 1.0-1.0.2;
SuSE Linux Professional
9.3 x86_64,
9.3, Linux Personal 9.3 x86_64, 9.3;
RedHat
Fedora Core3 & 4, Advanced Workstation for the Itanium Processor 2.1; MIT Kerberos 5 5.0 -1.4.1
& prior;
Gentoo Linux

 

Multiple vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when a malicious user submits a specially crafted TCP connection that causes the Key Distribution Center (KDC) to attempt to free random memory; a buffer overflow vulnerability was reported in KDC due to a boundary error when a specially crafted TCP or UDP request is submitted, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in 'krb/recvauth.c' which could let a remote malicious user execute arbitrary code.

MIT:
http://web.mit.edu/
kerberos/advisories/
2005-002-patch_
1.4.1.txt.asc

Mandriva:
http://www.mandriva.com/
security/advisories

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates

RedHat:
http://rhn.redhat.com
/errata/RHSA-2005-
567.html

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101809-1

SuSE:
http://www.novell.com/linux/
security/advisories.html

Trustix:
http://http.trustix.org/pub/
trustix/updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

SGI:
http://www.sgi.com/
support/security/

Debian:
http://www.debian.org/
security/2005/dsa-757

Conectiva:
http://distro.conectiva.
com.br/atualizacoes/
index.php?id
=a&anuncio=000993

Currently we are not aware of any exploits for these vulnerabilities.

Kerberos V5 Multiple Vulnerabilities

CAN-2005-1174
CAN-2005-1175
CAN-2005-1689

High

MIT krb5 Security Advisory,
2005-002,
July 12, 2005

RedHat Security Advisory,
RHSA-2005:567-08, July 12, 2005

Sun(sm) Alert Notification, 101809, July 12, 2005

Fedora Update Notifications,
FEDORA-2005-
552 & 553,
July 12, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Turbolinux
Security Advisory TLSA-2005-78,
July 13, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
119, July 14,
2005

Trustix Secure
Linux Security Advisory,
TSLSA-2005-
0036,
July, 14, 2005

SGI Security Advisory, 20050703-01-U, July 15, 2005

Debian Security Advisory,
DSA-757-1,
July 17, 2005

US-CERT VU#885830

US-CERT VU#623332

US-CERT VU#259798

Conectiva Linux Advisory,
CLSA-2005
:993, August 8, 2005

Multiple Vendors

Linux kernel
2.6 prior to 2.6.12.1

 

A vulnerability has been reported in the 'restore_sigcontext()' function due to a failure to restrict access to the 'ar.rsc' register, which could let a malicious user cause a Denial of Service or obtain elevated privileges.

Updates available at:
http://www.kernel.org/

SUSE:
http://www.novell.com/linux/
security/advisories/
2005_44_kernel.html

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel 64 Bit 'AR-RSC' Register Access

CAN-2005-1761

Medium

Security Tracker Alert ID: 1014275, June 23, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005

Multiple Vendors

Linux Kernel
2.4, 2.6

A race condition in ia32 emulation, vulnerability has been reported in the Linux Kernel that could let local malicious users obtain root privileges or create a buffer overflow.

Patch Available:
http://kernel.org/pub/linux/
kernel/v2.4/testing/
patch-2.4.32-pre1.bz2

Trustix:
http://http.trustix.org/
pub/trustix/updates/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Race Condition and Buffer Overflow

CAN-2005-1768

High

Security Focus, 14205, July 11, 2005

Trustix Secure Linux Security Advisory,
TSLSA-2005-
0036, July 14, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005

Multiple Vendors

SuSE Linux Professional
9.0, x86_64; Linux kernel
2.6-2.6.12,
2.5 .0- 2.5.69, 2.4-2.4.32

An unspecified Denial of Service vulnerability has been reported when stack fault exceptions are triggered.

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Stack Fault Exceptions Denial of Service

CAN-2005-1767

Low

Security Focus, 14467, August 3, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005

Multiple Vendors

Linux kernel 2.5.0-2.5.69,
2.6-2.6.11

A Denial of Service vulnerability has been reported in 'kernel/futex.c.'

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/linux-
source-2.6.8.1/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-420.html

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Futex Denial of Service

CAN-2005-0937

Low

Security Tracker
Alert, 1013616,
March 31, 2005

Ubuntu Security Notice, USN-110-1 April 11, 2005

RedHat Security Advisory,
RHSA-2005
:420-24,
Updated
August 9, 2005

Multiple Vendors

Linux kernel
2.6 .10,
Linux kernel
2.6 -test1-
test11,
2.6-2.6.8

A Denial of Service vulnerability has been reported in the Netfilter code due to a memory leak.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/linux-
source-2.6.8.1/

SuSE:
ftp://ftp.suse.com/pub/suse/

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/updates/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel
Netfilter Memory Leak
Denial of Service

CAN-2005-0210

Low

Ubuntu Security
Notice, USN-95-1 March 15, 2005

SUSE Security Announce-
ment,
SUSE-SA:
2005:
018, March 24, 2005

Fedora Security
Update Notification,
FEDORA-2005-262, March 28, 2005

Conectiva Linux Security Announce-
ment,
CLA-2005:945,
March 31, 2005

Fedora Update Notification
FEDORA-2005-313, April 11, 2005

RedHat Security Advisory,
RHSA-2005
:366-21, August 9, 2005

Multiple Vendors

Linux Kernel
2.6 up to & including
2.6.12-rc4

Several vulnerabilities have been reported: a vulnerability was reported in raw character devices (raw.c) because the wrong function is called before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space; and a vulnerability was reported in the 'pkt_ioctl' function in the 'pktcdvd' block device ioctl handler
(pktcdvd.c) because the wrong function is called before passing an ioctl to the block device, which could let a malicious user execute arbitrary code.

Update available at:
http://kernel.org/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-420.html

A Proof of Concept Denial of Service exploit script has been published.

Multiple Vendor Linux Kernel pktcdvd & raw device Block Device

CAN-2005-1264
CAN-2005-1589

High

Secunia Advisory, SA15392, May 17, 2005

Ubuntu Security Notice, USN-131-1, May 23, 2005

RedHat Security Advisory,
RHSA-2005
:420-24,
Updated
August 9, 2005

Multiple Vendors

Linux kernel
2.6-2.6.11

A vulnerability has been reported in the '/sys' file system due to a mismanagement of integer signedness, which could let a malicious user cause a Denial of Service and potentially execute arbitrary code.

SuSE:
ftp://ftp.suse.com/
pub/suse/

Ubuntu:
http://security.ubuntu.com/
ubuntupool/main/l/
linux-source-2.6.8.1/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel SYSFS_Write_
File Local Integer Overflow

CAN-2005-0867

Low/ High

(High if arbitrary code can be executed)

Security Focus, 13091, April 11, 2005

RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005

Multiple Vendors

SuSE Linux Professional
9.3, x86_64,
9.2, x86_64, Linux Personal 9.3, x86_64; Linux kernel
2.6-2.6.12

A remote Denial of Service vulnerability has been reported in the NFSACL protocol when handling when handling XDR data.

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel NFSACL Protocol XDR Data Remote Denial of

CAN-2005-2500

Low

Security Focus, 14468, August 3, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005

Multiple Vendors

RedHat Enterprise
Linux WS 4, ES 4, AS 4,
Desktop 4.0;
Linux kernel 2.6.9, 2.6-2.6.8

A Denial of Service vulnerability has been reported in the auditing code.

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-420.html

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Auditing Code Denial of Service

CAN-2005-0136

Low

RedHat Security Advisory, RHSA-2005:420-22, June 8, 2005

RedHat Security Advisory,
RHSA-2005
:420-24,
Updated
August 9, 2005

Multiple Vendors

Linux kernel 2.6.10, 2.6
-test9-CVS,
2.6-test1-
test11, 2.6,
2.6.1-2.6.11; RedHat
Desktop 4.0, Enterprise
Linux WS 4,
ES 4, AS 4

Multiple vulnerabilities exist: a vulnerability exists in the 'shmctl' function, which could let a malicious user obtain sensitive information; a Denial of Service vulnerability exists in 'nls_ascii.c' due to the use of incorrect table sizes; a race condition vulnerability exists in the 'setsid()' function; and a vulnerability exists in the OUTS instruction on the AMD64 and Intel EM64T architecture, which could let a malicious user obtain elevated privileges.

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
linux-source-2.6.8.1/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/2/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-283.html

http://rhn.redhat.com/
errata/RHSA-2005-284.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-472.html

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-120_
RHSA-2005-283_
RHSA-2005-284_
RHSA-2005-293_
RHSA-2005-472.pdf

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-420.html

Currently we are not aware of any exploits for these vulnerabilities.

Linux Kernel
Multiple
Vulnerabilities

CAN-2005-0176
CAN-2005-0177
CAN-2005-0178
CAN-2005-0204

Medium

 

Ubuntu Security
Notice, USN-82-1, February 15, 2005

RedHat Security Advisory,
RHSA-2005:092-14, February 18, 2005

SUSE Security Announce-
ment,
SUSE-SA:2005:018, March 24, 2005

Fedora Security
Update Notification,
FEDORA-2005-262, March 28, 2005

Conectiva Linux Security Announce-
ment,
CLA-2005:945,
March 31, 2005

Fedora Update Notification
FEDORA-2005-313, April 11, 2005

RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005

RedHat Security Advisories, RHSA-2005
:283-15 &
RHSA-200
5:284-11,
April 28, 2005

RedHat Security Advisory,
RHSA-2005:
472-05,
May 25, 2005

Avaya Security Advisory, ASA-2005-120, June 3, 2005

FedoraLegacy: FLSA:152532, June 4, 2005

RedHat Security Advisory,
RHSA-2005
:420-24,
Updated
August 9, 2005

Multiple Vendors

SuSE Linux Professional
9.3, x86_64,
9.2, x86_64, Linux Personal 9.3, x86_64; Linux kernel
2.6-2.6.12

A buffer overflow vulnerability has been reported in the XFRM network architecture code due to insufficient validation of user-supplied input, which could let a malicious user execute arbitrary code.

Patches available at:
http://www.kernel.org/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel XFRM Array Index Buffer Overflow

CAN-2005-2456

High Security Focus, 14477, August 5, 2005

Multiple Vendors

Linux kernel
2.6-2.6.12 .1

Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to an error when handling keyrings; and a Denial of Service vulnerability was reported in the 'KEYCTL_JOIN_SESSION_KEYRING' operation due to an error when attempting to join a key management session.

Patches available at:
http://kernel.org/pub/linux/
kernel/v2.6/snapshots/
patch-2.6.13-rc6-git 1.bz2

There is no exploit code required.

Linux Kernel Management Denials of Service

CAN-2005-2098
CAN-2005-2099

Low
Secunia Advisory: SA16355, August 9, 2005

Multiple Vendors

zlib 1.2.2, 1.2.1; Ubuntu Linux 5.04 powerpc, i386, amd64,
4.1 ppc, ia64, ia32; Debian Linux 3.1
sparc, s/390, ppc, mipsel, mips, m68k,
ia-64, ia-32,
hppa, arm,
alpha

A remote Denial of Service vulnerability has been reported due to a failure of the library to properly handle unexpected compression routine input.

Zlib:
http://www.zlib.net/
zlib-1.2.3.tar.gz

Debian:
http://security.debian.org/
pool/updates/main/z/zlib/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/z/zlib/

OpenBSD:
http://www.openbsd.org/
errata.html#libz2

Mandriva:
http://www.mandriva.com/
security/ advisories?name=
MDKSA-2005:124

Fedora:
http://download.fedora.
redhat.com/ pub/fedora
/linux/core/updates/

Slackware:
http://slackware.com/
security/viewer.php?
l=slackware-security&y=2005&
m=slackware-security.323596

FreeBSD:
ftp://ftp.freebsd.org/
pub/FreeBSD/CERT/
advisories/FreeBSD
-SA-05:18.zlib.asc

SUSE:
http://lists.suse.com/
archive/suse-security-
announce/2005-
Jul/0007.html

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-28.xml

http://security.gentoo.org/
glsa/glsa-200508-01.xml

Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendor Zlib Compression Library Decompression Remote Denial of Service

CAN-2005-1849

Low

Security Focus, 14340, July 21, 2005

Debian Security Advisory DSA 763-1, July 21, 2005

Ubuntu Security Notice, USN-151-1, July 21, 2005

OpenBSD, Release Errata 3.7, July 21, 2005

Mandriva Security Advisory, MDKSA-2005:124, July 22, 2005

Secunia, Advisory: SA16195, July 25, 2005

Slackware Security Advisory, SSA:2005-
203-03
, July 22, 2005

FreeBSD Security Advisory, SA-05:18, July 27, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:043,
July 28, 2005

Gentoo Linux Security Advisory, GLSA 200507-28, July 30, 2005

Gentoo Linux Security Advisory, GLSA 200508-01, August 1, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005

netpbm
10.0

A vulnerability has been reported in netpbm ('-dSAFER') that could let malicious users execute arbitrary postscript code.

Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-04.xml

There is no exploit code required.

netpbm Arbitrary Code Execution

CAN-2005-2471


High

Secunia Advisory: SA16184, July 25, 2005

Trustix Secure Linux Security Advisory, #2005-0038, July 29, 2005

Gentoo Linux Security Advisory, GLSA 200508-04, August 5, 2005

ProFTPd

Multiple format string vulnerabilities have been reported in ProFTPd that could let remote malicious users cause a denial of service or disclose information.

Upgrade to version 1.3.0rc2:
http://www.proftpd.org/

Gentoo:
http://www.gentoo.org/
security/en/glsa/
glsa-200508-02.xml

Trustix:
ftp://ftp.trustix.org/
pub/trustix/updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

Currently we are not aware of any exploits for this vulnerability.

ProFTPD Denial of Service or Information Disclosure

CAN-2005-2390

Medium

Secunia, Advisory: SA16181, July 26, 2005

Gentoo Linux Security Advisory, GLSA 200508-02, August 1, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005

Turbolinux Security Advisory, TLSA-2005-82, August 9, 2005

Sun Microsystems, Inc.

Solaris 10.0, 10.0_x86, 9.0, 9.0 _x86
Update 2, 9.0 _x86, 8.0,
8.0 _x86,
7.0, 7.0 _x86

A vulnerability has been reported in the 'printd' daemon due to an unspecified error, which could let a local/remote malicious user delete arbitrary files.

Patches available at:
http://sunsolve.sun.com/
search/
document.do?
assetkey=1-26-101842-1

Currently we are not aware of any exploits for this vulnerability.

Sun Solaris Printd Arbitrary File Deletion
Medium
Sun(sm) Alert Notification, 101842, August 8, 205

SysCP

SysCP 1.2.1-1.2.10

Several vulnerabilities have been reported: a vulnerability was reported due to insufficient verification of input in an unspecified parameter before including a language file, which could let a remote malicious user include arbitrary files from external resources; and a vulnerability was reported in the internal template engine due to insufficient sanitization of input, which could let a remote malicious user execute arbitrary PHP code.

Upgrades available at:
http://www.syscp.de/files/
downloads/syscp-
1.2.11.tar.gz

There is no exploit code required; however a Proof of Concept exploit has been published.

SysCP Multiple Script Execution
High
Secunia Advisory: SA16347, August 8,2005

Wine

Windows API Emulator 20050725

A vulnerability has been reported in 'winelauncher.in' due to the insecure creation of a temporary file in '/tmp,' which could let a malicious user create/overwrite arbitrary files.

No workaround or patch available at time of publishing.

There is no exploit code required.

Wine Wine
Launcher.IN Local Insecure File Creation
Medium
Security Focus 14495, August 8, 2005

Wojtek Kaniewski

ekg 2005-
06-05 22:03

A vulnerability has been reported in 'contrib/scripts/linki.py' due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.org/
pool/updates/main/e/ekg/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e/ekg/

There is no exploit code required.

Wojtek Kaniewski
EKG Insecure
Temporary File
Creation

CAN-2005-1916

Medium

Secunia Advisory: SA15889,
July 5, 2005

Debian Security Advisory,
DSA 760-1,
July 18, 2005

Ubuntu Security Notice, USN-162-1, August 08, 2005

Wojtek Kaniewski

Ekspery-mentalny
Klient Gadu-Gadu (ekg) 2005-04-11

Several vulnerabilities have been reported: a vulnerability was reported in 'contrib/ekgnv.sh,' 'contrib/getekg.sh,' and 'contrib/ekgh' due to the insecure creation of a temporary file, which could let a remote malicious user create/overwrite arbitrary files; and an SQL injection vulnerability was reported in 'contrib/scripts/ekgbot-pre1.py' due to an error, which could let a remote malicious user inject arbitrary shell commands.

Debian:
http://security.debian.org/
pool/updates/main/e/ekg/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e/ekg/

There is no exploit code required.

Wojtek Kaniewski EKG Insecure Temporary File Creation & SQL Injection

CAN-2005-1850
CAN-2005-1851

High

Debian Security Advisory,
DSA 760-1,
July 18, 2005

Ubuntu Security Notice, USN-162-1, August 08, 2005

Yukihiro Matsumoto

Ruby 1.8.2

A vulnerability has been reported in the XMLRPC server due to a failure to set a valid default value that prevents security protection using handlers, which could let a remote malicious user execute arbitrary code.

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

Debian:
http://security.debian.org/
pool/updates/
main/r/ruby1.8/

Gentoo:
http://security.gentoo.
org/glsa/
glsa-200507-10.xml

Mandriva:
http://www.mandriva.
com/security/advisories

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-543.html

Currently we are not aware of any exploits for this vulnerability.

Yukihiro Matsumoto Ruby XMLRPC Server Unspecified Command Execution

CAN-2005-1992

High

Fedora Update Notifications,
FEDORA-
2005-474 & 475, June 21, 2005

Turbolinux
Security
Advisory,
TLSA-2005-74, June 28, 2005

Debian Security Advisory, DSA 748-1, July 11, 2005

Gentoo Linux Security
Advisory,
GLSA 200507-
10, July 11,
2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
118, July 13,
2005

RedHat Security Advisory, RHSA-2005:
543-08, August 5, 2005

[back to top] 

Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source
Apache

A vulnerability has been reported in Apache which can be exploited by remote malicious user to smuggle http requests.

Conectiva:
http://distro.conectiva.com
.br/ atualizacoes/index.php?
id=a&anuncio=000982

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Mandriva:
http://www.mandriva.com/
security/advisories

http://security.ubuntu.com/
ubuntu/pool/main/a/apache2/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

Currently we are not aware of any exploits for these vulnerabilities.

Apache HTTP Request Smuggling Vulnerability

CAN-2005-1268
CAN-2005-2088

Medium

Secunia, Advisory: SA14530, July 26, 2005

Conectiva, CLSA-2005:982, July 25, 2005

Fedora Update Notification
FEDORA-2005-638 & 639, August 2, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:129, August 3, 2005

Ubuntu Security Notice, USN-160-1, August 04, 2005

Turbolinux Security Advisory, TLSA-2005-81, August 9, 2005

Chipmunk Scripts

Chipmunk Forum 1.3

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'fontcolor' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

Chipmunk Forum 'fontcolor' Cross-Site Scripting
Medium
Security Tracker Alert ID: 1014630, August 8, 2005

Cisco

Cisco IOS
12.4 & prior 12.x versions

An IPv6 packet handling vulnerability has been reported in Cisco IOS that could let local malicious users cause a remote Denial of Service or potentially execute arbitrary code.

Vendor fix available:
http://www.cisco.com/warp
/public/707/cisco-sa-20050729-
ipv6.shtml#software

Revision 1.6: Added a note to the Affected Products section. Software Versions and Fixes table updated for 12.2EZ.

Revision 1.7:
Software Versions and Fixes table updated for Cisco IOS XR
.



A working Proof of Concept exploit has been developed; however, it is currently not publicly available.

Cisco IOS Remote Denial of Service or Arbitrary Code Execution

CAN-2005-2451

High

Cisco Security Advisory, Document ID: 65783 Revision 1.5, August 1, 2005

US-CERT VU#930892

Cisco Security Advisory, Document ID: 65783 Revision 1.6 & 1.7, August 3 & 5, 2005

Comdev Software

eCommerce 3.0

A Directory Traversal vulnerability has been reported in 'WCE.Download.php,' which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept has been published.

Comdev eCommerce 'WCE.Download.
PHP' Directory Traversal

CAN-2005-2543

Medium
Security Focus, 14479, August 5, 2005

Comdev Software

eCommerce 3.0

A vulnerability has been reported in the 'path[docroot]' parameter due to insufficient verification before including files, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept has been published.

Comdev ECommerce Config.PHP Remote File Include

CAN-2005-2544

High
Secunia Advisory: SA16346, August 8, 2005

Denora IRC Stats

Denora IRC Stats 1.0

A buffer overflow vulnerability has been reported in the 'rdb_query()' function due to a boundary error, which could let a remote malicious user execute arbitrary code.

Upgrade available at:
http://denora.nomadirc.net/
download.php

Currently we are not aware of any exploits for this vulnerability.

Denora IRC Stats Remote Buffer Overflow

CAN-2005-2484

High
Secunia Advisory: SA16281, August 4, 2005

e107.org

e107 website system 0.617, 0.616, 0.603, 0.6 10 - 0.6 15a

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported because users can upload HTML and TXT attachments that contain JavaScript, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published for the Cross-Site Scripting vulnerability.

E107 Website System Cross-Site Scripting & HTML Injection
Medium
Security Focus, 14495 & 14508, August 8, 2005

EMC

Navisphere Manager 6.4-6.6

Several vulnerabilities have been reported: a Directory Traversal vulnerability was reported due to insufficient validation of HTTP requests, which could let a remote malicious user obtain sensitive information; and an information disclosure vulnerability was reported because it is possible to list the contents of a directory.

The vendor has addressed this issue in the latest version of the affected application.

There is no exploit code required; however, Proofs of Concept exploits have been published.

EMC Navisphere Manager IEMC Navisphere Manager Directory Traversal & Information Disclosure

CAN-2005-2357
CAN-2005-2358

Medium
iDEFENSE Security Advisory, August 5, 2005

Ethereal

Ethereal
V0.10.11

Multiple dissector and zlib vulnerabilities have been reported in Ethereal that could let remote malicious users cause a denial of service or execute arbitrary code.

Upgrade to version 0.10.12:
http://www.ethereal.com/
download.html

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Mandriva:
http://www.mandriva.com/
security/advisories

Currently we are not aware of any exploits for these vulnerabilities.

High

Secunia, Advisory: SA16225, July 27, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:131, August 4, 2005

 

FFTW

FFTW 3.0.1

A vulnerability has been reported due to the insecure creation of temporary files, which could let a malicious user create/overwrite arbitrary files.

No workaround or patch available at time of publishing.

There is no exploit code required.
FFTW Insecure Temporary File Creation
Medium
Security Focus, 14501, August 8, 2005

FlatNuke

FlatNuke 2.5.5

Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'structure.php' due to insufficient sanitization of the 'bodycolor,' 'backimage,' 'theme,' and 'logo' parameters, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported due to insufficient sanitization of posted news articles before displaying to site administrators, which could let a remote malicious user execute arbitrary code; a vulnerability was ported due to insufficient sanitization of the 'firma' parameter when saving the user's signature to the user file, which could let a remote malicious user inject and execute arbitrary PHP commands; and a vulnerability was reported because it is possible to obtain path information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

FlatNuke Multiple Vulnerabilities

CAN-2005-2537
CAN-2005-2538
CAN-2005-2539
CAN-2005-2540

High
Secunia Advisory: SA16330, August 5, 2005

FunkBoard

FunkBoard 0.66 CF

Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

FunkBoard Multiple Cross-Site Scripting
Medium
Security Focus, 13507, August 8, 2005

Fusebox

Fusebox 4.1.0

A Cross-Site Scripting vulnerability has been reported in the 'index.cfm' due to insufficient sanitization of the 'fuseaction' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been reported.

Fusebox 'Index.CFM' Cross-Site Scripting

CAN-2005-2480

Medium
Security Focus, 14460, August 3, 2005

Gravity Board X Development

GBX 1.1

Multiple vulnerabilities have been reported: an SQL injection vulnerability was reported in 'index.php' due to insufficient sanitization of the 'email' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a Cross-Site Scripting vulnerability was reported in 'deletethread.php' due to insufficient sanitization of the 'board_id' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'editcss.php' script due to insufficient access restrictions, which could let a remote malicious user execute arbitrary PHP scripts.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits and a script for the Cross-Site Scripting vulnerability have been published.

Gravity Board X Input Validation & Access Restrictions
High
Security Tracker Alert ID: 1014631, August 8, 2005

Inkscape

Inkscape 0.41

A vulnerability has been reported in 'ps2epsi.sh' due to the insecure creation of a temporary file, which could let a malicious user create/overwrite arbitrary files.

Upgrade available at:
http://citkit.dl.sourceforge.net/
sourceforge/inkscape/
inkscape-0.42.ta r.gz

There is no exploit code required.

Inkscape 'ps2epsi.sh' Insecure Temporary File
Medium
Security Focus 14522, August 9, 2005

Invision Power Services

Invision Board 1.0.3

a Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Invision Power Board Cross-Site Scripting

CAN-2005-2542

Medium
Security Focus, 14492, August 8, 2005

Jax Scripts

Jax Petitionbook 3.31, Newsletter 2.14, Jax LinkLists 1.0 , Guestbook 3.31, Jax DWT Editor 1.0, Jax Calendar 1.34

Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept has been published.

Jax PHP Scripts Multiple Cross-Site Scripting
Medium
Security Focus 14481, August 5,2 005

Jax Scripts

Jax Petitionbook 3.31, Newsletter 2.14, Jax LinkLists 1.0 , Guestbook 3.31, Jax DWT Editor 1.0, Jax Calendar 1.34

Multiple vulnerabilities have been reported due to insufficient access validation, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept has been published.

Jax PHP Scripts Multiple Remote Information Disclosure
Medium
Security Focus 14482, August 5, 2005

Karrigell

Karrigell 2.1-2.1.5, 2.0-2.0.5, 1.x

A vulnerability has been reported in a karrigell services (.ks) script due to insufficient validation of user-supplied input, which could let a remote malicious user execute arbitrary python code.

Upgrades available at:
http://prdownloads.sourceforge.net/
karrigell/Karrigell-2.1.8.tgz?download

There is no exploit code required; however, Proofs of Concept exploits have been published.

Karrigell Arbitrary Python Code Execution

CAN-2005-2483

High
Secunia Advisory: SA16319, August 3, 2005

KDE

KDE 3.4,
3.3-3.3.2,
3.2-3.2.3

A vulnerability has been reported in KDE Kate and KWrite because backup files are created with default permissions even if the original file had more restrictive permissions set, which could let a local/remote malicious user obtain sensitive information.

Patches available at:
ftp://ftp.kde.org/pub/kde/
security_patches/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Mandriva:
http://www.mandriva.com/
security/advisories

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-612.html

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

There is no exploit code required.

KDE Kate, KWrite Local Backup File Information Disclosure

CAN-2005-1920

Medium

Security Tracker Alert ID: 1014512, July 18, 2005

Fedora Update Notification,
FEDORA-2005-594, July 19, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:122, July 20, 2005

RedHat Security Advisory, RHSA-2005:612-07, July 27, 2005

Conectiva Linux Announcement, CLSA-2005:988, August 4, 2005

Lansoft Enterprises

OpenBB 1.1 .0

Multiple SQL injection vulnerabilities have been reported in 'board.php,' read.php,' and member.php' due to insufficient sanitization of the 'FID,' 'TID,' and 'UID' parameters before used in a SQL query, which could let a malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

OpenBB Multiple SQL Injection
Medium
Secunia Advisory: SA16369, August 9, 2005

Logicampus

Logicampus 1.1 .0

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of input passed to the helpdesk before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrade available at:
http://prdownloads.sourceforge.net/
logicampus/logicampus-
1.1.1.tar.gz? download

There is no exploit code required.

LogiCampus Helpdesk Cross-Site Scripting

CAN-2005-2485

 

Medium
Security Focus, 14472, August 4, 2005

McDATA

Sphereon Fabric Switch 4500, 4300, Intrepid Director Switch 6140, 6064,
McDATA E/OS

A remote Denial of Service vulnerability has been reported due to a failure to recover from network broadcast storms.

Update to E/OS 6.0.0 or later (E/OS 7.01.00 in patch 119550-01 also contains the fix).

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-21-119550-01-1

There is no exploit code required.

McDATA E/OS Remote Denial of Service

CAN-2005-2487

Low

Sun(sm) Alert Notification, 101833, August 3, 2005

Secunia Advisory: SA16295, August 4, 2005

Metasploit Project

Metasploit Framework 2.0-2.4, 1.0

A vulnerability has been reported in the 'StateToOptions()' function because the '_Defanged' environment variable can be overwritten, which could let a remote malicious user bypass security restrictions.

Contact the vendor for further information on obtaining fixes.

There is no exploit code required.

Metasploit Framework MSFWeb Defanged Mode Restriction Bypass

CAN-2005-2482

Medium
Secunia Advisory: SA16318, August 2, 2005

myFAQ

myFAQ 1.0

SQL injection vulnerabilities have been reported due to insufficient sanitization of the 'Theme,' 'SousTheme,' 'Question,' and 'Faq' parameters before using in SQL queries, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

MyFAQ Multiple SQL Injection
Medium
SVadvisory#13, August 6, 2005

MySQL AB

MySQL 5.0 .0-0-5.0.4, 4.1 .0-0-4.1.5, 4.0.24, 4.0.21, 4.0.20 , 4.0.18, 4.0 .0-4.0.15

A buffer overflow vulnerability has been reported due to insufficient bounds checking of data that is supplied as an argument in a user-defined function, which could let a remote malicious user execute arbitrary code.

This issue is reportedly addressed in MySQL versions 4.0.25, 4.1.13, and 5.0.7-beta available at:
http://dev.mysql.com/downloads/

Currently we are not aware of any exploits for this vulnerability.

MySQL User-Defined Function Buffer Overflow
High
Security Focus 14509 , August 8, 2005

PHP-Fusion

PHP-Fusion 6.0.105, 6.0.106, 5.0 1 Service Pack, 5.0, 4.0 1, 4.00

An SQL injection vulnerability was reported in 'Messages.php' script due to insufficient input validation before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHP-Fusion 'Messages.PHP' SQL Injection
Medium
Security Focus 14489, August 6, 2005

PHPLite

Calendar Express 2.0

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in several scripts due to insufficient sanitization of the 'cid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported in 'search.php' due to insufficient sanitization of the 'allwords' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

Calendar Express SQL Injection & Cross-Site Scripting
Medium
Secunia Advisory: SA16353, August 9, 2005

PHPMailer

PHPMailer 1.7-1.7.2

A remote Denial of Service vulnerability has been reported in 'class.smtp.php' due to an error when processing overly long headers in the 'Data()' function.

PHPMailer:
http://prdownloads.
sourceforge.net/
phpmailer/phpmailer
-1.73.tar.gz?dow nload

Xoops:
http://www.xoops.org/modules/
core/visit.php?cid=7&lid=85

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHPMailer 'Data()' Function Remote Denial of Service

CAN-2005-1807

Low

Security Tracker Alert, 1014069, May 28, 2005

Security Focus, 13805, August 9, 2005

PHPOpenChat

PHPOpenChat 3.0.2

Multiple Cross-Site Scripting vulnerabilities. have been reported due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

PHPOpenChat Multiple Cross-SIte Scripting

CAN-2005-2545

Medium
HSC Security Group Advisory, August 5, 2005

PHPSiteStats

PHPSiteStats 1.0

A vulnerability has been reported in the login script due to an unspecified error, which could let a remote malicious user bypass authentication routines.

Update available at:
http://prdownloads.sourceforge.net/
phpsitestats/phpsitestats1.1.zip
?download

There is no exploit code required.

PHPSiteStats Authentication Bypass
Medium
Secunia Advisory: SA16361, August 8, 2005

PortailPHP

PortailPHP 2.4

An SQL injection vulnerability has been reported in 'Index.php' due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PortailPHP 'Index.PHP' SQL Injection

CAN-2005-2486

Medium
Security Focus, 14474, August 4, 2005

SilverNews

SilverNews 2.0.3

An SQL injection vulnerability has been reported in 'Admin.php' due to insufficient sanitization of the username before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code or bypass authentication to obtain access to the administrative section.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

SilverNews 'Admin.PHP' SQL Injection

CAN-2005-2478

Medium
Security Focus, 14466, August 3, 2005

SquirrelMail

SquirrelMail 1.4.0 through 1.4.4

Multiple vulnerabilities have been reported that could let remote malicious users conduct Cross-Site Scripting attacks.

Upgrade to 1.4.4 and apply patch: http://prdownloads.
sourceforge.net/
squirrelmail/sqm-
144-xss.patch

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-19.xml

Mandriva:
http://www.mandriva.com/
security/advisories

Debian:
http://security.debian.org/
pool/updates/main/s/
squirrelmail/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-595.html

There is no exploit code required.

SquirrelMail Cross-Site Scripting Vulnerabilities

CAN-2005-1769

Medium

SquirrelMail Advisory, June 15, 2005

Gentoo Linux Security Advisory, GLSA 200506-19, June 21, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:108, July 1, 2005

Debian Security Advisory , DSA 756-1, July 13, 2005

RedHat Security Advisory, RHSA-2005:595-12, August 3, 2005

SquirrelMail

SquirrelMail 1.4.0-1.4.5-RC1.

A vulnerability has been reported in 'options_identities.php' because parameters are insecurely extracted, which could let a remote malicious user execute arbitrary HTML and script code, or obtain/manipulate sensitive information.

Upgrades available at:
http://www.squirrelmail.org/
download.php

Debian:
http://security.debian.org/
pool/updates/main/s/
squirrelmail/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-595.html

There is no exploit code required.

SquirrelMail Variable Handling

CAN-2005-2095

High

GulfTech Security Research
Advisory, July 13, 2005

Debian Security Advisory,
DSA 756-1,
July 13, 2005

RedHat Security Advisory, RHSA-2005:595-12, August 3, 2005

tDiary

tDiary 2.1.1, 2.0.1

A vulnerability has been reported due to a failure to perform validity checks on user's requests, which could let a remote malicious user edit/delete entries or configurations.

Upgrades available at:
http://prdownloads.sourceforge.net/
tdiary/tdiary-full-2.0.2.tar.gz?download

There is no exploit code required.

TDiary Cross-Site Request Forgery

CAN-2005-2411

Medium
Security Focus, 14500, August 8, 2005

Web Content Management

Web Content Management

A Cross-Site Scripting vulnerability has been reported a vulnerability in 'Includes/validsession.php' due to insufficient due to insufficient satiation of the 'strRootpath' parameter and in 'Admin/News/List.php' due to insufficient sanitization of the 'strTable' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'Admin/Users/
AddModifyInput.php' script due to insufficient authentication, which could let a remote malicious user obtain administrative privileges.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits and script have been published.

Web Content Management Cross-Site Scripting & Authentication Bypass

CAN-2005-2488
CAN-2005-2489

Medium
Security Tracker Alert ID: 1014616, August 3, 2005

XMB Forum

XMB Forum .9.1

An SQL injection vulnerability has been reported in 'U2U.Inc.PHP' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

XMB Forum U2U.Inc.PHP SQL Injection
Medium
Security Focus 14523, August 9, 2005

[back to top] 

Wireless

The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.

Wireless Vulnerabilities

  • Nothing significant to report.

[back to top] 

Recent Exploit Scripts/Techniques The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.

Note: At times, scripts/techniques may contain names or content that may be considered offensive.

Date of Script
(Reverse
Chronological Order)

Script name
Workaround or Patch Available
Script Description
August 10, 2005 aircrack-2.21.tgz
N/A
An 802.11 WEP cracking program that can recover a 40-bit or 104-bit WEP key once enough encrypted packets have been gathered.
August 10, 2005 funkboard066.txt
No
Exploit details for the FunkBoard Multiple Cross-Site Scripting vulnerability.
August 10, 2005 openSQL.txt
No
Sample exploit for the OpenBB Multiple SQL Injection vulnerability.
August 10, 2005 scapy-1.0.0.tar.gz
N/A
A powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer.
August 8, 2005 GBX-CSS-exp.zip
No
Exploit script for the Gravity Board Cross-Site Scripting vulnerability.
August 6, 2005 citiBypass.txt
N/A
Write up that discusses a methodology to bypass Citibank Virtual Keyboard Protection, a mechanism to help protect against keyloggers and spyware.
August 6, 2005 JaxXSS.txt
No
Exploitation details for the Jax PHP Scripts Multiple Cross-Site Scripting vulnerabilities.
August 6, 2005 nbSMTP_fsexp.c
Yes
Exploit for the no-brainer SMTP Client 'log_msg' Format String vulnerability.
August 5, 2005 aircrack-2.2.tgz
N/A
Aircrack is an 802.11 WEP cracking program that can recover a 40-bit or 104-bit WEP key once enough encrypted packets have been gathered.
August 5, 2005 Easyxp41.txt
No
Exploit for the Easy PX41 CMS Cross-Site Scripting or Information Disclosure vulnerability.
August 5, 2005 edituserxp.sh
Yes
Proof of Concept exploit for the Lantronix Secure Console Server 'edituser' Buffer Overflow vulnerability.
August 5, 2005 eventum.pl.txt
Yes
Proof of Concept exploit for the MySQL Eventum SQL Injection vulnerability.
August 5, 2005 FlatNuke-codexec.zip
flatnuke.html
No
Exploits for the FlatNuke User Data Arbitrary PHP Code Execution , Cross-Site Scripting, and Path Disclosure vulnerabilities.
August 5, 2005 phrack63.tar.gz
N/A
Phrack Magazine Issue 63 includes: Phrack Prophile on Tiago, OSX heap exploitation techniques, Hacking Windows CE, Games with kernel Memory...FreeBSD Style, Raising The Bar For Windows Rootkit Detection, Embedded ELF Debugging, Hacking Grub for Fun and Profit, Advanced antiforensics : SELF, Process Dump and Binary Reconstruction, Next-Gen. Runtime Binary Encryption, Shifting the Stack Pointer, NT Shellcode Prevention Demystified, PowerPC Cracking on OSX with GDB, Hacking with Embedded Systems, Process Hiding and The Linux Scheduler, Breaking Through a Firewall, Phrack World News.
August 5, 2005 pluggedBlog.txt
No
Detailed exploitation technique for the Plugged-Blog Multiple Vulnerabilities.
August 5, 2005 qlite.html
No
Proof of Concept exploit for the qliteNews arbitrary database manipulation and Cross-Site Scripting vulnerabilities.
August 5, 2005 webc.html
No
Proof of Concept exploit fir the Web Content Management Cross-Site Scripting & Authentication Bypass vulnerability.
August 5, 2005 yersinia-0.5.5.tar.gz
N/A
Yersinia implements several attacks for the following protocols: Spanning Tree (STP), Cisco Discovery (CDP), Dynamic Host Configuration (DHCP), Hot Standby Router (HSRP), Dynamic Trunking (DTP), 802.1q and VLAN Trunking (VTP), helping a pen-tester with different tasks.
August 3, 2005 CABrightStorSQL.c
Yes
Exploit for the the Computer Associates BrightStor ARCserve Backup Remote Buffer Overflow vulnerability.
August 2, 2005 prorat_server_dos.c
No
Proof of Concept Denial of Service exploit for the ProRat Server Remote Buffer Overflow vulnerability.

[back to top]

Trends
  • Get Up, Stand Up, Pharming Is On The Rise: Pharming is one of the latest online scams and a rapidly growing threat that has been showing up on the Internet. It’s a new way for criminals to try to get into your computer so they can steal your personal data that works by redirecting your Internet browser.
    Source: http://www.crime-research.org/news/09.08.2005/1416/ .
  • Scanning Activity on Port 6070/tcp: US-CERT has seen reports indicating an increase in scanning activity of port 6070/tcp. This port is used by Computer Associates BrightStor ARCserve. Source: http://www.us-cert.gov/current/.
  • ID theft ring hits 50 banks, security firm says: A major identity theft ring discovered last weekly by Sunbelt Software, a security firm, has affected the customers of at least 50 banks. In a statement made by Sunbelt, the operation, which is being investigated by the FBI, is gathering personal data from "thousands of machines" using keystroke logging software. The data collected includes credit card details, Social Security numbers, usernames, passwords, instant messaging chat sessions and search term. Source: http://news.zdnet.com/2100-1009_22-5823591.html.
  • Government computers top target for cyberattacks: According to IBM's Global Business Security Index report, cyberattacks on computer systems escalated in the first half of 2005 and government agencies were targeted more than any other business sector, In the first half of 2005, there were more than 237 million security attacks worldwide, with 54 million directed at the U.S. government. The manufacturing sector received about 36 million attacks, followed by the financial services industry with 34 million and health care with 17 million. Source: http://www.govexec.com/dailyfed/0805/080505p1.htm.
  • New Trend Found In IM Enterprise Threats: A security firm, Akonix Systems, reported that nearly a quarter more new viruses threatening corporate computers through employee use of public instant-messaging networks were discovered in July. Including one that reflected a new trend of attacking multiple IM systems. A total of 42 new threats were tracked in July, a 24 percent increase over the previous month. Source: http://www.techweb.com/wire/security/167101004.
  • U.S. Passes the Buck on Identity Theft: A year ago President George W. Bush signed into law the Identity Theft Penalty Enhancement Act in response to the growing proliferation of Internet scams, such as phishing, pharming and other ploys aimed at stealing consumers' private information electronically. However, the evidence suggests that this new law has done nothing to reduce identity theft or fraud. The number of publicly known identity theft cases has increased dramatically over the past year. Since January of 2005, there have been over 63 data-security breaches exposing nearly 50 million identities. Source: http://www.newsfactor.com/story.xhtml?story_id=37545.
  • First potential virus risk for Windows Vista found: Virus writers are targeting a new Microsoft tool that will be part of Windows and is set to ship as part of the next Exchange e-mail server release. According to F-Secure, a virus writer has published the first examples of malicious code that targets Microsoft's upcoming command-line shell, code-named Monad. If the technology is included in Windows Vista, these could be one of the first viruses to target the new operating system formerly known as Longhorn. Source: http://news.zdnet.com/2100-1009_22-5819428.html?tag=zdfd.newsfeed.

[back to top]

Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1 Netsky-P Win32 Worm Stable March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared files.
2 Mytob.C Win32 Worm Slight Increase March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
3 Zafi-D Win32 Worm Slight Decrease December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.
4 Netsky-Q Win32 Worm Stable March 2004 A mass-mailing worm that attempts to launch Denial of Service attacks against several web pages, deletes the entries belonging to several worms, and emits a sound through the internal speaker.
5 Mytob-BE Win32 Worm Slight Decrease June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data.
6 Mytob-AS Win32 Worm Stable June 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.
7 Zafi-B Win32 Worm Increase June 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.
8 Netsky-D Win32 Worm Slight Increase March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
9 Netsky-Z Win32 Worm Decrease April 2004 A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665.
10 Lovgate.w Win32 Worm Decrease April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.

Table updated August 6, 2005

[back to top]

 

 

 

Last updated

Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.

Wireless

Vulnerabilities The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.

Note: All the information included in the following tables has been discussed in newsgroups and on web sites.

The Risk levels defined below are based on how the system may be impacted:

Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.

  • High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
  • Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
  • Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Windows Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source

Acunetix

Web Vulnerability Scanner 2.0

A vulnerability has been reported in Web Vulnerability Scanner (Web Sniffer) that could let remote malicious users cause a Denial of Service.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Web Vulnerability Scanner Denial of Service Low Security Tracker, Alert ID: 1014628, August 5, 2005

Computer Associates

BrightStor ARCserve Backup 9.01, 10, 10.5, 11.0, 11.1

Multiple buffer overflow vulnerabilities have been reported in BrightStor ARCserve Backup that could let remote malicious users execute arbitrary code.

A vendor patch is available:
http://www3.ca.com/securityadvisor/
vulninfo/vuln.aspx?id=33239

An exploit has been published.

BrightStor ARCserve Backup Arbitrary Code

CAN-2005-1272
CAN-2005-0260

High

Computer Associates, Vulnerability ID: 33239, August 2, 2005

US-CERT, VU#279774, VU#966880, VU#864801

Microsoft

Windows 2000, XP, Server 2003, 98, 98 (SE), (ME)

A spoofing vulnerability has been reported that could enable a malicious user to spoof trusted Internet content.

Updates available: http://www.microsoft.com/technet/
security/Bulletin/MS05-032.mspx

V2.0: Update available for x64-based systems, Microsoft Windows Server 2003 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems.

Currently we are not aware of any exploits for this vulnerability.

Microsoft Agent Could Allow Spoofing

CAN-2005-1214

Medium

Microsoft, MS05-032, June 14, 2004

US-CERT VU#718542

Microsoft Security Bulletin MS05-032, August 9, 2005

Microsoft

ActiveSync 3.8, 3.7.1

Multiple vulnerabilities have been reported in ActiveSync's network synchronization protocol that could let remote malicious users to disclose information or cause a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required.

Microsoft ActiveSync Information Disclosure or Denial of Service Medium Security Focus, 14457, August 2, 2005

Microsoft

Internet Explorer

A memory corruption vulnerability has been reported in Internet Explorer COM Object instantiation that could let remote malicious users execute arbitrary code.

Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-038.mspx

A Proof of Concept exploit has been published.

Microsoft Internet Explorer Arbitrary Code Execution

CAN-2005-1990

High

Microsoft Security Bulletin MS05-038, August 9, 2005

US-CERT VU#959049

Microsoft

Internet Explorer 6.0SP2

Multiple vulnerabilities have been reported in Internet Explorer, JPEG Rendering, that could let remote malicious users perform a Denial of Service.

Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-038.mspx

A Proof of Concept exploit has been published.

Microsoft Internet Explorer Denial of Service

CAN-2005-2308
CAN-2005-1988

Low

Security Focus, 14284, 14285, 14286, July 15, 2005

Microsoft Security Bulletin MS05-038, August 9, 2005

US-CERT VU#965206

Microsoft

Internet Explorer Web Folder Behaviors

A vulnerability has been reported in Internet Explorer that could let remote malicious users disclose information or execute arbitrary code.

Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-038.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Internet Explorer Web Folder Behaviors Information Disclosure or Arbitrary Code Execution

CAN-2005-1989

High Microsoft Security Bulletin MS05-038, August 9, 2005

Microsoft

Plug and Play

A vulnerability has been reported in Plug and Play that could let local or remote malicious users execute arbitrary code or obtain elevated privileges.

Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-039.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Plug and Play Arbitrary Code Execution or Elevated Privileges

CAN-2005-1983

High

Microsoft Security Bulletin MS05-039, August 9, 2005

US-CERT VU#998653

Microsoft

Remote Desktop Protocol

A vulnerability has been reported in Remote Desktop Protocol that could let remote malicious users cause a Denial of Service.

Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-041.mspx

A Proof of Concept exploit has been published.

Microsoft Remote Desktop Protocol Denial of Service

CAN-2005-1218

Low

Microsoft Security Bulletin MS05-041, August 9, 2005

US-CERT VU#490628

Microsoft

Telephony Service

 

A buffer overflow vulnerability has been reported in Microsoft Telephony Service that could let local or remote malicious users execute arbitrary code.

Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-040.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Telephony Service Remote Code Execution

CAN-2005-0058

High Microsoft Security Bulletin MS05-040, August 9, 2005

Microsoft

Windows Kerberos PKINT

 

Multiple vulnerabilities have been reported in Windows Kerberos PKINT that could let remote malicious users disclose information or cause a Denial of Service.

Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-042.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows Kerberos PKINIT Information Disclosure or Denial of Service

CAN-2005-1981
CAN-2005-1982

Low Microsoft Security Bulletin MS05-042, August 9, 2005

Microsoft

Windows Print Spooler in XP, 2000, Server 2003

A buffer overflow vulnerability has been reported in Windows Print Spooler that could let local or remote malicious users execute arbitrary code.

Vendor fix available:
http://www.microsoft.com/
technet/security/Bulletin
/MS05-043.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows Print Spooler Arbitrary Code Execution

CAN-2005-1984

High

Microsoft Security Bulletin MS05-043, August 9, 2005

US-CERT VU#220821

Microsoft

Word 2000, 2002

Works Suite 2001, 2002, 2003, and 2004

Office Word 2003

Microsoft Word 2003 Viewer

A buffer overflow vulnerability has been reported that could lead to remote execution of arbitrary code or escalation of privilege.

V1.1 Bulletin updated to point to the correct Exchange 2000 Server Post-Service Pack 3 (SP3) Update Rollup and to advise on the scope and caveats of workaround "Unregister xlsasink.dll and fallback to Active Directory for distribution of route information."

V2.0 Microsoft Word 2003 Viewer also affected.

Updates available:
http://www.microsoft.com/technet/
security/Bulletin/MS05-023.mspx

Currently we are not aware of any exploits for this vulnerability.

Microsoft Word Remote Code Execution and Escalation of Privilege Vulnerabilities

CAN-2004-0963
CAN-2005-0558

High

Microsoft Security Bulletin MS05-023, April 12, 2005

US-CERT VU#442567

US-CERT VU#752591

Microsoft Security Bulletin MS05-023 V1.1, April 14, 2005

Microsoft Security Bulletin MS05-023 V1.1, August 9, 2005

Naxtor Technologies

Naxtor e-Directory 1.0

A vulnerability has been reported in Naxtor e-Directory that could let remote malicious users to conduct Cross-Site Scripting and perform SQL injection.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

Naxtor e-Directory Cross-Site Scripting or SQL Injection

Medium Secunia, Advisory: SA16314, August 3, 2005

Naxtor Technologies

Naxtor Shopping Cart 1.0, Pro 1.0

Multiple vulnerabilities has been reported in Naxtor Shopping Cart that could let remote malicious users to conduct Cross-Site Scripting or perform SQL injection.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

Naxtor Shopping Cart Cross-Site Scripting or SQL Injection

CAN-2005-2476
CAN-2005-2477

Medium Security Focus, 14454, 14456, August 2, 2005

NetowrkActiv

NetworkActiv Web Server 3.5.13 and previous

An input validation vulnerability has been reported in NetworkActiv Web Server that could let remote malicious users conduct Cross-Site Scripting.

Upgrade to V3.5.14:
http://www.networkactiv.com/
WebServer.html

There is no exploit code required; however, Proof of Concept exploits have been published.

NetworkActiv Web Server Cross-Site Scripting

CAN-2005-2453

Medium

Secunia, Advisory: SA16301, August 4, 2005

Pablo Software Solutions

Quick 'n Easy FTP Server 3.0

An input validation vulnerability has been reported in Quick 'n Easy FTP Server (USER Command) that could let remote malicious users cause a Denial of Service.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Quick 'n Easy FTP Server Denial of Service

CAN-2005-2479

Low Security Tracker, Alert ID: 1014615, August 3, 2005

ProRat Server 1.9 Fix2

A buffer overflow vulnerability has been reported in ProRat Server that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

ProRat Server Arbitrary Code Execution High Security Focus, 14458, August 2, 2005

Symantec

Norton GoBack 4.0

A vulnerability has been reported in Norton GoBack that could let local malicious users bypass authentication.

No workaround or patch available at time of publishing.

There is no exploit code required.

Norton GoBack Authentication Bypass
Medium Security Tracker Alert ID: 1014612, August 2, 2005

[back to top]

UNIX / Linux Operating Systems Only
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source
Clam
AntiVirus
0.86.1

Multiple vulnerabilities have been reported in Clam AntiVirus that could let remote malicious users cause a Denial of Service.

Upgrade to version 0.86.2:
http://www.clamav.net/
stable.php#pagestart

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Mandriva:
http://www.mandriva.com/
security/advisories?name=
MDKSA-2005:125

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-25.xml

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Clam AntiVirus Multiple Vulnerabilities

CAN-2005-2450

Low

Secunia, Advisory: SA16180, July 25, 2005

Gentoo Linux Security Advisory GLSA 200507-25, July 26, 2005

Mandriva Security Advisory, MDKSA-2005:125, July 27, 2005

SUSE Security Summary Report, SUSE-SR:2005:018, July 28, 2005

Conectiva Linux Announce-
ment, CLSA-2005:987, July 29, 2005

Debian

apt-cacher
0.9.9, 0.9.4

A vulnerability has been reported due to an unspecified input validation error, which could let a remote malicious user execute arbitrary code.

Debian:
http://www.debian.org/
security/2005/dsa-772

There is no exploit code required.

Debian
Apt-Cacher Remote Arbitrary Code Execution

CAN-2005-1854

High Debian Security Advisory, DSA 772-1, August 3, 2005

GNU

zgrep 1.2.4

A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.

A patch for 'zgrep.in' is available in the following bug report:
http://bugs.gentoo.org/
show_bug.cgi?id=90626

Mandriva:
http://www.mandriva.com/
security/advisories

TurboLinux:
ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-357.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-474.html

SGI:
ftp://oss.sgi.com/projects/
sgi_propack/download/
3/updates/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

SGI:
http://www.sgi.com/
support/security/

F5:
http://tech.f5.com/home/
bigip/solutions/advisories/
sol4532.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/

Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/

There is no exploit code required.

Gzip Zgrep Arbitrary
Command Execution

CAN-2005-0758

High

Security Tracker Alert, 1013928,
May 10, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
092, May 19,
2005

Turbolinux
Security Advisory, TLSA-2005-59, June 1, 2005

RedHat Security Advisory,
RHSA-2005:
357-19,
June 13, 2005

RedHat Security Advisory,
RHSA-2005:
474-15,
June 16, 2005

SGI Security Advisory, 20050603
-01-U, June 23, 2005

Fedora Update Notification,
FEDORA-
2005-471,
June 27, 2005

SGI Security Advisory, 20050605
-01-U, July 12, 2005

Secunia Advisory: SA16159, July 21, 2005

Ubuntu Security Notice,
USN-158-1, August 01, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005

High Availability
Linux Project

Heartbeat 1.2.3

An insecure file creation vulnerability has been reported in Heartbeat that could let local users arbitrarily overwrite files.

Debian:
http://security.debian.org/
pool/updates/main/
h/heartbeat/

Conectiva:
ftp://atualizacoes.
conectiva.com.br

Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-05.xml

There is no exploit code required.

Heartbeat Arbitrary File Overwrite

CAN-2005-2231

Medium

Secunia Advisory: SA16039,
July 12, 2005

Debian Security Advisory,
DSA 761-1,
July 19, 2005

Conectiva Linux Announce-
ment,
CLSA-2005:
991, August 4, 2005

Gentoo Linux Security Advisory, GLSA 200508-05, August 7, 2005

Kadu

Kadu 0.4.0

An integer overflow vulnerability has been reported in Kadu (libgadu) which could let remote malicious users cause a Denial of Service.

Upgrade to version 0.4.1:
http://www.kadu.net/wiki/
index.php/English:Main_Page

Gentoo:
http://www.gentoo.org/
security/en/glsa/
glsa-200507-26.xml

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e/ekg/

Currently we are not aware of any exploits for this vulnerability.

Kadu Denial of Service

CAN-2005-1852

Low

Secunia, Advisory: SA16238, July 27, 2005

Gentoo Security Advisory, GLSA 200507-26, July 27, 2005

Conectiva Linux Announce-
ment, CLSA-2005:989, August 4, 2005

Ubuntu Security Notice,
USN-162-1, August 08, 2005


Lantronix

Lantronix SCS82, SCS1620

Multiple vulnerabilities have been reported: a vulnerability was reported due in '/tmp' due to insecure pipe permissions, which could let a malicious user read arbitrary files with elevated privileges; a Directory Traversal vulnerability was reported in the console command interface, which could let a malicious user obtain sensitive information; a vulnerability was reported in the command-line interface, which could let a malicious user obtain superuser privileges; and a buffer overflow vulnerability was reported in the 'edituser' binary due to a boundary error, which could let a malicious user execute arbitrary code with root privileges.

Updated firmware available at:
ftp://ftp.lantronix.com/
pub/scs1620/

A Proof of Concept exploit has been published for the 'edituser' buffer overflow vulnerability.

Lantronix Secure Console Server SCS820/
SCS1620 Multiple Local Vulnerabilities
High
Security Focus, 14486, August 5, 2005

Multiple Vendors

Turbolinux
Server 10.0, 8.0, Desktop 10.0, Turbolinux
Home
Appliance
Server 1.0 Workgroup Edition,
Hosting Edition; Trustix Secure Linux 3.0, 2.2, Secure Enterprise
Linux 2.0; Sun Solaris 10.0 _x86, 10.0, 9.0 _x86 Update 2, 9.0 _x86,
9.0, Sun SEAM 1.0-1.0.2;
SuSE Linux Professional
9.3 x86_64,
9.3, Linux Personal 9.3 x86_64, 9.3;
RedHat
Fedora Core3 & 4, Advanced Workstation for the Itanium Processor 2.1; MIT Kerberos 5 5.0 -1.4.1
& prior;
Gentoo Linux

 

Multiple vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when a malicious user submits a specially crafted TCP connection that causes the Key Distribution Center (KDC) to attempt to free random memory; a buffer overflow vulnerability was reported in KDC due to a boundary error when a specially crafted TCP or UDP request is submitted, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in 'krb/recvauth.c' which could let a remote malicious user execute arbitrary code.

MIT:
http://web.mit.edu/
kerberos/advisories/
2005-002-patch_
1.4.1.txt.asc

Mandriva:
http://www.mandriva.com/
security/advisories

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates

RedHat:
http://rhn.redhat.com
/errata/RHSA-2005-
567.html

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101809-1

SuSE:
http://www.novell.com/linux/
security/advisories.html

Trustix:
http://http.trustix.org/pub/
trustix/updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

SGI:
http://www.sgi.com/
support/security/

Debian:
http://www.debian.org/
security/2005/dsa-757

Conectiva:
http://distro.conectiva.
com.br/atualizacoes/
index.php?id
=a&anuncio=000993

Currently we are not aware of any exploits for these vulnerabilities.

Kerberos V5 Multiple Vulnerabilities

CAN-2005-1174
CAN-2005-1175
CAN-2005-1689

High

MIT krb5 Security Advisory,
2005-002,
July 12, 2005

RedHat Security Advisory,
RHSA-2005:567-08, July 12, 2005

Sun(sm) Alert Notification, 101809, July 12, 2005

Fedora Update Notifications,
FEDORA-2005-
552 & 553,
July 12, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Turbolinux
Security Advisory TLSA-2005-78,
July 13, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
119, July 14,
2005

Trustix Secure
Linux Security Advisory,
TSLSA-2005-
0036,
July, 14, 2005

SGI Security Advisory, 20050703-01-U, July 15, 2005

Debian Security Advisory,
DSA-757-1,
July 17, 2005

US-CERT VU#885830

US-CERT VU#623332

US-CERT VU#259798

Conectiva Linux Advisory,
CLSA-2005
:993, August 8, 2005

Multiple Vendors

Linux kernel
2.6 prior to 2.6.12.1

 

A vulnerability has been reported in the 'restore_sigcontext()' function due to a failure to restrict access to the 'ar.rsc' register, which could let a malicious user cause a Denial of Service or obtain elevated privileges.

Updates available at:
http://www.kernel.org/

SUSE:
http://www.novell.com/linux/
security/advisories/
2005_44_kernel.html

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel 64 Bit 'AR-RSC' Register Access

CAN-2005-1761

Medium

Security Tracker Alert ID: 1014275, June 23, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005

Multiple Vendors

Linux Kernel
2.4, 2.6

A race condition in ia32 emulation, vulnerability has been reported in the Linux Kernel that could let local malicious users obtain root privileges or create a buffer overflow.

Patch Available:
http://kernel.org/pub/linux/
kernel/v2.4/testing/
patch-2.4.32-pre1.bz2

Trustix:
http://http.trustix.org/
pub/trustix/updates/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Race Condition and Buffer Overflow

CAN-2005-1768

High

Security Focus, 14205, July 11, 2005

Trustix Secure Linux Security Advisory,
TSLSA-2005-
0036, July 14, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005

Multiple Vendors

SuSE Linux Professional
9.0, x86_64; Linux kernel
2.6-2.6.12,
2.5 .0- 2.5.69, 2.4-2.4.32

An unspecified Denial of Service vulnerability has been reported when stack fault exceptions are triggered.

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Stack Fault Exceptions Denial of Service

CAN-2005-1767

Low

Security Focus, 14467, August 3, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005

Multiple Vendors

Linux kernel 2.5.0-2.5.69,
2.6-2.6.11

A Denial of Service vulnerability has been reported in 'kernel/futex.c.'

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/linux-
source-2.6.8.1/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-420.html

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Futex Denial of Service

CAN-2005-0937

Low

Security Tracker
Alert, 1013616,
March 31, 2005

Ubuntu Security Notice, USN-110-1 April 11, 2005

RedHat Security Advisory,
RHSA-2005
:420-24,
Updated
August 9, 2005

Multiple Vendors

Linux kernel
2.6 .10,
Linux kernel
2.6 -test1-
test11,
2.6-2.6.8

A Denial of Service vulnerability has been reported in the Netfilter code due to a memory leak.

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/linux-
source-2.6.8.1/

SuSE:
ftp://ftp.suse.com/pub/suse/

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/updates/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel
Netfilter Memory Leak
Denial of Service

CAN-2005-0210

Low

Ubuntu Security
Notice, USN-95-1 March 15, 2005

SUSE Security Announce-
ment,
SUSE-SA:
2005:
018, March 24, 2005

Fedora Security
Update Notification,
FEDORA-2005-262, March 28, 2005

Conectiva Linux Security Announce-
ment,
CLA-2005:945,
March 31, 2005

Fedora Update Notification
FEDORA-2005-313, April 11, 2005

RedHat Security Advisory,
RHSA-2005
:366-21, August 9, 2005

Multiple Vendors

Linux Kernel
2.6 up to & including
2.6.12-rc4

Several vulnerabilities have been reported: a vulnerability was reported in raw character devices (raw.c) because the wrong function is called before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space; and a vulnerability was reported in the 'pkt_ioctl' function in the 'pktcdvd' block device ioctl handler
(pktcdvd.c) because the wrong function is called before passing an ioctl to the block device, which could let a malicious user execute arbitrary code.

Update available at:
http://kernel.org/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-420.html

A Proof of Concept Denial of Service exploit script has been published.

Multiple Vendor Linux Kernel pktcdvd & raw device Block Device

CAN-2005-1264
CAN-2005-1589

High

Secunia Advisory, SA15392, May 17, 2005

Ubuntu Security Notice, USN-131-1, May 23, 2005

RedHat Security Advisory,
RHSA-2005
:420-24,
Updated
August 9, 2005

Multiple Vendors

Linux kernel
2.6-2.6.11

A vulnerability has been reported in the '/sys' file system due to a mismanagement of integer signedness, which could let a malicious user cause a Denial of Service and potentially execute arbitrary code.

SuSE:
ftp://ftp.suse.com/
pub/suse/

Ubuntu:
http://security.ubuntu.com/
ubuntupool/main/l/
linux-source-2.6.8.1/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel SYSFS_Write_
File Local Integer Overflow

CAN-2005-0867

Low/ High

(High if arbitrary code can be executed)

Security Focus, 13091, April 11, 2005

RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005

Multiple Vendors

SuSE Linux Professional
9.3, x86_64,
9.2, x86_64, Linux Personal 9.3, x86_64; Linux kernel
2.6-2.6.12

A remote Denial of Service vulnerability has been reported in the NFSACL protocol when handling when handling XDR data.

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel NFSACL Protocol XDR Data Remote Denial of

CAN-2005-2500

Low

Security Focus, 14468, August 3, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005

Multiple Vendors

RedHat Enterprise
Linux WS 4, ES 4, AS 4,
Desktop 4.0;
Linux kernel 2.6.9, 2.6-2.6.8

A Denial of Service vulnerability has been reported in the auditing code.

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-420.html

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel Auditing Code Denial of Service

CAN-2005-0136

Low

RedHat Security Advisory, RHSA-2005:420-22, June 8, 2005

RedHat Security Advisory,
RHSA-2005
:420-24,
Updated
August 9, 2005

Multiple Vendors

Linux kernel 2.6.10, 2.6
-test9-CVS,
2.6-test1-
test11, 2.6,
2.6.1-2.6.11; RedHat
Desktop 4.0, Enterprise
Linux WS 4,
ES 4, AS 4

Multiple vulnerabilities exist: a vulnerability exists in the 'shmctl' function, which could let a malicious user obtain sensitive information; a Denial of Service vulnerability exists in 'nls_ascii.c' due to the use of incorrect table sizes; a race condition vulnerability exists in the 'setsid()' function; and a vulnerability exists in the OUTS instruction on the AMD64 and Intel EM64T architecture, which could let a malicious user obtain elevated privileges.

RedHat:
https://rhn.redhat.com/errata/
RHSA-2005-092.html

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/
linux-source-2.6.8.1/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/2/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-366.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-283.html

http://rhn.redhat.com/
errata/RHSA-2005-284.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-472.html

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-120_
RHSA-2005-283_
RHSA-2005-284_
RHSA-2005-293_
RHSA-2005-472.pdf

FedoraLegacy:
http://download.fedoralegacy.
org/redhat/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-420.html

Currently we are not aware of any exploits for these vulnerabilities.

Linux Kernel
Multiple
Vulnerabilities

CAN-2005-0176
CAN-2005-0177
CAN-2005-0178
CAN-2005-0204

Medium

 

Ubuntu Security
Notice, USN-82-1, February 15, 2005

RedHat Security Advisory,
RHSA-2005:092-14, February 18, 2005

SUSE Security Announce-
ment,
SUSE-SA:2005:018, March 24, 2005

Fedora Security
Update Notification,
FEDORA-2005-262, March 28, 2005

Conectiva Linux Security Announce-
ment,
CLA-2005:945,
March 31, 2005

Fedora Update Notification
FEDORA-2005-313, April 11, 2005

RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005

RedHat Security Advisories, RHSA-2005
:283-15 &
RHSA-200
5:284-11,
April 28, 2005

RedHat Security Advisory,
RHSA-2005:
472-05,
May 25, 2005

Avaya Security Advisory, ASA-2005-120, June 3, 2005

FedoraLegacy: FLSA:152532, June 4, 2005

RedHat Security Advisory,
RHSA-2005
:420-24,
Updated
August 9, 2005

Multiple Vendors

SuSE Linux Professional
9.3, x86_64,
9.2, x86_64, Linux Personal 9.3, x86_64; Linux kernel
2.6-2.6.12

A buffer overflow vulnerability has been reported in the XFRM network architecture code due to insufficient validation of user-supplied input, which could let a malicious user execute arbitrary code.

Patches available at:
http://www.kernel.org/

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel XFRM Array Index Buffer Overflow

CAN-2005-2456

High Security Focus, 14477, August 5, 2005

Multiple Vendors

Linux kernel
2.6-2.6.12 .1

Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to an error when handling keyrings; and a Denial of Service vulnerability was reported in the 'KEYCTL_JOIN_SESSION_KEYRING' operation due to an error when attempting to join a key management session.

Patches available at:
http://kernel.org/pub/linux/
kernel/v2.6/snapshots/
patch-2.6.13-rc6-git 1.bz2

There is no exploit code required.

Linux Kernel Management Denials of Service

CAN-2005-2098
CAN-2005-2099

Low
Secunia Advisory: SA16355, August 9, 2005

Multiple Vendors

zlib 1.2.2, 1.2.1; Ubuntu Linux 5.04 powerpc, i386, amd64,
4.1 ppc, ia64, ia32; Debian Linux 3.1
sparc, s/390, ppc, mipsel, mips, m68k,
ia-64, ia-32,
hppa, arm,
alpha

A remote Denial of Service vulnerability has been reported due to a failure of the library to properly handle unexpected compression routine input.

Zlib:
http://www.zlib.net/
zlib-1.2.3.tar.gz

Debian:
http://security.debian.org/
pool/updates/main/z/zlib/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/z/zlib/

OpenBSD:
http://www.openbsd.org/
errata.html#libz2

Mandriva:
http://www.mandriva.com/
security/ advisories?name=
MDKSA-2005:124

Fedora:
http://download.fedora.
redhat.com/ pub/fedora
/linux/core/updates/

Slackware:
http://slackware.com/
security/viewer.php?
l=slackware-security&y=2005&
m=slackware-security.323596

FreeBSD:
ftp://ftp.freebsd.org/
pub/FreeBSD/CERT/
advisories/FreeBSD
-SA-05:18.zlib.asc

SUSE:
http://lists.suse.com/
archive/suse-security-
announce/2005-
Jul/0007.html

Gentoo:
http://security.gentoo.org/
glsa/glsa-200507-28.xml

http://security.gentoo.org/
glsa/glsa-200508-01.xml

Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendor Zlib Compression Library Decompression Remote Denial of Service

CAN-2005-1849

Low

Security Focus, 14340, July 21, 2005

Debian Security Advisory DSA 763-1, July 21, 2005

Ubuntu Security Notice, USN-151-1, July 21, 2005

OpenBSD, Release Errata 3.7, July 21, 2005

Mandriva Security Advisory, MDKSA-2005:124, July 22, 2005

Secunia, Advisory: SA16195, July 25, 2005

Slackware Security Advisory, SSA:2005-
203-03
, July 22, 2005

FreeBSD Security Advisory, SA-05:18, July 27, 2005

SUSE Security Announce-
ment, SUSE-SA:2005:043,
July 28, 2005

Gentoo Linux Security Advisory, GLSA 200507-28, July 30, 2005

Gentoo Linux Security Advisory, GLSA 200508-01, August 1, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005

netpbm
10.0

A vulnerability has been reported in netpbm ('-dSAFER') that could let malicious users execute arbitrary postscript code.

Trustix:
ftp://ftp.trustix.org/pub/
trustix/updates/

Gentoo:
http://security.gentoo.org/
glsa/glsa-200508-04.xml

There is no exploit code required.

netpbm Arbitrary Code Execution

CAN-2005-2471


High

Secunia Advisory: SA16184, July 25, 2005

Trustix Secure Linux Security Advisory, #2005-0038, July 29, 2005

Gentoo Linux Security Advisory, GLSA 200508-04, August 5, 2005

ProFTPd

Multiple format string vulnerabilities have been reported in ProFTPd that could let remote malicious users cause a denial of service or disclose information.

Upgrade to version 1.3.0rc2:
http://www.proftpd.org/

Gentoo:
http://www.gentoo.org/
security/en/glsa/
glsa-200508-02.xml

Trustix:
ftp://ftp.trustix.org/
pub/trustix/updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

Currently we are not aware of any exploits for this vulnerability.

ProFTPD Denial of Service or Information Disclosure

CAN-2005-2390

Medium

Secunia, Advisory: SA16181, July 26, 2005

Gentoo Linux Security Advisory, GLSA 200508-02, August 1, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005

Turbolinux Security Advisory, TLSA-2005-82, August 9, 2005

Sun Microsystems, Inc.

Solaris 10.0, 10.0_x86, 9.0, 9.0 _x86
Update 2, 9.0 _x86, 8.0,
8.0 _x86,
7.0, 7.0 _x86

A vulnerability has been reported in the 'printd' daemon due to an unspecified error, which could let a local/remote malicious user delete arbitrary files.

Patches available at:
http://sunsolve.sun.com/
search/
document.do?
assetkey=1-26-101842-1

Currently we are not aware of any exploits for this vulnerability.

Sun Solaris Printd Arbitrary File Deletion
Medium
Sun(sm) Alert Notification, 101842, August 8, 205

SysCP

SysCP 1.2.1-1.2.10

Several vulnerabilities have been reported: a vulnerability was reported due to insufficient verification of input in an unspecified parameter before including a language file, which could let a remote malicious user include arbitrary files from external resources; and a vulnerability was reported in the internal template engine due to insufficient sanitization of input, which could let a remote malicious user execute arbitrary PHP code.

Upgrades available at:
http://www.syscp.de/files/
downloads/syscp-
1.2.11.tar.gz

There is no exploit code required; however a Proof of Concept exploit has been published.

SysCP Multiple Script Execution
High
Secunia Advisory: SA16347, August 8,2005

Wine

Windows API Emulator 20050725

A vulnerability has been reported in 'winelauncher.in' due to the insecure creation of a temporary file in '/tmp,' which could let a malicious user create/overwrite arbitrary files.

No workaround or patch available at time of publishing.

There is no exploit code required.

Wine Wine
Launcher.IN Local Insecure File Creation
Medium
Security Focus 14495, August 8, 2005

Wojtek Kaniewski

ekg 2005-
06-05 22:03

A vulnerability has been reported in 'contrib/scripts/linki.py' due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges.

Debian:
http://security.debian.org/
pool/updates/main/e/ekg/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e/ekg/

There is no exploit code required.

Wojtek Kaniewski
EKG Insecure
Temporary File
Creation

CAN-2005-1916

Medium

Secunia Advisory: SA15889,
July 5, 2005

Debian Security Advisory,
DSA 760-1,
July 18, 2005

Ubuntu Security Notice, USN-162-1, August 08, 2005

Wojtek Kaniewski

Ekspery-mentalny
Klient Gadu-Gadu (ekg) 2005-04-11

Several vulnerabilities have been reported: a vulnerability was reported in 'contrib/ekgnv.sh,' 'contrib/getekg.sh,' and 'contrib/ekgh' due to the insecure creation of a temporary file, which could let a remote malicious user create/overwrite arbitrary files; and an SQL injection vulnerability was reported in 'contrib/scripts/ekgbot-pre1.py' due to an error, which could let a remote malicious user inject arbitrary shell commands.

Debian:
http://security.debian.org/
pool/updates/main/e/ekg/

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/e/ekg/

There is no exploit code required.

Wojtek Kaniewski EKG Insecure Temporary File Creation & SQL Injection

CAN-2005-1850
CAN-2005-1851

High

Debian Security Advisory,
DSA 760-1,
July 18, 2005

Ubuntu Security Notice, USN-162-1, August 08, 2005

Yukihiro Matsumoto

Ruby 1.8.2

A vulnerability has been reported in the XMLRPC server due to a failure to set a valid default value that prevents security protection using handlers, which could let a remote malicious user execute arbitrary code.

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/updates/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

Debian:
http://security.debian.org/
pool/updates/
main/r/ruby1.8/

Gentoo:
http://security.gentoo.
org/glsa/
glsa-200507-10.xml

Mandriva:
http://www.mandriva.
com/security/advisories

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-543.html

Currently we are not aware of any exploits for this vulnerability.

Yukihiro Matsumoto Ruby XMLRPC Server Unspecified Command Execution

CAN-2005-1992

High

Fedora Update Notifications,
FEDORA-
2005-474 & 475, June 21, 2005

Turbolinux
Security
Advisory,
TLSA-2005-74, June 28, 2005

Debian Security Advisory, DSA 748-1, July 11, 2005

Gentoo Linux Security
Advisory,
GLSA 200507-
10, July 11,
2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
118, July 13,
2005

RedHat Security Advisory, RHSA-2005:
543-08, August 5, 2005

[back to top] 

Multiple Operating Systems - Windows / UNIX / Linux / Other
Vendor & Software Name
Vulnerability - Impact
Patches - Workarounds
Attacks Scripts
Common Name /
CVE Reference
Risk
Source
Apache

A vulnerability has been reported in Apache which can be exploited by remote malicious user to smuggle http requests.

Conectiva:
http://distro.conectiva.com
.br/ atualizacoes/index.php?
id=a&anuncio=000982

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Mandriva:
http://www.mandriva.com/
security/advisories

http://security.ubuntu.com/
ubuntu/pool/main/a/apache2/

TurboLinux:
ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

Currently we are not aware of any exploits for these vulnerabilities.

Apache HTTP Request Smuggling Vulnerability

CAN-2005-1268
CAN-2005-2088

Medium

Secunia, Advisory: SA14530, July 26, 2005

Conectiva, CLSA-2005:982, July 25, 2005

Fedora Update Notification
FEDORA-2005-638 & 639, August 2, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:129, August 3, 2005

Ubuntu Security Notice, USN-160-1, August 04, 2005

Turbolinux Security Advisory, TLSA-2005-81, August 9, 2005

Chipmunk Scripts

Chipmunk Forum 1.3

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'fontcolor' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

Chipmunk Forum 'fontcolor' Cross-Site Scripting
Medium
Security Tracker Alert ID: 1014630, August 8, 2005

Cisco

Cisco IOS
12.4 & prior 12.x versions

An IPv6 packet handling vulnerability has been reported in Cisco IOS that could let local malicious users cause a remote Denial of Service or potentially execute arbitrary code.

Vendor fix available:
http://www.cisco.com/warp
/public/707/cisco-sa-20050729-
ipv6.shtml#software

Revision 1.6: Added a note to the Affected Products section. Software Versions and Fixes table updated for 12.2EZ.

Revision 1.7:
Software Versions and Fixes table updated for Cisco IOS XR
.



A working Proof of Concept exploit has been developed; however, it is currently not publicly available.

Cisco IOS Remote Denial of Service or Arbitrary Code Execution

CAN-2005-2451

High

Cisco Security Advisory, Document ID: 65783 Revision 1.5, August 1, 2005

US-CERT VU#930892

Cisco Security Advisory, Document ID: 65783 Revision 1.6 & 1.7, August 3 & 5, 2005

Comdev Software

eCommerce 3.0

A Directory Traversal vulnerability has been reported in 'WCE.Download.php,' which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept has been published.

Comdev eCommerce 'WCE.Download.
PHP' Directory Traversal

CAN-2005-2543

Medium
Security Focus, 14479, August 5, 2005

Comdev Software

eCommerce 3.0

A vulnerability has been reported in the 'path[docroot]' parameter due to insufficient verification before including files, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept has been published.

Comdev ECommerce Config.PHP Remote File Include

CAN-2005-2544

High
Secunia Advisory: SA16346, August 8, 2005

Denora IRC Stats

Denora IRC Stats 1.0

A buffer overflow vulnerability has been reported in the 'rdb_query()' function due to a boundary error, which could let a remote malicious user execute arbitrary code.

Upgrade available at:
http://denora.nomadirc.net/
download.php

Currently we are not aware of any exploits for this vulnerability.

Denora IRC Stats Remote Buffer Overflow

CAN-2005-2484

High
Secunia Advisory: SA16281, August 4, 2005

e107.org

e107 website system 0.617, 0.616, 0.603, 0.6 10 - 0.6 15a

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported because users can upload HTML and TXT attachments that contain JavaScript, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published for the Cross-Site Scripting vulnerability.

E107 Website System Cross-Site Scripting & HTML Injection
Medium
Security Focus, 14495 & 14508, August 8, 2005

EMC

Navisphere Manager 6.4-6.6

Several vulnerabilities have been reported: a Directory Traversal vulnerability was reported due to insufficient validation of HTTP requests, which could let a remote malicious user obtain sensitive information; and an information disclosure vulnerability was reported because it is possible to list the contents of a directory.

The vendor has addressed this issue in the latest version of the affected application.

There is no exploit code required; however, Proofs of Concept exploits have been published.

EMC Navisphere Manager IEMC Navisphere Manager Directory Traversal & Information Disclosure

CAN-2005-2357
CAN-2005-2358

Medium
iDEFENSE Security Advisory, August 5, 2005

Ethereal

Ethereal
V0.10.11

Multiple dissector and zlib vulnerabilities have been reported in Ethereal that could let remote malicious users cause a denial of service or execute arbitrary code.

Upgrade to version 0.10.12:
http://www.ethereal.com/
download.html

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Mandriva:
http://www.mandriva.com/
security/advisories

Currently we are not aware of any exploits for these vulnerabilities.

High

Secunia, Advisory: SA16225, July 27, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:131, August 4, 2005

 

FFTW

FFTW 3.0.1

A vulnerability has been reported due to the insecure creation of temporary files, which could let a malicious user create/overwrite arbitrary files.

No workaround or patch available at time of publishing.

There is no exploit code required.
FFTW Insecure Temporary File Creation
Medium
Security Focus, 14501, August 8, 2005

FlatNuke

FlatNuke 2.5.5

Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'structure.php' due to insufficient sanitization of the 'bodycolor,' 'backimage,' 'theme,' and 'logo' parameters, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported due to insufficient sanitization of posted news articles before displaying to site administrators, which could let a remote malicious user execute arbitrary code; a vulnerability was ported due to insufficient sanitization of the 'firma' parameter when saving the user's signature to the user file, which could let a remote malicious user inject and execute arbitrary PHP commands; and a vulnerability was reported because it is possible to obtain path information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

FlatNuke Multiple Vulnerabilities

CAN-2005-2537
CAN-2005-2538
CAN-2005-2539
CAN-2005-2540

High
Secunia Advisory: SA16330, August 5, 2005

FunkBoard

FunkBoard 0.66 CF

Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

FunkBoard Multiple Cross-Site Scripting
Medium
Security Focus, 13507, August 8, 2005

Fusebox

Fusebox 4.1.0

A Cross-Site Scripting vulnerability has been reported in the 'index.cfm' due to insufficient sanitization of the 'fuseaction' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been reported.

Fusebox 'Index.CFM' Cross-Site Scripting

CAN-2005-2480

Medium
Security Focus, 14460, August 3, 2005

Gravity Board X Development

GBX 1.1

Multiple vulnerabilities have been reported: an SQL injection vulnerability was reported in 'index.php' due to insufficient sanitization of the 'email' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a Cross-Site Scripting vulnerability was reported in 'deletethread.php' due to insufficient sanitization of the 'board_id' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'editcss.php' script due to insufficient access restrictions, which could let a remote malicious user execute arbitrary PHP scripts.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits and a script for the Cross-Site Scripting vulnerability have been published.

Gravity Board X Input Validation & Access Restrictions
High
Security Tracker Alert ID: 1014631, August 8, 2005

Inkscape

Inkscape 0.41

A vulnerability has been reported in 'ps2epsi.sh' due to the insecure creation of a temporary file, which could let a malicious user create/overwrite arbitrary files.

Upgrade available at:
http://citkit.dl.sourceforge.net/
sourceforge/inkscape/
inkscape-0.42.ta r.gz

There is no exploit code required.

Inkscape 'ps2epsi.sh' Insecure Temporary File
Medium
Security Focus 14522, August 9, 2005

Invision Power Services

Invision Board 1.0.3

a Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Invision Power Board Cross-Site Scripting

CAN-2005-2542

Medium
Security Focus, 14492, August 8, 2005

Jax Scripts

Jax Petitionbook 3.31, Newsletter 2.14, Jax LinkLists 1.0 , Guestbook 3.31, Jax DWT Editor 1.0, Jax Calendar 1.34

Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept has been published.

Jax PHP Scripts Multiple Cross-Site Scripting
Medium
Security Focus 14481, August 5,2 005

Jax Scripts

Jax Petitionbook 3.31, Newsletter 2.14, Jax LinkLists 1.0 , Guestbook 3.31, Jax DWT Editor 1.0, Jax Calendar 1.34

Multiple vulnerabilities have been reported due to insufficient access validation, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept has been published.

Jax PHP Scripts Multiple Remote Information Disclosure
Medium
Security Focus 14482, August 5, 2005

Karrigell

Karrigell 2.1-2.1.5, 2.0-2.0.5, 1.x

A vulnerability has been reported in a karrigell services (.ks) script due to insufficient validation of user-supplied input, which could let a remote malicious user execute arbitrary python code.

Upgrades available at:
http://prdownloads.sourceforge.net/
karrigell/Karrigell-2.1.8.tgz?download

There is no exploit code required; however, Proofs of Concept exploits have been published.

Karrigell Arbitrary Python Code Execution

CAN-2005-2483

High
Secunia Advisory: SA16319, August 3, 2005

KDE

KDE 3.4,
3.3-3.3.2,
3.2-3.2.3

A vulnerability has been reported in KDE Kate and KWrite because backup files are created with default permissions even if the original file had more restrictive permissions set, which could let a local/remote malicious user obtain sensitive information.

Patches available at:
ftp://ftp.kde.org/pub/kde/
security_patches/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Mandriva:
http://www.mandriva.com/
security/advisories

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-612.html

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

There is no exploit code required.

KDE Kate, KWrite Local Backup File Information Disclosure

CAN-2005-1920

Medium

Security Tracker Alert ID: 1014512, July 18, 2005

Fedora Update Notification,
FEDORA-2005-594, July 19, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:122, July 20, 2005

RedHat Security Advisory, RHSA-2005:612-07, July 27, 2005

Conectiva Linux Announcement, CLSA-2005:988, August 4, 2005

Lansoft Enterprises

OpenBB 1.1 .0

Multiple SQL injection vulnerabilities have been reported in 'board.php,' read.php,' and member.php' due to insufficient sanitization of the 'FID,' 'TID,' and 'UID' parameters before used in a SQL query, which could let a malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

OpenBB Multiple SQL Injection
Medium
Secunia Advisory: SA16369, August 9, 2005

Logicampus

Logicampus 1.1 .0

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of input passed to the helpdesk before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrade available at:
http://prdownloads.sourceforge.net/
logicampus/logicampus-
1.1.1.tar.gz? download

There is no exploit code required.

LogiCampus Helpdesk Cross-Site Scripting

CAN-2005-2485

 

Medium
Security Focus, 14472, August 4, 2005

McDATA

Sphereon Fabric Switch 4500, 4300, Intrepid Director Switch 6140, 6064,
McDATA E/OS

A remote Denial of Service vulnerability has been reported due to a failure to recover from network broadcast storms.

Update to E/OS 6.0.0 or later (E/OS 7.01.00 in patch 119550-01 also contains the fix).

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-21-119550-01-1

There is no exploit code required.

McDATA E/OS Remote Denial of Service

CAN-2005-2487

Low

Sun(sm) Alert Notification, 101833, August 3, 2005

Secunia Advisory: SA16295, August 4, 2005

Metasploit Project

Metasploit Framework 2.0-2.4, 1.0

A vulnerability has been reported in the 'StateToOptions()' function because the '_Defanged' environment variable can be overwritten, which could let a remote malicious user bypass security restrictions.

Contact the vendor for further information on obtaining fixes.

There is no exploit code required.

Metasploit Framework MSFWeb Defanged Mode Restriction Bypass

CAN-2005-2482

Medium
Secunia Advisory: SA16318, August 2, 2005

myFAQ

myFAQ 1.0

SQL injection vulnerabilities have been reported due to insufficient sanitization of the 'Theme,' 'SousTheme,' 'Question,' and 'Faq' parameters before using in SQL queries, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

MyFAQ Multiple SQL Injection
Medium
SVadvisory#13, August 6, 2005

MySQL AB

MySQL 5.0 .0-0-5.0.4, 4.1 .0-0-4.1.5, 4.0.24, 4.0.21, 4.0.20 , 4.0.18, 4.0 .0-4.0.15

A buffer overflow vulnerability has been reported due to insufficient bounds checking of data that is supplied as an argument in a user-defined function, which could let a remote malicious user execute arbitrary code.

This issue is reportedly addressed in MySQL versions 4.0.25, 4.1.13, and 5.0.7-beta available at:
http://dev.mysql.com/downloads/

Currently we are not aware of any exploits for this vulnerability.

MySQL User-Defined Function Buffer Overflow
High
Security Focus 14509 , August 8, 2005

PHP-Fusion

PHP-Fusion 6.0.105, 6.0.106, 5.0 1 Service Pack, 5.0, 4.0 1, 4.00

An SQL injection vulnerability was reported in 'Messages.php' script due to insufficient input validation before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHP-Fusion 'Messages.PHP' SQL Injection
Medium
Security Focus 14489, August 6, 2005

PHPLite

Calendar Express 2.0

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in several scripts due to insufficient sanitization of the 'cid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported in 'search.php' due to insufficient sanitization of the 'allwords' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits have been published.

Calendar Express SQL Injection & Cross-Site Scripting
Medium
Secunia Advisory: SA16353, August 9, 2005

PHPMailer

PHPMailer 1.7-1.7.2

A remote Denial of Service vulnerability has been reported in 'class.smtp.php' due to an error when processing overly long headers in the 'Data()' function.

PHPMailer:
http://prdownloads.
sourceforge.net/
phpmailer/phpmailer
-1.73.tar.gz?dow nload

Xoops:
http://www.xoops.org/modules/
core/visit.php?cid=7&lid=85

There is no exploit code required; however, a Proof of Concept exploit has been published.

PHPMailer 'Data()' Function Remote Denial of Service

CAN-2005-1807

Low

Security Tracker Alert, 1014069, May 28, 2005

Security Focus, 13805, August 9, 2005

PHPOpenChat

PHPOpenChat 3.0.2

Multiple Cross-Site Scripting vulnerabilities. have been reported due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

PHPOpenChat Multiple Cross-SIte Scripting

CAN-2005-2545

Medium
HSC Security Group Advisory, August 5, 2005

PHPSiteStats

PHPSiteStats 1.0

A vulnerability has been reported in the login script due to an unspecified error, which could let a remote malicious user bypass authentication routines.

Update available at:
http://prdownloads.sourceforge.net/
phpsitestats/phpsitestats1.1.zip
?download

There is no exploit code required.

PHPSiteStats Authentication Bypass
Medium
Secunia Advisory: SA16361, August 8, 2005

PortailPHP

PortailPHP 2.4

An SQL injection vulnerability has been reported in 'Index.php' due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PortailPHP 'Index.PHP' SQL Injection

CAN-2005-2486

Medium
Security Focus, 14474, August 4, 2005

SilverNews

SilverNews 2.0.3

An SQL injection vulnerability has been reported in 'Admin.php' due to insufficient sanitization of the username before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code or bypass authentication to obtain access to the administrative section.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

SilverNews 'Admin.PHP' SQL Injection

CAN-2005-2478

Medium
Security Focus, 14466, August 3, 2005

SquirrelMail

SquirrelMail 1.4.0 through 1.4.4

Multiple vulnerabilities have been reported that could let remote malicious users conduct Cross-Site Scripting attacks.

Upgrade to 1.4.4 and apply patch: http://prdownloads.
sourceforge.net/
squirrelmail/sqm-
144-xss.patch

Gentoo:
http://security.gentoo.org/
glsa/glsa-200506-19.xml

Mandriva:
http://www.mandriva.com/
security/advisories

Debian:
http://security.debian.org/
pool/updates/main/s/
squirrelmail/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-595.html

There is no exploit code required.

SquirrelMail Cross-Site Scripting Vulnerabilities

CAN-2005-1769

Medium

SquirrelMail Advisory, June 15, 2005

Gentoo Linux Security Advisory, GLSA 200506-19, June 21, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:108, July 1, 2005

Debian Security Advisory , DSA 756-1, July 13, 2005

RedHat Security Advisory, RHSA-2005:595-12, August 3, 2005

SquirrelMail

SquirrelMail 1.4.0-1.4.5-RC1.

A vulnerability has been reported in 'options_identities.php' because parameters are insecurely extracted, which could let a remote malicious user execute arbitrary HTML and script code, or obtain/manipulate sensitive information.

Upgrades available at:
http://www.squirrelmail.org/
download.php

Debian:
http://security.debian.org/
pool/updates/main/s/
squirrelmail/

RedHat:
http://rhn.redhat.com/
errata/RHSA-2005-595.html

There is no exploit code required.

SquirrelMail Variable Handling

CAN-2005-2095

High

GulfTech Security Research
Advisory, July 13, 2005

Debian Security Advisory,
DSA 756-1,
July 13, 2005

RedHat Security Advisory, RHSA-2005:595-12, August 3, 2005

tDiary

tDiary 2.1.1, 2.0.1

A vulnerability has been reported due to a failure to perform validity checks on user's requests, which could let a remote malicious user edit/delete entries or configurations.

Upgrades available at:
http://prdownloads.sourceforge.net/
tdiary/tdiary-full-2.0.2.tar.gz?download

There is no exploit code required.

TDiary Cross-Site Request Forgery

CAN-2005-2411

Medium
Security Focus, 14500, August 8, 2005

Web Content Management

Web Content Management

A Cross-Site Scripting vulnerability has been reported a vulnerability in 'Includes/validsession.php' due to insufficient due to insufficient satiation of the 'strRootpath' parameter and in 'Admin/News/List.php' due to insufficient sanitization of the 'strTable' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'Admin/Users/
AddModifyInput.php' script due to insufficient authentication, which could let a remote malicious user obtain administrative privileges.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits and script have been published.

Web Content Management Cross-Site Scripting & Authentication Bypass

CAN-2005-2488
CAN-2005-2489

Medium
Security Tracker Alert ID: 1014616, August 3, 2005

XMB Forum

XMB Forum .9.1

An SQL injection vulnerability has been reported in 'U2U.Inc.PHP' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

XMB Forum U2U.Inc.PHP SQL Injection
Medium
Security Focus 14523, August 9, 2005

[back to top] 

Wireless

The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.

Wireless Vulnerabilities

  • Nothing significant to report.

[back to top] 

Recent Exploit Scripts/Techniques The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.

Note: At times, scripts/techniques may contain names or content that may be considered offensive.

Date of Script
(Reverse
Chronological Order)

Script name
Workaround or Patch Available
Script Description
August 10, 2005 aircrack-2.21.tgz
N/A
An 802.11 WEP cracking program that can recover a 40-bit or 104-bit WEP key once enough encrypted packets have been gathered.
August 10, 2005 funkboard066.txt
No
Exploit details for the FunkBoard Multiple Cross-Site Scripting vulnerability.
August 10, 2005 openSQL.txt
No
Sample exploit for the OpenBB Multiple SQL Injection vulnerability.
August 10, 2005 scapy-1.0.0.tar.gz
N/A
A powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer.
August 8, 2005 GBX-CSS-exp.zip
No
Exploit script for the Gravity Board Cross-Site Scripting vulnerability.
August 6, 2005 citiBypass.txt
N/A
Write up that discusses a methodology to bypass Citibank Virtual Keyboard Protection, a mechanism to help protect against keyloggers and spyware.
August 6, 2005 JaxXSS.txt
No
Exploitation details for the Jax PHP Scripts Multiple Cross-Site Scripting vulnerabilities.
August 6, 2005 nbSMTP_fsexp.c
Yes
Exploit for the no-brainer SMTP Client 'log_msg' Format String vulnerability.
August 5, 2005 aircrack-2.2.tgz
N/A
Aircrack is an 802.11 WEP cracking program that can recover a 40-bit or 104-bit WEP key once enough encrypted packets have been gathered.
August 5, 2005 Easyxp41.txt
No
Exploit for the Easy PX41 CMS Cross-Site Scripting or Information Disclosure vulnerability.
August 5, 2005 edituserxp.sh
Yes
Proof of Concept exploit for the Lantronix Secure Console Server 'edituser' Buffer Overflow vulnerability.
August 5, 2005 eventum.pl.txt
Yes
Proof of Concept exploit for the MySQL Eventum SQL Injection vulnerability.
August 5, 2005 FlatNuke-codexec.zip
flatnuke.html
No
Exploits for the FlatNuke User Data Arbitrary PHP Code Execution , Cross-Site Scripting, and Path Disclosure vulnerabilities.
August 5, 2005 phrack63.tar.gz
N/A
Phrack Magazine Issue 63 includes: Phrack Prophile on Tiago, OSX heap exploitation techniques, Hacking Windows CE, Games with kernel Memory...FreeBSD Style, Raising The Bar For Windows Rootkit Detection, Embedded ELF Debugging, Hacking Grub for Fun and Profit, Advanced antiforensics : SELF, Process Dump and Binary Reconstruction, Next-Gen. Runtime Binary Encryption, Shifting the Stack Pointer, NT Shellcode Prevention Demystified, PowerPC Cracking on OSX with GDB, Hacking with Embedded Systems, Process Hiding and The Linux Scheduler, Breaking Through a Firewall, Phrack World News.
August 5, 2005 pluggedBlog.txt
No
Detailed exploitation technique for the Plugged-Blog Multiple Vulnerabilities.
August 5, 2005 qlite.html
No
Proof of Concept exploit for the qliteNews arbitrary database manipulation and Cross-Site Scripting vulnerabilities.
August 5, 2005 webc.html
No
Proof of Concept exploit fir the Web Content Management Cross-Site Scripting & Authentication Bypass vulnerability.
August 5, 2005 yersinia-0.5.5.tar.gz
N/A
Yersinia implements several attacks for the following protocols: Spanning Tree (STP), Cisco Discovery (CDP), Dynamic Host Configuration (DHCP), Hot Standby Router (HSRP), Dynamic Trunking (DTP), 802.1q and VLAN Trunking (VTP), helping a pen-tester with different tasks.
August 3, 2005 CABrightStorSQL.c
Yes
Exploit for the the Computer Associates BrightStor ARCserve Backup Remote Buffer Overflow vulnerability.
August 2, 2005 prorat_server_dos.c
No
Proof of Concept Denial of Service exploit for the ProRat Server Remote Buffer Overflow vulnerability.

[back to top]

Trends
  • Get Up, Stand Up, Pharming Is On The Rise: Pharming is one of the latest online scams and a rapidly growing threat that has been showing up on the Internet. It’s a new way for criminals to try to get into your computer so they can steal your personal data that works by redirecting your Internet browser.
    Source: http://www.crime-research.org/news/09.08.2005/1416/ .
  • Scanning Activity on Port 6070/tcp: US-CERT has seen reports indicating an increase in scanning activity of port 6070/tcp. This port is used by Computer Associates BrightStor ARCserve. Source: http://www.us-cert.gov/current/.
  • ID theft ring hits 50 banks, security firm says: A major identity theft ring discovered last weekly by Sunbelt Software, a security firm, has affected the customers of at least 50 banks. In a statement made by Sunbelt, the operation, which is being investigated by the FBI, is gathering personal data from "thousands of machines" using keystroke logging software. The data collected includes credit card details, Social Security numbers, usernames, passwords, instant messaging chat sessions and search term. Source: http://news.zdnet.com/2100-1009_22-5823591.html.
  • Government computers top target for cyberattacks: According to IBM's Global Business Security Index report, cyberattacks on computer systems escalated in the first half of 2005 and government agencies were targeted more than any other business sector, In the first half of 2005, there were more than 237 million security attacks worldwide, with 54 million directed at the U.S. government. The manufacturing sector received about 36 million attacks, followed by the financial services industry with 34 million and health care with 17 million. Source: http://www.govexec.com/dailyfed/0805/080505p1.htm.
  • New Trend Found In IM Enterprise Threats: A security firm, Akonix Systems, reported that nearly a quarter more new viruses threatening corporate computers through employee use of public instant-messaging networks were discovered in July. Including one that reflected a new trend of attacking multiple IM systems. A total of 42 new threats were tracked in July, a 24 percent increase over the previous month. Source: http://www.techweb.com/wire/security/167101004.
  • U.S. Passes the Buck on Identity Theft: A year ago President George W. Bush signed into law the Identity Theft Penalty Enhancement Act in response to the growing proliferation of Internet scams, such as phishing, pharming and other ploys aimed at stealing consumers' private information electronically. However, the evidence suggests that this new law has done nothing to reduce identity theft or fraud. The number of publicly known identity theft cases has increased dramatically over the past year. Since January of 2005, there have been over 63 data-security breaches exposing nearly 50 million identities. Source: http://www.newsfactor.com/story.xhtml?story_id=37545.
  • First potential virus risk for Windows Vista found: Virus writers are targeting a new Microsoft tool that will be part of Windows and is set to ship as part of the next Exchange e-mail server release. According to F-Secure, a virus writer has published the first examples of malicious code that targets Microsoft's upcoming command-line shell, code-named Monad. If the technology is included in Windows Vista, these could be one of the first viruses to target the new operating system formerly known as Longhorn. Source: http://news.zdnet.com/2100-1009_22-5819428.html?tag=zdfd.newsfeed.

[back to top]

Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1 Netsky-P Win32 Worm Stable March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared files.
2 Mytob.C Win32 Worm Slight Increase March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
3 Zafi-D Win32 Worm Slight Decrease December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.
4 Netsky-Q Win32 Worm Stable March 2004 A mass-mailing worm that attempts to launch Denial of Service attacks against several web pages, deletes the entries belonging to several worms, and emits a sound through the internal speaker.
5 Mytob-BE Win32 Worm Slight Decrease June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data.
6 Mytob-AS Win32 Worm Stable June 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.
7 Zafi-B Win32 Worm Increase June 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.
8 Netsky-D Win32 Worm Slight Increase March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
9 Netsky-Z Win32 Worm Decrease April 2004 A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665.
10 Lovgate.w Win32 Worm Decrease April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.

Table updated August 6, 2005

[back to top]

 

 

 

Last updated

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top