Summary of Security Items from September 1 through September 7, 2004
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends and viruses identified between August 31 and September 7, 2004. Updates to items appearing in previous bulletins are listed in bold text.The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Bugs,
Holes, & Patches
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the
following tables has been discussed in newsgroups and
on web sites.
Risk is defined as follows: (Note: The risks levels applied to vulnerabilities in the Cyber Bulletin are based on how the "system" may be impacted.)
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name | Risk | Source |
CesarFTP 0.98b, 0.99 g, 0.99 e | A buffer overflow vulnerability exists during authentication due to insufficient bounds checking, which could let a remote user cause a Denial of Service or execute arbitrary code.
No workaround or patch available at time of publishing. Proof of Concept exploit script has been published. | CesarFTP Buffer Overflow | Low/High (High if arbitrary code can be executed) | Securiteam, August 31, 2003 |
Comersus Cart 5.0 991 | A vulnerability exists in the 'comersus_customerLoggedVerify.asp' script due to insufficient validation of the 'redirecturl' parameter, which could let a remote malicious user obtain or modify sensitive information or execute arbitrary code. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Comersus Shopping Cart 'redirecturl' Input Validation | Medium/High (High if arbitrary code can be executed) | SecurityTracker Alert ID: 1011135, September 1, 2004 |
GEMS Central Tabulator 1.17.7, 1.18 | A vulnerability exists due to an undocumented backdoor account, which could a local or remote authenticated malicious user modify votes.
No workaround or patch available at time of publishing. We are not aware of any exploits for this vulnerability. | GEMS Central Tabulator Vote Database Vote Modification | Medium | BlackBoxVoting.org, August 31, 2004 |
IMail 5.0, 5.0.5-5.0.8, 6.0-6.0.6, 6.1-6.4, 7.0.1-7.0.7, 7.1, 7.12, 8.0.3, 8.0.5, 8.1 | Multiple buffer overflow vulnerabilities exist: a remote Denial of Service vulnerability exists in the Queue Manager when a malicious user submits an overly long sender field; a remote Denial of Service vulnerability exists in Web Calendaring when a ca lender entry that contains certain content is viewed; and a remote Denial of Service vulnerability exists in Web Messaging when a malicious user submits an overly long 'To:' line. The execution of arbitrary code may also be possible. Patches available at: http://www.ipswitch.com/support/imail/releases/imail_professional/im813.html We are not aware of any exploits for this vulnerability. | Ipswitch IMail Server Multiple Buffer Overflow Remote Denial of Service | Low/High (High if arbitrary code can be executed) | Secunia Advisory, SA12453, September 3, 2004 |
WhatsUp Gold 7.0 4, 7.0 3, 7.0, 8.03 hotfix 1, 8.03, 8.0 1, 8.0 | Two vulnerabilities exist: a buffer overflow vulnerability exists when processing Notification instance names, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability exists in 'prn.htm' when a malicious user submits a certain GET request. Hotfixes available at: We are not aware of any exploits for this vulnerability. | WhatsUpGold Web Interface Vulnerabilities | Low/High (High if arbitrary code can be executed) | SecurityTracker Alert ID: 1011157, September 4, 2004 |
WS FTP Server 5.0.2 | A remote Denial of Service vulnerability exists in the 'cd' command when a malicious user submits a malformed file path. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | IPSwitch WS_FTP Remote Denial of Service | Low | Bugtraq, August 29, 2004 |
Xedus 1.0 | Multiple vulnerabilities exist: a remote Denial of Service vulnerability exists when a malicious user submits multiple simultaneous connections; a Cross-Site Scripting vulnerability exists in the sample scripts due to insufficient sanitization of user-supplied URI input, which could let a remote malicious user execute arbitrary HTML and script code; and a Directory Traversal vulnerability exists which could let a remote malicious obtain sensitive information.
No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploit scripts have been published. | Xedus Web Server Input Validation Vulnerabilities | Low/Medium/ High (Low if a DoS; Medium if sensitive information can be obtained; and High if arbitrary code can be executed) | GulfTech Security Research Security Advisory, August 30, 2004 |
Keene Digital Media Server 1.0.2 | Multiple vulnerabilities exist: a Cross-Site Scripting vulnerability exists because input passed to various parameters is not properly sanitized, which could let a remote malicious user execute arbitrary code; and a vulnerability exists because access is not restricted to all administrative pages and users' permissions are not checked before an administrative task is performed, which could let a remote malicious user user performed arbitrary administrative tasks. No workaround or patch available at time of publishing. Proofs of Concept exploits have been published. | Keene Digital Media Server Cross-Site Scripting | High | SecurityFocus, September 4, 2004 |
Kerio Personal Firewall 4.0.6-4.0.10, 4.0.16 | A vulnerability exists in the 'Application Security' functionality, which could let a malicious user bypass certain security features. No workaround or patch available at time of publishing. We are not aware of any exploits for this vulnerability. | Kerio Personal Firewall Security Bypass | Medium | SIG^2 Vulnerability Research Advisory, September 2, 2004 |
Altnet ADM; | A buffer overflow vulnerability exists in Altnet Download Manager in the 'IsValidFile()' method, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Altnet ADM ActiveX Control Remote Buffer Overflow | High | SecurityFocus, September 3, 2004 |
DasBlog 1.3-1.6 | A Cross-Site Scripting vulnerability exists in the 'User-Agent:' and 'Referer:' headers due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.
Patches available at: http://www.dasblog.net/documentation/CategoryView.aspx?category=Download There is no exploit code required; however, Proofs of Concept exploit scripts have been published. | DasBlog Cross-Site Scripting | High | ERNW Security Advisory, September 1, 2004 |
Winamp 5.04 & prior | A buffer overflow vulnerability exists in an ActiveX control installed by the application, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Winamp ActiveX Control Remote Buffer Overflow CVE Name: CAN-2004-0820 | High | SecurityTracker Alert ID: 1011071, September 2, 2004 |
Titan FTP Server 2.2, 2.10, 3.0 1, 3.10, 3.21 | A heap overflow vulnerability exists in the 'cwd' command due to insufficient boundary checks, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. Proof of Concept exploit script has been published. | Titan FTP Server CWD Command Remote Heap Overflow | High | www.cnhonker.com Security Advisory, August 29, 2004 |
PowerQuest DeployCenter 5.5 | A password disclosure vulnerability exists in the 'stuffit.dat' file due to a failure to handle exceptional conditions, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing. There is no exploit code required. | PowerQuest DeployCenter Password Disclosure | Medium | SecurityTracker Alert ID: 1011081, August 28, 2004 |
WFTPD Pro 3.21, R1-R3 | A remote Denial of Service vulnerability exists due to insufficient validation of the 'MLST' command. No workaround or patch available at time of publishing. Exploit script has been published. | WFTPD Remote Denial of Service | Low | www.cnhonker.com Security Advisory, August 30, 2004 |
Password Protect | Multiple vulnerabilities exist: vulnerabilities exist in the 'LoginId,' 'OPass,' 'NPass,'and 'CPass' parameters in 'ChangePassword.asp,' the 'admin' and 'Pass' parameters in 'index_next.asp,' and ' users_add.asp' and 'users_edit.asp' scripts due to insufficient sanitization, which could let a remote malicious user obtain administrative access to the application or to view or modify the database; and vulnerabilities exist in 'ChangePassword.asp,' 'index.asp,' 'users_list.asp,' 'users_add.asp,' and 'users_edit.asp' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proofs of Concept exploit scripts have been published. | Password Protect Input Validation | High | CRIOLABS Advisory, August 30, 2004 |
WinZip 7.0, 8.0, 8.1, SR-1, 9.0 | Multiple unspecified buffer overflow vulnerabilities exist due to insufficient bounds checking when processing zip archives, which could let a local/remote malicious user execute arbitrary code.
Upgrades available at: We are not aware of any exploits for this vulnerability. | WinZip Multiple Buffer Overflows | High | Securiteam, September 6, 2004 |
| UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name | Risk | Source |
Apache 2.0 a9, 2.0, 2.0.28 Beta, 2.0.28, 2.0.32, 2.0.35-2.0.50 | A remote Denial of Service vulnerability exists in Apache 2 mod_ssl during SSL connections.
Apache: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964 RedHat:http://rhn.redhat.com/errata/RHSA-2004-349.html SuSE: ftp://ftp.suse.com/pub/suse/i386/update/ We are not aware of any exploits for this vulnerability. | Apache mod_ssl Denial of Service CVE Name: | Low | SecurityFocus, September 6, 2004 |
MacOS X 10.2.8, 10.3.4, 10.3.5 | Two vulnerabilities exist: a vulnerability exists in CoreFoundation 'CFPlugin' facilities, which could let a malicious user obtain elevated privileges; and a buffer overflow vulnerability exists in CoreFoundation, which could let a malicious user execute arbitrary code.
Patches available at: We are not aware of any exploits for this vulnerability. | Mac OS X CoreFoundation Buffer Overflow & Library Loading CVE Names: | Medium/ High (High if arbitrary code can be executed) | Apple Security Update, APPLE-SA-0024-09-07, September 7, 2004 |
Gallery 1.4.4 | A vulnerability exists in the 'set_time_limit' function due to insufficient validation of user-supplied input, which could let a remote malicious user execute arbitrary code.
Upgrade available at: http://prdownloads.sourceforge.net/gallery/ Gentoo: http://security.gentoo.org/glsa/glsa-200409-05.xml Proof of Concept exploit script has been published. | Gallery Input Validation | High | SecurityTracker Alert ID: 1010971, August 18, 2004 SecurityFocus, September 2, 2004 Gentoo Linux Security Advisory GLSA 200409-05, September 2, 2004 |
Inter7 Courier-IMAP 1.6, 1.7, 2.0 .0, 2.1- 2.1.2, 2.2 .0. 2.2.1 | A format string vulnerability exists in the 'auth_debug()' function used for login debugging, which could let a remote malicious user execute arbitrary code.
Upgrade available at: http://prdownloads.sourceforge.net/courier/courier-imap-3.0.7.tar.bz2 Gentoo: http://security.gentoo.org/glsa/glsa-200408-19.xml Trustix: ftp://ftp.trustix.org/pub/trustix/updates/ Exploit script has been published. | Courier-IMAP Remote Format String CVE Name: | High | iDEFENSE Security Advisory 08.18.04 SecurityFocus, September 2, 2004 |
Fujitsu ServerView 3.0 | A vulnerability exists because the '.index' file is world writeable, which could let a malicious user modify MIB values.
No workaround or patch available at time of publishing. We are not aware of any exploits for this vulnerability. | Fujitsu ServerView MIB Modification | Medium | SecurityTracker Alert ID: 1011168, September 6, 2004 |
vpopmail (vchkpw) 3.4.1-3.4.11, 4.5, 4.6, 4.7, 4.8, 4.9, 4.9.10, 4.10, 5.2.1, 5.2.2, 5.3.20-5.3.30, 5.4-5.4.2 | Multiple buffer overflow and format string vulnerabilities exist in the 'vsybase.c' file, which could let a malicious user cause a Denial of Service, obtain unauthorized access, or execute arbitrary code.
Upgrades available at: Gentoo: http://security.gentoo.org/glsa/glsa-200409-01.xml We are not aware of any exploits for this vulnerability. | Inter7 Vpopmail Vsybase.c Multiple Vulnerabilities | Low/ Medium/High Low if a DoS; Medium if unauthorized access can be obtained; and High if arbitrary code can be executed. | Bugtraq, August 17, 2004 Gentoo Linux Security Advisory GLSA 200409-01, September 1, 2004 |
vpopmail (vchkpw) 3.4.1-3.4.11, 4.5-4.10, 5.2.1, 5.2.2, 5.3.20-5.3.30, 5.4-5.4.5 | An SQL injection vulnerability exists due to insufficient sanitization of user-supplied input data before using it in an SQL query, which could let a remote malicious user insert additional SQL commands into data passed into POP/IMAP login, SMTP AUTH, or a QmailAdmin login. Note: Vpopmail is only vulnerable if SQL servers are utilized by the application. Sites using the 'cdb' backend for data storage are not affected. Upgrades available at: Gentoo: http://security.gentoo.org/glsa/glsa-200409-01.xml There is no exploit code required. | Vpopmail SQL Injection | Medium | SecurityFocus, August 20, 2004 Gentoo Linux Security Advisory GLSA 200409-01, September 1, 2004 |
CDRTools 2.0, 2.0.1 a18, 2.0.3. | A vulnerability exists in 'cdrecord,' which could let a malicious user obtain root privileges. No workaround or patch available at time of publishing. We are not aware of any exploits for this vulnerability. | CDRTools Unspecified Privilege Escalation | High | SecurityFocus, August 31, 2004 |
Usermin 1.070, 1.080 | Several vulnerabilities exist: an input validation vulnerability exists in the mail functionality, which could let a remote malicious user execute arbitrary code; and a vulnerability exists due to an unspecified error in the installation routine.
Update available at: http://www.webmin.com/index6.html We are not aware of any exploits for this vulnerability. | Usermin Web Mail | High | SNS Advisory No.77, September 7, 2004 |
XV 3.10 a | Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'xvbmp.c' source file, which could let a remote malicious user execute arbitrary code; multiple heap overflow vulnerabilities exist in the 'xviris.c' source file due to integer handling problems, which could let a remote malicious user execute arbitrary code; a heap overflow vulnerability exists in the 'xvpcx.c' source file due to integer handling problems, which could let a remote malicious user execute arbitrary code; and a heap overflow vulnerability exists in the 'xvpm.c' source file due to integer handling problems, which could let a remote malicious user execute arbitrary code.
Gentoo: http://security.gentoo.org/glsa/glsa-200409-07.xml Exploit script has been published. | XV Multiple Buffer Overflow and Integer Handling | High | Bugtraq, August 24, 2004 Gentoo Linux Security Advisory, GLSA 200409-07, September 3, 2004 |
LHA 1.14 | Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the parsing of archives, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability exists in the parsing of command-line arguments, which could let a remote malicious user execute arbitrary code; and a vulnerability exists due to insufficient validation of shell meta characters in directories, which could let a remote malicious user execute arbitrary shell commands.
RedHat: http://rhn.redhat.com/errata/RHSA-2004-323.html We are not aware of any exploits for this vulnerability. | LHA Multiple Code Execution CVE Names: | High | SecurityFocus, September 2, 2004 |
mpg123 0.x
| A buffer overflow vulnerability exists in the 'do_layer2()' function, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. We are not aware of any exploits for this vulnerability. | mpg123 'do_layer2() Function' Remote Buffer Overflow | High | Securiteam, September 7,2 004 |
Cisco VPN 3000 Concentrator 4.0 .x, 4.0, 4.0.1, 4.1 .x; Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; Gentoo Linux 1.4 _rc1-rc3, 1.4; MandrakeSoft Corporate Server 2.1, x86_64, Linux Mandrake 9.1, ppc, | A remote Denial of Service vulnerability exists in the ASN.1 decoder when decoding a malformed ASN.1 buffer.
MIT Kerberos: http://web.mit.edu/kerberos/advisories/ Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20040831-krb5.shtml Debian: http://security.debian.org/pool/updates/main/k/krb5/ Fedora: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/ Gentoo: http://security.gentoo.org/glsa/glsa-200409-09.xml Mandrake: http://www.mandrakesecure.net/en/ftp.php Sun: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57631-1&searchclause= Trustix: ftp://ftp.trustix.org/pub/trustix/updates/ We are not aware of any exploits for this vulnerability. | MIT Kerberos 5 ASN.1 Decoder Remote Denial of Service CVE Name: | Low | MIT krb5 Security Advisory, MITKRB5-SA-2004-002, August 31, 2004
US-CERT Technical Cyber Security Alert TA04-247A, September 5, 2004 US-CERT Vulnerability Note VU#550464, September 3, 2004 |
Cisco VPN 3000 Concentrator 4.0 .x, 4.0, 4.0.1, 4.1 .x; Debian Linux 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; Gentoo Linux 1.4 _rc1-rc3, 1.4; MandrakeSoft Corporate Server 2.1, x86_64, Linux Mandrake 9.1, ppc, | Multiple double-free vulnerabilities exist due to inconsistent memory handling routines in the krb5 library: various double-free errors exist in the KDC (Key Distribution Center) cleanup code and in client libraries, which could let a remote malicious user execute arbitrary code; various double-free errors exist in the 'krb5_rd_cred()' function, which could let a remote malicious user execute arbitrary code; a double-free vulnerability exists in krb524d, which could let a remote malicious user execute arbitrary code; and a vulnerability exists in ASN.1 decoder when handling indefinite length BER encodings, which could let a remote malicious user cause a Denial of Service.
MIT Kerberos: http://web.mit.edu/kerberos/advisories/ Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20040831-krb5.shtml Debian: http://security.debian.org/pool/updates/main/k/krb5/ Fedora: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/ Gentoo: http://security.gentoo.org/glsa/glsa-200409-09.xml Mandrake: http://www.mandrakesecure.net/en/ftp.php Sun: http://sunsolve.sun.com/search/document.do?assetkey=1-21-112908-15-1 Trustix: ftp://ftp.trustix.org/pub/trustix/updates/ We are not aware of any exploits for this vulnerability. | Kerberos 5 Double-Free Vulnerabilities CVE Names: | Low/High
(High if arbitrary code can be executed) | MIT krb5 Security Advisory, MITKRB5-SA-2004-002, August 31, 2004 US-CERT Technical Cyber Security Alert TA04-247A, September 5, 2004 US-CERT Vulnerability Notes, VU#350792, VU#795632, VU#866472, September 3, 2004 |
Enlightenment Imlib2 1.0-1.0.5, 1.1, 1.1.1; | Multiple buffer overflow vulnerabilities exist in the Iimlib/Imlib2 libraries when handling malformed bitmap images, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
lmlib: http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/ ImageMagick: http://www.imagemagick.org/www/download.html We are not aware of any exploits for this vulnerability. | IMLib/IMLib2 Multiple BMP Image Decoding Buffer Overflows
CVE Names: | Low/High (High if arbitrary code can be executed) | SecurityFocus, September 1, 2004 |
Gentoo Linux 1.4; | Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'read_dib()' function when handling 8-bit RLE encoded BMP files, which could let a malicious user execute arbitrary code; and buffer overflow vulnerabilities exist in the in the XPM, GIF, and JPEG image file handlers, which could let a remote malicious user execute arbitrary code. Debian: http://security.debian.org/pool/updates/main/q/qt-copy/ Fedora: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ Gentoo: http://security.gentoo.org/glsa/glsa-200408-20.xml Mandrake: http://www.mandrakesecure.net/en/ftp.php Slackware: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kde/qt-3.1.2-i486-4.tgz SuSE: ftp://ftp.suse.com/pub/suse/i386/update Trolltech Upgrade: http://www.trolltech.com/download/index.html TurboLinux: ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/ Sun: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57637-1&searchclause=security Proof of Concept exploit has been published. | QT Image File Buffer Overflows CVE Names: | High | Secunia Advisory, SA12325, August 10, 2004 Sun Alert ID: 57637, September 3, 2004 |
MySQL 3.23.49, 4.0.20 | A vulnerability exists in the 'mysqlhotcopy' script due to predictable files names of temporary files, which could let a malicious user obtain elevated privileges. Debian: http://security.debian.org/pool/updates/main/m/ Gentoo: http://security.gentoo.org/glsa/glsa-200409-02.xml There is no exploit code required. | Medium | Debian Security Advisory, DSA 540-1, August 18, 2004 Gentoo Linux Security Advisory GLSA 200409-02, September 1, 2004 | |
OpenCA 0.x | A Cross-Site Scripting vulnerability exists due to insufficient sanitization of input passed to the web frontends, which could let a remote malicious user execute arbitrary HTML and script code.
Update available at: http://www.openca.org/openca/ We are not aware of any exploits for this vulnerability. | OpenCA Cross-Site Scripting CVE Name: | High | Secunia Advisory, SA12473, September 7, 2004 |
Oracle Application Server 10g 9.0.4, 9.0.4 .0, Oracle10g Application Server 10.1.0.2, Oracle10g Enterprise Edition 9.0.4.0, 10.1.0.2, Oracle10g Personal Edition 9.0.4.0, 10.1.0.2, Oracle10g Standard Edition 9.0.4.0, 10.1.0.2 | Multiple buffer overflow vulnerabilities exist which could let a remote malicious user execute arbitrary commands. Patches available at: We are not aware of any exploits for this vulnerability. | Oracle Multiple Buffer Overflows | High | Technical Cyber Security Alert TA04-245A, September 1, 2004 US-CERT Vulnerability Notes VU#316206, VU#170830, VU#435974, September 1, 2004 |
Oracle8i Enterprise Edition 8.1.7.4, Standard Edition 8.1.7.4, Oracle9i Enterprise Edition 9.2.0.4, Personal Edition 9.2.0.4, Standard Edition 9.0.1.3, 9.2.0.4 | A vulnerability exists in the 'ctxsys.driload' package, which could let a remote malicious user obtain administrative privileges.
Patches available at: A Proof of Concept exploit has been published. | Oracle Database Server ctxsys.driload Access Validation CVE Name: | High | Technical Cyber Security Alert TA04-245A, September 1, 2004
|
| Oracle Corporation
Oracle8i Enterprise Edition 8.1.7.4, Standard Edition 8.1.7.4, Enterprise Edition 9.0.1.5, 9.0.1.4, 9.2.0.4, 9.2.0.3, Oracle9i Personal Edition 9.0.1.5 | A buffer overflow vulnerability exists in the 'bms_system.ksdwrt()' function, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
Patches available at: We are not aware of any exploits for this vulnerability. | Oracle Database Server dbms_system.ksdwrt Remote Buffer Overflow CVE Name: | Low/High (High if arbitrary code can be executed) | Technical Cyber Security Alert TA04-245A, September 1, 2004
|
GNOME VFS Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64; | Multiple vulnerabilities exist in several of the GNOME VFS extfs backend scripts. Red Hat Enterprise Linux ships with vulnerable scripts, but they are not used by default. A malicious user who is able to influence a user to open a specially-crafted URI using gnome-vfs could perform actions as that user. Users of Red Hat Enterprise Linux should upgrade to these updated packages, which remove these unused scripts. Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: href="http://www.redhat.com/docs/manuals/enterprise/ ">http://www.redhat.com/docs/manuals/enterprise/ Fedora: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/ We are not aware of any exploits for this vulnerability. | GNOME VFS updates address extfs vulnerability CVE Name: | High | Red Hat Security Advisory ID: RHSA-2004:373-01, August 4, 2004 Fedora Update Notification |
Regents of University of California bsdmainutils 6.0.14 | An information disclosure vulnerability exists in the calendar utility when run with the '-a' option due to improper authorization checks, which could let a malicious user obtain root access.
Debian: http://ftp.debian.org/debian/pool/main/b/bsdmainutils /bsdmainutils_6.0.15.tar.gz There is no exploit code required; however, Proofs of Concept exploit scripts have been published. | Bsdmainutils Calendar Information Disclosure CVE Name: | High | SecurityTracker Alert ID: 1011131, September 1, 2004 |
A vulnerability exists in rsync when running in daemon mode with chroot disabled. A remote user may be able read or write files on the target system that are located outside of the module's path. A remote user can supply a specially crafted path to cause the path cleaning function to generate an absolute filename instead of a relative one. The flaw resides in the sanitize_path() function. Updates and patches are available at: href="http://rsync.samba.org/">http://rsync.samba.org/ SuSE: href="http://www.suse.de/de/security/2004_26_rsync.html">http://www.suse.de/de/security/2004_26_rsync.html Debian: href="http://www.debian.org/security/2004/dsa-538">http://www.debian.org/security/2004/dsa-538 Trustix: href="http://www.trustix.net/errata/2004/0042/">http://www.trustix.net/errata/2004/0042/ Fedora: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/ Mandrake: http://www.mandrakesecure.net/en/ftp.php OpenPKG: ftp://ftp.openpkg.org/release/2.0/UPD/ TurboLinux: ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ We are not aware of any exploits for this vulnerability. | Rsync Input Validation Error in sanitize_path() May Let Remote Users Read or Write Arbitrary Files CVE Name: | High | SecurityTracker 1010940, August 12, 2004 rsync August 2004 Security Advisory SecurityFocus, September 1, 2004 | |
Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 STABLE5, 2.4, STABLE7, 2.5 STABLE1-STABLE6, Squid Web Proxy Cache 3.0 PRE1-PRE3 | A remote Denial of Service vulnerability exists in 'lib/ntlmauth.c' due to insufficient validation of negative values in the 'function "ntlm_fetch_string()' function. Patches available at: Gentoo: http://security.gentoo.org/glsa/glsa-200409-04.xml We are not aware of any exploits for this vulnerability. | Squid Proxy NTLM Authentication Remote Denial of Service | Low | Secunia Advisory, SA12444, September 3, 2004 |
Solaris 8.0, 8.0_x86
| A remote Denial of Service vulnerability exists in 'in.named.' Patch available at: sunsolve.sun.com/search/document.do?assetkey=1-26-57614-1 We are not aware of any exploits for this vulnerability. | Solaris 'in.named' Remote Denial of Service | Low | Sun(sm) Alert Notification, 57614 , September 3, 2004 |
Linux 8.1, 8.2, 9.0, x86_64, 9.1, Linux Connectivity Server, Linux Database Server, Linux Enterprise Server 9, 8, Linux Office Server, SuSE eMail Server III | A Denial of Service vulnerability exists in '/dev/ptmx.' Updates available at: ftp://ftp.suse.com/pub/suse/ We are not aware of any exploits for this vulnerability. | SuSE Linux PTMX Unspecified Local Denial of Service | Low | SUSE Security Announcement, SA:2004:028, September 1, 2004 |
Net-Acct 0.x
| A vulnerability exists in the 'write_list()' and 'dump_curr_list()' functions due to the insecure creation of temporary files, which could let a malicious user modify information.
Patch available at: We are not aware of any exploits for this vulnerability. | Net-acct Insecure Temporary File | Medium | Secunia Advisory, September 7, 2004 |
Ruby 1.6, 1.8 | A vulnerability exists in the CGI session management component due to the way temporary files are processed, which could let a malicious user obtain elevated privileges. Upgrades available at: http://security.debian.org/pool/updates/main/r/ruby/ Gentoo: http://security.gentoo.org/glsa/glsa-200409-08.xml We are not aware of any exploits for this vulnerability. | Ruby CGI Session Management Unsafe Temporary File CVE Name: | Medium | Debian Security Advisory, DSA 537-1, August 16, 2004 Gentoo Linux Security Advisory, GLSA 200409-08, September 3, 2004 |
| Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attacks Scripts | Common Name | Risk | Source |
AOL Instant Messenger (AIM) 5.5 | A buffer overflow vulnerability exists in America Online's Instant Messenger (AIM) which can allow remote malicious users to execute arbitrary code. The vulnerability specifically exists due to insufficient bounds checking on user-supplied values passed to the 'goaway' function of the AOL Instant Messenger 'aim:' URI handler. Upgrade to AIM beta version available at: href="http://www.aim.com ">www.aim.com Proofs of Concept exploit scripts have been published. | AOL Instant Messenger aim:goaway URI Handler Buffer Overflow Vulnerability | High | iDEFENSE Security Advisory 08.09.04 Secunia, SA12198, August 9, 2004 US-CERT Vulnerability Note VU#735966, August 10, 2004 SecurityFocus, September 2, 2004 |
Firmware Version 2.40; Axis 2100/2110/2120/2420/2130, Network Camera, 2400/2401 Video Server | Multiple vulnerabilities exist: an input validation vulnerability exists in the '/axis-cgi/io/virtualinput.cgi' script, which could let a remote malicious user execute arbitrary commands; and a Directory Traversal vulnerability exists, which could let a remote malicious user obtain sensitive information.
Upgrade available at: There is no exploit code required; however, Proofs of Concept exploits have been published. | Axis Network Camera And Video Server Multiple Vulnerabilities
| Medium/ High (High if arbitrary commands can be executed) | Bugtraq, August 22, 2004 SecurityFocus, August 31, 2004 |
Cerbère Proxy Server 1.2 | A remote Denial of Service vulnerability exists when a malicious user submits a malformed HTTP GET request.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | Cerbère Proxy Server Remote Denial of Service | Low | GSSIT - Global Security Solution IT Security Advisory, September 1, 2004 |
Call of Duty 1.4 & prior | A vulnerability exists which could let a remote malicious user shutdown the game service when a query or reply is submitted that contains more than 1024 characters. No workaround or patch available for Windows at time of publishing. Linux version patch: Proof of Concept exploit has been published. | Call of Duty Game Shutdown | Low | Securiteam, September 7, 2004 |
CuteNews 0.88, 1.3, 1.3.1, 1.3.2, 1.3.6 | A Cross-Site Scripting vulnerability exists in 'show_archives' due to insufficient sanitization of the 'cutepath' variable, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | CutePHP Cross-Site Scripting | High | Hackgen Advisory, hackgen-2004-#001, September 2, 2004 |
DCS-900 Internet Camera 2.10, 2.20, 2.28 | A vulnerability exists due to insufficient authentication checks for received UDP broadcast packets on port 62976, which could let a remote malicious user manipulate configuration settings and cause a Denial of Service.
No workaround or patch available at time of publishing. Exploit script has been published. | DCS-900 Internet Camera Configuration Manipulation | Low | Bugtraq, August 31, 2004 |
RTA 230 ADSL Router | A vulnerability exists due to a default backdoor account, which could let a remote malicious user obtain control of the device.
No workaround or patch available at time of publishing. There is no exploit code required. | Dynalink RTA 230 ADSL Router Default Backdoor Account | High | Bugtraq, September 3, 2004 |
GroupWare 1.0, 1.0.3 | Multiple Cross-Site Scripting vulnerabilities exist in the 'addressbook' and 'calendar' modules and HTML injections vulnerabilities exist in the 'Messenger' and 'Ticket' modules, which could let a remote malicious user execute arbitrary HTML and script code.
Gentoo: http://security.gentoo.org/glsa/glsa-200409-06.xml There is no exploit code required; however, a Proof of Concept exploit has been published. | EGroupWare Multiple Input Validation | High | Bugtraq, August 22, 2004 Gentoo Linux Security Advisory GLSA 200409-06, September 2, 2004 |
Cosminexus Portal Framework 02-03 & prior | A vulnerability exists when the <ut:cache> tag library is used, which could let a remote malicious user obtain sensitive information.
Patches available at: http://www.hitachi-support.com/security_e/vuls_e/HS04-006_e/01-e.html We are not aware of any exploits for this vulnerability. | Cosminexus Portal Framework Information Disclosure | Medium | SecurityTracker Alert ID: 1011171, September 7, 2004 |
DB2 Universal Database for AIX 7.0-7.2, 8.1, Universal Database for HP-UX 7.0-7.2, 8.1, Universal Database for Linux 7.0-7.2, 8.1, DB2 Universal Database for Solaris 7.0-7.2, 8.1, Universal Database for Windows 7.1, 7.2, 8.1 | Several buffer overflow vulnerabilities exist, which could let a remote malicious user execute arbitrary code. Upgrades available at: We are not aware of any exploits for this vulnerability. | IBM DB2 Remote Buffer Overflows | High | NGSSoftware Insight Security Research Advisory, September 1, 2004 |
Brocade Fabric OS 2.1.2, 2.2, 3.1, SilkWorm 3200, 3250, 3800, 3850, 3900, SilkWorm Fiber Channel Switch 2010, 2040, 2050; | A remote Denial of Service vulnerability exists in hardware that is based on Engenio Storage Controllers due to an unspecified error in the handling of incoming TCP packets.
No workaround or patch available at time of publishing. We are not aware of any exploits for this vulnerability. | Engenio Storage Controller Remote Denial Of Service | Low | Bugtraq, September 4, 2004 |
HP HP-UX B.11.23, 11.11, 11.00; | A buffer overflow vulnerability exists in the Netscape Network Security Services (NSS) library suite due to insufficient boundary checks, which could let a remote malicious user which may result in remote execute arbitrary code.
Mozilla:/ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/ Netscape and HP workarounds available at: http://www.securityfocus.com/bid/11015/solution/ Sun: http://sunsolve.sun.com/search/document.do? We are not aware of any exploits for this vulnerability. | NSS Buffer Overflow | High | Internet Security Systems Advisory, August 23, 2004 SecurityFocus, September 1, 2004 |
XOOPS Dictionary Module 1.0 | A Cross-Site Scripting vulnerability exists in 'letter.php' due to insufficient sanitization of the 'letter' parameter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | XOOPS Dictionary Cross-Site Scripting | High | Secunia Advisory, SA12424, September 1, 2004 |
Opera Web Browser 7.23 | A remote Denial of Service vulnerability exists in the 'embed' tag when a specific JavaScript command is executed.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | Opera Embed Tag Remote Denial of Service | Low | Bugtraq, September 1, 2004 |
phpMyBackupPro 0.6.2 | Multiple input validation vulnerabilities exist due to insufficient validation of some configuration entries and validation of mySQL username and password values, which could let a malicious user obtain unauthorized access or sensitive information. Upgrade available at: We are not aware of any exploits for this vulnerability. | PhpMyBackupPro Input Validation | Medium | SecurityFocus, September 3, 2004 |
phpScheduleIt 1.0 .0RC1 | Cross-Site Scripting vulnerabilities exist in the 'Name' and 'Last Name' fields in the new user registration script and the 'Schedule Name' field in the new schedule creation script due to insufficient sanitization of user-supplied HTML input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing. There is no exploit code required. | phpScheduleIt Cross-Site Scripting | High | Bugtraq, August 31, 2004 |
phpWebsite 0.7.3, e 0.8.2, 0.8.3, 0.9.3 -4, 0.9.3 | Multiple input validation vulnerabilities exist: a vulnerability exists in 'index.php' due to insufficient sanitization of the 'pid' parameter, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability exists in the calendar module due to insufficient sanitization of the 'cal_template' field, which could let a remote malicious user execute arbitrary code; and a vulnerability exists due to insufficient sanitization of input passed to the subject and message fields, which could let a remote malicious user execute arbitrary code.
Patches available at: There is no exploit code required; however, a Proof of Concept exploit script has been published. | PHPWebSite Multiple Input Validation | High | GulfTech Security Research Security Advisory, August 31, 2004 |
pLog 0.1-0.1.2, 0.2, 0.2.1, 0.3-0.3.2 | An input validation vulnerability exists in the 'register.php' script due to insufficient sanitization of the 'userName' and 'blogName" parameters, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | pLog 'regoster.php' Input Validation | High | Secunia Advisory, SA12415, September 1, 2004 |
PvPGN 1.6.0-1.6.5 | A buffer overflow vulnerability exists in the 'watchall' and 'unwatchall' commands, which could let a remote malicious user execute arbitrary code.
Patches available at: http://sourceforge.net/tracker/download.php?group_ There is no exploit code required. | PvPGN Remote Buffer Overflow | High | PvPGN Security Advisory, PSA-20040829, August 31, 2004 |
RTOS 2.4, 4.25, 6.1 .0, 6.2 .0 Update Patch A, 6.2 .0 | Multiple vulnerabilities exist: a buffer overflow vulnerability exists in '/usr/bin/pppoed,' which could let a malicious user execute arbitrary code; buffer overflow vulnerabilities exist in 'name,' 'en', 'upscript,' 'downscript,' 'retries,' 'timeout,' 'scriptdetach,' 'noscript,' 'nodetach,' 'remote_mac,' and 'local_mac' flags, which could let a malicious user execute arbitrary code; and a vulnerability exists because the $PATH variable can be modified to cause the daemon to execute arbitrary code.
No workaround or patch available at time of publishing. Proof of Concept exploit has been published. | QNX PPPoEd Buffer Overflows | High | Securiteam, September 6, 2004 |
MailWorks Professional | A vulnerability exists because the authentication process may be bypassed, which could let a remote malicious user obtain administrative access.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | MailWorks Professional Authentication Bypass | High | SecurityTracker Alert ID: 1011145, September 3, 2004 |
BitTorrent Tracker 1.0 beta, RC1&RC2, alpha, 2.0 | An input validation vulnerability exists in the 'download.php' script due to insufficient verification of the 'id' parameter, which could let a remote malicious user obtain sensitive information.
Fix available at: http://forum.tutoriaux.net/index.php?showtopic=299&st=0entry1342 A Proof of Concept exploit script has been published. | TorrentTrader Download.PHP SQL Injection | Medium | Secunia Advisory, SA12439, September 2, 2004 |
| VICE
VICE 1.6, 1.13, 1.14 | A format string vulnerability exists in the handling of the monitor ‘memory dump’ command, which could let a malicious user cause a Denial or Service or execute arbitrary code.
Upgrade available at: Currently we are not aware of any exploits for this vulnerability. | VICE Monitor Memory Dump Format String
CVE Name: | High | VICE Security Advisory, VSA-2004-1, June 13, 2004 SecurityFocus, September 1, 2004 |
YaBB SE 1.5.1 | A vulnerability exists in 'sources/Admin.php,' which could let a remote malicious user obtain the installation path.
No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | YaBB SE 'Admin.php' Information Disclosure | Medium | ECHO_ADV_ 05$2004, September 4, 2004 |
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may
contain names or content that may be considered offensive.
Date of Script | Script name | Workaround or Patch Available | Script Description |
| September 3, 2004 | installer.htm | Yes | Proof of concept exploit for Microsoft Internet Explorer vulnerability that may permit cross-zone access, allowing an attacker to execute malicious script code in the context of the Local Zone. |
| September 3, 2004 | None | No | Proof of concept exploit has been published for the Nullsoft Winamp ActiveX Control remote buffer overflow vulnerability. |
| September 3, 2004 | None | No | Proof of concept exploit has been published for the Altnet remote buffer overflow vulnerability. |
| September 3, 2004 | SelenaTeamTrackLoginPagePOC.pl | Yes | Proof of concept exploit for the Serena TeamTrack remote authentication bypass vulnerability. |
| September 3, 2004 | xv_bmpslap.c | Yes | Proof of concept exploit for the xv buffer overflow and integer overflow vulnerabilities. |
| September 2, 2004 | 00047-8302004.txt | Yes | Proof of concept exploit for the Xedus version 1.0 denial of service, cross site scripting, and directory traversal vulnerabilities. |
| September 2, 2004 | courier_fstr.c | Yes | Script that exploits the Courier-IMAP Remote Format String vulnerability. |
| September 2, 2004 | galfakeimg.php | Yes | Proof of concept exploit for the Gallery vulnerability that may allow a remote attacker to execute malicious scripts on a vulnerable system. |
| September 2, 2004 | mandragore-aolim.c aolInstantMessengerMessageBOExp2.c | Yes | Proof of concept exploits for the AOL Instant Messenger remote buffer overflow vulnerability. |
| September 2, 2004 | passprotect.txt | No | Proof of concept exploit for the Password Protect cross site scripting and SQL injection attack vulnerabilities. |
| September 2, 2004 | titanftp.c | Yes | Proof of concept exploit for the heap overflow in Titan FTP server versions 3.21 and below. |
| September 2, 2004 | wftpdDoS.c | Yes | Proof of concept exploit for the denial of service vulnerability in WFTPD Pro Server 3.21. |
| September 1, 2004 | Courier IMAP exploit script | Yes | Proof of concept exploit for the Courier-IMAP remote format string vulnerability in versions prior to 3.0.7. |
| September 1, 2004 | torrentTraderDownloadSQLPOC.php | Yes | Proof of Concept for the TorrentTrader 'id' SQL Injection vulnerability. |
| August 31, 2004 | dLinkNetCamIPAddressSetExploit.c | No | Proof of concept exploit for the D-Link Securicam Network DCS-900 Internet Camera remote configuration vulnerability. An attacker trigger a denial of service condition. |
| August 30, 2004 | cesarftp_dos.c | No | Proof of Concept exploit Denial of Service script for the CesarFTP Buffer Overflow vulnerability. |
| August 30, 2004 | titan_hof.c | No | Proof of Concept exploit script that exploits the Titan FTP Server Remote Heap Overflow vulnerability. |
| August 30, 2004 | wftpd.c | No | Script that exploits the WFTPD Server Remote Denial of Service vulnerability. |
name=trends>Trends
- No new trends to report.
name=#viruses>Viruses/Trojans
New Viruses / Trojans
Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported during the latest three months), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trends |
face="Arial, Helvetica, sans-serif">Date |
1 | Netsky-P | Win32 Worm | Stable | March 2004 |
2 | Zafi-B | Win32 Worm | Stable | June 2004 |
3 | Netsky-Z | Win32 Worm | Increase | April 2004 |
4 | Mydoom.q | Win32 Worm | Increase | August 2004 |
5 | Netsky-B | Win32 Worm | Stable | February 2004 |
6 | Netsky-D | Win32 Worm | Decrease | March 2004 |
7 | Mydoom.m | Win32 Worm | Slight Decrease | July 2004 |
8 | Bagle-AA | Win32 Worm | Slight Decrease | April 2004 |
9 | Bagle.AI | Win32 Worm | Stable | July 2004 |
10 | MyDoom-O | Win32 Worm | Slight Decrease | July 2004 |
10 | Netsky-Q | Win32 Worm | Decrease | March 2004 |
Viruses or Trojans Considered to be a High Level of Threat
- Bagle: New variants of the Bagle virus were bulk e-mailed to Internet users. The malware arrives in e-mail with subject and email body "foto" and attachment called foto.zip that poses as a file containing photographs. This zip file contains a HTML file and an executable called foto1.exe. The executable is a dropper that, if activated, it will kill DLL files related to the updating components of various anti-virus programs and open backdoors.
The following table provides, in alphabetical order, a list of new viruses, variations of previously encountered viruses, and Trojans that have been discovered during the period covered by this bulletin. This information has been compiled from the following anti-virus vendors: Sophos, Trend Micro, Symantec, McAfee, Network Associates, Central Command, F-Secure, Kaspersky Labs, MessageLabs, Panda Software, Computer Associates, and The WildList Organization International. Users should keep anti-virus software up to date and should contact their anti-virus vendors to obtain specific information on the Trojans and Trojan variants that anti-virus software detects.
NOTE: At times, viruses and Trojans may contain names or content that may be considered offensive.
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.