Summary of Security Items from March 23 through March 29, 2006
The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.
The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.
Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.
The Risk levels are defined below:
High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.
Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.
Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.
Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.
Windows Operating Systems Only
Vendor & Software Name
Description
Common Name
CVSS
Resources
Caloris Planitia Technologies
Online Quiz System
Multiple input validation vulnerabilities have been reported in Online Quiz System that could let remote malicious users conduct Cross-Site Scripting.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published.
BlackIce PC Desktop for Windows 3.6, BlackICE PC Protection consumer edition, BlackICE Server Protection consumer edition, BlackICE Agent for Server corporate edition, RealSecure Desktop 3.6, corporate 7.0
A vulnerability has been reported in multiple Internet Security Systems products, help dialog privilege error, that could let local malicious users obtain elevated privileges or execute arbitrary code.
Multiple buffer overflow vulnerabilities have been reported in the .NET Framework SDK, ildasm DLL disassembly and MSIL tools, that could let remote malicious users cause a Denial of Service, execute arbitrary code, or obtain unauthorized access.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script, BufferOverFlowInILASM
andILDASM.zip, has been published.
Microsoft .NET Framework SDK Multiple Vulnerabilities
Security Tracker, Alert ID: 1015823, March 23, 3006
Pablo Software Solutions
Baby ASP Web Server 1.5, 2.7.2
Quick 'n Easy Web Server 3.0.6, 3.1
A vulnerability has been reported in Baby ASP Web Server and Quick 'n Easy Web Server that could let remote malicious users disclose information, ASP source code.
RealPlayer 8, 10, 10.0.6, 10.5, RealOne Player, and RealPlayer Enterprise
A buffer overflow vulnerability has been reported in RealPlayer, Mimio Broadcast file processing, that could let remote malicious users execute arbitrary code.
Security Tracker, Alert ID: 1015810, March 24, 2006
Sheer Vision Technologies
SweetSuite .NET CMS 2.1
An input validation vulnerability has been reported in SweetSuite.NET CMS, 'search.aspx', that could let remote malicious users conduct Cross-Site Scripting.
No workaround or patch available at time of publishing.
A Directory Traversal vulnerability has been reported in 'siteman.php3' due to insufficient sanitization of the 'F' parameter before using to create, edit, or view files, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through use of a web client.
Cross-Site Scripting vulnerabilities have been reported in 'bol.cgi' due to insufficient sanitization of the 'file' and 'function' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploits have been published.
Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'mb.cgi' due to insufficient sanitization of the 'name,' 'subject,' and 'message' parameters when posting a message, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'mb.cgi' due to insufficient sanitization of the 'topicnumber' and 'threadnumber' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through use of a web client.
Cholod Mysql based message board Cross-Site Scripting & SQL Injection
A buffer overflow vulnerability has been reported due to insufficient bounds checks on user-supplied data before using in a finite sized buffer, which could let a local/remote malicious user execute arbitrary code.
A vulnerability has been reported in multiple Debian GNU/Linux packages due to a flaw in the build system that results in insecure RUNPATHs being included in certain binaries, which could let a malicious user execute arbitrary code.
Debian GNU/Linux has released fixed builds of the following package:
Cross-Site Scripting vulnerabilities have been reported in 'dedicated_order.php' due to insufficient sanitization of the 'dedicatedPlanID' parameter, in 'shared_order.php' due to insufficient sanitization of the 'sharedPlanID' parameter, in 'customers/server_
management.php' due to insufficient sanitization of the 'plan_id' parameter, and in 'customers/forgotpass.php' due to insufficient sanitization of the 'customerEmailAddress' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerabilities may be exploited with a web client; however, Proof of Concept exploits have been published.
A vulnerability has been reported in the EAP-MSCHAPv2 state machine due to an error, which could let a malicious user bypass authentication and cause a Denial of Service.
SUSE Security Announcement, SUSE-SA:2006:019, March 28, 2006
Free
RADIUS
FreeRADIUS 1.0.4, 1.0.3
Multiple buffer overflow vulnerabilities have been reported in 'RLM_SQLCounter' due to insufficient bounds checking on user-supplied input, which could let a remote malicious user cause a Denial of Service.
An SQL injection vulnerability has been reported in 'RLM_SQLCounter' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
Gentoo Linux Security Advisory, GLSA 200603-26, March 29, 2006
Gentoo
Linux 1.4 _rc1-rc3, 1.4, 1.2, 1.1 a, 0.7, 0.5
Several vulnerabilities have been reported due to NetHack, SlashEM, and Falcon's Eye games being incompatible with the system used for managing games on Gentoo Linux, which could let a malicious user obtain elevated privileges.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for these vulnerabilities.
A vulnerability has been reported in the delegate code that is used by various ImageMagick utilities when handling an image filename due to an error, which could let a remote malicious user execute arbitrary commands; and a format string vulnerability has been reported when handling filenames received via command line arguments, which could let a remote malicious user execute arbitrary code.
Ubuntu Security Notice, USN-246-1, January 24, 2006
Debian Security Advisory,
DSA-957-1, January 26, 2006
Mandriva Security Advisory, MDKSA-2006:024, January 26, 2006
Gentoo Linux Security Advisory, GLSA 200602-06, February 13, 2006
RedHat Security Advisory, RHSA-2006:0178-4, February 14, 2006
Gentoo Linux Security Advisory, GLSA 200602-13, February 26, 2006
SGI Security Advisory, 20060301-01-U, March 8, 2006
SUSE Security Summary Report, SUSE-SR:2006:006, March 24, 2006
KisMAC
KisMAC 0.5 d4, 0.5 d, 0.2 a, 0.1 c, 0.1 b, 0.1 a, 0.12 a, 0.11 a, 0.10 a
A buffer overflow vulnerability has been reported in the 'WavePacketparse
TaggedData()' function when parsing the Cisco vendor tag for additional SSIDs in a received 802.11 management frame, which could let a remote malicious user execute arbitrary code.
An HTML injection vulnerability has been reported in the Encoded Page Link due to insufficient sanitization of user-supplied input before using it in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.
Multiple vulnerabilities have been reported due to integer overflow errors in 'libmpdemux/asfheader.c' when handling an ASF file, and in 'libmpdemux/aviheader.c' when parsing the 'indx' chunk in an AVI file, which could let a remote malicious user cause a Denial of Service and potentially compromise a system.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for these vulnerabilities.
A buffer overflow vulnerability has been reported in the 'coda_pioctl' function of the 'pioctl.c' file, which could let a malicious user cause a Denial of Service or execute arbitrary code with superuser privileges.
Security Focus, Bugtraq ID: 14967, September 28, 2005
RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005
RedHat Security Advisory, RHSA-2006:0191-9, February 1, 2006
Debian Security Advisory,
DSA-1017-1, March 23, 2006
Multiple Vendors
Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2;
KDE kpdf 0.5, KOffice 1.4.2 ; PDFTOHTML DFTOHTML 0.36
Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read
BaselineSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'DCTStream::read
ProgressiveSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'StreamPredictor::
StreamPredictor()' function in 'xpdf/Stream.cc' when using the 'numComps' value to calculate the memory size, which could let a remote malicious user potentially execute arbitrary code; and a vulnerability was reported in the 'JPXStream:
:readCodestream()' function in 'xpdf/JPXStream.cc' when using the 'nXTiles' and 'nYTiles' values from a PDF file to copy data from the file into allocated memory, which could let a remote malicious user potentially execute arbitrary code.
Fedora Update Notifications,
FEDORA-2005-1007 & 1013, October 20, 2005
Security Focus, Bugtraq ID: 15156, October 31, 2005
Ubuntu Security Notice, USN-219-1, November 22, 2005
SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005
SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005
RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006
RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006
SmoothWall Advisory, March 15, 2006
Debian Security Advisory,
DSA-1017-1, March 23, 2006
Debian Security Advisory,
DSA-1018-1, March 24, 2006
Multiple Vendors
Fast Lexical Analyzer Generator (Flex) prior to 2.5.33
A buffer overflow vulnerability has been reported in 'flex.skl' due to a boundary error, which could let a remote malicious user execute arbitrary code.
Trustix Secure Linux Security Advisory, 2006-0002, January 13, 2006
Mandriva Linux Security Advisory, MDKSA-2006:012, January 13, 2006
RedHat Security Advisory, RHSA-2006:0160-14, January 19, 2006
SGI Security Advisory, 20051201-01-U, January 20, 2006
Debian Security Advisory, DSA-950-1, January 23, 2006
Turbolinux Security Advisory, TLSA-2006-2, January 25, 2006
Gentoo Linux Security Advisory, GLSA 200601-17, January 30, 2006
Debian Security Advisories,
DSA-961-1 & 962-1, February 1, 2006
Slackware Security Advisories, SSA:2006-045-04 & SSA:2006-045-09, February 14, 2006
SGI Security Advisory, 20060201-01-U, March 14, 2006
SCO Security Advisory, SCOSA-2006.15, March 22, 2006
Multiple Vendors
Linux kernel
2.6 prior to 2.6.12.1
A vulnerability has been reported in the 'restore_sigcontext()' function due to a failure to restrict access to the 'ar.rsc' register, which could let a malicious user cause a Denial of Service or obtain elevated privileges.
SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005
RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005
RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005
Debian Security Advisories, DSA 921-1 & 922-1, December 14, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
Debian Security Advisory,
DSA-1018-1, March 24, 2006
Multiple Vendors
Linux kernel 2.4.x, 2.6.x
Vulnerabilities have been reported due to the 'sockaddr_in.sin_zero' array not being zeroed before being returned to user space programs calling certain socket functions that retrieve information about the specified socket, which could let a remote malicious user obtain sensitive information.
Vulnerability has been fixed in the 2.4 kernel branch in the CVS repositories.
An exploit script, linux_sin_zero.c, has been published.
Linux Kernel IPv4 'sockaddr_
in.sin_zero' Information Disclosure
Two vulnerabilities have been reported: a Denial of Service vulnerability was reported in the 'get_compat_timespec' function in the SPARC architecture; and a Denial of Service vulnerability was reported when single steps are performed by multiple ptrace tasks in the ia64 architecture.
Debian Security Advisory
DSA-1017-1, March 23, 2006
Multiple Vendors
Linux kernel 2.6.8-2.6.10, 2.4.21
Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'msg_control' when copying 32 bit contents, which could let a malicious user obtain root privileges and execute arbitrary code; and a vulnerability was reported in the 'raw_sendmsg()' function, which could let a malicious user obtain sensitive information or cause a Denial of Service.
Ubuntu Security Notice, USN-178-1, September 09, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005
Fedora Update Notifications,
FEDORA-2005-905 & 906, September 22, 2005
RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005
RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005
Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005
SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
Debian Security Advisory,
DSA-1017-1, March 23, 2006
Multiple Vendors
Linux kernel 2.6-2.6.12 .1
A vulnerability has been reported due to insufficient authorization before accessing a privileged function, which could let a malicious user bypass IPSEC policies.
Ubuntu Security Notice, USN-169-1, August 19, 2005
Security Focus, Bugtraq ID 14609, August 19, 2005
Security Focus, Bugtraq ID 14609, August 25, 2005
SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005
RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005
RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005
Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
Debian Security Advisory,
DSA-1017-1, March 23, 2006
Debian Security Advisory,
DSA-1018-1, March 24, 2006
Multiple Vendors
Linux kernel 2.6-2.6.13.1
A Denial of Service vulnerability has been reported due to an omitted call to the 'sockfd_put()' function in the 32-bit compatible 'routing_ioctl()' function.
Security Tracker Alert ID: 1014944, September 21, 2005
Ubuntu Security Notice, USN-187-1, September 25, 2005
Mandriva Linux Security Advisories, MDKSA-2005:218, 219, 220, November 30, 2005
SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005
SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006
RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006
Debian Security Advisory,
DSA-1017-1, March 23, 2006
Multiple Vendors
Linux kernel 2.6-2.6.14
Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to a memory leak in '/security/keys/request_
key_auth.c;' a Denial of Service vulnerability was reported due to a memory leak in '/fs/namei.c' when the 'CONFIG_AUDITSYSCALL' option is enabled; and a vulnerability was reported because the orinoco wireless driver fails to pad data packets with zeroes when increasing the length, which could let a malicious user obtain sensitive information.
Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005
Fedora Update Notifications,
FEDORA-2005-1013, October 20, 2005
RedHat Security Advisory, RHSA-2005:808-14, October 27, 2005
Ubuntu Security Notice, USN-219-1, November 22, 2005
Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005
SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005
SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006
RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006
Debian Security Advisory,
DSA-1017-1, March 23, 2006
Multiple Vendors
Linux kernel 2.6-2.6.14
Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in 'mm/mempolicy.c' when handling the policy system call; a remote Denial of Service vulnerability was reported in 'net/ipv4/fib_
frontend.c' when validating the header and payload of fib_lookup netlink messages; an off-by-one buffer overflow vulnerability was reported in 'kernel/sysctl.c,' which could let a malicious user cause a Denial of Service and potentially execute arbitrary code; and a buffer overflow vulnerability was reported in the DVB (Digital Video Broadcasting) driver subsystem, which could let a malicious user cause a Denial of Service or potentially execute arbitrary code.
SUSE Security Announcement, SUSE-SA:2006:006, February 9, 2006
SUSE Security Announcement, SUSE-SA:2006:012, February 27, 2006
Debian Security Advisory,
DSA-1017-1, March 23, 2006
Multiple Vendors
Linux kernel 2.6-2.6.14
A Denial of Service vulnerability has been in 'sysctl.c' due to an error when handling the un-registration of interfaces in '/proc/sys/net/ipv4/conf/.'
Ubuntu Security Notice, USN-219-1, November 22, 2005
RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006
RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006
RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006
Debian Security Advisory,
DSA-1017-1, March 23, 2006
Debian Security Advisory,
DSA-1018-1, March 24, 2006
Multiple Vendors
Linux kernel 2.6-2.6.14
Several vulnerabilities have been reported: a Denial of Service vulnerability was reported when handling asynchronous USB access via usbdevio; and a Denial of Service vulnerability was reported in the 'ipt_recent.c' netfilter module due to an error in jiffies comparison.
RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005
Ubuntu Security Notice, USN-219-1, November 22, 2005
Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005
SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005
SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
Debian Security Advisory,
DSA-1017-1, March 23, 2006
Multiple Vendors
Linux Kernel 2.6-2.6.14
Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in the 'sys_set_mempolicy' function when a malicious user submits a negative first argument; a Denial of Service vulnerability was reported when threads are sharing memory mapping via 'CLONE_VM'; a Denial of Service vulnerability was reported in 'fs/exec.c' when one thread is tracing another thread that shares the same memory map; a Denial of Service vulnerability was reported in 'mm/ioremap.c' when performing a lookup of a non-existent page; a Denial of Service vulnerability was reported in the HFS and HFS+ (hfsplus) modules; and a remote Denial of Service vulnerability was reported due to a race condition in 'ebtables.c' when running on a SMP system that is operating under a heavy load.
A vulnerability has been reported due to the way console keyboard mapping is handled, which could let a malicious user modify the console keymap to include scripted macro commands.
Security Focus, Bugtraq ID: 15122, October 17, 2005
Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005
Fedora Update Notification,
FEDORA-2005-1138, December 13, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
SmoothWall Advisory, March 15, 2006
Debian Security Advisory,
DSA-1017-1, March 23, 2006
Debian Security Advisory,
DSA-1018-1, March 24, 2006
Multiple Vendors
Linux kernel 2.6-2.6.14; SuSE Linux Professional 10.0 OSS, Linux Personal 10.0 OSS;
RedHat Fedora Core4
A Denial of Service vulnerability has been reported in 'ptrace.c' when 'CLONE_THREAD' is used due to a missing check of the thread's group ID when trying to determine whether the process is attempting to attach to itself.
Fedora Update Notification,
FEDORA-2005-1104, November 28, 2005
SuSE Security Announcement, SUSE-SA:2005:067, December 6, 2005
SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005
Mandriva Security Advisory, MDKSA-2006:018, January 20, 2006
Debian Security Advisory,
DSA-1017-1, March 23, 2006
Debian Security Advisory,
DSA-1018-1, March 24, 2006
Multiple Vendors
Linux kernel 2.6-2.6.15
A Denial of Service vulnerability has been reported in the 'time_out_leases()' function because 'printk()' can consume large amounts of kernel log space.
Security Focus, Bugtraq ID: 16284, January 17, 2006
RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006
Ubuntu Security Notice, USN-244-1, January 18, 2006
SUSE Security Announcement, SUSE-SA:2006:006, February 9, 2006
SUSE Security Announcement, SUSE-SA:2006:012, February 27, 2006
Debian Security Advisory,
DSA-1017-1, March 23, 2006
Multiple Vendors
RealOne Helix Player 1.x,
RealOne Player v1, v2,
RealPlayer 10.x, 8,
RealPlayer Enterprise 1.x;Gentoo Linux; SuSE Novell Linux Desktop 9.0, Linux Professional 10.0 OSS, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, Linux Personal 10.0 OSS, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2
Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported in the handling of the 'chunked' Transfer-Encoding method due to a boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability was reported when processing SWF files due to a boundary error, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to the incorrect use of the 'CreateProcess()' API when executing other programs, which could let a remote malicious user execute arbitrary code.
Security Focus, Bugtraq ID: 16283, January 17, 2006
RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006
Ubuntu Security Notice, USN-244-1, January 18, 2006
SUSE Security Announcement, SUSE-SA:2006:006, February 9, 2006
SUSE Security Announcement, SUSE-SA:2006:012, February 27, 2006
Debian Security Advisory,
DSA-1017-1, March 23, 2006
Multiple Vendors
Rolo Rolo 011;
LibVC LibVC 003
A buffer overflow vulnerability has been reported in the 'count_vcards' function in 'vc.c' when reading lines from an input vcard (.vcf) file, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Ubuntu Security Notice, USN-244-1 January 18, 2006
Mandriva Security Advisory, MDKSA-2006:044, February 21, 2006
Debian Security Advisory,
DSA-1017-1, March 23, 2006
Multiple Vendors
Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6.10, rc2, 2.6.8, rc1
A remote Denial of Service vulnerability has been reported in the kernel driver for compressed ISO file systems when attempting to mount a malicious compressed ISO image.
Multiple format string vulnerabilities have been reported: a vulnerability was reported when vCard information is attached to an email message, which could let a remote malicious user execute arbitrary code; a vulnerability was reported when specially crafted contact data that has been retrieved from an LDAP server is displayed, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported when specially crafted task list data that has been retrieved from remote servers and the data has been saved under the 'Calendars' tab is displayed, which could let a remote malicious user execute arbitrary code.
Security Focus, Bugtraq ID: 14790, September 9, 2005
Ubuntu Security Notice, USN-178-1, September 09, 2005
Mandriva Linux Security Advisories, MDKSA-2005:218, 219, & 220, November 30, 2005
SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006
Debian Security Advisory,
DSA-1017-1, March 23, 2006
Multiple Vendors
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6-2.6.15
A vulnerability has been reported in the 'cm-crypt' driver due to a failure to clear memory, which could let a malicious user obtain sensitive information.
Trustix Secure Linux Security Advisory, #2005-0038, July 29, 2005
Gentoo Linux Security Advisory, GLSA 200508-04, August 5, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:133, August 10, 2005
Ubuntu Security Notice, USN-164-1, August 11, 2005
Fedora Update Notifications,
FEDORA-2005-727 & 728, August 17, 2005
SUSE Security Summary Report, SUSE-SR:2005:019, August 22, 2005
RedHat Security Advisory, RHSA-2005:743-08, August 22, 2005
SGI Security Advisory, 20050901-01-U, September 7, 2005
Conectiva Linux Announcement, CLSA-2005:1007, September 13, 2005
Turbolinux Security Advisory, TLSA-2005-90, September 20, 2005
Fedora Update Notification,
FEDORA-2005-000, January 5, 2006
Fedora Update Notification,
FEDORA-2006-112, February 16, 2006
Debian Security Advisory,
DSA-1021-1, March 28, 2006
Rahul Dhesi
Zoo 2.10
A buffer overflow vulnerability has been reported in the 'fullpath()' in 'misc.c' due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code.
Security Tracker Alert ID: 1015668, February 23, 2006
SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006
Gentoo Linux Security Advisory, GLSA 200603-05, March 6, 2006
Debian Security Advisory, DSA 991-1, March 10, 2006
SUSE Security Summary Report, SUSE-SR:2006:006, March 24, 2006
Sendmail Consortium
Sendmail prior to 8.13.6
A vulnerability has been reported due to a race condition caused by the improper handling of
asynchronous signals, which could let a remote malicious user execute arbitrary code.
RedHat Security Advisories, RHSA-2006:0264-8 & RHSA-2006:0265-9, March 22, 2006
Sun(sm) Alert Notification
Sun Alert ID: 102262, March 24, 2006
Gentoo Linux Security Advisory, GLSA 200603-21, March 22, 2006
SUSE Security Announcement, SUSE-SA:2006:017, March 22, 2006
FreeBSD Security Advisory, FreeBSD-SA-06:13, March 22, 2006
Slackware Security Advisory, SSA:2006-081-01, March 22, 2006
Avaya Security Advisory, ASA-2006-074, March 24, 2006
Debian Security Advisory,
DSA-1015-1, March 24, 2006
HP Security Bulletin,
HPSBUX02108, March 27, 2006
NetBSD Security Advisory, /NetBSD-SA2006-010, March 28, 2006
Source
workshop
Newsletter 1.0
An SQL injection vulnerability has been reported in 'Newsletter.PHP' due to insufficient sanitization of the 'newsletteremail' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client.
An SQL injection vulnerability has been reported in 'vCounter.PHP' due to insufficient sanitization of the 'url' parameter using '_SERVER['REQUEST
_URI']' before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client.
A vulnerability has been reported in the 'usr/ucb/ps' command because environment variables and values of all processes are revealed to an unprivileged user.
Sun(sm) Alert Notification
Sun Alert ID: 102215, March 27, 2006
Webcheck
Webcheck prior to 1.9.6
An HTML injection vulnerability has been reported due to an input validation error in the parsing of website content when crawling websites, which could let a remote malicious user execute arbitrary HTML and script code.
Multiple Operating Systems - Windows/UNIX/Linux/Other
Vendor & Software Name
Description
Common Name
CVSS
Resources
Active
Campaign Inc.
SupportTrio 2.50.2
A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'terms' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code; and a path disclosure vulnerability has been reported in 'index.php' and 'pdf.php' when accessed with invalid input.
No workaround or patch available at time of publishing.
Vulnerability may be exploited with a web client; however, a Proof of Concept exploit has been published.
Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploits have been published.
AL-Caricatier Multiple Cross-Site Scripting
Not Available
Security Focus, Bugtraq ID: 17289, March 28, 2006
Arab Portal System
Arab Portal System 2.0
A Cross-Site Scripting vulnerability has been reported in 'online.php' and 'download.php' due to insufficient sanitization of the 'title' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
An SQL injection vulnerability has been reported in 'Print.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.
Multiple SQL injection vulnerabilities have been reported in 'adkcomment.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client.
A Cross-Site Scripting vulnerability has been reported in 'Img.php' due to insufficient sanitization of the 'i' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.
A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.
Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported in the 'SV_BroadcastPrintf()' function when handling chat messages that are sent from a client, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability was reported in the 'SV_SetupUserInfo()' function when handling a user's nickname and teamname when a player joins the server, which could let a remote malicious user execute arbitrary code; and a format string vulnerability was reported in the 'PrintString()' function when displaying text strings in the console and in the game screen, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
A buffer overflow vulnerability has been reported when parsing a URL that contains the TPTP protocol prefix 'tfpt://' due to a boundary error, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.
Gentoo Linux Security Advisory, GLSA 200603-19, March 21, 2006
Fedora Update Notification,
FEDORA-2006-189, March 21, 2006
Trustix Secure Linux Security Advisory #2006-0016, March 24, 2006
DeltaScripts
PHP Classifieds 6.20, 6.18
A Cross-Site Scripting vulnerability has been reported in 'search.php' due to insufficient sanitization of the 'searchword' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client.
Multiple SQL-injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published.
A Cross-Site Scripting vulnerability has been reported in 'Img.php' due to insufficient sanitization of the 'i' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.
Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'viewStatement.php' due to insufficient sanitization of the 'transactions_offset' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a path disclosure vulnerability was reported in 'viewPricingScheme.php' and 'editCampaign.php' because it is possible to obtain sensitive information when accessed directly.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited via a web client; however,a Proof of Concept exploit has been published.
A Cross-Site Scripting vulnerability has been reported in 'APWC_Win_Main.JSP' due to insufficient sanitization of the 'skin' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
Security Tracker Alert ID: 1015822, March 24, 2006
JJW Web Design
phpBooking
Calendar 1.0c
An SQL injection vulnerability has been reported in 'Details_View.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.
A Cross-Site Scripting vulnerability has been reported in '/MyTasks/PersonalTask
Create.asp' due to insufficient sanitization of the 'vchTaskHeader' parameter before using, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client.
Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of unspecified input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploits have been published.
Multiple input validation vulnerabilities have been reported: a vulnerability was reported due to insufficient sanitization of certain parameters in the banner delivery scripts before displayed in the admin interface, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability as reported in the login form due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
An SQL injection vulnerability has been reported in 'Sendpassword.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, PHPCollab_NetOffice
_SQLINJ.php, has been published.
A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.
SQL injection vulnerabilities have been reported in 'sub.php' and 'unsub.php' due to insufficient sanitization of the 'user_username' parameter and in 'lostpass.php,' 'sub.php,' and 'unsub.php' due to insufficient sanitization of the 'user_email' parameter, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client.
An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.
A vulnerability has been reported because the FTP server returns different error messages depending on whether a file exists outside the FTP root directory or not, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability.
A Cross-Site Scripting vulnerability has been reported in 'login.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published.
Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been published.
A vulnerability has been reported in the 'html_entity_decode()' function because it is not binary safe, which could let a remote malicious user obtain sensitive information.
The vulnerability has been fixed in the CVS repository and in version 5.1.3-RC1.
There is no exploit code required; however, a Proof of Concept exploit has been published.
Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client.
A Cross-Site Scripting vulnerability has been reported in 'searchresult.php' due to insufficient sanitization of the 'search_term' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client.
Several vulnerabilities have been reported: a vulnerability was reported due to insufficient of the session ID in the session extension before returning to the user, which could let a remote malicious user inject arbitrary HTTP headers; a format string vulnerability was reported in the 'mysqli' extension when processing error messages, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to insufficient sanitization of unspecified input that is passed under certain error conditions, which could let a remote malicious user execute arbitrary HTML and script code.
Mandriva Security Advisory, MDKSA-2006:028, February 1, 2006
Ubuntu Security Notice, USN-261-1, March 10, 2006
Gentoo Linux Security Advisory, GLSA 200603-22, March 22, 2006
PHP Script Index
PHP Script Index 0
A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'search' parameter before returning to the use, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited with a web browser.
PHP Script Index Cross-Site Scripting
Not Available
Security Focus, Bugtraq ID: 17297, March 29, 2006
PHP Ticket
PHP Ticket 0.6, 0.5, 0.71
An SQL injection vulnerability has been reported in 'search.php' due to insufficient sanitization of the 'frm_search_in' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, phpticket.pl, has been published.
Cross-Site Scripting vulnerabilities have been reported in 'mod.php' and 'mod_print.php' due to insufficient sanitization of the 'fs' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through use of a web client; however, Proof of Concept exploits have been published.
An SQL injection vulnerability has been reported in 'sendpassword.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, PHPCollab_NetOffice
_SQLINJ.php, has been published.
A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
An SQL injection vulnerability has been reported in 'people.php' due to insufficient sanitization of the 'person' parameter and in 'passthru.php' due to insufficient sanitization of the 'pwdUser' parameter, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.
A Cross-Site Scripting vulnerability has been reported in 'track.php' due to insufficient sanitization of the 'name' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.
SQL injection vulnerabilities have been reported in '/admin/index.php' due to insufficient sanitization of the 'user' and 'pass' parameters and in 'index.php' due to insufficient sanitization of the 'date' parameter before using in an SQL query, which could let a remote malicious execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published.
An HTML injection vulnerability has been reported in 'guestbook.php' due to insufficient sanitization of the 'g_message' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through use of a web client.
SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client.
PHPNewsManager Multiple SQL Injection
Not Available
Security Focus, Bugtraq ID: 17301, March 29, 2006
Tachyon
decay.net
VSNS Lemon 3.2
Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'name' parameter when adding a comment, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported in 'functions/final_
functions.php' due to insufficient authentication, which could let a remote malicious user bypass authentication; and an SQL injection vulnerability was reported in 'functions/final_
functions.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client.
Tachyondecay VSNS Lemon Multiple Vulnerabilities
Not Available
Secunia Advisory: SA19420, March 28, 2006
TFT Gallery
TFT Gallery 0.10
A vulnerability has been reported because user credentials are stored in the 'admin/passwd' file inside the web root, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script, tftgallery_0.10_
exploit.pl, has been published.
TFT Gallery Administrator Password Information Disclosure
An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client.
Several vulnerabilities have been reported: a vulnerability was reported in the 'rdiff' and 'preview' scripts because it is possible to view restricted content; and a remote Denial of Service vulnerability was reported due to an error in the handling of circular references for the '%INCLUDE' statement.
Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
A file include vulnerability has been reported in 'ImpExData.php' due to insufficient verification of the 'systempath' parameter before using to include files, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, vBulletin-ImpEx-rfi.php, has been published.
Multiple buffer overflow vulnerabilities have been reported in the volume manager (vmd) daemon, the NetBackup Catalog (bpdbm) daemon, and the NetBackup Sharepoint Services server (bpspsserver) daemon due to boundary errors, which could let a remote malicious user execute arbitrary code.
Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and a Directory Traversal has been reported in 'index.php' which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.
A file include vulnerability has been reported in 'include/functions
_install.PHP' due to insufficient verification if the 'vwar_root' parameter before using to include files, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, VWar_1.5.0_RCE.php, has been published.
A vulnerability has been reported in the 'skin2' cookie due to insufficient sanitization in cookies before using them in includes, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
An exploit script, webalbum.php, has been published.
A heap-based buffer overflow vulnerability has been reported when handling PDF splash images with overly large dimensions, which could let a remote malicious user execute arbitrary code.
This section contains wireless vulnerabilities, articles, and malicious code
that has been identified during the current reporting period.
Bluetooth Gets a Major Speed Boost: Transmission speed will increase in the Bluetooth wireless standard used in cell phones and other small devices, broadening its scope to enable high-definition video and files for digital music players like the iPod.
The industry group behind Bluetooth said that it would boost transfer speeds in the next few years by incorporating a new radio technology, known as ultra-wideband, or UWB.
TSP Phishing Scams: US-CERT continues to receive reports of phishing scams that target online users and Federal government web sites. Specifically, sites that provide online benefits are being targeted. Recently, the phishing scam targeted the Thrift Savings Plan (TSP), a retirement savings plan for United States government employees and members of the uniformed services. For more information please see Thrift Savings Plan (TSP) at URL: http://www.tsp.gov/
Profiting From ID Theft: Identity theft has become the fastest-growing crime in the United States, with about 9 million victims in 2005.
Top Execs Insist Too Little Is Spent On IT: Survey: According to a survey commissioned by Managed Objects, almost half of senior corporate executives believe their companies are spending too little on IT this year. Interviews with 230 U.S. executives showed that 46 percent believed their companies weren't spending enough on IT, compared to 10 percent who said too much was being spent and 44 percent who said spending was just about right.
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
Rank
Common Name
Type of Code
Trend
Date
Description
1
Netsky-P
Win32 Worm
Stable
March 2004
A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folder.
2
Zafi-B
Win32 Worm
Stable
June 2004
A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.
3
Lovgate.w
Win32 Worm
Stable
April 2004
A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
4
Mytob-GH
Win32 Worm
Stable
November 2005
A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address.
5
Netsky-D
Win32 Worm
Stable
March 2004
A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
6
Mytob-AS
Win32 Worm
Stable
June 2005
A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.
7
Sober-Z
Win32 Worm
Stable
December 2005
This worm travels as an email attachment, forging the senders address, harvesting addresses from infected machines, and using its own mail engine. It further download code from the internet, installs into the registry, and reduces overall system security.
8
Mytob.C
Win32 Worm
Stable
March 2004
A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
9
Zafi-D
Win32 Worm
Stable
December 2004
A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.
10
Mytob-BE
Win32 Worm
Stable
June 2005
A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data.