Summary of Security Items from February 9 through February 15, 2004
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Bugs,
Holes, & Patches
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name | Risk | Source |
3CServer | Buffer overflow vulnerabilities exist in several FTP commands, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing. A Proof of Concept exploit script has been published. | 3Com 3CServer FTP Command Buffer Overflows CVE Name: | High | Bugtraq, February 7, 2005 |
ArGoSoft Mail Server 1.8.7.3 & prior | Multiple vulnerabilities exist: a Directory Traversal vulnerability exists in attachment handling due to insufficient input validation, which could let a remote malicious user obtain sensitive information; a Directory Traversal vulnerability exists in the '_msgatt.rec' file, which could let a remote malicious user include arbitrary files as a email attachment; and a vulnerability exists due to insufficient sanitization of the 'Folder' parameter in 'msg,' 'delete,' 'folderdelete,' and 'folderadd,' which could let a remote malicious user create/delete arbitrary directories. Update available at: There is no exploit code required. | ArGoSoft Mail Server Directory Traversals CVE Name: | Medium | SIG^2 Vulnerability Research Advisory, February 9,2005 |
| ASPJar Guestbook 1.0 | Several vulnerabilities exist: a vulnerability exists in the '/admin/login.asp' script due to insufficient sanitization of the 'User' and 'Password' parameters, which could let a remote malicious user obtain administrative access; and a vulnerability exists in 'delete.asp' due to insufficient authorization, which could let a remote malicious user delete arbitrary messages. No workaround or patch available at time of publishing. There is no exploit code required. | ASPJar Guestbook Input Validation CVE Names: | Medium/ High (High if administrative access can be obtained) | Bugtraq, February 10, 2005 |
BrightStor ARCserve 2000 Backup Windows Japanese, ARCServe Backup for NetWare 9.0, 11.1, BrightStor ARCServe Backup for Windows 9.0.1, 11.0, 11.1, Windows 64 bit 9.0.1, 11.0, 11.1, Enterprise Backup 10.0, 10.5, Enterprise Backup for Windows 64 bit 10.5 | A buffer overflow vulnerability exists when a specially crafted UDP probe is submitted to the Discovery Service, which could let a remote malicious user execute arbitrary code. Patches available at: An exploit script has been published. | BrightStor ARCserve Backup Discovery Service Buffer Overflow CVE Name: | High | iDEFENSE Security Advisory, February 9, 2005 |
DelphiTurk FTP 1.0 | A vulnerability exists in the 'profile.dat' file due to insecure storage of account information, which could let a malicious user obtain sensitive information. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | DelphiTurk FTP Information Disclosure CVE Name: | Medium | SecurityTracker Alert, 1013139, February 10, 2005 |
CodeBank (KodBank) 3.1 & prior | A vulnerability exist because the registry can be searched to obtain usernames & passwords, which could let a malicious user obtain elevated privileges. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | DelphiTurk CodeBank (KodBank) Elevated Privileges CVE Name: | Medium | SecurityTracker Alert, 1013139, February 10, 2005 |
Anti-Virus 2004, 2005. | A buffer overflow vulnerability exists when processing the ARJ archives, which could let a remote malicious user execute arbitrary code. Patches available at: Currently we are not aware of any exploits for this vulnerability. | F-Secure ARJ Archive Buffer Overflow CVE Name: | High | ISS X-Force Security Advisory, February 10, 2005 |
DB2 Universal Database for Windows 7.1, 7.2, 8.0, 8.1 | A vulnerability exists which could let a malicious user cause a Denial of Service or obtain sensitive information. Updates available at: Currently we are not aware of any exploits for this vulnerability. | IBM DB2 Denial of Service & Information Disclosure | Low/ Medium (Medium if sensitive information can be obtained) | SecurityFocus, February 10, 2005 |
Websphere Application Server 5.0.2.5-5.0.2.9, 5.1.0.2-5.1.0.5, 5.1.1.1-5.1.1.3 | A vulnerability exists because the source code of Java Script pages is disclosed via a specially crafted URL, which could let a remote malicious user obtain sensitive information.
Updates available at: There is no exploit code required. | IBM WebSphere Application Server JSP Engine Source Code Disclosure CVE Name: | Medium | Secunia Advisory, SA14274, February 14, 2005 |
Websphere Application Server 6.0 | A vulnerability exists in the file serving servlet, which could let a remote malicious user obtain sensitive information.
Updates available at: ftp://ftp.software.ibm.com/software/websphere/ There is no exploit code required. | IBM WebSphere Application Server File Servlet Source Code Disclosure CVE Name: | Medium | Secunia Advisory, SA14274, February 14, 2005 ` |
ASP.NET 1.x | A vulnerability exists which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to a canonicalization error within the .NET authentication schema. Apply ASP.NET ValidatePath module:
href="http://www.microsoft.com/downloads/details.aspx?FamilyId=DA77B852-DFA0-4631-AAF9-8BCC6C743026">http://www.microsoft.com/downloads/ Patches available at: V1.1: Bulletin updated to include Knowledge Base A Proof of Concept exploit has been published. | Medium | Microsoft, October 7, 2004 Microsoft Security Bulletin, MS05-004, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A US-CERT Vulnerability Note VU#283646 Microsoft Security Bulletin, MS05-004 V1.1, February 15, 2005 | |
Internet Explorer 5.0.1, SP1-SP4, r 5.5, SP1&SP2, 6.0 SP1&SP2 | A vulnerability exists when certain mouse events are contained in a HREF tag, which could let a remote malicious user display false information.
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Microsoft Internet Explorer HREF Tag Mouse Event | Medium | SecurityFocus, February 14, 2005 |
Internet Explorer 5.5, SP1 & SP2, 6.0, SP1 & SP2 | A vulnerability exists if the 'CTRL-d' key combination is pressed to bookmark a website that contains a specially crafted pop-up window, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Microsoft Internet Explorer Favorites List | High | SecurityFocus, February 14, 2005 |
Internet Explorer 6.0 SP1 | A remote Denial of Service vulnerability exists when a malformed 'file:' URI is processed.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Microsoft Internet Explorer Malformed 'File:' URI Denial of Service | Low | SecurityFocus, February 15, 2005 |
Office XP SP2 & SP3, Project 2002, Visio 2002, Works Suite 2002, 2003, 2004 | A buffer overflow vulnerability exists due to a boundary error in the process that passes URL file locations to Office, which could let a remote malicious user execute arbitrary code.
Patches available at: V1.1: Bulletin updated to clarify prerequisites Currently we are not aware of any exploits for this vulnerability. | Microsoft Office URL File Location Handling Buffer Overflow CVE Name: | High | Microsoft Security Bulletin, MS05-005, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A US-CERT Cyber Security Alert SA05-039A US-CERT Vulnerability Note VU#416001 Microsoft Security Bulletin, MS05-005 V1.1, February 15, 2005 |
Windows SharePoint Services for Windows Server 2003, SharePoint Team Services from Microsoft | A Cross-Site Scripting and spoofing vulnerability exists due to insufficient validation of input provided to a HTML redirection query before returning it to a user's browser, which could let a remote malicious user execute arbitrary HTML and script code and spoof web browser content. Patches available at: V1.1: Bulletin updated to document information Currently we are not aware of any exploits for this vulnerability. | Microsoft Windows SharePoint Services Cross-Site Scripting & Spoofing CVE Name: | High | Microsoft Security Bulletin, MS05-006, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A US-CERT Cyber Security Alert SA05-039A US-CERT Vulnerability Note VU#340409 Microsoft Security Bulletin, MS05-006 V1.1, February 15, 2005 |
Windows Media Player 9 Series, Windows Messenger 5.0, MSN Messenger 6.1, 6.2 | Several vulnerabilities exist: a vulnerability exists in Media Player due to a failure to properly handle PNG files that contain excessive width or height values, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the Windows and MSN Messenger due to a failure to properly handle corrupt or malformed PNG files, which could let a remote malicious user execute arbitrary code. Patches available at: V1.1 Bulletin updated with information on the mandatory upgrade of vulnerable MSN Messenger clients in the caveat section, as well as changes to the Workarounds for PNG Processing Vulnerability in MSN Messenger – CAN-2004-0597 V1.2: Bulletin updated with correct file version An exploit script has been published for MSN Messenger/Windows Messenger PNG Buffer Overflow vulnerability. | Microsoft Media Player & Windows/MSN Messenger PNG Processing CVE Names: | High | Microsoft Security Bulletin, MS05-009, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A US-CERT Cyber Security Alert SA05-039A US-CERT Vulnerability Note VU#259890 SecurityFocus, February 10, 2005 Microsoft Security Bulletin MS05-009 V1.1, February 11, 2005 Microsoft Security Bulletin, MS05-009 V1.2, February 15, 2005 |
Windows 2000 SP 3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1 (Itanium), Windows XP 64-Bit Edition Version 2003 | A vulnerability exists in the DHTML Edit ActiveX control, which could let a remote malicious user inject arbitrary scripting code into a different window on the target user's system.
Patches available at: V1.1: Updated the Caveats section to reflect A Proof of Concept exploit has been published. | Microsoft Internet Explorer DHTML Edit Control Script CVE Name: | High | Bugtraq, December 15, 2004 Microsoft Security Bulletin, MS05-013, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A US-CERT Cyber Security Alert SA05-039A US-CERT Vulnerability Note VU#356600 Microsoft Security Bulletin, MS05-013 V1.1, February 15, 2005 |
Windows 2000 SP3 & SP4, Windows XP SP1 & SP2, Windows XP 64-Bit Edition SP1, | A buffer overflow vulnerability exists in the Hyperlink Object Library when handling hyperlinks, which could let a remote malicious user execute arbitrary code. Patches available at: V1.1: Mitigating factor for ISA 2004 updated. Currently we are not aware of any exploits for this vulnerability. | Microsoft Windows Hyperlink Object Library Buffer Overflow CVE Name: | High | Microsoft Security Bulletin, MS05-015, February 8, 2005 US-CERT Technical Cyber Security Alert TA05-039A US-CERT Cyber Security Alert SA05-039A US-CERT Vulnerability Note VU#820427 Microsoft Security Bulletin, MS05-015 V1.1, February 15, 2005 |
Windows NT Server 4.0, Windows NT Server 4.0 Enterprise Edition, Windows NT Server 4.0 Terminal Server Edition, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Server, Windows 2000 Professional, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Windows Server 2003 Datacenter Edition, Windows 98, Windows 98 SE, Windows ME; Avaya DefinityOne Media Servers, IP600 Media Servers, Modular Messaging (MSS) 1.1, 2.0, Avaya S3400 Message Application Server | A Shell vulnerability and Program Group vulnerability exists in Microsoft Windows. These vulnerabilities could allow remote code execution. Updates available at:
href="http://www.microsoft.com/technet/security/bulletin/MS04-037.mspx"> Bulletin updated to reduce the scope of a documented workaround to only support Windows XP, Windows XP Service Pack 1, and Windows Server 2003. Avaya: Customers are advised to follow Microsoft's guidance for applying patches. Advisories are located at the following locations:
href="http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=203487&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()">http://support.avaya.com/japple/css/japple?
href="http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=203487&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()">http://support.avaya.com/japple/css/japple?temp.groupID V1.2 Bulletin “Caveats” section updated to reflect the availability of Microsoft Knowledge Base Article 891534 as a known issue with this security update on Windows NT Server 4.0 Terminal Server Edition Service Pack 6. This bulletin has also been updated to document that this security update does not replace MS04-024 as was originally described in the bulletin. We are not aware of any exploits for these vulnerabilities. | High | Microsoft Security Bulletin MS04-037 v1.1, October 25, 2004 US-CERT Cyber Security Alert SA04-286A, October 12, 2004 US-CERT Vulnerability Note VU#543864, October 15, 2004 SecurityFocus, October 26, 2004 US-CERT Vulnerability Note, VU#616200, November 23, 2004 Microsoft Security Bulletin MS04-037 Ver. 1.2, February 15, 2006 | |
Windows (XP SP2 is not affected) | A Denial of Service vulnerability exists in the parsing of ANI files. A remote user can cause the target user's system to hang or crash. A remote user can create a specially crafted Windows animated cursor file (ANI file) that, when loaded by the target user, will cause the target system to crash. The malicious file can be loaded via HTML, for example. Updates available at: Bulletin V1.1 (January 20, 2005): Updated CAN reference and added acknowledgment to finder for CAN-2004-1305. V1.2: Frequently Asked Questions section updated to reflect an additional known attack vector. Another exploit script has been published. | Microsoft Windows ANI File Parsing Errors CVE Name: | Low | VENUSTECH Security Lab, December 23, 2004 Microsoft Security Bulletin MS05-002, January 11, 2005 US-CERT Vulnerability Notes, VU#177584 & VU#697136, January 11, 2005 SecurityFocus, January 12, 2005 Technical Cyber Security Alert, TA05-012A, January 12, 2005 Microsoft Security Bulletin, MS05-002, V1.1, January 20, 2005 PacketStorm, January 31, 2005 Microsoft Security Bulletin, MS05-002, V1.2, February 15, 2005 |
Exchange Server 2003, SP1 | A vulnerability exists in Microsoft Outlook Web Access due to is insufficient sanitization of URI supplied data, which could let a remote malicious user conduct phishing attacks. No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploits have been published. | Microsoft Outlook Web Access URI Redirection CVE Name: | Medium | Secunia Advisory, SA14144, February 8, 2005 |
Check Point Software Integrity Client 4.5, Integrity Client 5.0; | A Denial of Service vulnerability exists in the 'NtConnectPort' function due to insufficient verification of the 'ServerPortName' argument. Updates available at: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendor ZoneAlarm Denial of Service CVE Name: | Low | SecurityTeam, February 13, 2005 |
RealArcade 1.2.0.994 & prior
| Two vulnerabilities exist: a vulnerability exists due to the way RGS files are handled, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in RGP files that contain a specially crafted 'FILENAME' tag, which could let a remote malicious modify system/user information. No workaround or patch available at time of publishing. Exploit scripts have been published. | RealArcade Vulnerabilities CVE Names: | Medium/ High (High if arbitrary code can be executed) | SecurityTracker Alert, 1013128, February 9, 2005 |
SoftRemote VPN Client
| A vulnerability exists because the 'IreIKE.exe' process stores the VPN password in memory, which could let a malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required. | SafeNet SoftRemote VPN Client Key Disclosure CVE Name: | Medium | SecurityTracker Alert, 1013134, February 9, 2005 |
602LAN SUITE 2004 | A vulnerability exists due to improper validation of user-supplied filenames before uploading files as e-mail attachments, which could let a remote malicious user execute arbitrary code.
Update available at: http://www.software602.com/download/ Currently we are not aware of any exploits for this vulnerability. | 602LAN SUITE Input Validation CVE Name: | High | SIG^2 Vulnerability Research Advisory, February 8, 2005 |
Adaptive Server Enterprise 11.5 Win, 11.5.1 Win, 11.9.2 Win, 12.0 Win, 12.0 .0.8 EDS#3, 12.5 Win, 12.5.2, 12.5.3 ESD#1, 12.5.3 | A vulnerability exists that affects all versions of Adaptive Server Enterprise prior to 12.0.0.8 ESD#3 and 12.5.3 ESD#1 running on Microsoft Windows platforms. The impact was not specified.
Vendor recommendations located at: http://www.sybase.com/detail/1,6904,1033894,00.html Currently we are not aware of any exploits for this vulnerability. | Sybase Adaptive Server Enterprise Unspecified Vulnerability CVE Name: | Not Specified | Sybase Security Alert , February 15, 2005 |
| UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name | Risk | Source |
Mac OS X 10.0 3, 10.0-10.0.4, 10.1-10.1.5, 10.2-10.2.8, 10.3-10.3.7, Mac OS X Server 10.0-10.1.5, 10.2-10.2.8, 10.3-10.3.7
| A remote Denial of Service vulnerability exists in the AppleFileServer due to a failure to handle integer signedness properly. No workaround or patch available at time of publishing. An exploit script has been published. | Apple Mac OS X AppleFileServer Remote Denial of Service CVE Name: | Low | Bugtraq, February 8, 2005 |
Mac OS X 10.0 3, 10.0-10.0.4, 10.1-10.1.5, 10.2-10.2.8, 10.3-10.3.7, Mac OS X Server 10.0-10.1.5, 10.2-10.2.8, 10.3-10.3.7 | A vulnerability exists in Finder due to the insecure creation of '.DS_Store' files, which could let a malicious user obtain elevated privileges. No workaround or patch available at time of publishing. An exploit script has been published. | Apple Mac OS X Finder 'DS_Store' Insecure File Creation CVE Name: | Medium | Bugtraq, February 7, 2005 |
Safari 1.2.4 v125.12
| An input validation vulnerability exists because the HTTP 'Content-type' header value is ignored by the web server, which could let a remote malicious user modify system information.
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Apple Safari Input Validation CVE Name: | Medium | SecurityTracker Alert ID: 1013087, February 5, 2005 |
CubeCart 2.0.1, 2.0.4 | Multiple vulnerabilities exist: a Directory Traversal vulnerability exists due to insufficient sanitization of user-supplied input, which could let a remote malicious user obtain sensitive information; and a Cross-Site Scripting vulnerability exists due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. Update available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | Brooky CubeCart Multiple Vulnerabilities CVE Names: | Medium/ High (High if arbitrary code can be executed) | Bugtraq, February 14, 2005 |
| Caolan McNamara & Dom Lachowicz
wvWare version 0.7.4, 0.7.5, 0.7.6 and 1.0.0 | A buffer overflow vulnerability exists in the 'strcat()' function call due to the insecure bounds checking, which could let a remote malicious user execute arbitrary code.
Updates available at:
href="http://www.abisource.com/bonsai/cvsview2.cgi?diff_mode=context&whitespace_mode =show&root=/cvsroot&subdir=wv&command=DIFF_FRAMESET&root=/cvsroot&file=field.c&rev1=1.19&rev2=1.20"> Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200407-11.xml"> Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Conectiva:
href="ftp://atualizacoes.conectiva.com.br/"> Debian:
href="http://security.debian.org/pool/updates/main/w/wv/"> FedoraLegacy: A Proof of Concept exploit has been published. | wvWare Library Buffer Overflow CVE Name: | High | Securiteam, July 11, 2004
iDEFENSE Security Advisory, July 9, 2004 Conectiva Linux Security Announcement, CLA-2004:863, September 10, 2004 Debian Security Advisory, DSA 550-1, September 20, 2004 Debian Security Advisory, DSA 579-1, November 1, 2004 Conectiva Linux Security Announcement, CLA-2004:902, December 1, 2004 Fedora Legacy Update Advisory, FLSA:1906, February 8, 2005 |
BrightStor ARCserve 2000, ARCserve Backup 11.x, 9.x, Enterprise Backup 10.x | A vulnerability exists due to a hard-coded backdoor account that contains a common authentication password, which could let a remote malicious user execute arbitrary commands with root privileges.
Updates available at: There is no exploit code required | CA BrightStor ARCserve Backup UniversalAgent Backdoor Account CVE Name: | High | iDEFENSE Security Advisory, February 10, 2005 |
Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha, | A vulnerability exists due to the insecure creation of temporary files, which could let a malicious user obtain sensitive information. Update available at: There is no exploit code required. | Debian Toolchain-Source Multiple Insecure Temporary File Creation CVE Name: | Medium | Debian Security Advisory DSA 679-1, February 14, 2005 |
Ethereal 0.8, 0.8.13-0.8.15, 0.8.18, 0.8.19, 0.9-0.9.16, 0.10-0.10.8 | Multiple vulnerabilities exist: remote Denial of Service vulnerabilities exist in the COPS, DLSw, DNP, Gnutella, and MMSE dissectors; and a buffer overflow vulnerability exists in the X11 dissector, which could let a remote malicious user execute arbitrary code.
Ethereal: Debian: Gentoo: SuSE: SGI: Currently we are not aware of any exploits for these vulnerabilities. | Ethereal Multiple Dissector Vulnerabilities CVE Names: | Low/High (High if arbitrary code can be executed) | SecurityTracker Alert, 1012962, January 21, 2005 SGI Security Advisory, 20050202-01-U, February 9, 2005 |
Gallery 1.4 -pl1&pl2, 1.4, 1.4.1, 1.4.2, 1.4.3 -pl1 & pl2; Gentoo Linux | A Cross-Site Scripting vulnerability exists in several files, including 'view_photo.php,' 'index.php,' and 'init.php' due to insufficient input validation, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: Gentoo: Debian: Gentoo: It is reported that the fixes released by the vendor to address this issue are ineffective. Gallery 1.4.4-pl2 is still considered vulnerable to cross-site scripting attacks. The fixes are being removed. Gentoo: The cross-site scripting vulnerability that Gallery 1.4.4-pl5 was intended to fix, did not actually resolve the issue. There is no exploit code required. | Gallery Cross-Site Scripting CVE Name: | High | Gentoo Linux Security Advisory, GLSA 200411-10:01, November 6, 2004 Debian Security Advisory, DSA 642-1, January 17, 2005 Gentoo Linux Security Advisory, GLSA 200501-45, January 30, 2005 SecurityFocus, February 2, 2005 Gentoo Linux Security Advisory [UPDATE] GLSA 200501-45:03, February 10, 2005 |
webmin-1.140.ebuild, 1.150.ebuild, 1.160.ebuild, 1.170-r1.ebuild, 1.170-r2.ebuild | A vulnerability exists in the 'miniserv.users' file due to exposure of the encrypted root password, which could let a remote malicious user obtain sensitive information.
Update available at: There is no exploit required. | Gentoo Portage-Built Webmin Root Password Disclosure CVE Name: | Medium | Gentoo Linux Security Advisory, GLSA 200502-12, February 11, 2005 |
gFTP 0.1, 0.2, 0.21, 1.0, 1.1-1.13, 2.0-2.0.17 | A Directory Traversal vulnerability exists due to insufficient sanitization of input, which could let a remote malicious user obtain sensitive information. Upgrades available at: There is no exploit code required. | gFTP Remote Directory Traversal CVE Name: | Medium | SecurityFocus, February 14, 2005 |
XPDF prior to 3.00pl3 | A buffer overflow vulnerability exists in ' 'xpdf/Decrypt.cc' due to a boundary error in the 'Decrypt::makeFileKey2' function, which could let a remote malicious user execute arbitrary code. Update available at: Patch available at: Debian: http://security.debian.org/pool/ Fedora: Gentoo: KDE: Ubuntu: Conectiva: Mandrake: SUSE: FedoraLegacy: Gentoo: SGI: Trustix: Currently we are not aware of any exploits for this vulnerability. | Glyph and Cog Xpdf 'makeFileKey2()' Buffer Overflow CVE Name: | High | iDEFENSE Security Advisory, January 18, 2005 Conectiva Linux Security Announcement, CLA-2005:921, January 25, 2005 Mandrakelinux Security Update Advisories, MDKSA-2005:016-021, January 26, 2005 SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 SGI Security Advisory, 20050202-01-U, February 9, 2005 Gentoo Linux Security Advisory, GLSA 200502-10, February 9, 2005 Fedora Legacy Update Advisory, FLSA:2353, February 10, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005
|
Enscript 1.4, 1.5, 1.6, 1.6.1, 1.6.3, 1.6.4
| Multiple vulnerabilities exist in 'src/util.c' and 'src/psgen.c': a vulnerability exists in EPSF pipe support due to insufficient input validation, which could let a malicious user execute arbitrary code; a vulnerability exists due to the way filenames are processed due to insufficient input validation, which could let a malicious user execute arbitrary code; and a Denial of Service vulnerability exists due to several buffer overflows. Debian: Ubuntu: Fedora: Gentoo: Mandrake: RedHat: SUSE: Currently we are not aware of any exploits for these vulnerabilities. | Low/High (High if arbitrary code can be executed) | SecurityTracker Alert ID: 1012965, January 21, 2005 RedHat Security Advisory, RHSA-2005:039-06, February 1, 2005 Gentoo Linux Security Advisory, GLSA 200502-03, February 2, 2005 SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:033, February 11, 2005 | |
Emacs prior to 21.4.17
| A format string vulnerability exists in 'movemail.c,' which could let a remote malicious user execute arbitrary code.
Update available at: Debian: Fedora: Ubuntu: Currently we are not aware of any exploits for this vulnerability. | Emacs Format String CVE Name: | High | SecurityTracker Alert, 1013100, February 7, 2005 Debian Security Advisory, Ubuntu Security Notice, USN-76-1, February 7, 2005 Fedora Update Notifications |
wget 1.9.1 | A vulnerability exists which could permit a remote malicious user to create or overwrite files on the target user's system. wget does not properly validate user-supplied input. A remote user can bypass the filtering mechanism if DNS can be modified so that '..' resolves to an IP address. A specially crafted HTTP response can include control characters to overwrite portions of the terminal window. SUSE: A Proof of Concept exploit script has been published. | GNU wget File Creation & Overwrite CVE Names: | Medium | SecurityTracker Alert ID: 1012472, December 10, 2004 SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005 |
Xpdf prior to 3.00pl2 | A buffer overflow vulnerability exists that could allow a remote user to execute arbitrary code on the target user's system. A remote user can create a specially crafted PDF file that, when viewed by the target user, will trigger an overflow and execute arbitrary code with the privileges of the target user. A fixed version (3.00pl2) is available at: A patch is available: KDE: Gentoo: Fedora: Ubuntu: Mandrakesoft (update for koffice): Mandrakesoft (update for kdegraphics): Mandrakesoft (update for gpdf): Mandrakesoft (update for xpdf): Mandrakesoft (update for tetex): Debian: Fedora (update for tetex): Fedora: Gentoo: TurboLinux: SGI: Conectiva: SuSE: FedoraLegacy: Currently we are not aware of any exploits for this vulnerability. | GNU Xpdf Buffer Overflow in doImage() CVE Name: | High | iDEFENSE Security Advisory 12.21.04 KDE Security Advisory, December 23, 2004 Mandrakesoft, MDKSA-2004:161,162,163,165, 166, December 29, 2004 Fedora Update Notification, Gentoo Linux Security Advisory, GLSA 200501-13, January 10, 2005 Conectiva Linux Security Announcement, CLA-2005:921, January 25, 2005 SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 Avaya Security Advisory, ASA-2005-027, January 25, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 Fedora Legacy Update Advisory, FLSA:2353, February 10, 2005
|
HP-UX B.11.23, HP-UX B.11.11, HP-UX B.11.00 | A remote Denial of Service vulnerability exists due to a failure to handle malformed network data. Upgrades available at: Currently we are not aware of any exploits for this vulnerability.
| HP-UX BIND Remote Denial of Service CVE Name: | Low | HP Security Bulletin, : HPSBUX01117, February 9, 2005 |
HP-UX 11.x | A vulnerability exists in HP-UX, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the debug logging routine of ftpd. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long command request. Successful exploitation may allow execution of arbitrary code, but requires that the FTP daemon is configured to log debug information (not default setting). Apply patches: Currently we are not aware of any exploits for this vulnerability. | Hewlett Packard HP-UX FTP Server Debug Logging Buffer Overflow Vulnerability CVE Name: | High | iDEFENSE Security Advisory 12.21.04 HP Security Bulletin, HPSBUX01118, February 9, 2005 |
AIX 5.1-5.3 | A buffer overflow vulnerability exists in 'netpmon' command, which could let a malicious user execute arbitrary code as root. Patches available at: Currently we are not aware of any exploits for this vulnerability. | IBM AIX 'Netpmon' Command Buffer Overflow CVE Name: | High | iDefense Security Advisory, February 10, 2005 |
AIX 5.1-5.3 | A buffer overflow vulnerability exists in the 'ipl_varyon' utility due to a failure to copy user-supplied input securely, which could let a malicious user execute arbitrary code. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | IBM AIX 'IPL_Varyon' Buffer Overflow CVE Name: | High | iDefense Security Advisory, February 10, 2005 |
AIX 5.2, 5.3 | A vulnerability exists in the 'lspath' command, which could let a malicious user obtain sensitive information. Updates available at: There is no exploit code required. | IBM AIX 'LSPath' Information Disclosure CVE Name: | Medium | IBM Security Advisory, February 9, 2005 |
IPsec-Tools 0.3, rc1-rc5, 0.3.1, 0.3.2; | A vulnerability exists due to an authentication error in the Upgrades available at: SGI: Apple: RedHat: Mandrake: SCO: There is no exploit code required. | KAME Racoon X.509 Certificate Validation CVE Name: | Medium | Bugtraq, June 14, 2004 SCO Security Advisory, SCOSA-2005.10, February 7, 2005 |
Racoon 20040405, 20030711, Racoon | A remote Denial of Service vulnerability exists due to an error when processing certain Upgrades available at: SCO: Currently we are not aware of any exploits for this vulnerability. | Kame Racoon Remote IKE Message Denial of Service
CVE Name: | Low | SecurityFocus, May 6, 2004 SCO Security Advisory, SCOSA-2005.10, February 7, 2005 |
Racoon | A Denial of Service vulnerability exits due to an error when allocating memory Patch available at: Apple: RedHat: SGI: Mandrake: Fedora: Gentoo: SCO: Currently we are not aware of any exploits for this vulnerability. | Kame Racoon Malformed ISAKMP Packet CVE Name: | Low | Secunia Advisory, SA11410, April 19, 2004 Apple Security Advisory, APPLE-SA-2004-05-03, May 3, 2004 SCO Security Advisory, SCOSA-2005.10, February 7, 2005 |
kdelibs 3.3.2 | A vulnerability exists in the 'dcopidling' library due to insufficient validation of a files existence, which could let a malicious user corrupt arbitrary files. Patch available at: Currently we are not aware of any exploits for this vulnerability. | KDE 'DCOPIDLING' Library CVE Name: | Medium | SecurityFocus, February 11, 2005 |
KDE 3.x, 2.x | A vulnerability exists in kio_ftp, which can be exploited by malicious people to conduct FTP command injection attacks. The vulnerability has been fixed in the CVS repository. Mandrakesoft: Debian: Gentoo: Fedora: SUSE: RedHat: Currently we are not aware of any exploits for this vulnerability. | KDE kio_ftp FTP Command Injection Vulnerability CVE Name: | Medium | KDE Advisory Bug 95825, December 26, 2004 Debian Security Advisory, DSA 631-1, January 10, 2005 Gentoo Linux Security Advisory, GLSA 200501-18, January 11, 2005 Fedora Update Notifications SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 RedHat Security Advisory, RHSA-2005:009-19, February 10, 2005 |
Konqueror 3.2.2-6
| A vulnerability exists which can be exploited by malicious people to spoof the content of websites. A website can inject content into another site's window if the target name of the window is known. This can be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website. Fedora: Mandrakesoft: Gentoo: SUSE: RedHat: h Currently we are not aware of any exploits for this vulnerability. | KDE Konqueror Window Injection CVE Name: | Medium | Secunia Advisory ID, SA13254, December 8, 2004 Secunia Advisory ID, SA13486, December 16, 2004 Mandrakesoft Security Advisory, MDKSA-2004:150, December 15, 2004 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 RedHat Security Advisory, RHSA-2005:009-19, February 10, 2005
|
IRC Client 0.15 | Multiple vulnerabilities exist: a vulnerability exists in the 'Server::parseWildcards' function due to insufficient filtering of various parameters, which could let a remote malicious user execute arbitrary code; a vulnerability exists in certain Perl scripts if shell metacharacters in channel names or song names aren't properly quoted, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in the Quick Connection dialog because the password is used as the nickname, which could let a remote malicious user obtain sensitive information.
Upgrade available at: Gentoo: SUSE: There is no exploit required; however, Proofs of Concept exploits have been published. | Konversation IRC Client Multiple Remote Vulnerabilities CVE Names: | Medium/ High (High if arbitrary code can be executed) | Bugtraq, January 19, 2005 SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005 |
Perl 5.8.3 | A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: Ubuntu: Gentoo: Debian: OpenPKG: Mandrake: There is no exploit code required. | Perl CVE Name: | Medium | Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 Ubuntu Security Notice, USN-16-1, November 3, 2004 Gentoo Linux Security Advisory, GLSA 200412-04, December 7, 2004 Debian Security Advisory, DSA 620-1, December 30, 2004 OpenPKG Security Advisory, OpenPKG-SA-2005.001, January 11, 2005 MandrakeSoft Security Advisory, MDKSA-2005:031, February 8, 2005 |
PerlDesk 1.x | An input validation vulnerability exists in the 'kb.cgi' script due to insufficient validation of the 'view' parameter, which could let a remote malicious user execute arbitrary SQL commands. Upgrades available at: An exploit script has been published. | PerlDesk 'view' Parameter Input Validation CVE Name: | High | SecurityTracker Alert, 1013090, February 7, 2005 SecurityFocus, February 7, 2005 |
Kerberos 5 1.3.4 | A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files.
Trustix: ftp://ftp.trustix.org/pub/trustix/updates/ Gentoo: http://security.gentoo.org/glsa/glsa-200410-24.xml Avaya: There is no exploit code required. | MIT CVE Name: | Medium | Trustix Secure Linux Bugfix Advisory, TSL-2004-0050, September 30, 2004 Gentoo Linux Security Advisory GLSA 200410-24, October 25, 2004 Avaya Security Advisory, ASA-2005-036, February 7, 2005 |
Kerberos 5 krb5-1.3.5 & prior; Avaya S8700/S8500/S8300 (CM2.0 and later), MN100, Intuity LX 1.1- 5.x, Modular Messaging MSS | A buffer overflow exists in the libkadm5srv administration library. A remote malicious user may be able to execute arbitrary code on an affected Key Distribution Center (KDC) host. There is a heap overflow in the password history handling code. A patch is available at: Gentoo: Debian: Conectiva: Ubuntu: Avaya: Currently we are not aware of any exploits for this vulnerability. | Kerberos CVE Name: | High | SecurityTracker Alert ID, 1012640, December 20, 2004 Gentoo GLSA 200501-05, January 5, 2005 Ubuntu Security Notice, USN-58-1, January 10, 2005 Conectiva Linux Security Announcement, CLA-2005:917, January 13, 2005 Avaya Security Advisory, ASA-2005-036, February 7, 2005
|
ClamAV 0.51-0.54, 0.60, 0.65, 0.67, 0.68 -1, 0.68, 0.70, 0.80 rc1-rc4, 0.80; | A remote Denial of Service vulnerability exists due to an error in the handling of file Upgrade available at: Gentoo: Mandrake: SUSE: Trustix: Currently we are not aware of any exploits for this vulnerability. | Clam Anti-Virus ClamAV Remote Denial of Service CVE Name: | Low | SecurityFocus, January 31, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:025, January 31, 2005 Gentoo Linux Security Advisory, GLSA 200501-46, January 31, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005 |
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, 0 ia-64, ia-32, hppa, arm, alpha; Linux kernel 2.0.2, 2.4-2.4.26, 2.6-2.6.9 | A vulnerability exists in 'iptables.c' and 'ip6tables.c' due to a failure to load the required modules, which could lead to a false sense of security because firewall rules may not always be loaded.
Debian: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Fedora: SUSE: TurboLinux: FedoraLegacy: Ubuntu: There is no exploit required. | IpTables Initialization Failure CVE Name: | Medium | Debian Security Advisory, DSA 580-1 , November 1, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:125, November 4, 2004 SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004 Fedora Update Notification, Turbolinux Security Advisory, TLSA-2005-10, January 26, 2005 Fedora Legacy Update Advisory, FLSA:2252, February 10, 2005 Ubuntu Security Notice, USN-81-1, February 11, 2005 |
Exim 4.43 & prior | Multiple vulnerabilities exist that could allow a local user to obtain elevated privileges. There are buffer overflows in the host_aton() function and the spa_base64_to_bits() functions. It may be possible to execute arbitrary code with the privileges of the Exim process. The vendor has issued a fix in the latest snapshot: ftp://ftp.csx.cam.ac.uk/pub/software ftp://ftp.csx.cam.ac.uk/pub/software/ Also, patches for 4.43 are available at: Fedora: Ubuntu: Gentoo: Debian: SUSE: An exploit script has been published. | GNU Exim CVE Names: | High | SecurityTracker Alert ID: 1012771, January 5, 2005 Gentoo Linux Security Advisory, GLSA 200501-23, January 12, 2005 Debian Security Advisory, DSA 635-1 & 637-1, January 12 & 13, 2005 SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 US-CERT Vulnerability Note, VU#132992, January 28, 2005 SecurityFocus, February 12, 2005 |
Gentoo Linux 0.5, 0.7, 1.1 a, 1.2, 1.4, rc1-rc3; libdbi-perl libdbi-perl 1.21, 1.42 | A vulnerability exists libdbi-perl due to the insecure creation of temporary files, which could let a remote malicious user overwrite arbitrary files.
Debian: Gentoo: RedHat: Ubuntu: Mandrake: SUSE: There is no exploit code required. | Libdbi-perl Insecure Temporary File Creation CVE Name: | Medium | Debian Security Advisory, DSA 658-1, January 25, 2005 Ubuntu Security Notice, USN-70-1, January 25, 2005 Gentoo Linux Security Advisory, GLSA 200501-38, January 26, 2005 RedHat Security Advisory, RHSA-2005:069-08, February 1, 2005 MandrakeSoft Security Advisory, MDKSA-2005:030, February 8, 2005 SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005 |
Gentoo Linux; | A vulnerability exists because binary searches for a shared library is in a world-writeable location, which could let a malicious execute arbitrary code. Updates available at: http://security.gentoo.org/glsa/glsa-200502-18.xml There is no exploit code required. | VMWare Workstation For Linux Shared Library CVE Name: | High | Gentoo Linux Security Advisory, GLSA 200502-18, February 14, 2005 |
GNU Mailman 1.0, 1.1, 2.0 beta1-beta3, 2.0- 2.0 .3, 2.0.5-2.0 .8, 2.0.1-2.0.14, 2.1 b1, 2.1- 2.1.5; Ubuntu Linux 4.1, ia64, ia32
| Multiple vulnerabilities exist: a Cross-Site Scripting vulnerability exists when returning error pages due to insufficient sanitization by 'scripts/driver,' which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability exists due to a weakness in the automatic password generation algorithm, which could let a remote malicious user brute force automatically generated passwords.
Ubuntu: Gentoo: Mandrake: SUSE: Debian: Currently we are not aware of any exploits for these vulnerabilities. | GNU Mailman Multiple Remote Vulnerabilities CVE Names: | Medium/ High (High if arbitrary code can be executed) | SecurityTracker, January 12, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:015, January 25, 2005 SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 Debian Security Advisories, DSA 674-1 & 674-2, February 10 & 11, 2005 SUSE Security Announcement, SUSE-SA:2005:007, February 14, 2005 |
ht//Dig Group ht://Dig 3.1.5 -8, 3.1.5 -7, 3.1.5, 3.1.6, 3.2 .0, 3.2 0b2-0b6; SuSE Linux 8.0, i386, 8.1, 8.2, 9.0, 9.0 x86_64, 9.1, 9.2 | A Cross-Site Scripting vulnerability exists due to insufficient filtering of HTML code from the 'config' parameter, which could let a remote malicious user execute arbitrary HTML and script code. SuSE: Debian: Gentoo: There is no exploit code required; however, a Proof of Concept exploit has been published. | ht://Dig Cross-Site Scripting CVE Name: | High | SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 Debian Security Advisory ,DSA 680-1, February 14, 2005 Gentoo Linux Security Advisory, GLSA 200502-16, February 14, 2005 |
ISC BIND 9.3; | A remote Denial of Service vulnerability exists in the 'authvalidated()' function due to an error in the validator. Upgrade available at: Mandrake: Trustix: Currently we are not aware of any exploits for this vulnerability. | BIND Validator Self Checking Remote Denial of Service CVE Name: | Low | US-CERT Vulnerability Note. VU#938617, January 25, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005 |
KDE 2.0, BETA, 2.0.1, 2.1-2.1.2, 2.2-2.2.2 | A vulnerability exists in 'kdesktop/lockeng.cc' and 'kdesktop/lockdlg.cc' due to insufficient return value checking, which could let a malicious user bypass the screensaver lock mechanism. Debian: RedHat: Currently we are not aware of any exploits for this vulnerability. | KDE Screensaver Lock Bypass CVE Name: | Medium | Debian Security Advisory, DSA 660-1, January 26, 2005 RedHat Security Advisory, RHSA-2005:009-19, February 10, 2005 |
MandrakeSoft Corporate Server 3.0, x86_64, Linux Mandrake 10.0, AMD64, 10.1, X86_64;Novell Evolution 2.0.2l Ubuntu Linux 4.1 ppc, ia64, ia32; | A buffer overflow vulnerability exists in the main() function of the 'camel-lock-helper.c' source file, which could let a remote malicious user execute arbitrary code. Update available at: Gentoo: Mandrake: Ubuntu: SUSE: Debian: Currently we are not aware of any exploits for this vulnerability. | Evolution Camel-Lock-Helper Application Remote Buffer Overflow CVE Name: | High | Gentoo Linux Security Advisory, GLSA 200501-35, January 25, 2005 Ubuntu Security Notice, USN-69-1, January 25, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:024, January 27, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 Debian Security Advisory, DSA 673-1, February 10, 2005 |
Perl | A race condition vulnerability was reported in the 'File::Path::rmtree()' function. A remote user may be able to obtain potentially sensitive information. A remote user may be able to obtain potentially sensitive information or modify files. The vendor has released Perl version 5.8.4-5 to address this vulnerability. Customers are advised to contact the vendor for information regarding update availability. Debian: Ubuntu: OpenPKG: Gentoo: Mandrake: SUSE:
| Multiple Vendors Perl File::Path::rmtree() Permission CVE Name: | Medium | Ubuntu Security Notice, USN-44-1, December 21, 2004 Debian Security Advisory, DSA 620-1, December 30, 2004 OpenPKG Security Advisory, OpenPKG-SA-2005.001, January 11, 2005 Gentoo Linux Security Advisory, GLSA 200501-38, January 26, 2005 MandrakeSoft Security Advisory, MDKSA-2005:031, February 8, 2005 SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005 |
Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 .STABLE4&5, 2.4 .STABLE6&7, 2.4 .STABLE2, 2.4, 2.5 .STABLE3-7, 2.5 .STABLE1; Conectiva Linux 9.0, 10.0 | Two vulnerabilities exist: remote Denial of Service vulnerability exists in the Web Cache Communication Protocol (WCCP) functionality due to a failure to handle unexpected network data; and buffer overflow vulnerability exists in the 'gopherToHTML()' function due to insufficient validation of user-supplied strings, which could let a remote malicious user execute arbitrary code. Patches available at: http://www.squid-cache.org/Versions/v2/ Gentoo: Debian: Ubuntu: Mandrake: Conectiva: Fedora: RedHat: SUSE: Trustix: There is no exploit required. | Squid Proxy Web Cache WCCP Functionality Remote Denial of Service & Buffer Overflow CVE Names: | Low/High (High if arbitrary code can be executed) | Secunia Advisory, SA13825, January 13, 2005 Debian Security Advisory, DSA 651-1, January 20, 2005 Ubuntu Security Notice, USN-67-1, January 20, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:014, January 25, 2005 Conectiva Linux Security Announcement, CLA-2005:923, January 26, 2005 Fedora Update Notifications, SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005 SUSE Security Announcement, SUSE-SA:2005:006, February 10, 2005 RedHat Security Advisory, RHSA-2005:061-19, February 11, 2005 |
SuSE Linux 8.0, i386, 8.1, 8.2, 9.0, x86_64, 9.1, 9.2; | A vulnerability exists due to a failure to handle malformed HTTP headers. The impact was not specified. Patches available at: Gentoo: SUSE: Mandrake: RedHat: Ubuntu: Currently we are not aware of any exploits for this vulnerability. | Squid Proxy Malformed HTTP Headers CVE Name: | Not Specified | Gentoo Linux Security Advisory, GLSA 200502-04:02, February 2, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 US-CERT Vulnerability Note VU#768702 US-CERT Vulnerability Note VU#823350 Ubuntu Security Notice, USN-77-1 , February 7, 2005 SUSE Security Announcement, SUSE-SA:2005:006, February 10, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:034, February 11, 2005 RedHat Security Advisory, RHSA-2005:061-19, February 11, 2005 |
Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; | Several integer overflow vulnerabilities exist in 'pdftops/Catalog.cc' and 'pdftops/XRef.cc,' which could let a remote malicious user execute arbitrary code.
Debian: Fedora: Gentoo:
href="http://security.gentoo.org/glsa/glsa-200410-20.xml"> KDE: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/"> Conectiva: Debian: SUSE: Update: Gentoo: Fedora: FedoraLegacy: Currently we are not aware of any exploits for these vulnerabilities.
| Multiple Vendors Xpdf PDFTOPS Multiple Integer Overflows CVE Names: | High | SecurityTracker Alert ID, 1011865, October 21, 2004 Conectiva Linux Security Announcement, CLA-2004:886, November 8, 2004 Debian Security Advisory, DSA 599-1, November 25, 2004 SUSE Security Summary Report, SUSE-SR:2004:002, November 30, 2004 Gentoo Linux Security Advisory, GLSA 200501-31, January 23, 2005 Fedora Update Notifications, Fedora Legacy Update Advisory, FLSA:2353, February 10, 2005 |
Gentoo Linux, 1.4; Rob Flynn Gaim 0.10 x, 0.10.3, 0.50-0.75, 0.78, 0.82, 0.82.1, 1.0, 1.0.1; Slackware Linux -current, 9.0, 9.1, 10.0 | A buffer overflow vulnerability exists in the processing of MSNSLP messages due to insufficient verification, which could let a remote malicious user execute arbitrary code. Gentoo:
href="http://security.gentoo.org/glsa/glsa-200410-23.xml"> Rob Flynn: RedHat:
href=" ftp://updates.redhat.com"> Slackware: Ubuntu:http://security.ubuntu.com/ubuntu/ Mandrake: FedoraLegacy: We are not aware of any exploits for this vulnerability. | High | Gentoo Linux Security Advisory, GLSA 200410-23, October 25, 2004 RedHat Security Advisory, RHSA-2004:604-01, October 20, 2004 Slackware Security Advisory, SSA:2004-296-01, October 22, 2004 Ubuntu Security Notice, USN-8-1 October 27, 2004 Mandrakelinux Security Update Advisory, MDKSA-2004:117, November 1, 2004 Fedora Legacy Update Advisory, FLSA:2188, February 11, 2005 | |
Gentoo Linux; | A Directory Traversal vulnerability exists in 'private.py' due to an input validation error, which could let a remote malicious user obtain sensitive information. Debian: Fedora: Gentoo: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" RedHat: SUSE: Ubuntu: There is no exploit code required. | GNU Mailman Remote Directory Traversal CVE Name: | Medium | Debian Security Advisory, DSA 674-1, February 10, 2005 Ubuntu Security Notice USN-78-1, February 10, 2005 Fedora Update Notifications Gentoo Linux Security Advisory, GLSA 200502-11, February 10, 2005 RedHat Security Advisory, RHSA-2005:136-08, February 10, 2005 Fedora Update Notifications, Gentoo Linux Security Advisory, GLSA 200502-11, February 10, 2005 Debian Security Advisories, DSA 674-1 & 674-2, February 10 & 11, 2005 SUSE Security Announcement, SUSE-SA:2005:007, February 14, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:037, February 14, 2005 |
Gentoo Linux; | Multiple vulnerabilities exist due to integer overflows, memory access errors, input validation errors, and logic errors, which could let a remote malicious user execute arbitrary code, obtain sensitive information or cause a Denial of Service. Fedora: Gentoo: SUSE: X.org: Fedora: RedHat: Mandrakesoft: http://www.mandrakesoft.com/security/ Debian: SGI: TurboLinux: Avaya: http://support.avaya.com/elmodocs2/ Gentoo: http://security.gentoo.org/ Currently we are not aware of any exploits for these vulnerabilities. | Multiple Vendors LibXPM Multiple Vulnerabilities CVE Name: | Low/ Medium/ High (Low if a DoS; Medium if sensitive information can be obtained; and High if arbitrary code can be executed) | X.Org Foundation Security Advisory, November 17, 2004 Fedora Update Notifications, SUSE Security Announcement, SUSE-SA:2004:041, November 17, 2004 Gentoo Linux Security Advisory, GLSA 200411-28, November 19, 2004 Fedora Security Update Notifications RedHat Security Advisory, RHSA-2004:537-17, December 2, 2004 Mandrakesoft: MDKSA-2004:137: libxpm4; MDKSA-2004:138: XFree86, November 22, 2004 Debian Security Advisory Turbolinux Security Announcement, January 20, 2005 Avaya Security Advisories, ASA-2005-023 & 025, January 25, 2005 Gentoo Linux Security Advisories, GLSA 200502-06 & 07, February 7, 2005 |
Larry Wall Perl 5.8, 5.8.1, 5.8.3, 5.8.4, 5.8.4 -1-5.8.4-5; Ubuntu Linux 4.1 ppc, ia64, ia32
| Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'PERLIO_DEBUG' SuidPerl environment variable, which could let a malicious user execute arbitrary code; and a vulnerability exists due to an error when handling debug message output, which could let a malicious user corrupt arbitrary files.
Ubuntu: Gentoo: Mandrake: RedHat: SGI: SUSE: Trustix: Proofs of Concept exploits have been published. | Perl SuidPerl Multiple Vulnerabilities CVE Names: | Medium/ High (High if arbitrary code can be executed) | Ubuntu Security Notice, USN-72-1, February 2, 2005 MandrakeSoft Security Advisory, MDKSA-2005:031, February 9, 2005 RedHat Security Advisory, RHSA-2005:105-11, February 7, 2005 SGI Security Advisory, 20050202-01-U, February 9, 2005 SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005 Gentoo Linux Security Advisory, GLSA 200502-13, February 11, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005 |
Linux Kernel 2.4.0 test1-test12, 2.4-2.4.28, 2.4.29 -rc2, 2.6, test1-test11, 2.6.1, rc1-rc2, 2.6.2-2.6.9, 2.6.10 rc2; Avaya S8710/S8700/ S8500/S8300, Converged Communication Server, Intuity LX, MN100, Modular Messaging, Network Routing | A vulnerability exists in the 'load_elf_library()' function in 'binfmt_elf.c' because memory segments are properly processed, which could let a remote malicious user execute arbitrary code with root privileges. Fedora: Trustix: Ubuntu: Mandrake: Ubuntu: Another exploit script has been published. | Linux Kernel uselib() Root Privileges CVE Name: | High | iSEC Security Research Advisory, January 7, 2005 Fedora Update Notifications, Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, 2005 Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 PacketStorm, January 27, 2005 Avaya Security Advisory, ASA-2005-034, February 8, 2005 Ubuntu Security Notice, USN-57-1, February 9, 2005 |
Linux kernel 2.4.0-test1-test12, 2.4-2.4.28, 2.4.29 -rc1&rc2;Avaya S8710/S8700/ S8500/S8300, Converged Communication Server, Intuity LX, MN100, Modular Messaging, Network Routing | A vulnerability exists in the processing of ELF binaries on IA64 systems due to improper checking of overlapping virtual memory address allocations, which could let a malicious user cause a Denial of Service or potentially obtain root privileges.
Patch available at: Trustix: RedHat: http://rhn.redhat.com/errata/ Mandrake: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Overlapping VMAs CVE Name: | Low/High (High if root access can be obtained) | Trustix Secure Linux Security Advisory, TSLSA-2005-0001, January 13, 2005 RedHat Security Advisories, RHSA-2005:043-13 & RHSA-2005:017-14m January 18 & 21, 2005 Mandrake Security Advisory, MDKSA-2005:022, January 26, 2005 Avaya Security Advisory, ASA-2005-034, February 8, 2005 |
Linux kernel 2.4-2.4.28; Avaya S8710/S8700/ S8500/S8300, Converged Communication Server, Intuity LX, MN100, Modular Messaging, Network Routing | A vulnerability exists in the device drivers due to failure to implement all required virtual memory access flags.
RedHat: http://rhn.redhat.com/errata/RHSA-2005-017.html Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Device Driver Virtual Memory Flags Implementation Failure CVE Name: | Not Specified | RedHat Security Advisories, RHSA-2005:016-13 & 076-14, January 21, 2005 Avaya Security Advisory, ASA-2005-034, February 8, 2005 |
Linux kernel 2.6 .10, 2.6-2.6.11 | Multiple vulnerabilities exist: a vulnerability exists in the 'radeon' driver due to a race condition, which could let a malicious user obtain elevated privileges; a buffer overflow vulnerability exists in the 'i2c-viapro' driver, which could let a malicious user execute arbitrary code; a buffer overflow vulnerability exists in the 'locks_read_proc()' function, which could let a malicious user execute arbitrary code; a vulnerability exists in 'drivers/char/n_tty.c' due to a signedness error, which could let a malicious user obtain sensitive information; and potential errors exist in the 'atm_get_addr()' function and the 'reiserfs_copy_from_user_to_file_region()' function. Patches available at: Exploit scripts have been published. | Linux Kernel Multiple Local Buffer Overflows & Information Disclosure | Medium/ High (High if arbitrary code can be executed) | Secunia Advisory, SA14270, February 15, 2005 |
LinuxPrinting.org Foomatic-Filters 3.03.0.2, 3.1; | A vulnerability exists in the foomatic-rip print filter due to insufficient validation of command-lines and environment variables, which could let a remote malicious user execute arbitrary commands.
Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php"> SuSE:
href="ftp://ftp.suse.com/pub/suse"> Trustix:
href="ftp://ftp.trustix.org/pub/trustix/updates/"> Fedora: http://download.fedora.redhat.com/pub Gentoo: Sun: Conectiva: Fedora Legacy: SCO: We are not aware of any exploits for this vulnerability. | LinuxPrinting.org Foomatic-Filter Arbitrary Code Execution CVE Name: | High | Secunia Advisory, SA12557, September 16, 2004 Fedora Update Notification, Gentoo Linux Security Advisory, GLSA 200409-24, September 17, 2004 Sun(sm) Alert Notification, 57646, October 7, 2004 Conectiva Linux Security Announcement, CLA-2004:880, October 26, 2004 Fedora Legacy Update Advisory, FLSA:2076, November 5, 2004 SCO Security Advisory, SCOSA-2005.12, February 8, 2005 |
Squid 2.x; Gentoo Linux;Ubuntu Linux 4.1 ppc, ia64, ia32;Ubuntu Linux 4.1 ppc, ia64, ia32; Conectiva Linux 9.0, 10.0 | A remote Denial of Service vulnerability exists in the NTLM fakeauth_auth helper when running under a high load or for a long period of time, and a specially crafted NTLM type 3 message is submitted.
Patch available at: Gentoo: Ubuntu: Conectiva: Fedora: RedHat: SUSE: Trustix: Currently we are not aware of any exploits for this vulnerability. | Low | Secunia Advisory, Gentoo Linux Security Advisor, GLSA 200501-25, January 17, 2005 Ubuntu Security Notice, USN-67-1, January 20, 2005 Conectiva Linux Security Announcement, CLA-2005:923, January 26, 2005 Fedora Update Notifications, SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 SUSE Security Announcement, SUSE-SA:2005:006, February 10, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005 RedHat Security Advisory, RHSA-2005:061-19, February 11, 2005 | |
MySQL 4.x | A vulnerability exists in the 'mysqlaccess.sh' script because temporary files are created in an unsafe manner, which could let a malicious user obtain elevated privileges. Update available at: Ubuntu: Debian: Gentoo: Mandrake:
href="http://www.mandrakesecure.net/en/ftp.php" Currently we are not aware of any exploits for this vulnerability. | MySQL 'mysqlaccess.sh' Unsafe Temporary Files CVE Name: | Medium | SecurityTracker Alert, 1012914, January 17,2005 Ubuntu Security Notice USN-63-1 January 18, 2005 Debian Security Advisory Gentoo GLSA 200501-33, January 23, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:036, February 11, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005 |
Linux Netkit 0.17 | A Denial of Service vulnerability exists when processing malformed size packets.
Debian: Currently we are not aware of any exploits for this vulnerability. | Netkit RWho Malformed Packet Size Denial of Service CVE Name: | Low | Debian Security Advisory DSA 678-1, February 11, 2005 |
Open Motif 2.x, Motif 1.x; Avaya CMS Server 8.0, 9.0, 11.0, CVLAN, Integrated Management, Intuity LX, MN100, Modular Messaging (MSS) 1.1, 2.0, Network Routing | Multiple vulnerabilities have been reported in Motif and Open Motif, which potentially can be exploited by malicious people to compromise a vulnerable system. Updated versions of Open Motif and a patch are available. A Fedora: Red Hat: Gentoo: Debian: Mandrake: SuSE:
href="ftp://ftp.suse.com/pub/suse/"> Ubuntu: TurboLinux: Avaya: http://support.avaya.com/elmodocs2/ Gentoo: Conectiva: Currently we are not aware of any exploits for these vulnerabilities. | Open Group Motif / Open Motif libXpm Vulnerabilities CVE Names: | High | Integrated Computer Solutions Secunia Advisory ID: SA13353, December 2, 2004 RedHat Security Advisory: RHSA-2004:537-17, December 2, 2004 Turbolinux Security Announcement, January 20, 2005 Avaya Security Advisories, ASA-2005-023 & 025, January 25, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 Gentoo Linux Security Advisory, GLSA 200502-07, February 7, 2005 Conectiva Security Advisory, CLSA-2005:924, February 14, 2005 |
Open Webmail 1.7, 1.8, 1.71, 1.81, 1.90, 2.5, 2.20, 2.21, 2.30-2.32 | A Cross-Site Scripting vulnerability exists in the 'logindomain' parameter due to insufficient sanitization of user-supplied URI input, which could let a remote malicious user execute arbitrary HTML and script code. Patch available at: There is no exploit code required. | Open WebMail 'Logindomain' Parameter Cross-Site Scripting CVE Name: | High | Secunia Advisory, SA14253, February 14, 2005 |
Opera 7.54 on Linux with KDE 3.2.3; Gentoo Linux | A vulnerability exists that could permit a remote user to cause the target user to execute arbitrary commands. KDE uses 'kfmclient exec' as the default application for processing saved files. A remote user can cause arbitrary shell commands to be executed on the target system. Opera: Gentoo: A Proof of Concept exploit has been published. | Opera Default 'kfmclient exec' Configuration | High | Zone-H Advisory, ZH2004-19SA, December 12, 2004 Gentoo Linux Security Advisory, GLSA 200502-17, February 14, 2005 |
PHP Group pp 4.3.7 and prior | Updates to fix multiple vulnerabilities with php4 which could allow remote code execution. Debian: Slackware:
href="http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.406480"> Fedora: TurboLinux:
href="ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/"> Apple: Debian: An exploit script has been published. | High | Secunia, SA12113 and SA12116, July 21, 2004 Debian, Slackware, and Fedora Security Advisories Turbolinux Security Advisory TLSA-2004-23, September 15, 2004 PacketStorm, December 11, 2004 Apple Security Update, APPLE-SA-2005-01-25, January 26, 2005 Debian Security Advisory DSA, 669-1, February 7, 2005 | |
PNG Development Group libpng 1.2.5 and 1.0.15 | Multiple vulnerabilities exist in the libpng library which could allow a remote malicious user to crash or execute arbitrary code on an affected system. These vulnerabilities include:
If using original, update to libpng version 1.2.6rc1 (release candidate 1) available at:
href="http://www.libpng.org/pub/png/libpng.html"> Conectiva:
href="http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000856"> Debian:
href="http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00139.html"> Gentoo: Mandrakesoft:
href="http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:079"> RedHat SUSE: Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/"> Sun Solaris:
href="http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57617"> HP-UX: GraphicsMagick:
href="http://www.graphicsmagick.org/www/download.html "> ImageMagick:
href="http://www.imagemagick.org/www/download.html"> Slackware:
href="http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.439243"> Yahoo:
href="http://messenger.yahoo.com/"> SUSE: SCO: Fedora Legacy: Sun: FedoraLegacy: A Proof of Concept exploit has been published. | Multiple Vulnerabilities in libpng CVE Names: | High | US-CERT Technical Cyber Security Alert TA04-217A, August 4, 2004 US-CERT Vulnerability Notes VU#160448, VU#388984, VU#817368, VU#236656, VU#477512, VU#286464, August 4, 2004 SUSE Security Announcement, SUSE-SA:2004:035, October 5, 2004 SCO Security Advisory, SCOSA-2004.16, October 12, 2004 Fedora Legacy Update Advisory, FLSA:2089, October 27, 2004 Sun(sm) Alert Notification, 57683, November 30, 2004 Fedora Legacy Update Advisory, FLSA:1943, February 8, 2005 |
PowerDNS 2.0 RC1, 2.8, 2.9.15
| A remote Denial of Service vulnerability exists in the'DNSPacket::expand' method in 'dnspacket.cc' due to a failure to handle exceptional conditions. Upgrades available at: Gentoo: Currently we are not aware of any exploits for this vulnerability. | PowerDNS Remote Denial of Service CVE Name: | Low | Gentoo Linux Security Advisory, GLSA 200502-15, February 14, 2005 |
Open Server 5.0.6 a, 5.0.6, 5.0.7 | Multiple buffer overflow vulnerabilities exist due to insecure copying of user-supplied input, which could let a malicious user execute arbitrary code. OpenServer 5.0.6: OpenServer 5.0.7: Currently we are not aware of any exploits for these vulnerabilities. | SCO OpenServer Multiple Local Buffer Overflows CVE Name: | High | SCO Security Advisory, SCOSA-2005.13, February 8, 2005 |
Squid Web Proxy Cache 2.5 .STABLE5-STABLE8 | A remote Denial of Service vulnerability exists when performing a Fully Qualify Domain Name (FQDN) lookup and and unexpected response is received. Patches available at: Currently we are not aware of any exploits for this vulnerability. | Squid Proxy FQDN Remote Denial of Service CVE Name: | Low | Secunia Advisory, SA14271, February 14, 2005 |
SquirrelMail 1.2.6 | A vulnerability exists in 'src/webmail.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary code. Debian: Currently we are not aware of any exploits for this vulnerability. | SquirrelMail Remote Code Execution CVE Name: | High | Debian Security Advisory, DSA 662-1, February 1, 2005 |
S/MIME Plugin 0.4, 0.5 | A vulnerability exists in the S/MIME plug-in due to insufficient sanitization of the 'exec()' function, which could let a remote malicious user execute arbitrary code.
Upgrades available at: There is no exploit code required. | SquirrelMail S/MIME Plug-in Remote Command Execution CVE Name: | High | iDEFENSE Security Advisory, February 7, 2005 |
Sun Java JDK 1.5.x | A vulnerability exists in the in Sun Java Plugin due to the creation of temporary files that use a predictable filename, which could let a malicious user write arbitrary content to a file with a predictable name.
No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Sun Java Plugin Temporary File Predictable Filenames | Medium | US-CERT Vulnerability Note VU#544392 |
Solaris 8.0 _x86, 8.0, 9.0 _x86, 9.0; Avaya CMS Server 9.0, 11.0, 12.0 | A Denial of Service vulnerability exists due to a failure to handle excessive UDP endpoint activity.
Patches available at: Avaya: Currently we are not aware of any exploits for this vulnerability. | Sun Solaris UDP Processing Denial of Service CVE Name: | Low | Sun(sm) Alert Notification, 57728, January 26, 2005 Avaya Security Advisory, ASA-2005-033, February 7, 2005 |
Solaris 7.0, 7.0 _x86, 8.0, 8.0 _x86, 9.0, 9.0 _x86 | A remote Denial of Service vulnerability exists due to a failure to handle a flood of ARP packets. Patches available at: Currently we are not aware of any exploits for this vulnerability. | Sun Solaris ARP Handling Remote Denial of Service CVE Name: | Low | Sun(sm) Alert Notification, 57673, February 11, 2005 |
Sympa 3.3.3 | A buffer overflow vulnerability exists in 'src/queue.c' in the 'listname' parameter, which could let a malicious user execute arbitrary code.
Debian: Currently we are not aware of any exploits for this vulnerability. | Sympa 'src/queue.c' Buffer Overflow CVE Name: | High | Debian Security Advisory, DSA 677-1 , February 11, 2005 |
Synaesthesia 2.1 .0 | A vulnerability exists due to a failure to secure access files, which could let a malicious user obtain sensitive information.
Debian: There is no exploit code required. | Synaesthesia Information Disclosure CVE Name: | Medium | Debian Security Advisory, DSA 681-1 , February 14, 2005 |
xpcd 2.0 8
| A buffer overflow vulnerability exists in 'pcdsvgaview' due to a failure to copy user-supplied input securely, which could let a malicious user execute arbitrary code.
Update available at: Currently we are not aware of any exploits for this vulnerability. | XPCD 'PCDSVGAView' Buffer Overflow CVE Name: | High | Debian Security Advisory, DSA 676-1 , February 11, 2005 |
xview 3.2 p1.4 | Multiple buffer overflow vulnerabilities exist in the xview library, which could let a malicious user execute arbitrary code. Debian: Currently we are not aware of any exploits for these vulnerabilities. | XView Multiple Buffer Overflows CVE Name: | High | Debian Security Advisory, DSA 672-1, February 9, 2005 |
hztty 2.0 | A vulnerability exists due to an unknown cause, which could let a malicious user execute arbitrary code.
Debian: Currently we are not aware of any exploits for this vulnerability. | Yongguang Zhang HZTTY Arbitrary Command Execution CVE Name: | High | Debian Security Advisory, DSA 675-1, February 10, 2005 |
Ruby 1.8.x | A remote Denial of Service vulnerability exists due to an input validation error in 'cgi.rb.' Debian: Mandrake: Ubuntu: Fedora: Gentoo: Red Hat: SGI: RedHat: TurboLinux: SUSE: Currently we are not aware of any exploits for this vulnerability. | Yukihiro Matsumoto Ruby Infinite Loop Remote Denial of Service CVE Name: | Low | Secunia Advisory, Ubuntu Security Notice, USN-20-1, November 9, 2004 Fedora Update Notification, Gentoo Linux Security Advisory, GLSA 200411-23, November 16, 2004 Red Hat Advisory, RHSA-2004:635-03, December 13, 2004 RedHat Security Advisory, RHSA-2004:635-06, January 17, 2005 SGI Security Advisory, 20050101-01-U, January 19, 2005 Turbolinux Security Announcement, 20050131, January 31, 2005 SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005 |
| Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name | Risk | Source |
mod_python | A vulnerability exists in mod_python in the publisher handler that could permit a remote malicious user to view certain python objects. A remote user can submit a specially crafted URL to view the names and values of variables. Red Hat: http://rhn.redhat.com/errata/RHSA-2005-104.html Ubuntu: http://www.ubuntulinux.org/support/documentation/usn/usn-80-1 Fedora: http://download.fedora.redhat.com/ Gentoo: http://www.gentoo.org/security/en/glsa/glsa-200502-14.xml Trustix: http://www.trustix.org/errata/2005/0003/ Currently we are not aware of any exploits for this vulnerability. | Apache mod_python Information Disclosure Vulnerability CVE Name: | Medium | SecurityTracker Alert ID: 1013156, February 11, 2005 Red Hat RHSA-2005:104-03, February 10, 2005 Ubuntu, USN-80-1 February 11, 2005 Trustix #2005-0003, February 11, 2005 |
Barracuda Spam Firewall 3.1.10 and prior
| A vulnerability exists that could permit white-listed senders to use the product as an open mail relay. Update to firmware 3.1.11 or later. Currently we are not aware of any exploits for this vulnerability. | Barracuda Spam Firewall 200 Open Mail Relay Vulnerability CVE Name: | Low | Secunia SA14243, February 11, 2005 |
BEA WebLogic 8.1 through 8.1 SP3; 7.0 through 7.0 SP5 | A vulnerability exists that could permit a remote malicious user to determine the reason for a failed authentication attempt. This allows a remote user to conduct a brute force password guessing attack. For WebLogic Server 8.1, upgrade to WebLogic Server 8.1 Service Pack 4. For WebLogic Server 7.0, upgrade to WebLogic Server 7.0 Service Pack 5 and then apply the following patch: ftp://ftpna.beasys.com/pub/releases/security/CR184612_70sp5.jar This fix will be included in WebLogic Server 7.0 Service Pack 6. Currently we are not aware of any exploits for this vulnerability. | BEA WebLogic Authentication Vulnerability CVE Name: | Medium | BEA Security Advisory, BEA05-74.00 |
Cisco devices running IOS enabled for BGP | A remote Denial of Service vulnerability exists if malformed BGP packets are submitted. The vendor has issued a solution at: Rev. 1.4: Modifications and additions to the Details section. Currently we are not aware of any exploits for this vulnerability. | Cisco IOS BGP Packets Denial of Service | Low | Cisco Security Advisory 63845, January 29, 2005 Technical Cyber Security Alert, TA05-026A, January 26, 2005 US-CERT Vulnerability Note VU#689326, January 26, 2005 Cisco Security Advisory 63845, Revision 1.4, February 9, 2005 |
PHP-Nuke 6.x-7.6 | Multiple vulnerabilities exist that could permit a remote user to determine the installation path or conduct Cross-Site Scripting attacks. The Downloads module does not properly validate user-supplied input in the 'newdownloadshowdays' parameter. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Francisco Burzi PHP-Nuke Input Validation Vulnerability CVE Names: | High | SecurityFocus, Bugtraq ID 12561, February 15, 2005 |
F-Secure Anti-Virus for multiple platforms | A buffer overflow vulnerability exists when processing ARJ archives. A remote malicious user can execute arbitrary code on the target system because of input validation errors. This vulnerability can be exploited on some systems without user interaction. Vendor updates are available: Currently we are not aware of any exploits for this vulnerability. | F-Secure Anti-Virus Buffer Overflow Vulnerability CVE Name: | High | F-Secure Security Bulletin FSC-2005-1, February 10, 2005 |
F-Secure Internet Gatekeeper version 6.41 and earlier; | A buffer overflow vulnerability exists when processing ARJ archives. A remote malicious user can execute arbitrary code on the target system because of input validation errors. Vendor patches are available: http://www.f-secure.com/ Currently we are not aware of any exploits for this vulnerability. | F-Secure Internet Gatekeeper Buffer Overflow Vulnerability CVE Name: | High | F-Secure Security Bulletin FSC-2005-1, February 10, 2005 |
Armagetron 0.2.6.0 and prior | Multiple vulnerabilities exist that could permit a remote malicious user to cause a Denial of Service in the target game service. This is due to buffer overflow and wait state errors. No workaround or patch available at time of publishing. An exploit script has been published. | GNU Armagetron Denial of Service Vulnerability | Low | SecurityTracker Alert ID: 1013180, February 15, 2005 |
AWStats 5.0-5.9, 6.0-6.2 | Several vulnerabilities exist: a vulnerability exists in the 'awstats.pl' script due to insufficient validation of the 'configdir' parameter, which could let a remote malicious user execute arbitrary code; and an unspecified input validation vulnerability exists.
Upgrades available at: SuSE: Gentoo: Currently we are not aware of any exploits for these vulnerabilities. | GNU AWStats Multiple Remote Input Validation CVE Name: | High | Securiteam, January 18, 2005 Gentoo Linux Security Advisory [UPDATE] GLSA 200501-36:03, February 14, 2005 |
AWStats 6.3 and prior | Multiple vulnerabilities exist which could permit local malicious users to gain escalated privileges, disclose system information, and cause a Denial of Service. This is due to errors in "awstats.pl" and the "loadplugin" and "pluginmode" parameters input validation. The vulnerabilities have reportedly been fixed in the CVS repository. A Proof of Concept exploit has been published. | GNU AWStats Multiple Vulnerabilities CVE Names: | Low/ Medium (Medium if sensitive information can be obtained or elevated privileges are obtained) | SecurityFocus, Bugtraq ID 12545, February 14, 2005
|
CitrusDB prior to 0.3.6 | A vulnerability exists that could permit a remote malicious user to obtain credit card import and export data. The vendor has issued a fixed version (0.3.6), available at: http://www.citrusdb.org/download.php A Proof of Concept exploit has been published. | GNU CitrusDB Data Disclosure CVE Name: | Medium | OSVDB Reference: 13228, January 28, 2005 SecurityFocus, 12402, February 13, 2005 |
ELOG 2.5.6 and prior | Two vulnerabilities exist that could permit disclosure of sensitive information or remote code execution. This is because of an input validation error and unprotected configuration file. Update to version 2.5.7: http://midas.psi.ch/elog/download.html A Proof of Concept exploit has been published. | GNU ELOG Disclosure and Code Execution Vulnerabilities CVE Names: | High | SecurityFocus, Bugtraq ID 12556, February 15, 2005 |
Siteman 1.1.0 - 1.1.10 | A vulnerability exists that could permit a malicious user to bypass certain security restrictions. This is due to an unspecified error in "users.php." Apply patch: http://prdownloads.sourceforge.net/ Currently we are not aware of any exploits for this vulnerability. | GNU Siteman Security Bypass Vulnerability CVE Name: | Medium | Sourceforge.net, Siteman Release Notes 1.1.10x_patch |
Emdros 1.x | Multiple vulnerabilities due to memory leaks within the MQL parse which could permit a Denial of Service. Update to version 1.1.22: http://emdros.org/download.html Currently we are not aware of any exploits for these vulnerabilities. | GPL Emdros MQL Parser Denial of Service Vulnerability CVE Name: | Low | SourceForge.net, Project Emdros, [ 1116935 ], February 8, 2005 |
MercuryBoard 1.1.1 | An input validation vulnerability in the 'func/post.php' script could permit a remote malicious user to inject SQL commands.
The vendor has issued a fixed version (1.1.2), available at: http://www.mercuryboard.com/index.php?a=downloads A Proof of Concept exploit has been published. | GPL MercuryBoard SQL Injection Vulnerability CVE Name: | High | SecurityTracker Alert ID: 1013137, February 9, 2005 |
MyPHP Forum | A vulnerability exists that could permit a remote malicious user to inject SQL commands. This is because several scripts do not properly validate user-supplied input in certain fields. These scripts are: 'forum.php', 'member.php', 'forgot.php', and 'include.php'. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | GPL MyPHP Forum SQL Injection Vulnerability CVE Name: | High | SecurityTracker Alert ID: 1013136, February 9, 2005 |
HP HTTP Server 5.0 through 5.95 | A buffer overflow vulnerability exists that could permit a remote malicious user to execute arbitrary code on the target system or cause a Denial of Service. The vendor has issued a fixed version (5.96 or later). Alternately, the vendor indicates that you can update to the System Management Homepage Version 2.0 or later. Management Software Security Patch for Windows Version 5.96 (or later) is available at: http://h18023.www1.hp.com/support/files/ Currently we are not aware of any exploits for this vulnerability.
| HP HTTP Server Buffer Overflow Vulnerability | Low/High (High if arbitrary code can be executed) | HP Security Bulletin, HPSBMA01116, February 14, 2005 |
DB2 Universal Database 8.x | Multiple vulnerabilities exist that could permit a malicious user to cause a Denial of Service, obtain knowledge of sensitive information, read and manipulate file content, or execute arbitrary code. Apply DB2 8.1 FixPak 8: http://www-306.ibm.com/software/ Currently we are not aware of any exploits for these vulnerabilities. | IBM DB2 Universal Database Multiple Vulnerabilities CVE Name: | Medium/ High (High if arbitrary code can be executed) | IBM Advisory, Reference #: 1196289, January 20, 2005 |
VBulletin VBulletin 3.0 Gamma, beta 2-beta7. 3.0-3.0.4 | A vulnerability exists in the 'forumdisplay.php' script due to insufficient sanitization when the 'showforumusers' option is enabled, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing. There is no exploit required; however, a Proof of Concept exploit has been published. | Jelsoft VBulletin 'Forumdisplay.PHP' Script Remote Command Execution CVE Name: | High | SecurityFocus, February 14, 2005 |
Firefox 1.0 | There are multiple vulnerabilities in Mozilla Firefox. A remote user may be able to cause a target user to execute arbitrary operating system commands in certain situations or access access content from other windows, including the 'about:config' settings. This is due to a hybrid image vulnerability that allows batch statements to be dragged to the desktop and because tabbed javascript vulnerabilities let remote users access other windows. A fix is available via the CVS repository A Proof of Concept exploit has been published. | Mozilla Firefox Multiple Vulnerabilities CVE Name: | High | SecurityTracker Alert ID: 1013108, February 8, 2005 |
Debian Linux 3.0 spar, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; Ethereal Group Ethereal 0.9-0.9.16, 0.10-0.10.7
| Multiple vulnerabilities exist: a remote Denial of Service vulnerability exists in the DICOM dissector; a remote Denial of Service vulnerability exists in the handling of RTP timestamps; a remote Denial of Service vulnerability exists in the HTTP dissector; and a remote Denial of Service vulnerability exists in the SMB dissector when a malicious user submits specially crafted SMB packets. Potentially these vulnerabilities may also allow the execution of arbitrary code. Upgrades available at: Gentoo: Conectiva: RedHat: SuSE: SGI: ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/ Currently we are not aware of any exploits for these vulnerabilities. | Ethereal Multiple Denial of Service & Potential Code Execution Vulnerabilities CVE Names: | Low/High (High if arbitrary code can be executed) | Ethereal Security Advisory, enpa-sa-00016, December 15, 2004 Conectiva Linux Security Announcement, CLA-2005:916, January 13, 2005 RedHat Security Advisory, RHSA-2005:011-11, February 2, 2005 SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005 SGI Security Advisory, 20050202-01-U, February 9, 2005 |
OpenPGP | A vulnerability exists that could permit a remote malicious user to conduct an adaptive-chosen-ciphertext attack against OpenPGP's cipher feedback mode. The flaw is due to an ad-hoc integrity check feature in OpenPGP. A solution will be available in the next release of the product. A Proof of Concept exploit has been published. | Multiple Vendors OpenPGP CFB Mode Vulnerable to Cipher-Text Attack CVE Name: | Medium | |
OpenConf 1.0 4 | An HTML injection vulnerability exists is due to input validation errors. This may permit a malicious user to execute arbitrary code. Disclosure of cookie-based credentials is also possible.
Upgrade to OpenConf 1.10: http://www.zakongroup.com/technology/openconf-download.php There is no exploit required. | OpenConf Paper Submission HTML Injection Vulnerability CVE Name: | High | SecurityFocus, Bugtraq ID 12554, February 15, 2005 |
Opera | A spoofing vulnerability exists that could permit a malicious website to spoof the URL displayed in the address bar, SSL certificate, and status bar. This is due to an unintended result of the IDN (International Domain Name) implementation, which allows using international characters in domain names. Gentoo: http://security.gentoo.org/glsa/glsa-200502-17.xml A Proof of Concept exploit has been published. | Opera IDN Spoofing CVE Name: | Medium | SecurityTracker Alert ID: 1013096, February 7, 2005 Gentoo GLSA 200502-17, February 14, 2005 |
SimpleXMLRPCServer 2.2 all versions, 2.3 prior to 2.3.5, 2.4 | A vulnerability exists in the SimpleXMLRPCServer library module that could permit a remote malicious user to access internal module data, potentially executing arbitrary code. Python XML-RPC servers that use the register_instance() method to register an object without a _dispatch() method are affected. Patches for Python 2.2, 2.3, and 2.4, available at: http://python.org/security/ PSF-2005-001/patch.txt (Python 2.3, 2.4) The vendor plans to issue fixed versions for 2.3.5, 2.4.1, 2.3.5, and 2.4.1. Debian: Gentoo: Mandrakesoft: Trustix: Red Hat: Currently we are not aware of any exploits for this vulnerability. | Python SimpleXMLRPCServer Remote Code CVE Name: | High | Python Security Advisory: PSF-2005-001, February 3, 2005 Gentoo, GLSA 200502-09, February 08, 2005 Mandrakesoft, MDKSA-2005:035, February 10, 2005 Trustix #2005-0003, February 11, 2005 RedHat Security Advisory, RHSA-2005:109-04, February 14, 2005 |
PostWrap | An input validation vulnerability exists that could permit a malicious remote user to conduct Cross-Site Scripting attacks. The module is designed to let remote web pages to be displayed on the target web site. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Spidean PostWrap Cross-Site Scripting Vulnerability CVE Name: | High | Internet Security Systems, postwrap-xss (19261), February 9, 2005 |
Squid 2.5 | A vulnerability exists that could permit a remote malicious user to send multiple Content-length headers with special HTTP requests to corrupt the cache on the Squid server. A patch (squid-2.5.STABLE7-header_parsing.patch) is available at: http://www.squid-cache.org/Versions/v2/2.5/bugs/ Conectiva: Gentoo: Debian: Ubuntu: SuSE: Trustix: Mandrake: RedHat: SuSE: Ubuntu: Currently we are not aware of any exploits for this vulnerability. | Squid Error in Parsing HTTP Headers CVE Name: | Medium | SecurityTracker Alert ID, 1012992, January 25, 2005 Gentoo GLSA 200502-04, February 2, 2005 Debian DSA-667-1, February 4, 2005 SUSE, SUSE-SR:2005:003, February 4, 2005 US-CERT Vulnerability Note, VU#924198 US-CERT Vulnerability Note, VU#625878 Trustix #2005-0003, February 11, 2005 Ubuntu Security Notice, USN-77-1, February 7, 2005 SUSE Security Announcement, SUSE-SA:2005:006, February 10, 2005 Mandrakelinux Security Update Advisory, MDKSA-2005:034, February 11, 2005 RedHat Security Advisory, RHSA-2005:061-19, February 11, 2005 |
SquirrelMail 1.x | A Cross-Site Scripting vulnerability exists in the 'decodeHeader()' function in 'mime.php' when processing encoded text in headers due to insufficient input validation, which could let a remote malicious user execute arbitrary HTML and script code. Patch available at: Gentoo: Conectiva: Fedora: Apple: SuSE: Debian: Red Hat: http://rhn.redhat.com/errata/RHSA-2005-135.html An exploit script is not required. | SquirrelMail Cross-Site Scripting | High | Secunia Advisory, Gentoo Linux Security Advisory, GLSA 200411-25, November 17, 2004 Fedora Update Notifications, Conectiva Linux Security Announcement, CLA-2004:905, December 2, 2004 Apple Security Update, APPLE-SA-2005-01-25, January 26, 2005 SUSE Security Summary Report, SUSE-SR:2005:002, January 26, 2005 Debian DSA-662-1, February 1, 2005 Red Hat RHSA-2005:135-04, February 10, 2005 |
Norton AntiVirus for Microsoft Exchange 2.1, prior to build 2.18.85; | A buffer overflow vulnerability exists that could permit a remote malicious user to execute arbitrary code on the target system. The DEC2EXE engine does not properly parse UPX compressed files when inspecting them for viruses. A fix is available via LiveUpdate and at: http://www.symantec.com/techsupp Currently we are not aware of any exploits for this vulnerability. | Symantec Norton Anti-Virus Buffer Overflow CVE Name: | High | Symantec Security Response, SYM05-003, February 8, 2005 |
University of California (BSD License) PostgreSQL 7.x, 8.x
| Multiple vulnerabilities exist that could permit malicious users to gain escalated privileges or execute arbitrary code. These vulnerabilities are due to an error in the 'LOAD' option, a missing permissions check, an error in 'contrib/intagg,' and a boundary error in the plpgsql cursor declaration. Update to version 8.0.1, 7.4.7, 7.3.9, or 7.2.7: http://wwwmaster.postgresql.org/download/mirrors-ftp Ubuntu: Debian: Gentoo: Fedora: Trustix: http://http.trustix.org/pub/trustix/updates/ Ubuntu: http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/ RedHat: http://rhn.redhat.com/errata/RHSA-2005-141.html Gentoo: http://security.gentoo.org/glsa/glsa-200502-19.xml Debian: http://security.debian.org/pool/updates/main/p/postgresql/ Currently we are not aware of any exploits for these vulnerabilities. | University of California PostgreSQL Multiple Vulnerabilities CVE Name: | Medium/ High (High if arbitrary code can be executed) | PostgreSQL Security Release, February 1, 2005 Ubuntu Security Notice USN-71-1 February 01, 2005 Debian Security Advisory Gentoo GLSA 200502-08, February 7, 2005 Fedora Update Notifications, Ubuntu Security Notic,e USN-79-1 , February 10, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0003, February 11, 2005 Gentoo Linux Security Advisory, GLSA 200502-19, February 14, 2005 RedHat Security Advisory, RHSA-2005:141-06, February 14, 2005 Debian Security Advisory, DSA 683-1, February 15, 2005 |
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
Date of Script | Script name | Workaround or Patch Available | Script Description |
| February 14, 2005 | cabrightstor_disco.pm brightstor.c.php | Yes | Script that exploits the BrightStor ARCserve Backup Discovery Service Buffer Overflow vulnerability. |
| February 14, 2005 | ex_perl.c ex_perl2.c | Yes | Proofs of Concept exploits for the Perl SuidPerl Multiple Vulnerabilities. |
| February 12, 2005 | ecl-eximspa.c p_exim.c | Yes | Exploit for the GNU Exim Buffer Overflows vulnerability. |
| February 11, 2005 | rkhunter-1.2.0.tar.gz | N/A | Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. |
| February 10, 2005 | atronboom.zip | No | Exploit for the Armagetron Advanced Multiple Remote Denial of Service Vulnerabilities. |
| February 10, 2005 | msnMessengerPNGexploit.c | Yes | Script that exploits the Windows/MSN Messenger PNG Processing vulnerability. |
| February 8, 2005 | fm-afp.c | No | Script that exploits the Apple Mac OS X AppleFileServer Remote Denial of Service vulnerability. |
| February 8, 2005 | rna_deleter.rgp rna_bof.rgs | No | Exploits for the RealNetworks RealArcade Multiple Remote Vulnerabilities. |
| February 7, 2005 | 3csploit.c | No | Script that exploits the 3Com 3CServer FTP Command Buffer Overflows vulnerability. |
| February 7, 2005 | pde.txt | Yes | Exploit for the PerlDesk 'view' Parameter Input Validation vulnerability. |
| February 7, 2005 | xfinder-ds.pl | No | Perl script that exploits the Apple Mac OS X Finder 'DS_Store' Insecure File Creation vulnerability. |
[back to
top]
name=trends>Trends
- IBM has announced the results from its 2004 Global Business Security Index Report for potential security threats in 2005. For more information, see "IBM Security Report Predicts Mobile/Satellite Attacks in 2005," located at: http://sys-con.com/story/?storyid=48190&DE=1.
- An Internet browser feature that permits web addresses in Chinese, Arabic, and other languages could encourage online fraudsters by making scam Web sites look legitimate to visitors due to a lack of support internationalized domain names. For more information, see " Browser Feature Could Make Scams Easier," located at: http://www.washingtonpost.com/wp-dyn/articles/A5709-2005Feb7.html?sub=AR.
- WholeSecurity announced the industry's first worldwide anti-phishing network (www.phishreport.net). For more information, see "Microsoft, EBay, Paypal, And Visa Join WholeSecurity To Launch Phish Report Network, The Internet’s First Global Anti-Phishing Aggregation Service" located at: http://www.phishreport.net/releases/launch_release.html and "Microsoft, eBay join antiphishing initiative" located at: http://news.com.com/Microsoft%2C+eBay+join+antiphishing+initiative/2100-1029_3-5575106.html.
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trends |
face="Arial, Helvetica, sans-serif">Date |
1 | Netsky-P | Win32 Worm | Stable | March 2004 |
2 | Zafi-D | Win32 Worm | Stable | December 2004 |
3 | Netsky-Q | Win32 Worm | Stable | March 2004 |
4 | Zafi-B | Win32 Worm | Slight Increase | June 2004 |
5 | Netsky-D | Win32 Worm | Slight Increase | March 2004 |
6 | Sober-I | Win32 Worm | Decrease | November 2004 |
7 | Bagle.bj | Win32 Worm | Stable | January 2005 |
8 | Netsky-B | Win32 Worm | Stable | February 2004 |
9 | Bagle.z | Win32 Worm | Stable | April 2004 |
10 | Bagle-AU | Win32 Worm | Stable | October 2004 |
Table Updated February 15, 2005
Viruses or Trojans Considered to be a High Level of Threat
- Troj/BankAsh-A: Anti-virus firms said they uncovered the first malware, Troj/BankAsh-A, that switches off Microsoft AntiSpyware, along with its other functions. Troj/BankAsh-A includes a keylogger and attempts to steal credit card details, turn off other anti-virus applications, delete files, install other malicious code and download code from the Internet. For more information see: http://www.eweek.com/article2/0,1759,1763560,00.asp
Worm_Aimdes.A: Last week saw instant messaging (IM) viruses and worms hit popular IM systems from both Microsoft and AOL. In the Microsoft MSN Messenger case, exploit code that could be used to create an IM virus was published on the Web. AOL's AIM was hit with a virus dubbed Worm_Aimdes.A. The virus sends a copy of itself to all online contacts in an affected user's Buddy List, sending a message in an attempt to trick recipient into thinking the file was send from a trusted source. For more information see: http://www.infoworld.com/article/05/02/11/HNimvirus_1.html
The following table provides, in alphabetical order, a list of new viruses, variations of previously encountered viruses, and Trojans that have been discovered during the period covered by this bulletin. This information has been compiled from the following anti-virus vendors: Sophos, Trend Micro, Symantec, McAfee, Network Associates, Central Command, F-Secure, Kaspersky Labs, MessageLabs, Panda Software, Computer Associates, and The WildList Organization International. Users should keep anti-virus software up to date and should contact their anti-virus vendors to obtain specific information on the Trojans and Trojan variants that anti-virus software detects.
NOTE: At times, viruses and Trojans may contain names or content that may be considered offensive.
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.