Summary of Security Items from January 12 through January 18, 2005
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Bugs,
Holes, & Patches
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name | Risk | Source |
Breed | A remote Denial of Service vulnerability exists when a malicious user submits an empty UDP datagram. No workaround or patch available at time of publishing. A Proof of Concept exploit script has been published. | Brat Designs Breed Remote Denial of Service | Low | Securiteam, January 17, 2005 |
forumKIT 1.0 | A Cross-Site Scripting vulnerability exists in the 'f.aspx' script due to insufficient sanitization of the 'members' parameter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit required; however, a Proof of Concept exploit has been published. | forumKIT Cross-Site Scripting | High | SecurityTracker Alert, 1012895, January 14, 2005 |
Gracebyte Network Assistant 3.2.5 .2260 | A remote Denial of Service vulnerability exists due to a failure to properly handle UDP datagrams. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Gracebyte Network Assistant Remote Denial of Service | Low | Network Security Team Advisory, January 12, 2005 |
IMail 8.13 | A buffer overflow vulnerability exists in the 'DELETE' command due to insufficient boundary checks, which could let a remote malicious user execute arbitrary code.
Patch available at: Another exploit script has been published. | Ipswitch IMail Server Remote Buffer Overflow | High | Securiteam, November 15, 2004 SecurityFocus, November 16, 2004 SecurityFocus, January 11, 2005 |
Internet Explorer 6.0, SP1&SP2 | A vulnerability exists because the security warning can be bypassed when a document contains a specially crafted HTML body tag and a dynamic IFRAME, which could let a remote malicious user bypass the file download security warning mechanism.
No workaround or patch available at time of publishing. There is no exploit required; however, a Proof of Concept exploit has been published. | Microsoft Internet Explorer Dynamic IFRAME Security Bypass | Medium | SecurityFocus, January 15, 2005 |
Office 2000, SR1, SP2&SP3, 2000, SP1, Office XP, SP1-SP3 | A security vulnerability exists in the RC4 stream cipher due to incorrect implementation, which could let a malicious user obtain sensitive information. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Microsoft Office RC4 Stream Cipher | Medium | Bugtraq, January 11, 2005 |
Windows (XP SP2 is not affected) | A Denial of Service vulnerability exists in the parsing of ANI files. A remote user can cause the target user's system to hang or crash. A remote user can create a specially crafted Windows animated cursor file (ANI file) that, when loaded by the target user, will cause the target system to crash. The malicious file can be loaded via HTML, for example. Updates available at: http://www.microsoft.com/technet/security/bulletin/ An exploit script has been published. | Microsoft Windows ANI File Parsing Errors CVE Name: | Low | VENUSTECH Security Lab, December 23, 2004 Microsoft Security Bulletin MS05-002, January 11, 2005 US-CERT Vulnerability Notes, VU#177584 & VU#697136, January 11, 2005 SecurityFocus, January 12, 2005 Technical Cyber Security Alert, TA05-012A, January 12, 2005 |
Windows (XP SP2 is not affected) | An integer overflow vulnerability was reported in the LoadImage API. A remote user can execute arbitrary code. A remote user can create a specially crafted image file that, when processed by the target user, will trigger an overflow in the USER32 library LoadImage API and execute arbitrary code. The code will run with the privileges of the target user. Updates available at: http://www.microsoft.com/technet/security/bulletin/ A Proof of Concept exploit has been published. | Microsoft Windows LoadImage API Buffer Overflow CVE Names: | High | VENUSTECH Security Lab. December 23, 2004 Microsoft Security Bulletin MS05-002, January 11, 2005 US-CERT Vulnerability Note, VU#625856, January 11, 2005 Technical Cyber Security Alert, TA05-012A, January 12, 2005 |
Windows 2000 SP3 & SP4, XP SP1 & SP2, XP 64-Bit Edition SP1, XP 64-Bit Edition Version 2003, Windows Server 2003, Windows Server 2003 64-Bit Edition, Windows 98, 98SE, ME | A cross-domain vulnerability exists in the HTML Help ActiveX control, which could let a remote malicious user execute arbitrary code. Updates available at: http://www.microsoft.com/technet/security/bulletin/ Exploits have been published. | Microsoft Windows HTML Help ActiveX Control CVE Name: | High | Microsoft Security Bulletin MS05-001, January 11, 2005 Technical Cyber Security Alert ,TA05-012B, January 12, 2005 US-CERT Vulnerability Note, VU#972415, January 18, 2005 |
Windows 2000/XP Resource Kit
| Several vulnerabilities exist in the 'w3who.dll' Microsoft ISAPI extension in the Windows 2000/XP Resource Kit: Cross-Site Scripting vulnerabilities exist when displaying HTTP headers and in error messages, which could let a remote malicious user execute arbitrary HTML and script code; and a buffer overflow vulnerability exists when processing input parameters, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. An exploit script has been published. | Microsoft Windows Resource Kit 'w3who.dll' Buffer Overflow & Input Validation CVE Names: | High | Exaprobe Security Advisory, December 6, 2004 SecurityFocus, January 11, 2005 |
Windows NT Server 4.0 SP 6a, NT Server 4.0 Terminal Server Edition SP 6, Windows 2000 Server SP 3 & SP4, Windows Server 2003, 2003 64-Bit Edition | A vulnerability exists due to an unchecked buffer in the handling of the 'Name' parameter from certain packets, which could let a remote malicious user execute arbitrary code. Updates available at: An exploit script has been published. | Microsoft WINS Name Validation CVE Name: | High | Microsoft Security Bulletin, SB04-045, December 14, 2004 US-CERT Vulnerability Note, VU#378160, December 16, 2004 Packetstorm, January 2, 2005 SecurityFocus, January 11, 2005 |
NodeManager Professional version 2.00 | A buffer overflow vulnerability exists due to a boundary error when logging SNMPv1 traps, which could let a remote malicious user execute arbitrary code. Update available at: http://www.h4.dion.ne.jp/~you4707/Node Currently we are not aware of any exploits for this vulnerability. | NodeManager SNMPv1 Traps Buffer Overflow
| High | Securiteam, January 18, 2005 |
Mozilla Browser 1.7.5, Firefox 1.0, | A vulnerability exists because popup windows can overlay modal dialogs, which could lead to a false sense of security.
No workaround or patch available at time of publishing. Proofs of Concept exploits have been published. | Mozilla/Netscape/Firefox Browser Modal Dialog Spoofing | Medium | Securiteam, January 11, 2005 |
Winamp 5.0 1-5.0 8 | Vulnerabilities exist in 'in_mp4.dll,' 'enc_mp4.dll,' 'libmp4v2.dll' and a buffer overflow vulnerability exists in 'in_cdda.dll'. The impact was not specified. Upgrades available at: Currently we are not aware of any exploits for these vulnerabilities. | Nullsoft Winamp Multiple Unspecified Vulnerabilities | Not Specified | SecurityTracker Alert, 1012880, January 14, 2005 |
peer2mail 1.4 & prior | A vulnerability exists in the 'p2m.exe' process, which could let a malicious user obtain the password from memory.
No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Peer2Mail Password Disclosure | Medium | SecurityTracker Alert, 1012912, January 16, 2005 |
Serv-U 2.5 | A remote Denial of Service vulnerability exists because multiple connection attempts are not handled properly. No workaround or patch available at time of publishing. A Proof of Concept exploit script has been published. | RhinoSoft Serv-U FTP Server Remote Denial of Service | Low | SecurityFocus, January 10, 2005 |
Backup Exec 8.0, 8.5, 8.6, 9.0, 9.1 | A buffer overflow vulnerability exists due to a boundary error in the Agent Browser service when processing received registration requests, which could let a remote malicious user execute arbitrary code. Hotfix available at: Exploit scripts have been published. | VERITAS Backup Exec Buffer Overflow CVE Name: | High | Veritas Software Security Advisory, 273419, December 16, 2004 SecurityFocus, January 11, 2005 US-CERT Vulnerability Note, VU#907729, January 15, 2005 |
| UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name | Risk | Source |
| 4D, Inc.
4D WebSTAR 5.3.2 and prior versions | Multiple vulnerabilities exist including a buffer overflow that could allow a malicious user to escalate privileges or obtain access to protected resources. A remote user can issue a specially crafted FTP command to trigger a stack-based overflow and execute arbitrary code. The vendor has released a fixed version (5.3.3), available at: An exploit script has been published. | 4D WebSTAR Grants Access to Remote Users and Elevated Privileges to Local Users | High | SecurityTracker Alert, 1010696, July 13, 2004 SecurityFocus, January 11, 2005 |
Adobe Acrobat Reader 5.0.9 for Unix | A buffer overflow vulnerability exists in in Adobe Acrobat Reader for Unix. A remote malicious user can execute arbitrary code on the target system. A remote user can create a specially crafted PDF file that, when processed by the target user, will trigger a buffer overflow in the mailListIsPdf() function and execute arbitrary code. The code will run with the privileges of the target user. The vendor has issued a fixed version (5.0.10): http://www.adobe.com/support/techdocs/331153.html Gentoo: Red Hat: SuSE: Currently we are not aware of any exploits for this vulnerability. | Adobe Acrobat Reader mailListIsPdf() Buffer Overflow CVE Name: | High | iDEFENSE Security Advisory 12.14.04 Gentoo Security Advisory, GLSA 200412-12 / acroread, December 16, 2004 Red Hat: RHSA-2004:674-07, December 23, 2004 SUSE Security Summary Report, SUSE-SR:2005:001, January 12, 2005 |
Apache 2.0 a9, 2.0, 2.0.28 Beta, 2.0.28, 2.0.32, 2.0.35-2.0.50 | A remote Denial of Service vulnerability exists in Apache 2 mod_ssl during SSL connections. Apache:
href="http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964"> RedHat:
href="http://rhn.redhat.com/errata/RHSA-2004-349.html"> SUSE:
href="ftp://ftp.suse.com/pub/suse/i386/update/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200409-21.xml"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Conectiva: Fedora: Apple: TurboLinux: Currently we are not aware of any exploits for this vulnerability. | Low | SecurityFocus, September 6, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:096, September 15, 2004 Gentoo Linux Security Advisory, GLSA 200409-21, September 16, 2004 Trustix Secure Linux Security Advisory,TSLSA-2004-0047, September 16, 2004 Conectiva Linux Security Announcement, CLA-2004:868, September 23, 2004 Fedora Update Notification, HP Security Bulletin, Apple Security Advisory, APPLE-SA-2004-12-02, December 3, 2004 TurboLinux Security Announcement, TLSA-2005-01-13, January 13, 2005 | |
Apache 2.0.50 | A remote Denial of Service vulnerability exists in 'char_buffer_read()' when using a RewriteRule to reverse proxy SSL connections. Patch available at: SUSE:
href="ftp://ftp.suse.com/pub/suse/"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> RedHat:
href="http://rhn.redhat.com/errata/RHSA-2004-463.html"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200409-21.xml"> Trustix:
href="http://www.trustix.org/errata/2004/0047/"> Conectiva: Fedora: HP: Apple: TurboLinux: There is no exploit code required; however, Proofs of Concept exploits have been published. | Low | SecurityTracker Alert ID, 1011213, September 10, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:096, September 15, 2004 RedHat Security Advisory, RHSA-2004:463-09, September 15, 2004 Gentoo Linux Security Advisory GLSA 200409-21, September 16, 2004 Trustix Secure Linux Security Advisory , TSLSA-2004-0047, September 16, 2004 Conectiva Linux Security Announcement, CLA-2004:868, September 23, 2004 Fedora Update Notification, HP Security Bulletin, Apple Security Advisory, APPLE-SA-2004-12-02, December 3, 2004 TurboLinux Security Announcement, TLSA-2005-01-13, January 13, 2005 | |
Gentoo Apache 1.3-2.0.49 | A stack-based buffer overflow has been reported in the Apache mod_ssl module. This issue would most likely result in a Denial of Service if triggered, but could theoretically allow for execution of arbitrary code. The issue is not believed to be exploitable to execute arbitrary code on x86 architectures, though this may not be the case with other architectures. Patch available at: Mandrake: OpenPKG: Tinysofa: Trustix: Gentoo: OpenBSD: SGI: Apple: Fedora Legacy: TurboLinux: Currently we are not aware of any exploits for this vulnerability. | Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow CVE Name: | Low/High (High if arbitrary code can be executed) | Security Focus, May 17, 2004 Gentoo Linux Security Advisory, GLSA 200406-05, June 9, 2004 Mandrakelinux Security Update Advisories, MDKSA-2004:054 & 055, June 1. 2004 OpenPKG Security Advisory, OpenPKG-SA-2004.026, May 27, 2004 RedHat Security Advisory, RHSA-2004:342-10, July 6, 2004 SGI Security Advisory, 20040605-01-U, June 21, 2004 Tinysofa Security Advisory, TSSA-2004-008, June 2, 2004 Trustix Security Advisory, TSLSA-2004-0031, June 2, 2004 Fedora Legacy Update Advisory, FLSA:1888, October 14, 2004 TurboLinux Security Announcement, TLSA-2005-01-13, January 13, 2005 |
UNARJ 2.62-2.65
| A buffer overflow vulnerability exists due to insufficient bounds checking on user-supplied strings prior to processing, which could let a remote malicious user execute arbitrary code.
Fedora: Gentoo: SUSE: Fedora: RedHat: Currently we are not aware of any exploits for this vulnerability. | ARJ Software UNARJ Remote Buffer Overflow CVE Name: | High | SecurityTracker Alert I,: 1012194, November 11, 2004 Gentoo Linux Security Advisory, GLSA 200411-29, November 19, 2004 SUSE Security Summary Report SUSE-SR:2004:003, December 7, 2004 Fedora Update Notification RedHat Security Advisory, RHSA-2005:007-05, January 12, 2005 |
imlib 1.x | Multiple vulnerabilities exist due to integer overflows within the image decoding routines. This can be exploited to cause buffer overflows by tricking a user into viewing a specially crafted image in an application linked against the vulnerable library. Gentoo: Red Hat: SUSE: Debian: Ubuntu: Mandrake: Currently we are not aware of any exploits for these vulnerabilities. | Carsten Haitzler imlib Image Decoding Integer Overflow CVE Name: | High | Secunia Advisory ID, Red Hat Advisory, RHSA-2004:651-03, December 10, 2004 SecurityFocus, December 14, 2004 Debian DSA-618-1 imlib, December 24, 2004 Mandrakelinux Security Update Advisory, MDKSA-2005:007, January 12, 2005 |
IPRoute 20010824, 0.973, 0.974, 1.10, 1.18, 2.2.4, 2.4.7, | A vulnerability exists in the 'netbug' script because temporary files are created in an insecure manner, which could let a malicious user delete arbitrary files. No workaround or patch available at time of publishing. There is no exploit required | David Mischler Linux IPRoute2 'Netbug' Script Insecure Temporary File | Medium | Secunia Advisory, SA13758, January 10, 2005 |
lintian 1.2 0.17.1 | A vulnerability exists because temporary files are created in an insecure manner, which could let a malicious user delete arbitrary files. Upgrade available at: There is no exploit required. | Debian Lintian Insecure Temporary File CVE Name: | Medium | Debian Security Advisory DSA, 630-1, January 10, 2004 |
| Ethereal
Ethereal 0.x | Multiple Denial of Service and buffer overflow vulnerabilities exist due to errors in the iSNS, SNMP, and SMB dissectors which may allow an attacker to run arbitrary code or crash the program.
Updates available at: Fedora: Debian: Conectiva: An exploit script has been published. | Ethereal: Multiple security problems
CVE Names: | Low/High (High if arbitrary code can be executed) | Gentoo Linux Security Advisory, GLSA 200407-08 / Ethereal, July 9, 2004
Secunia Advisory, 12034 & 12035, July 12, 2004 Ethereal Advisory, enpa-sa-00015, July 6, 2004 US-CERT Vulnerability Notes VU#518782, VU#829422, VU#835846, September 7, 2004 Conectiva Linux Security Announcement, CLA-2005:916, January 13, 2005 |
mod_auth_radius 1.3.9, 1.5, 1.5.2, 1.5.4 | A vulnerability exists in the 'radcpy()' function in the 'mod_auth_radius' module for Apache when handling server-supplied integer values, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | FreeRADIUS Server Project Apache 'mod_auth_radius' Integer Overflow | Low/High (High if arbitrary code can be executed) | LSS Security Advisory, LSS-2005-01-02, January 10, 2005 |
Gallery 1.4 -pl1&pl2, 1.4, 1.4.1, 1.4.2, 1.4.3 -pl1 & pl2; Gentoo Linux | A Cross-Site Scripting vulnerability exists in several files, including 'view_photo.php,' 'index.php,' and 'init.php' due to insufficient input validation, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: Gentoo: Debian: There is no exploit code required. | Gallery Cross-Site Scripting | High | Gentoo Linux Security Advisory, GLSA 200411-10:01, November 6, 2004 Debian Security Advisory, DSA 642-1, January 17, 2005 |
GNU Midnight Commander Project Midnight Commander 4.x | Multiple vulnerabilities exist due to various design and boundary condition errors, which could let a remote malicious user cause a Denial of Service, obtain elevated privileges, or execute arbitrary code. Debian: Currently we are not aware of any exploits for these vulnerabilities. | Midnight Commander Multiple Vulnerabilities CVE Names: | Low/ Medium/ High (Low if a DoS; Medium is elevated privileges can be obtained; and High if arbitrary code can be executed) | SecurityTracker Alert, 1012903, January 14, 2005 |
unrtf 0.19.3 | A vulnerability was reported in unrtf. A remote malicious user can cause arbitrary code to be executed by the target user. A remote user can create a specially crafted RTF file that, when processed by the target user with unrtf, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user. The buffer overflow resides in the process_font_table() function in 'convert.c.'. Gentoo: A Proof of Concept exploit script has been published. | GNU unrtf process_font_table() Buffer Overflow | High | SecurityTracker Alert ID, 1012595, December 16, 2004 Gentoo Linux Security Advisory, GLSA 200501-15, January 10, 2005 |
lohaMail 0.8.6-0.8.13, 0.8.14 RC1&RC2 | A vulnerability exists in the default installation due to a failure to securely install sensitive files, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit required. | lohaMail Insecure Default Installation Information Disclosure | Medium | Secunia Advisory, SA13807, January 13, 2005 |
ImageMagick 6.x | A buffer overflow vulnerability exists in 'coders/psd.c' when a specially crafted Photoshop document file is submitted, which could let a remote malicious user execute arbitrary code. Update available at: Currently we are not aware of any exploits for this vulnerability. | ImageMagick Photoshop Document Buffer Overflow | High | iDEFENSE Security Advisory, January 17, 2005 |
BMV 1.2 | A vulnerability exists in 'gsinterf.c' due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges. Debian: There is no exploit required. | BMV Insecure Temporary File Creation CVE Name: | Medium | Debian Security Advisory, DSA 633-1, January 11, 2005 |
KDE 3.x, 2.x | A vulnerability exists in kio_ftp, which can be exploited by malicious people to conduct FTP command injection attacks. The vulnerability has been fixed in the CVS repository. Mandrakesoft: Debian: Gentoo: Currently we are not aware of any exploits for this vulnerability. | KDE kio_ftp FTP Command Injection Vulnerability CVE Name: | Medium | KDE Advisory Bug 95825, December 26, 2004 Debian Security Advisory, DSA 631-1, January 10, 2005 Gentoo Linux Security Advisory, GLSA 200501-18, January 11, 2005 |
Konqueror prior to 3.32 | Two vulnerabilities exist in KDE Konqueror, which can be exploited by malicious people to compromise a user's system.The vulnerabilities are caused due to some errors in the restriction of certain Java classes accessible via applets and Javascript. This can be exploited by a malicious applet to bypass the sandbox restriction and read or write arbitrary files. Update to version 3.3.2: Apply patch for 3.2.3: Mandrakesoft: Gentoo: Currently we are not aware of any exploits for these vulnerabilities. | KDE Konqueror CVE Name: | High | KDE Security Advisory, December 20, 2004 Mandrakesoft MDKSA-2004:154, December 22, 2004 US-CERT Vulnerability Note, VU#420222, January 5, 2005 Gentoo Linux Security Advisory, GLSA 200501-16, January 11, 2005 |
Larry Wall | A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: Ubuntu: Gentoo: Debian: OpenPKG: There is no exploit code required. | Perl CVE Name: | Medium | Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 Ubuntu Security Notice, USN-16-1, November 3, 2004 Gentoo Linux Security Advisory, GLSA 200412-04, December 7, 2004 Debian Security Advisory, DSA 620-1, December 30, 2004 OpenPKG Security Advisory, OpenPKG-SA-2005.001, January 11, 2005 |
Kerberos 5 krb5-1.3.5 and prior | A buffer overflow exists in the libkadm5srv administration library. A remote malicious user may be able to execute arbitrary code on an affected Key Distribution Center (KDC) host. There is a heap overflow in the password history handling code. A patch is available at: Gentoo: Debian: Conectiva: Ubuntu: Currently we are not aware of any exploits for this vulnerability. | Kerberos CVE Name: | High | SecurityTracker Alert ID, 1012640, December 20, 2004 Gentoo GLSA 200501-05, January 5, 2005 Ubuntu Security Notice, USN-58-1, January 10, 2005 Conectiva Linux Security Announcement, CLA-2005:917, January 13, 2005
|
mpg123 0.59 m-0.59 s | A buffer overflow vulnerability exists when parsing frame headers for layer-2 streams, which could let a remote malicious user execute arbitrary code.
Gentoo: Currently we are not aware of any exploits for this vulnerability. | MPG123 Layer 2 Frame Header Buffer Overflow CVE Name: | High | Gentoo Linux Security Advisory, GLSA 200501-14, January 11, 2005 |
Linux kernel 2.6.10, 2.6.9; RedHat Fedora Core2&3 | A Denial of Service vulnerability exists in the 'mlockall()' system call due to a failure to properly enforce defined limits.
Fedora: A Proof of Concept exploit script has been published. | Linux Kernel Local RLIMIT_MEMLOCK Bypass Denial of Service | Low | Bugtraq, January 7, 2005 Fedora Update Notifications, |
Apache Software Foundation Apache 2.0.50 & prior; Gentoo Linux 1.4; | A remote Denial of Service vulnerability exists in the Apache mod_dav module when an authorized malicious user submits a specific sequence of LOCK requests. Update available at:
href=" http://httpd.apache.org/"> Gentoo:
href="http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml"> RedHat: Trustix:
href="ftp://ftp.trustix.org/pub/trustix/updates/"> Conectiva: Fedora: Debian: IBM: TurboLinux: There is no exploit code required; however, a Proof of Concept exploit has been published. | Low | SecurityTracker Alert ID, 1011248, September 14, 2004 Conectiva Linux Security Announcement, CLA-2004:868, September 23, 2004 Fedora Update Notification, Debian Security Advisory DSA 558-1 , October 6, 2004 HP Security Bulletin, 1190212 TurboLinux Security Announcement, TLSA-2005-01-13, January 13, 2005 | |
Exim 4.43 & prior | Multiple vulnerabilities exist that could allow a local user to obtain elevated privileges. There are buffer overflows in the host_aton() function and the spa_base64_to_bits() functions. It may be possible to execute arbitrary code with the privileges of the Exim process. The vendor has issued a fix in the latest snapshot: ftp://ftp.csx.cam.ac.uk/pub/software ftp://ftp.csx.cam.ac.uk/pub/software/ Also, patches for 4.43 are available at: Fedora: Ubuntu: Gentoo: Debian: Currently we are not aware of any exploits for these vulnerabilities. | GNU Exim CVE Names: | High | SecurityTracker Alert ID: 1012771, January 5, 2005 Gentoo Linux Security Advisory, GLSA 200501-23, January 12, 2005 Debian Security Advisory, DSA 635-1 & 637-1, January 12 & 13, 2005 |
GNU Mailman 1.0, 1.1, 2.0 beta1-beta3, 2.0- 2.0 .3, 2.0.5-2.0 .8, 2.0.1-2.0.14, 2.1 b1, 2.1- 2.1.5; Ubuntu Linux 4.1, ia64, ia32
| Multiple vulnerabilities exist: a Cross-Site Scripting vulnerability exists when returning error pages due to insufficient sanitization by 'scripts/driver,' which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability exists due to a weakness in the automatic password generation algorithm, which could let a remote malicious user brute force automatically generated passwords.
Ubuntu: Currently we are not aware of any exploits for these vulnerabilities. | GNU Mailman Multiple Multiple Remote Vulnerabilities CVE Names: | Medium/ High (High if arbitrary code can be executed) | SecurityTracker, January 12, 2005 |
Linux Kernel 2.4 - 2.4.28, 2.6 - 2.6.9; Avaya Converged Communications Server 2.0, | A vulnerability was reported in the Linux kernel in the auxiliary message (scm) layer. A local malicious user can cause Denial of Service conditions. A local user can send a specially crafted auxiliary message to a socket to trigger a deadlock condition in the __scm_send() function. Ubuntu: SUSE: Trustix: Red Hat: Fedora: A Proof of Concept exploit script has been published. | Multiple Vendors Linux Kernel Auxiliary Message Layer State Error CVE Name: | Low | iSEC Security Research Advisory 0019, December 14, 2004 SecurityFocus, December 25, 2004 Secunia, SA13706, January 4, 2005 Avaya Security Advisory, ASA-2005-006, January 14, 2006 |
Linux Kernel 2.4 - 2.4.28, 2.6 - 2.6.9; Avaya Intuity LX, Avaya MN100, | Several vulnerabilities exist in the Linux kernel in the processing of IGMP messages. A local user may be able to gain elevated privileges. A remote user can cause the target system to crash. These are due to flaws in the ip_mc_source() and igmp_marksources() functions. SUSE: Trustix: Ubuntu: Fedora: A Proof of Concept exploit script has been published. | Multiple Vendors Linux Kernel IGMP Integer Underflow CVE Name: | Low/ Medium (Medium if elevated privileges can be obtained) | iSEC Security Research Advisory 0018, December 14, 2004 SecurityFocus, December 25, 2005 Secunia, SA13706, January 4, 2005 Avaya Security Advisory, ASA-2005-006, January 14, 2006 |
Linux Kernel 2.4.x; Avaya Intuity LX, Avaya MN100, | Two vulnerabilities exist in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges. 1) A boundary error exists in the system call handling in the 32bit system call emulation on AMD64 / Intel EM64T systems. 2) An unspecified error within the memory management handling of ELF executables in "load_elf_binary" can be exploited to crash the system via a specially crafted ELF binary (this issue only affects Kernel versions prior to 2.4.26). Issue 2 has been fixed in Kernel version 2.4.26 and later. Red Hat: h Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors Linux Kernel 32bit System Call Emulation and ELF Binary CVE Name: | Medium | Secunia, SA SA13627, December 24, 2004 Red Hat RHSA-2004-689, December 23, 2004 Avaya Security Advisory, ASA-2005-006, January 14, 2006 |
Linux Security Modules (LSM); Ubuntu Linux 4.1 ppc, ia64, ia32 | A security issue in Linux Security Modules (LSM) may grant normal user processes escalated privileges. When loading the Capability LSM module as a loadable kernel module, all existing processes gain unintended capabilities granting them root privileges. Only use the Capability LSM module when compiled into the kernel and grant only trusted users access to affected systems. Ubuntu: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors Linux Security Modules CVE Name: | High | Secunia SA13650, December 27, 2004 Ubuntu Security Notice, USN-57-1, January 9, 2005 |
nfs-utils 1.0.6 | A vulnerability exists due to an error in the NFS statd server in 'statd.c' where the 'SIGPIPE' signal is not correctly ignored. This can be exploited to crash a vulnerable service via a malicious peer terminating a TCP connection prematurely. Upgrade to 1.0.7-pre1: Mandrakesoft: Debian: Red Hat: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors nfs-utils 'SIGPIPE' TCP Connection Termination Denial of Service CVE Name: | Low | Secunia Advisory ID, SA13384, December 7, 2004 Debian Security Advisory Red Hat Security Advisory, RHSA-2004:583-09, December 20, 2004 Mandrakelinux Security Update Advisory, MDKSA-2005:005, January 12, 2005 |
Perl | A race condition vulnerability was reported in the 'File::Path::rmtree()' function. A remote user may be able to obtain potentially sensitive information. A remote user may be able to obtain potentially sensitive information or modify files. The vendor has released Perl version 5.8.4-5 to address this vulnerability. Customers are advised to contact the vendor for information regarding update availability. Debian: Ubuntu: OpenPKG: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors Perl File::Path::rmtree() Permission CVE Name: | Medium | Ubuntu Security Notice, USN-44-1, December 21, 2004 Debian Security Advisory, DSA 620-1, December 30, 2004 OpenPKG Security Advisory, OpenPKG-SA-2005.001, January 11, 2005 |
telnetd-ssl | A format string vulnerability exists that could allow a remote user to cause arbitrary code to be executed on the target system. The flaw resides in 'telnetd/telnetd.c' in the processing of SSL error messages. Debian: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors telnetd-ssl SSL_accept error Format String Flaw CVE Name: | High | SecurityTracker Alert ID: 1012666, December 23, 2004 US-Cert Vulnerability Note, VU#995038, January 14, 2005 |
Unix Linux kernel 2.4, 2.4 .0-test1 | A vulnerability exists in the Linux kernel when writing to an ext3 file system due to a design error that causes some kernel information to be leaked, which could let a malicious user obtain sensitive information. Upgrade available at: Conectiva: Debian: Mandrake: RedHat (updated kernel package): Trustix: Engarde: We are not aware of any exploits for this vulnerability. | Multiple Vendors Linux Kernel EXT3 File System Information Leakage CVE Name: | Medium | Mandrakelinux Security Update Advisory, MDKSA-2004:029, April 14, 2004 Trustix Secure Linux Security Advisory, TSLSA-2004-0020, April 15, 2004 Debian Security Advisories, DSA 489-1 & 491-1, April 17, 2004 Conectiva Security Advisory, CLSA-2004:829, April 15, 2004 Red Hat Security Advisories, RHSA-2004:166-01 & 166-08, April 21, 2004 Guardian Digital Security Advisory, ESA-20040428-004, April 28, 2004 Red Hat Security Advisories, RHSA-2004:505-14 & 505-13, December 13, 2004 Avaya Security Advisory, ASA-2005-006, January 14, 2006 |
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; | A vulnerability exists in the tiffdump utility, which could let a remote malicious user execute arbitrary code. Debian: Fedora: Gentoo: Mandrake: SuSE: Ubuntu: RedHat: Currently we are not aware of any exploits for this vulnerability. | LibTIFF TIFFDUMP Heap Corruption CVE Name: | High | SecurityTracker Alert ID, 1012785, January 6, 2005 RedHat Security Advisory, RHSA-2005:019-11, January 13, 2005 |
Hylafax.org Hylafax 4.0 pl0-pl2, 4.0.2, 4.1, beta1-beta3, 4.1.1-4.1.3, 4.1.5-4.1.8; 4.2; | A vulnerability exists because the username is incorrectly compared with an entry in the 'hosts.hfaxd' database, which could let a remote malicious user obtain unauthorized access.
Patches available at: Debian: Gentoo: Mandrake: There is no exploit required. | HylaFAX Remote Access Bypass CVE Name: | Medium | SecurityTracker Alert, 101284, January 12, 2005 |
Linux kernel 2.2-2.2.2.27 -rc1, 2.4-2.4.29 -rc1, 2.6 .10, 2.6- 2.6.10 | A race condition vulnerability exists in the page fault handler of the Linux Kernel on symmetric multiprocessor (SMP) computers, which could let a malicious user obtain superuser privileges.
Fedora: Trustix: Ubuntu: Exploit scripts have been published. | Linux Kernel Symmetrical Multiprocessing Page Fault Superuser Privileges CVE Name: | High | SecurityTracker Alert, 1012862, January 12, 2005 |
Linux kernel 2.2-2.2.25, 2.3, 2.3.99, pre1-pre7, 2.4 .0, test1-test12, 2.4-2.4.28, 2.4.29 -rc2, 2.5 .0-2.5.65 | Multiple buffer overflow vulnerabilities exist in the 'drivers/char/moxa.c' file due to insufficient bounds checks prior to copying user-supplied data to fixed-size memory buffers, which could let a malicious user execute arbitrary code. Ubuntu: Currently we are not aware of any exploits for these vulnerabilities. | Linux Kernel Multiple Local MOXA Serial Driver Buffer Overflows | High | Bugtraq, January 7, 2005 Ubuntu Security Notice, USN-60-0, January 14, 2005 |
Linux kernel 2.4 .0-test1-test12, 2.4-2.4.27; Avaya Converged Communications Server 2.0, | A vulnerability exists in the 'AF_UNIX' address family due to a serialization error, which could let a malicious user obtain elevated privileges or possibly execute arbitrary code.
Upgrades available at: SUSE: Ubuntu: Red Hat: Fedora: Currently we are not aware of any exploits for this vulnerability.
| Medium/ High (High if arbitrary code can be executed) | Bugtraq, November 19, 2004 SUSE Security Summary Report, SUSE-SR:2004:003, December 7, 2004 SecurityFocus, December 14, 2004 Fedora Update Notifications, FEDORA-2004-581 & 582, January 4, 2005 Avaya Security Advisory, ASA-2005-006, January 14, 2006 | |
Linux kernel 2.4, 2.4 .0 test1-test 12, 2.4-2.4.28, 2.4.29 -rc2, 2.6 .10, 2.6, test1-test11, 2.6.1-2.6.10, 2.6.10 rc; RedHat Fedora Core2&3 | An integer overflow vulnerability exists in the 'random.c' kernel driver due to insufficient sanitization of the 'poolsize_strategy' function, which could let a malicious user cause a Denial of Service or execute arbitrary code.
Fedora: A Proof of Concept exploit script has been published. | Linux Kernel Random Poolsize SysCTL Handler Integer Overflow | Low/High (High if arbitrary code can be executed) | Bugtraq, January 7, 2005 Fedora Update Notifications, |
Linux Kernel 2.4.0 test1-test12, 2.4-2.4.28, 2.4.29 -rc2, 2.6, test1-test11, 2.6.1, rc1-rc2, 2.6.2-2.6.9, 2.6.10 rc2 | A vulnerability exists in the 'load_elf_library()' function in 'binfmt_elf.c' because memory segments are properly processed, which could let a remote malicious user execute arbitrary code with root privileges. Fedora: Trustix: A Proof of Concept exploit script has been published. | Linux Kernel uselib() Root Privileges CVE Name: | High | iSEC Security Research Advisory, January 7, 2005 Fedora Update Notifications, Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, 2005 |
Linux kernel 2.4.0-test1-test12, 2.4-2.4.28, 2.4.29 -rc1&rc2 | A vulnerability exists in the processing of ELF binaries on IA64 systems due to improper checking of overlapping virtual memory address allocations, which could let a malicious user cause a Denial of Service or potentially obtain root privileges.
Patch available at: Trustix: f Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Overlapping VMAs CVE Name: | Low/High (High if root access can be obtained) | Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, 2005 |
Linux Kernel 2.4-2.4.27, 2.6-2.6.8 SUSE Linux 8.1, 8.2, 9.0, 9.1, Linux 9.2, SUSE Linux Desktop 1.x, SUSE Linux Enterprise Server 8, 9; Avaya Converged Communications Server 2.0,
| Multiple vulnerabilities exist due to various errors in the 'load_elf_binary' function of the 'binfmt_elf.c' file, which could let a malicious user obtain elevated privileges and potentially execute arbitrary code.
Patch available at: Trustix: Fedora: SUSE: Red Hat: RedHat: Proofs of Concept exploit scripts have been published. | Multiple Vendors Linux Kernel BINFMT_ELF CVE Names: | Medium/ High (High if arbitrary code can be executed) | Bugtraq, November 11, 2004 Fedora Update Notifications, SUSE Security Summary Report, SUSE-SA:2004:042, December 1, 2004 Red Hat Advisory: RHSA-2004:549-10, December 2, 2004 RedHat Security Advisories, RHSA-2004:504-13 & 505-14, December 13, 2004 Avaya Security Advisory, ASA-2005-006, January 14, 2006
|
Linux Kernel 2.6 .10, 2.6, test-test11, 2.6.1-2.6.10, 2.6.10 rc2; RedHat Fedora Core2&3 | An integer overflow vulnerability exists in the 'scsi_ioctl.c' kernel driver due to insufficient sanitization of the 'sg_scsi_ioctl' function, which could let a malicious user execute arbitrary code.
Fedora: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel SCSI IOCTL Integer Overflow | High | Bugtraq, January 7, 2005 Fedora Update Notifications, |
Linux kernel 2.6.x, 2.4.x , SUSE Linux 8.1, 8.2, 9.0, 9.1, Linux 9.2, SUSE Linux Desktop 1.x, SUSE Linux Enterprise Server 8, 9; Turbolinux Turbolinux Server 10.0 | Two vulnerabilities exist: a Denial of Service vulnerability exists via a specially crafted 'a.out' binary; and a vulnerability exists due to a race condition in the memory management, which could let a malicious user obtain sensitive information. SUSE: TurboLinux: Ubuntu: Trustix: Currently we are not aware of any exploits for these vulnerabilities. | Multiple Vendors Linux Kernel Local DoS & CVE Name: | Low/ Medium (Medium if sensitive information can be obtained) | Secunia Advisory, SUSE Security Summary Report, SUSE-SA:2004:042, December 1, 2004 SecurityFocus, December 16, 2004 Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, 2005 |
Linux Kernel USB Driver prior to 2.4.27; Avaya Converged Communications Server 2.0, | A vulnerability exists in certain USB drivers because uninitialized structures are used and then 'copy_to_user(...)' kernel calls are made from these structures, which could let a malicious user obtain obtain uninitialized kernel memory contents. Update available at:
href=" http://kernel.org/"> Gentoo:
href="http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml"> Trustix: Red Hat: We are not aware of any exploits for this vulnerability. | Medium | US-CERT Vulnerability Note VU#981134, October 25, 2004 Trustix, TSLSA-2004-0041: kernel, August 9, 2004 Red Hat Security Advisories, RHSA-2004:505-14 & 505-13, December 13, 2004 Avaya Security Advisory, ASA-2005-006, January 14, 2006
| |
Linux Kernel; Avaya Converged Communications Server 2.0, | A vulnerability exists in the Linux kernel io_edgeport driver. A local user with a USB dongle can cause the kernel to crash or may be able to gain elevated privileges on the target system. The flaw resides in the edge_startup() function in 'drivers/usb/serial/io_edgeport.c'.
Red Hat: Fedora: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors Linux Kernel CVE Name: | Low/ Medium (Medium if elevated privileges can be obtained) | SecurityTracker Alert ID: 1012477, December 10, 2004 Fedora Update Notifications, Avaya Security Advisory, ASA-2005-006, January 14, 2006 |
poppassd_ceti 1.0, poppassd_pam 1.0 | A vulnerability exists in 'poppassd_pam' due to inadequate authentication before changing the system password, which could let a remote malicious user change any user's password and obtain superuser privileges.
Gentoo: There is no exploit required. | 'poppassd_pam' Unauthorized Password Change CVE Name: | High | Gentoo Linux Security Advisory, GLSA 200501-22, January 11, 2005 |
Namazu 2.0.13 and prior | A vulnerability exists which can be exploited by malicious people to conduct Cross-Site Scripting attacks. Input passed to 'namazu.cgi' isn't properly sanitized before being returned to the user if the query begins from a tab ('%09'). This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site. Update to version 2.0.14: Fedora: Debian: SuSE: Currently we are not aware of any exploits for this vulnerability. | Namazu Cross-Site Scripting Vulnerability CVE Name: | High | Namazu Security Advisory, December 15, 2004 Debian Security Advisory, DSA 627-1, January 6, 2005 SUSE Security Summary Report, SUSE-SR:2005:001, January 12, 2005 |
| o3read 0.0.3 | A vulnerability was reported in o3read. A remote malicious user can cause arbitrary code to be executed by the target user. A remote user can create a specially crafted SXW file that, when processed by the target user with o3read, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user. The buffer overflow resides in the parse_html() function in 'o3read.c.' Gentoo: A Proof of Concept exploit script has been published. | o3read parse_html() Buffer Overflow CVE Name: | High | SecurityTracker Alert ID, 1012591, December 16, 2004 Gentoo Linux Security, GLSA 200501-20, January 11, 2005 |
OpenBSD 2.0-2.9, 3.0-3.6 | A buffer overflow vulnerability exists in the 'mod_include' module due to insufficient validation of user-supplied tag strings length, which could let a malicious user cause a Denial of Service and possibly execute arbitrary code. Patches available at: Currently we are not aware of any exploits for this vulnerability. | OpenBSD httpd 'mod_include' Buffer Overflow | Low/High (High if arbitrary code can be executed) | SecurityFocus, January 13, 2005 |
OpenBSD 2.0-2.9, 3.0-3.6 | A remote Denial of Service vulnerability exists in the TCP timestamp processing functionality due to a failure to handle exceptional network data. Patches available at: Currently we are not aware of any exploits for this vulnerability. | OpenBSD TCP Timestamp Remote Denial of Service | Low | SecurityTracker Alert, 1012861, January 12, 2005 |
PHPGroupWare 0.9.16 RC1&2 | A vulnerability exists in the 'acl_check' function, which could let a remote malicious user bypass the access control lists. Upgrades available at: There is no exploit code required. | PHPGroupWare 'ACL_Check' Access List Bypass | Medium | SecurityFocus, January 18, 2005 |
PHPWind Board 1.3.6 & prior | A vulnerability exists in 'faq.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user obtain/modify the administrator's password.
No workaround or patch available at time of publishing. A Proof of Concept exploit script has been published. | PHPWind Administrator Password Modification | Medium | Securiteam, January 9, 2005 |
rssh 2.2.2 | A vulnerability exists which can be exploited to bypass certain security restrictions. The problem is that some of the predefined applications support flags, which allows command execution. This can be exploited to bypass the shell restriction and execute arbitrary commands. Gentoo: Upgrade available at: Currently we are not aware of any exploits for this vulnerability. | pizzashack rssh Security Bypass | High | Secunia Advisory ID: SA13363, December 3, 2004 Gentoo Linux Security Advisory, GLSA 200412-01 / scponly, December 3, 2004 SecurityFocus, January 15, 2005 |
LibTIFF 3.5.7, 3.6.1, 3.7.0 | Two vulnerabilities exist which can be exploited by malicious people to compromise a vulnerable system by executing arbitrary code. The vulnerabilities are caused due to an integer overflow in the "TIFFFetchStripThing()" function in "tif_dirread.c" when parsing TIFF files and"CheckMalloc()" function in "tif_dirread.c" and "tif_fax3.c" when handling data from a certain directory entry in the file header. Update to version 3.7.1: Fedora: Debian: Gentoo: Mandrake: SUSE: RedHat: Currently we are not aware of any exploits for these vulnerabilities. | Remote Sensing LibTIFF Two Integer Overflow Vulnerabilities CVE Name: | High | iDEFENSE Security Advisory 12.21.04 Secunia SA13629, December 23, 2004 SUSE Security Announcement, SUSE-SA:2005:001, January 10, 2005 RedHat Security Advisory, RHSA-2005:019-11, January 13, 2005 US-Cert Vulnerability Note, VU#125598, January 14, 2005 |
Unixware 7.1.1, 7.1.3, 7.1.4 | A remote Denial of Service vulnerability exists when the 'mountd' service is registered in 'inetd.conf.'
Patches available at: There is no exploit required. | SCO UnixWare Mountd Remote Denial of Service CVE Name: | Low | SCO Security Advisory, SCOSA-2005.1, January 6, 2005 |
SGallery 1.0 1 | Multiple vulnerabilities exist: a vulnerability exists in 'imageview.php' due to insufficient verification of input passed to the 'DOCUMENT_ROOT' parameter, which could let a remote malicious user execute arbitrary code; a vulnerability exists in 'imageview.php' due to insufficient sanitization of the 'idalbum' and 'idimage' parameters, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability exists if the 'idalbum' and 'idimage' variables are not set, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit required; however, a Proof of Concept exploit has been published. | SGallery Input Validation | Medium/ High (High if arbitrary code can be executed) | waraxe-2005-SA#039, January 13, 2005 |
InPerson | A vulnerability exists in the 'SUN_TTSESSION_CMD' environment variable due to a design error, which could let a malicious user obtain superuser access. The vendor indicates that the product is no longer supported and no patch will be issued for this vulnerability. There is no exploit required; however, a Proof of Concept exploit has been published. | SGI InPerson Superuser Access | High | iDEFENSE Security Advisory, January 13, 2005 |
Squid 2.x | A remote Denial of Service vulnerability exists in the NTLM fakeauth_auth helper when running under a high load or for a long period of time, and a specially crafted NTLM type 3 message is submitted.
Patch available at: Gentoo: Currently we are not aware of any exploits for this vulnerability. | Squid NTLM fakeauth_auth Helper Remote Denial of Service | Low | Secunia Advisory, Gentoo Linux Security Advisor, GLSA 200501-25, January 17, 2005 |
Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 .STABLE4&5, 2.4 .STABLE6&7, 2.4 .STABLE2, 2.4, 2.5 .STABLE3-7, 2.5 .STABLE1 | Two vulnerabilities exist: remote Denial of Service vulnerability exists in the Web Cache Communication Protocol (WCCP) functionality due to a failure to handle unexpected network data; and buffer overflow vulnerability exists in the 'gopherToHTML()' function due to insufficient validation of user-supplied strings, which could let a remote malicious user execute arbitrary code. Patches available at: http://www.squid-cache.org/Versions/v2/ Gentoo: There is no exploit required. | Squid Proxy Web Cache WCCP Functionality Remote Denial of Service & Buffer Overflow | Low/High (High if arbitrary code can be executed) | Secunia Advisory, SA13825, January 13, 2005 |
SquirrelMail Vacation Plugin 0.14 -1.2rc2, 0.15 -1.43a | Two vulnerabilities exists in the 'ftpfile' program due to insufficient input validation, which could let a remote malicious user execute arbitrary commands with root privileges or obtain sensitive information. No workaround or patch available at time of publishing. Proofs of Concept exploits scripts have been published. | SquirrelMail Vacation Plugin 'FTPFile' Input Validation | Medium/ High High if arbitrary code can be executed) | LSS Security Advisory, LSS-2005-01-03, January 11, 2005 |
Helvis 1.8 | Multiple vulnerabilities exist: a vulnerability exists in the 'elvprsv' utility, which could let a malicious user delete arbitrary files; a vulnerability exists in the 'elvprsv' utility on preserved generated emails due to weak default permissions, which could let a malicious user obtain sensitive information; and a vulnerability exists in the 'elvrec' utility, which could let a malicious user obtain sensitive information. No workaround or patch available at time of publishing. Proofs of Concept exploits have been published. | Steve Kirkendall Helvis elvprsv Arbitrary File Deletion & Sensitive Information Disclosure | Medium | SecurityFocus, January 12, 2005 |
Solaris 8.0 _x86, 8.0, 9.0 _x86, 9.0 | A vulnerability exists in the Sun Solaris Management Console (SMC) Graphical User Interface due to a failure to create secure accounts that have no password, which could let a remote malicious user obtain unauthorized access. Patches available at: There is no exploit required. | Solaris Management Console (SMC) Blank Passwords | Medium | Sun(sm) Alert Notification, 57717, January 10, 2005 |
Fcron 2.x | Multiple vulnerabilities exist: a vulnerability exists in the 'fcronsighup' utility due to a design error, which could let a malicious user obtain sensitive information; a vulnerability exists because the 'fcronsighup' utility can bypass access restrictions, which could let a malicious user supply arbitrary configuration settings; an input validation vulnerability exists in the 'fcronsighup' utility, which could let a malicious user delete arbitrary files; and a vulnerability exists because a malicious user can view the contents of the 'fcron.allow' and 'fcron.deny' files due to a file descriptor leak. Update available at: Gentoo: Trustix: Currently we are not aware of any exploits for these vulnerabilities. | Thibault Godouet Fcron Multiple Vulnerabilities CVE Names: | Medium | iDEFENSE Security Advisory, November 15, 2004 Gentoo Linux Security Advisory, GLSA 200411-27, November 18, 2004 Trustix Secure Linux Security Advisory, TSLSA-2005-000, January 13, 2005 |
TWiki 20030201 | A vulnerability exists in 'Search.pn' due to an input validation error when handling search requests, which could let a remote malicious user execute arbitrary commands. Hotfix available at: Gentoo: Conectiva: An exploit script has been published. | TWiki Search Shell Metacharacter Remote Arbitrary Command Execution CVE Name: | High | Securiteam, November 15, 2004 PacketStorm, November 20, 2004 Gentoo Linux Security Advisory, GLSA 200411-33, November 24, 2004 Conectiva Linux Security Announcement, CLA-2005:918, January 14, 2005 |
Exim 4.40-4.43 | A buffer overflow vulnerability exists in the 'dns_build_reverse()' function, which could let a malicious user execute arbitrary code. Patch available at: A Proof of Concept exploit has been published. | Exim 'dns_build_reverse()' Buffer Overflow | High | iDEFENSE Security Advisory, January 14, 2005 |
gopherd 3.0.0-3.0.5 | Multiple vulnerabilities exist due to insufficient sanitization of user-supplied input and a failure to verify input sizes, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
Debian: Currently we are not aware of any exploits for these vulnerabilities. | University of Minnesota Gopher Multiple Remote Vulnerabilities | Low/High (High if arbitrary code can be executed) | Debian Security Advisory, DSA 638-1, January 13, 2005 |
VideoDB 2.0 .0 | Multiple vulnerabilities exist: a vulnerability exists due to insufficient sanitization of various input before being used in an SQL query, which could let a a remote malicious user inject arbitrary SQL code; a Cross-Site Scripting vulnerability exists due to insufficient sanitization of various input, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability exists in 'edit.php,' which could let a remote malicious user edit/delete arbitrary movie database entries. Upgrade available at: Currently we are not aware of any exploits for these vulnerabilities. | VideoDB Multiple Vulnerabilities | Medium/ High (High if arbitrary code can be executed) | Secunia Advisory, SA13765, January 11, 2005 |
VIM 6.0-6.2, 6.3.011, 6.3.025, 6.3 .030, 6.3.044, 6.3 .045 | Multiple vulnerabilities exist in 'tcltags' and 'vimspell.sh' due to the insecure creation of temporary files, which could let a malicious user corrupt arbitrary files. No workaround or patch available at time of publishing. There is no exploit required. | Vim Insecure Temporary File Creation | Medium | Secunia Advisory, SA13841, January 13, 2005 |
| Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name | Risk | Source |
iTunes 4.2.72, 4.5-4.7 | A buffer overflow vulnerability exists when handling '.m3u' and '.pls' playlists due to a boundary error, which could let a remote malicious user execute arbitrary code. Update available at: Exploit scripts have been published. | Apple ITunes Playlist Buffer Overflow CVE Name: | High | iDEFENSE Security Advisory, January 13, 2005 US-CERT Vulnerability Note, VU#377368, January 14, 2005 |
AWStats 5.0-5.9, 6.0-6.2 | Several vulnerabilities exist: a vulnerability exists in the 'awstats.pl' script due to insufficient validation of the 'configdir' parameter, which could let a remote malicious user execute arbitrary code; and an unspecified input validation vulnerability exists.
Upgrades available at: Currently we are not aware of any exploits for these vulnerabilities. | AWStats Multiple Remote Input Validation | High | Securiteam, January 18, 2005 |
BiTBOARD 2.0, 2.5 | A Cross-Site Scripting vulnerability exists in the BBCode 'IMG' tag due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | BiTBOARD Cross-Site Scripting | High | Bugtraq, January 12, 2005 |
WebSeries Payment Application 4.0 | Multiple vulnerabilities exist: a vulnerability exists because an authenticated user can access certain URLs directly to perform privileged actions; a vulnerability exists because HTTP variables disclose system information; an input validation vulnerability exists in 'BTInteractiveViewer.asp' when files and directories are enumerated via the 'ReportPath' and 'ReportName' parameters; an input validation vulnerability exists in the 'ReportPath' and 'ReportName' parameters, which could let a remote malicious user download and execute arbitrary reports; a vulnerability exists because a shorter password than permitted can be set; and a vulnerability exists because an authenticated malicious user can change other user's passwords. No workaround or patch available at time of publishing. There is no exploit required; however, a Proof of Concept exploit has been published. | BottomLine Webseries Payment Application Multiple Vulnerabilities | Medium | Portcullis Security Advisory, January 10, 2005 |
SparkleBlog | Multiple vulnerabilities exist: a vulnerability exists in 'journal.php' due to insufficient sanitization of the 'id' parameter and in 'archives.php' due to insufficient sanitization of the 'year' parameter, which could let a remote malicious user execute arbitrary SQL code; a Cross-Site Scripting vulnerability exists in 'journal.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability exists in the 'admin' directory, which could let a remote malicious user obtain sensitive information; and a vulnerability exists because a remote malicious user can supply a specially crafted URL to cause the system to disclose the installation path. No workaround or patch available at time of publishing. There is no exploit required; however, Proofs of Concept exploits have been published. | SparkleBlog Multiple Input Validation | Medium/ High (High if arbitrary code can be executed) | Bugtraq, January 15, 2005 |
Teledat 530 | A remote Denial of Service vulnerability exists due to a failure to handle exceptional conditions. No workaround or patch available at time of publishing. There is no exploit code required. | Deutsche Telekom Teledat 530 Remote Denial of Service | Low | Bugtraq, January 11, 2005 |
Dokeos Open Source Learning & Knowledge Management Tool 1.4, 1.5, 1.5.3-1.5.5 | A Cross-Site Scripting vulnerability exists in the course description functionality due to insufficient sanitization, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. There is no exploit required. | Dokeos Course Description Cross-Site Scripting | High | Security Advisory B004, January 11, 2005 |
MediaPartner Enterprise 5.0, 5.1 | Multiple vulnerabilities exist: a vulnerability exists when handling requests for '.bhtml' files due to an input validation error, which could let a remote malicious user obtain sensitive information; a vulnerability exists in the 'In Place Password Update' process, which could let a remote malicious user change arbitrary user's passwords; a Directory Traversal vulnerability exists due to insufficient input validation, which could let a remote malicious user obtain sensitive information; and a Cross-Site Scripting vulnerability exists due to insufficient sanitization of input passed to the directory listing page, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploits have been published. | Motion MediaPartner Enterprise Multiple Vulnerabilities | Medium/ High (High if arbitrary code can be executed) | Secunia Advisory, SA13820, January 17, 2005 |
TikiWiki 1.7.9, 1.8.5, and 1.9dr4 | A vulnerability exists in the uploading of image files. A remote authenticated user can execute arbitrary commands on the target system. A remote authenticated user with upload privileges can invoke the edit page to upload a PHP script to the 'img/wiki_up' directory instead of an image file. Then, the user can cause the web server to execute the script. The vendor has issued fixed versions (1.7.9, 1.8.5, and 1.9dr4), available at: http://sourceforge.net/project/showfiles.php Gentoo: Currently we are not aware of any exploits for this vulnerability. | GNU TikiWiki Pictures Lets Remote Users Execute Arbitrary Commands | High | TikiWiki Security Alert, December 12, 2004 Gentoo Linux Security Advisory, GLSA 200501-12, January 10, 2005 |
Horde 3.0 | Cross-Site Scripting vulnerabilities exist in 'index.php' due to insufficient sanitization of the 'url' parameter and in 'prefs.php' due to insufficient sanitization of the 'group' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
Upgrade available at: There is no exploit required; however, Proofs of Concept exploits have been published. | Horde 'prefs.php' and 'index.php' Cross-Site Scripting | High | Hyperdose Security Advisory, January 13, 2005 |
Encrypted Messenger Plug-in 3.0.71 | A remote Denial of Service vulnerability exists due to an error when processing incoming messages. No workaround or patch available at time of publishing. There is no exploit required. | JohnyTech Encrypted Messenger Plug-In Remote Denial of Service | Low | Secunia Advisory, SA13844, January 14, 2005 |
Guestserver 5.0
| A vulnerability exists in the 'message' parameter due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code or obtain the sensitive information. No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploits have been published. | Guestserver Input Validation | Medium/ (High if arbitrary code can be executed) | SYSTEMSECURE.ORG Advisory, 10012005, January 11, 2005 |
Minis 0.x | A Directory Traversal vulnerability exists in 'minis.php' due to insufficient validation of the 'month' parameter, which could let a remote malicious user obtain sensitive information or cause a Denial of Service. No workaround or patch available at time of publishing. Proofs of Concept exploits have been published. | Minis Directory Traversal | Low/ Medium (Medium if sensitive information can be obtained) | Secunia Advisory, : SA13866, January 17, 2005 |
Guestbook 1.2, 1.5 | A vulnerability exists in 'top.php' due to insufficient verification of the 'header' parameter, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing. Proofs of Concept exploits have been published. | MPM Guestbook 'top.php' Input Validation | High | SYSTEMSECURE.ORG Advisory, January 13, 2005 |
Hitachi Directory Server 2.x; HP-UX B.11.00, B.11.11, B.11.23; Netscape Directory Server 6.21 & prior | A buffer overflow vulnerability exists when a specially crafted LDAP packet is submitted, which could let a remote malicious user cause a Denial of Service or potentially execute arbitrary code.
Hitachi: http://www.hitachi-support.com/security_e/vuls_e/HS05-001_e/01-e.html HP: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendor LDAP Directory Server Buffer Overflow | Low/High (High if arbitrary code can be executed) | US-CERT Vulnerability Note, VU#258905, January 14, 2005 Hitachi Security Advisory, HS05-001, January 12, 2005 |
Check Point Software FireWall-1 R55 HFA08 with SmartDefense; | A security vulnerability exists due to a failure to decode base64-encoded images in 'data' URIs, which could lead to a false sense of security.
No workaround or patch available at time of publishing. There is no exploit required. | Multiple Vendor Anti-Virus GatewayBase64 Encoded Image Decode Failure | Medium | Bugtraq, January 11, 2005 |
Debian Linux 3.0 spar, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; Ethereal Group Ethereal 0.9-0.9.16, 0.10-0.10.7
| Multiple vulnerabilities exist: a remote Denial of Service vulnerability exists in the DICOM dissector; a remote Denial of Service vulnerability exists in the handling of RTP timestamps; a remote Denial of Service vulnerability exists in the HTTP dissector; and a remote Denial of Service vulnerability exists in the SMB dissector when a malicious user submits specially crafted SMB packets. Potentially these vulnerabilities may also allow the execution of arbitrary code. Upgrades available at: Gentoo: Conectiva: Currently we are not aware of any exploits for these vulnerabilities. | Ethereal Multiple Denial of Service & Potential Code Execution Vulnerabilities CVE Names: | Low/High (High if arbitrary code can be executed) | Ethereal Security Advisory, enpa-sa-00016, December 15, 2004 Conectiva Linux Security Announcement, CLA-2005:916, January 13, 2005 |
MaxDB 7.5.00.14-7.5.00.16, 7.5.00.12, 7.5.00.11, 7.5.00.08, 7.5.00 | A buffer overflow vulnerability exists due to insufficient bounds checking in the websql CGI application, which could let a remote malicious user execute arbitrary code.
Upgrades available at: Currently we are not aware of any exploits for this vulnerability. | MySQL MaxDB Remote Buffer Overflow | High | iDEFENSE Security Advisory, January 13, 2005 |
MySQL 4.x | A vulnerability exists in the 'mysqlaccess.sh' script because temporary files are created in an unsafe manner, which could let a malicious user obtain elevated privileges. Update available at: Currently we are not aware of any exploits for this vulnerability. | MySQL 'mysqlaccess.sh' Unsafe Temporary Files CVE Name: | Medium | SecurityTracker Alert, 1012914, January 17,2005 |
Netgear FVS318 | Several vulnerabilities exist: a vulnerability exists because an URL that contains hex encoded characters may bypass an URL filter setup by the administrator; and a Cross-Site Scripting vulnerability exists due to insufficient sanitization of input passed to an URL that is blocked by an URL filter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | NETGEAR FVS318 Security Bypass & Cross Site Scripting | Medium/ High (High if arbitrary code can be executed) | Secunia Advisory, SA13787, January 17, 2005 |
Zeroboard 4.1, pl1-pl5 | Multiple vulnerabilities exist: a vulnerability exists in the 'print_category.php' script due to insufficient validation of the 'dir' parameter, which could let a remote malicious user execute arbitrary PHP code; a vulnerability exists because a remote malicious user can submit a specially crafted URL to view files on the target system; and a vulnerability exists in several zero_vote scripts due to insufficient validation, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing. There is no exploit required; however, Proofs of Concept exploits have been published. | Zeroboard Multiple Vulnerabilities | Medium/ High (High if arbitrary code can be executed) | STG Security Advisor, SSA-20050113-25, January 13, 2005 |
PHP Gift Registry 1.x | A vulnerability exists in 'index.php' due to insufficient sanitization of the 'messageid,' 'shopper,' and 'shopfor' parameters and in 'item.php' due to insufficient sanitization of the 'itemid' parameter, which could let a remote malicious user execute arbitrary SQL commands.
No workaround or patch available at time of publishing. Proofs of Concept exploits have been published. | PHP Gift Registry Parameter Input Validation | High | Secunia Advisory, SA13873, January 17, 2005 |
PHP 4.3.6-4.3.9, 5.0 candidate 1-canidate 3, 5.0 .0-5.0.2 | Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'pack()' function, which could let a remote malicious user execute arbitrary code; an integer overflow vulnerability exists in the 'unpack()' function, which could let a remote malicious user obtain sensitive information; a vulnerability exists in 'safe_mode' when executing commands, which could let a remote malicious user bypass the security restrictions; a vulnerability exists in 'safe_mode' combined with certain implementations of 'realpath(),' which could let a remote malicious user bypass security restrictions; a vulnerability exists in 'realpath()' because filenames are truncated; a vulnerability exists in the 'unserialize()' function, which could let a remote malicious user obtain sensitive information or execute arbitrary code; a vulnerability exists in the 'shmop_write()' function, which may result in an attempt to write to an out-of-bounds memory location; a vulnerability exists in the 'addslashes()' function because '\0' if not escaped correctly; a vulnerability exists in the 'exif_read_data()' function when a long sectionname is used, which could let a remote malicious user obtain sensitive information; and a vulnerability exists in 'magic_quotes_gpc,' which could let a remote malicious user obtain sensitive information.
Upgrades available at: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" Conectiva: There is no exploit code required; however, a Proof of Concept exploit script has been published. | PHP Multiple Remote Vulnerabilities CVE Names: | Medium/ High (High if arbitrary code can be executed) | Bugtraq, December 16, 2004 Conectiva Linux Security Announcement, CLA-2005:915, January 13, 2005 |
Siteman 1.1.9 | A Cross-Site Scripting vulnerability exists in the 'news.php' and 'forums.php' scripts due to insufficient validation of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Proofs of Concept exploits have been published. | Siteman Cross-Site Scripting | High | PersianHacker.NET Security Team Advisory, January 14, 2005 |
ViewCVS 0.9.2 & prior | A vulnerability exists because it is possible to access CVSROOT and forbidden directories via the tarball generation functionality, which could let malicious user bypass security restrictions.
Debian: Gentoo: SuSE: A Proof of Concept exploit has been published. | ViewCVS Ignores 'hide_cvsroot' and 'forbidden' Settings CVE Name: | Medium | SecurityTracker Alert ID, 1012431, December 6, 2004 Gentoo Advisory GLSA 200412-26, December 28, 2004 SUSE Security Summary Report, SUSE-SR:2005:001, January 12, 2005 |
Burning Board Lite 1.0 .0, 1.0.1e | An input validation vulnerability exists in the 'addentry.php' script, which could let a remote malicious user obtain or corruption sensitive database information. .
No workaround or patch available at time of publishing. There is no exploit required | WoltLab Burning Board Lite 'addentry.php' Input Validation | High | Bugtraq, January 10, 2005 |
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
Date of Script | Script name | Workaround or Patch Available | Script Description |
| January 18, 2005 | files.zip injecthh_op_2-code_by_liudieyu.zip | Yes | Exploits for the Microsoft Windows HTML Help ActiveX Control vulnerability. |
| January 17, 2005 | itunesPLS.txt itunesPLS-local.txt | Yes | Script that exploit the Apple ITunes Playlist Buffer Overflow vulnerability. |
| January 16, 2005 | auth_radius.c | No | Script that exploits the Apache 'mod_auth_radius' Integer Overflow vulnerability. |
| January 16, 2005 | breedzero.zip breed.tar | No | Proof of Concept exploit for the Brat Designs Breed Remote Denial of Service vulnerability. |
| January 16, 2005 | exim.pl.txt eximExploit.tar.gz | Yes | Proof of Concept exploit for the Exim dns_build_reverse() Buffer Overflow vulnerability. |
| January 16, 2005 | ExploitingFedora.txt | N/A | Whitepaper discussing how to exploit overflow vulnerabilities on Fedora Core 2. |
| January 16, 2005 | fuzzer-1.1.tar.gz | N/A | A multi protocol fuzzing tool written in Python that can be used to find new SQL injection, format string, buffer overflow, directory traversal, and other vulnerabilities. |
| January 16, 2005 | stackgrow2.c | Yes | Proof of Concept exploit for the Linux Kernel Symmetrical Multiprocessing Page Fault Superuser Privileges vulnerability. |
| January 16, 2005 | vanisher.tgz | Yes | Proof of Concept exploit for the Windows ANI File Parsing vulnerability along with a complete detailed paper describing the process of creating it. |
| January 15, 2005 | john-1.6.37.mscash.3.diff.gz | N/A | This patch is for john the ripper and adds the ability to crack MS Cached Credential hashes. To be used in conjunction with the Cachedump tool. |
| January 13, 2006 | fm-eyetewnz.c atmaca.c | Yes | Scripts that exploit the Apple ITunes Playlist Buffer Overflow vulnerability. |
| January 13, 2005 | anieeye.zip | Yes | Proof of Concept exploit for the Microsoft Windows ANI File Parsing Errors vulnerability. |
| January 13, 2005 | stackgrow.c expand_stack.c | Yes | Proof of Concept exploits for the Linux Kernel Symmetrical Multiprocessing Page Fault Local Privilege Escalation vulnerability. |
| January 12, 2005 | cachedump-1.0.zip | N/A | CacheDump is a tool that demonstrates how to recover cache entry information: username and hashed password (called MSCASH). This tool also explains the technical issues underneath Windows password cache entries, which are undocumented by Microsoft. |
| January 12, 2005 | framework-2.3.tar.gz | N/A | The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. The 2.3 release includes three user interfaces, 46 exploits and 68 payloads; many of these exploits are either the only ones publicly available or just much more reliable than anything else out there. |
| January 12, 2005 | john-mspatch.1.3.37.2.diff.gz | N/A | This patch is for john the ripper and adds the ability to crack MS Cached Credential hashes. To be used in conjunction with the Cachedump tool. |
| January 12, 2005 | LSS-2005-01-03.txt | No | Exploit for the SquirrelMail Vacation Plugin 'FTPFile' Input Validation vulnerability. |
| January 12, 2005 | wins_ms04_045.pm | Yes | Exploit for the Microsoft WINS Name Validation vulnerability. |
| January 11, 2005 | iis_w3who_overflow.pm | No | Exploit for the Microsoft Windows Resource Kit 'w3who.dll' Buffer Overflow & Input Validation vulnerability. |
| January 11, 2005 | 101_BXEC.c backupexec_ns.pm veritasABS.c | Yes | Exploits for the VERITAS Backup Exec Buffer Overflow vulnerability. |
| January 11, 2005 | imail_imap_delete.pm | Yes | Exploit for the Ipswitch IMail Server Remote Buffer Overflow vulnerability. |
| January 11, 2005 | webstar_ftp_user.pm | Yes | Exploit for the 4D WebSTAR Grants Access to Remote Users and Elevated Privileges to Local Users vulnerability. |
| January 10, 2005 | mod_auth_radius_poc.c | No | A Proof of Concept exploit for the Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow vulnerability. |
| January 10, 2005 | Serv-U_2.5_DoS.pl | No | Perl script that exploits the RhinoSoft Serv-U FTP Server Remote Denial of Service vulnerability. |
| January 9, 2005 | phpwind.pl | No | Perl script that exploits the PHPWind Board Remote File Include vulnerability. |
name=trends>Trends
- Nothing significant to report.
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trends |
face="Arial, Helvetica, sans-serif">Date |
1 | Netsky-P | Win32 Worm | Stable | March 2004 |
2 | Sober-I | Win32 Worm | Increase | November 2004 |
3 | Zafi-D | Win32 Worm | New to Table | December 2004 |
4 | Zafi-B | Win32 Worm | Decrease | June 2004 |
5 | Bagle-AA | Win32 Worm | Stable | April 2004 |
6 | Bagle-AU | Win32 Worm | Decrease | October 2004 |
7 | Netsky-D | Win32 Worm | Stable | March 2004 |
8 | Netsky-Z | Win32 Worm | Return to Table | April 2004 |
9 | Bagle.BB | Win32 Worm | Slight Decrease | September 2004 |
10 | Netsky-Q | Win32 Worm | Slight Decrease | March 2004 |
Table Updated January 18, 2005
Viruses or Trojans Considered to be a High Level of Threat
Viruses or Trojans Considered to be a High Level of Threat
- The W32/VBSun-A worm spreads via email, tempting users into clicking onto its malicious attachment by pretending to be information about how to donate to a tsunami relief effort. However, running the attached file will not only forward the virus to other internet users but can also initiate a denial-of-service attack against a German hacking website. For more information see: http://www.sophos.com/virusinfo/articles/vbsuna.html
The following table provides, in alphabetical order, a list of new viruses, variations of previously encountered viruses, and Trojans that have been discovered during the period covered by this bulletin. This information has been compiled from the following anti-virus vendors: Sophos, Trend Micro, Symantec, McAfee, Network Associates, Central Command, F-Secure, Kaspersky Labs, MessageLabs, Panda Software, Computer Associates, and The WildList Organization International. Users should keep anti-virus software up to date and should contact their anti-virus vendors to obtain specific information on the Trojans and Trojan variants that anti-virus software detects.
NOTE: At times, viruses and Trojans may contain names or content that may be considered offensive.
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.