Virus Warnings from October 2000
______________________________________________________________
[Jump to Amiga] [Jump to Windows] [Jump to Mac]
[Jump to Linux] [Jump to Misc]
______________________________________________________________
Amiga
No virus warnings or alerts
Top of Page
Windows
Date: October 31, 2000
Released: October 30, 2000
Platform:
Warning About: Sonic: Self-Updating Internet Worm
Report From: Kaspersky Lab Virus Alerts and F-Secure
* Release Note: Yet another self-updating internet worm has been
discovered "in the wild". Moscow, Russia, October 30, 2000
Kaspersky Lab, an international anti-virus software-development
company, warns users of the discovery of Sonic, a new Internet
worm. This worm was discovered in France and Germany in the
morning on 30 October 2000. A distinctive feature of this
malicious program is its ability to update itself (this means, to
automatically download additional functional components) via the
Internet. The worm consists of two parts: the loader and the main
module.
* Click here for Kaspersky Lab Report on Sonic
* Click here for F-Secure report on Sonic
Date: October 31, 2000 * Updated from 27-Oct-2000
Released: October 30, 2000
Platform: Win32 systems
Warning About: Qaz Network Worm
Report From: F-Secure
* Release Note: This is network worm with backdoor capabilities,
which spreads itself under Win32 systems. The worm was reported
in-the-wild in July-August, 2000. The worm itself is Win32
executable file and about 120K long, written in MS Visual C++.
When an infected file is executed, the worm registers itself in
Windows registry in auto-start section.
* Click here for Report on Qaz Worm
Date: October 29, 2000
Released: October 17, 2000
Platform: Windows 95, Windows 98 and Windows ME
Warning About: SubSeven DEFCON8 2.1 Backdoor Trojan
Report From: NIPC
* Release Note: A new variant of the SubSeven Trojan Horse has been
discovered in the wild. This malicious computer code could
constitute a new threat of distributed denial of service (DDoS)
attacks. DDoS attacks were responsible for serious disruptions of
several major e-commerce web sites in February 2000. The NIPC and
industry partners believe that this new variant may be used to
conduct further DDoS attacks which may be more difficult to detect.
* Click here for NIPC Advisory 00-056
Date: October 29, 2000
Released: October 24, 2000
Platform: MS Word97/2000 documents
Warning About: W97M/Onex.F Macro Virus
Report From: Network Associates
* Release Note: This is a class module macro virus for Word97/2000
documents and templates. This virus will lower macro warnings for
Word. This virus contains a file deletion payload which is rarely
invoked. This virus has a 1 in 5 chance of running the routine
which deletes files from the TEMP folder. Read the complete report
for method of infection removal instructions.
* Click here for Report on W97M/Onex.F Macro Virus
Date: October 29, 2000
Released: October 18, 2000
Platform: MS Outlook Express
Warning About: VBS/Tam@M Internet VBScript Worm
Report From: Network Associates
* Release Note: This worm functions much the same way that
JS/Kak.worm does. AVERT recommends installing the security patch
from Microsoft mentioned in NAI's report. Like JS/Kak.worm, a
dangerous aspect of this Internet worm is its ability to
continuously re-infect yourself if the preview pane is enabled and
you browse between folders specifically the "sent" folder which
happens to contain the Internet worm within a message. This is
another strong reason to update to the security patch. Read the
complete report for method of infection removal instructions.
* Click here for Report on VBS/Tam@M VBScript Worm
Date: October 29, 2000
Released: October 18, 2000
Platform: MS Outlook Express
Warning About: VBS/Godzilla@M Internet VBScript Worm
Report From: Network Associates
* Release Note: This worm functions much the same way that
JS/Kak.worm does. AVERT recommends installing the security patch
from Microsoft mentioned in NAI's report. Like JS/Kak.worm, a
dangerous aspect of this Internet worm is its ability to
continuously re-infect yourself if the preview pane is enabled and
you browse between folders specifically the "sent" folder which
happens to contain the Internet worm within a message. This is
another strong reason to update to the security patch. Read the
complete report for method of infection removal instructions.
* Click here for Report on VBS/Godzilla@M Worm
Date: October 29, 2000
Released: October 19, 2000
Platform: Microsoft Windows
Warning About: PWS.Cain Trojan
Report From: Network Associates
* Release Note: This password stealing trojan is designed to retrieve
Windows, Microsoft Network, Windows screen saver, Windows shares,
and Access database passwords. Later versions also have a server
component named "Abel" which allows the attacker to perform the
some remote tasks. Read the complete report for method of infection
removal instructions.
* Click here for Report on PWS.Cain Trojan
Date: October 29, 2000
Released: October 25, 2000
Platform: Microsoft Virtual Machine (Microsoft VM)
Patch Available: VM File Reading Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability in the Microsoft virtual machine (Microsoft
VM) that originally was discussed in Microsoft Security Bulletin
MS00-011. Like the original vulnerability, the new variant could
enable a malicious web site operator to read files from the computer
of a person who visited his site or read web content from inside
an intranet if the malicious site was visited by a computer from
within that intranet.
* Click here for MS Security Bulletin MS00-081
Date: October 29, 2000
Released: October 23, 2000
Platform: Microsoft Internet Information Server
Patch Available: Session ID Cookie Marking Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability in Microsoft. Internet Information Server.
The vulnerability could allow a malicious user to hijack another
users secure web session, under a very restricted set of
circumstances.
* Click here for MS Security Bulletin MS00-080
Date: October 29, 2000
Released: October 18, 2000
Platform: Several Microsoft Operating Systems
Patch Available: HyperTerminal Buffer Overflow Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability in the HyperTerminal application that ships
with several Microsoft operating systems. This vulnerability could,
under certain circumstances, allow a malicious user to execute
arbitrary code on another users system.
* Click here for MS Security Bulletin MS00-079
Top of Page
Date: October 29, 2000
Released: October 17, 2000
Platform: Microsoft IIS 4.0 and 5.0
Patch Available: Web Server Folder Traversal Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has identified a security vulnerability
in Microsoft IIS 4.0 and 5.0 that is eliminated by a previously-
released patch. The vulnerability could potentially allow a visitor
to a web site to take a wide range of destructive actions against
it, including running programs on it.
There is not a new patch for this vulnerability. Instead, it is
eliminated by the patch that accompanied Microsoft Security Bulletin
MS00-057.
* Click here for MS Security Bulletin MS00-078
Date: October 29, 2000
Released: October 13, 2000
Platform: Windows 2000 / Windows NT 4.0
Patch Available: NetMeeting Desktop Sharing Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability in NetMeeting, an application that ships
with Microsoft Windows 2000 and is also available as a separate
download for Windows NT 4.0. The vulnerability could allow a
malicious user to temporarily prevent an affected machine from
providing any NetMeeting services and possibly consume 100 percent
CPU utilization during an attack.
* Click here for MS Security Bulletin MS00-077
Date: October 29, 2000
Released: October 12, 2000
Platform: Microsoft Internet Explorer
Patch Available: Cached Web Credentials Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates
a security vulnerability in Microsoft. Internet Explorer. Under
a daunting set of conditions, the vulnerability could enable a
malicious user to obtain another users userid and password to
a web site.
* Click here for MS Security Bulletin MS00-076
Date: October 29, 2000
Released: October 12, 2000
Platform: Microsoft VM
Patch Available: Microsoft VM ActiveX Component
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability in Microsoft. virtual machine (Microsoft
VM). If a malicious web site operator were able to coax a user
into visiting his site, the vulnerability could allow him to
take any desired action on a visiting users machine.
* Click here for MS Security Bulletin MS00-075
Date: October 29, 2000
Released: October 27, 2000
Platform: Win32 systems
Warning About: Qaz Network Worm
Report From: F-Secure
* Release Note: This is network worm with backdoor capabilities,
which spreads itself under Win32 systems. The worm was reported
in-the-wild in July-August, 2000. The worm itself is Win32
executable file and about 120K long, written in MS Visual C++.
When an infected file is executed, the worm registers itself in
Windows registry in auto-start section.
* Click here for Report on Qaz Worm
Date: October 29, 2000
Released: October 26, 2000
Platform: French version of Windows 9x
Warning About: VBS/Tam VBScript Worm
Report From: F-Secure
* Release Note: VBS/Tam is a worm similar to JS/Kak. It uses the
same security vulnerability to infect the system. If an infected
message is viewed, the worm creates a file, "tam.hta", to the
startup directory of French version of Windows 9x.
Microsoft has released a patch that fixes this vulnerability.
It is available on Security Bulletin MS99-032
* Click here for Report on VBS/Tam
Date: October 29, 2000
Released: October 25, 2000
Platform: MS Windows
Warning About: LoveLetter VBScript Worm
Report From: F-Secure
* Release Note: VBS/LoveLetter is a VBScript worm. It spreads
through e-mail as a chain letter. The worm uses the Outlook
e-mail application to spread. LoveLetter is also an overwriting
VBS virus and it spreads using a mIRC client as well. Visit
F-Secure to find out how to protect yourself against VBScript
worms.
* Click here for Report on LoveLetter VBScript Worm
Date: October 29, 2000
Released: October 23, 2000
Platform: MS Windows
Warning About: Seeker Trojan
Report From: F-Secure
* Release Note: This trojan uses the same vulnerability that JS/Kak
and VBS/BubbleBoy to drop itself to the Windows Startup directory.
This trojan consists of three different parts: one HTML web page,
and two hta files. The web page is available in an adult site, and
it affects Internet Explorer users. Visit F-Secure and follow the
link for the patch to protect yourself against the vulnerability
that this trojan use.
* Click here for Report on Seeker Trojan
Top of Page
Date: October 29, 2000
Released: October 23, 2000
Platform: MS Windows
Warning About: LoveLetter.AJ VBScript Worm
Report From: F-Secure
* Release Note: This LoveLetter variant simulates a hoax message.
It shows a combination of three common hoaxes that are circulating
in the Internet. Information about the original VBS/LoveLetter.A
is available at: http://www.F-Secure.com/v-descs/love.htm
* Click here for Report on LoveLetter.AJ
Date: October 29, 2000
Released: October 23, 2000
Platform: MS Windows
Warning About: LoveLetter.BD VBScript Worm
Report From: F-Secure
* Release Note: This Loveletter variant was found on August 16,
2000. When the virus activates it first run Notepad and shows a
text in German. The virus sends a hidden message to all recipients
in Outlook's address book. Read F-Secures report for full
description.
* Click here for Report on LoveLetter.BD
Date: October 29, 2000
Released: October 23, 2000
Platform: MS Windows
Warning About: LoveLetter.BG VBScript Worm
Report From: F-Secure
* Release Note: The variant is similar to the original LoveLetter.A
Read F-Secures report for full description.
* Click here for Report on LoveLetter.BG
Date: October 29, 2000
Released: October 23, 2000
Platform: MS Windows
Warning About: LoveLetter.BL VBScript Worm
Report From: F-Secure
* Release Note: VBS/LoveLetter.BL spreads in email messages
Then it sends itself to all recipients listed on all Outlook
address books.
* Click here for Report on LoveLetter.BL
Date: October 12, 2000
Released: October 11, 2000
Platform: MS WebTV for Windows
Patch Available: WebTV for Windows Denial of Service
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability in Microsoft. WebTV for Windows. The
vulnerability could allow a malicious user to remotely crash
systems running WebTV for Windows.
* Click here for MS Security Bulletin MS00-074
Date: October 12, 2000
Released: October 11, 2000
Platform: MS Windows 95/98, 98 Second Edition and Windows Me.
Patch Available: Malformed IPX NMPI Packet
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability in Microsoft. Windows 95, Windows 98, 98
Second Edition and Windows Me. The vulnerability could be used to
cause an affected system to fail, and depending on the number of
affected machines on a network, potentially could be used to flood
the network with superfluous data. The affected system component
normally is present only if it has been deliberately installed.
* Click here for MS Security Bulletin MS00-073
Date: October 12, 2000
Released: October 10, 2000
Platform: MS Windows 95, 98, 98SE, and Windows Me
Patch Available: Share Level Password Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability in Microsoft. Windows 95, 98, 98SE, and
Windows Me. The vulnerability could allow a malicious user to
programmatically access a Windows 9x/ME file share without
knowing the entire password assigned to that share.
* Click here for MS Security Bulletin MS00-072
Date: October 12, 2000
Released: October 05, 2000
Platform: MS Word 2000 and 97
Patch Available: Word Mail Merge Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability in Microsoft. Word 2000 and 97. The
vulnerability could allow a malicious user to run arbitrary code
on a victims computer without their approval.
* Click here for MS Security Bulletin MS00-071
Date: October 12, 2000
Released: October 11, 2000
Platform: PC Windows System
Warning About: Logo, Logo.A Trojan
Report From: F-Secure
* Release Note: This trojan has been found to be embedded into web
based discussion groups. It uses the scriplet.typelib vulnerability.
Once the user has visited in a web page that contains the trojan,
it installs itself to the Windows startup directory as "logo.hta".
After that it will be executed when the system is restarted.
* Click here for Report on Logo, Logo.A Trojan
Top of Page
Date: October 12, 2000
Released: October 11, 2000
Platform: PC Windows System
Warning About: LoveLetter.AS
Report From: F-Secure
* Release Note: VBS/LoveLetter.AS spreads in messages. When the worm
is executed, it replaces all files from every drive in the same way
the VBS/LoveLetter.A virus does. The worm also copies itself to
Windows System directory as "linux32.vbs". This file is added to
the registry and executed in every system startup. This variant has
an additional payload. It activates in September 17th.
* Click here for Report on LoveLetter.AS
Date: October 12, 2000
Released: October 05, 2000
Platform: MS Internet Explorer 5.5 Outlook and Outlook Express
Warning About: Security hole could be exploited by vandals
Report From: AISS
* Release Note: Discovered by known exploit hunter, Georgi Guninski,
a new security hole can allow hackers to infect PCs with Vandals,
Trojans, and other malicious code.
* Click here for Latest AISS Virus/Vandal Alerts
Date: October 12, 2000
Released: October 11, 2000
Platform: PC
Warning About: VBS/Godzilla.worm
Report From: NAI
* Release Note: NAI has issued an updated virus alert
* Click here for NAI Update on VBS/Godzilla.worm
Date: October 12, 2000
Released: October 10, 2000 * Updated From Sept 9th
Platform: PC
Warning About: W97M/Pene.b
Report From: NAI
* Release Note: NAI has issued an updated virus alert
* Click here for NAI Update on W97M/Pene.b
Date: October 06, 2000
Released: October 03, 2000
Platform: Microsoft Windows 98/95/NT 4.0/NT 2000
Warning About: Pegasus Email File Forwarding Vulnerability
Report From: Security Focus
* Release Note: It is possible for a malicious website operator to
obtain copies of known files on a remote system if a website
visitor is running Pegasus Mail client.
* Click here for Pegasus Email File Forwarding Vulnerability
Date: October 06, 2000
Released: October 03, 2000
Platform: Microsoft Windows 98/95/NT 4.0/NT 2000
Warning About: AOL Instant Messenger DoS Vulnerability
Report From: Security Focus
* Release Note: AOL Instant Messenger is a real time messaging
service for users that are on line. The version of AOL Instant
Messenger that is shipped with Netscape is subject to a denial
of service.
* Click here for AOL Instant Messenger DoS Vulnerability
Date: October 06, 2000
Platform: MS Windows Media Play (WMP) version 7
Warning About: Windows Media Player Can Crash Outlook
Report From: MSNBC BugNet
* Release Note: It appears that this latest version of WMP has an
unexpected effect on Rich Text Format (RTF)-enabled e-mail
applications. By attaching a malformed OCX to an e-mail message,
a malicious user can cause a victim's mail application to crash.
The impact of this bug can range from a mildly annoying restart
of the mail client to a full-blown loss of data in all unsaved
documents.
* Click here for BugNet WMP Alert
Date: October 04, 2000
Released: October 03, 2000
Platform: MS Windows NT 4.0 and Windows 2000
Patch Available: Multiple LPC and LPC Ports Vulnerabilities
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates
several security vulnerabilities in Microsoft. Windows NT 4.0
and Windows 2000. The vulnerabilities could allow a range of
effects, from denial of service attacks to, in some cases,
privilege elevation.
* Click here for MS Security Bulletin MS00-070
Date: October 01, 2000
Released: September 29, 2000
Platform: MS Windows 2000
Patch Available: Chinese IME State Recognition Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability in Windows 2000. The vulnerability could
allow a malicious user to gain complete control over an affected
machine.
* Click here for MS Security Bulletin MS00-069
Date: October 01, 2000
Released: September 28, 2000
Platform: Windows Media Player
Patch Available: OCX Attachment Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability that could cause certain email
applications to fail, requiring the user to restart the e-mail
client to resume normal operation.
* Click here for MS Security Bulletin MS00-068
Top of Page
Macintosh
No virus warnings or alerts
Top of Page
Linux
Date: October 29, 2000
Released: October 13, 2000
Platform: Certain Versions of Linux OS
Warning About: Trinity v3/ Stacheldraht 1.666 DDoS Tool
Report From: NIPC
* Release Note: New variants of the Trinity and Stacheldraht
Distributed Denial of Service (DDoS) tools have been found in
the wild. The "Trinity v3" Distributed Denial of Service (DDoS)
exploit represents a potentially serious and continuing threat to
networked computers running certain versions of the Linux operating
system.
* Click here for NIPC Advisory 00-055
Date: October 29, 2000
Reported: October 28, 2000
Platform: Conectiva
Warning About: Security Update To gnupg
Report From: Linux Daily News
* Release Note: Follow the link, for Conectiva's security update to
gnupg, which fixes the problem with the signature checking code.
* Click here for LWN Security Update To gnupg
Date: October 29, 2000
Reported: October 27, 2000
Platform: Red Hat
Warning About: Updates for Secure Web Server
Report From: Linux Daily News
* Release Note: Red Hat issued updates to the apache, php, mod_perl,
and auth_ldap packages last week in response to the Apache
mod_rewrite module vulnerabilities. This week they add an update
to the Secure Web Server 3.2.
* Click here for LWN Updates for Secure Web Server
Date: October 29, 2000
Reported: October 27, 2000
Platform: Caldera
Warning About: Update To ypbind
Report From: Linux Daily News
* Release Note: Caldera has issued their security advisory for the
recently reported ypbind DOS vulnerabilities.
* Click here for LWN Update To ypbind
Date: October 29, 2000
Reported: October 27, 2000
Platform: SuSE
Warning About: local root Vulnerability in ncurses
Report From: Linux Daily News
* Release Note: SuSE has posted a Security advisory for ncurses to
address possible local root compromise via the screen handling
functions. Users of releases 6.0 through 7.0, inclusive, are
* Click here for LWN local root Vulnerability in ncurses
Date: October 29, 2000
Reported: October 27, 2000
Platform: Slackware
Warning About: ppp-off Advisory
Report From: Linux Daily News
* Release Note: Slackware has released a security advisory for the
ppp-off program. It's a local /tmp bug and users of 7.0, 7.1 and
-current are affected.
* Click here for LWN ppp-off Advisory
Top of Page
Date: October 29, 2000
Reported: October 26, 2000
Platform: Red Hat
Warning About: cyrus-sasl Advisory
Report From: Linux Daily News
* Release Note: Red Hat has released a security advisory for the
cyrus-sasl packages shipped with Red Hat 7. Versions of cyrus-sasl
shipped with earlier Red Hat Power Tools packages do not have the
reported problem.
* Click here for LWN cyrus-sasl Advisory
Date: October 29, 2000
Reported: October 26, 2000
Platform: Immunix Apache
Warning About: Advisory for Apache
Report From: Linux Daily News
* Release Note: Following Red Hat's updates, Immunix has provided a
security advisory for Apache that addresses all of the updates
Red Hat previously covered.
* Click here for LWN Advisory for Apache
Date: October 12, 2000
Platform: Linux PHP 4.0.3
Warning About: Format string vulnerabilities in PHP
Report From: Linux Daily News
* Release Note: PHP 4.0.3 has been released; it contains a number of
fixes, including a few with security implications. It would appear
that there are a few format string vulnerabilities in that package.
There is a Bugtraq message which describes the vulnerabilities in
more detail, and points out that PHP3 is vulnerable as well. PHP
3.0.17, due out shortly, will fix that release.
* Click here for LWN Format string vulnerabilities in PHP
Date: October 12, 2000
Platform: Linux-Mandrake
Warning About: Security Update to Apache
Report From: Linux Daily News
* Release Note: MandrakeSoft has issued a security update to apache
which fixes the vulnerability in the mod_rewrite module.
* Click here for LWN Security Update to Apache
Date: October 12, 2000
Reported: October 02, 2000 * Original Release August 18, 20002000
Platform: Various Linux Distributions
Warning About: Varioius Vulnerabilities
Report From: CERT
* Release Note: Click on link for bulletins regarding
Compromises via rpc.statd Vulnerability
* Click here for CERT CA-2000-17
Widespread Exploitation of rpc.statd and wu-ftpd Vulnerabilities
* Click here for CERT IN-2000-10
Two Input Validation Problems In FTPD
* Click here for CERT CA-2000-13
Systems Compromised Through a Vulnerability in the IRIX telnet
daemon
* Click here for CERT IN-2000-09
Date: October 03, 2000 * Updated from Oct 2nd, below
Platform: GnoRPM versions prior to 0.95.1
Warning About: Patches For GnoRPM
Report From: Linux Daily News
* Release Note: Hot on the heels of the reported bug, Alan Cox has
posted fixes for the GnoRPM vulnerability noted earlier this
week. Conectiva has also posted a security announcement on this
subject.
* Click here for LWN Alan's posted fixes for GnoRPM vulnerability
* Click here for LWN Conectiva's security announcement
Top of Page
Date: October 03, 2000
Reported: October 02, 2000
Platform: GnoRPM versions prior to 0.95.1
Warning About: October 2nd GnoRPM Security Update
Report From: Linux Daily News
* Release Note: Thanks to Gnotices, we hear that a security problem
has been fixed in GnoRPM. There was a /tmp vulnerability in all
versions prior to 0.95.1 that could allow local users to do
undesirable things. An upgrade is recommended - especially since
this utility, which has not distinguished itself as one of the
most stable programs around, is said to actually work these days.
* Click here for LWN GnoRPM Security Update
Date: October 03, 2000
Reported: October 02, 2000
Platform: Linux-Mandrake
Warning About: Security Update To traceroute
Report From: Linux Daily News
* Release Note: MandrakeSoft has a security fix to traceroute.
* Click here for LWN Security Update To traceroute
Date: October 03, 2000
Reported: October 02, 2000
Platform: Linux-Mandrake
Warning About: Security Update To xinitrc
Report From: Linux Daily News
* Release Note: Linux-Mandrake 7.0 and 7.1 come with a default X
user environment that disables X connection authentication for
the local host. This mistake can expose a window system user to
keystroke sniffing and other unpleasant behavior by other users
on the same system. A security update has been issued which
fixes the problem.
* Click here for LWN Security Update To xinitrc
Date: October 03, 2000
Reported: October 02, 2000
Platform: GNU cfengine package
Warning About: Format String Problem With cfengine
Report From: Linux Daily News
* Release Note: The GNU cfengine package - a network administration
utility - has turned up some format string vulnerabilities in its
management daemon. The likely result is remote root compromises -
not quite the sort of remote management that most users had in mind.
If you're running cfengine, LWN recommends taking a look at this
advisory and upgrading to 1.6a11.
* Click here for LWN Format String Problem With GNU cfengine
Date: October 01, 2000
Reported: September 30, 2000
Platform: Conectiva Linux
Warning About: Conectiva security update to traceroute
Report From: Linux Daily News
* Release Note: Conectiva has updated traceroute. Older versions
may allow unauthorized root access, so an upgrade is recommended.
* Click here for LWN Conectiva security update to traceroute
Date: October 01, 2000
Reported: September 29, 2000
Platform: Apache Servers
Warning About: Security problem with Apache RewriteRule directive
Report From: Linux Daily News
* Release Note: An advisory has gone out regarding a vulnerability
with the Apache mod_rewrite module. If certain types of RewriteRule
directives are used, the result can be the disclosure of any file
on the system. A patch is in the works - meanwhile those of you who
maintain Apache servers should have a look at the advisory and
look for potential problems in your configurations.
* Click here for LWN Apache RewriteRule directive
Date: October 01, 2000
Reported: September 29, 2000
Platform: Caldera Linux
Warning About: Caldera security update to traceroute
Report From: Linux Daily News
* Release Note: Caldera Systems has released an update to traceroute
which fixes a memory management problem in that utility. No
exploits are known at this time, but the possibility of a local
root compromise is real, so an upgrade is recommended.
* Click here for LWN Caldera security update to traceroute
Date: October 01, 2000
Reported: September 29, 2000
Platform: LinuxPPC
Warning About: LinuxPPC security update
Report From: Linux Daily News
* Release Note: Jason Haas of LinuxPPC wrote in with an important
security notice for all versions, past and present, of that
distribution. The bug has to do with entering singler user mode
as root - without a password. Be sure to read the instructions
for fixing this that Jason provided.
* Click here for LWN LinuxPPC security update
Date: October 01, 2000
Reported: September 29, 2000
Platform: Slackware Linux
Warning About: Slackware security update to wu-ftpd
Report From: Linux Daily News
* Release Note: Slackware has released a security update to wu-ftpd
(the FTP server) which fixes an unpleasant vulnerability in that
package. An upgrade is strongly recommended.
* Click here for LWN Slackware security update to wu-ftpd
Date: October 01, 2000
Reported: September 28, 2000
Platform: Yellow Dog Linux
Warning About: Yellow Dog security updates to xpdf and glibc
Report From: Linux Daily News
* Release Note: Terra Soft continues to catch up on the security
updates for Yellow Dog Linux - the company has just announced new
versions of glibc and xpdf, which fix the vulnerabilities in
those packages.
* Click here for LWN Yellow Dog security updates to xpdf
* Click here for LWN Yellow Dog security updates to glibc
Top of Page
Miscellaneous
Date: October 29, 2000
Released: October 17, 2000
Platform: Java Applet
Warning About: JV/AntiURL Trojan
Report From: Network Associates
* Release Note: This Java Applet was designed to attack certain
websites in protest. This is a client tool ran from your PC.
It does not carry a damaging payload to the user running the
tool. Read the report to get the method of infection and
removal instructions.
* Click here for Report on JV/AntiURL Trojan
Date: October 29, 2000
Released: October 23, 2000
Platform: Allaire's JRUN Web Server
Warning About: Remote Command Execution Vulnerability
Report From: Foundstone
* Release Note: It is possible to compile and execute any arbitrary
file within the web document root directory of the JRUN's web
server as if it were a JSP file, even if the file type is not .jsp.
* Click here for Report FS Advisory ID: FS-102300-14-JRUN
Date: October 29, 2000
Released: October 23, 2000
Platform: Allaire's JRUN Web Server
Warning About: Arbitrary File Retrieval Vulnerability
Report From: Foundstone
* Release Note: Multiple show code vulnerabilities exist in Allaire's
JRUN Server 2.3 allowing an attacker to view the source code of any
file within the web document root of the web server.
* Click here for Report FS Advisory ID: FS-102300-13-JRUN
Date: October 29, 2000
Released: October 23, 2000
Platform: Allaire's JRUN Web Server
Warning About: Unauthenticated Access to WEB-INF directory
Vulnerability
Report From: Foundstone
* Release Note: A severe security flaw exists with Allaire's
JRun 3.0 allowing an attacker to access WEB-INF directories on
the JRun 3.0 server. The WEB-INF directory tree contains web
application classes, pre-compiled JSP files, server side
libraries, session information and files such as web.xml and
webapp.properties.
* Click here for Report FS Advisory ID: FS-102300-12-JRUN
Date: October 29, 2000
Released: October 24, 2000
Platform: Non-resident COM/EXE-files
Warning About: MSTU Virus
Report From: F-Secure
* Release Note: This virus contains the following text:
This program was written in MSTU,1990
MSTU is an old abbreviation for the name of the Sofia Technical
University.
* Click here for Report on MSTU
Date: October 29, 2000
Reported: October 25, 2000
Platform: Various
Warning About: Browser Certificates
Report From: CERT
* Release Note: To aid in the wide distribution of essential
security information, the CERT Coordination Center is
forwarding the following information from Sun Microsystems.
Users who accept these certificates into their browser may
inadvertently run malicious code signed by the compromised
certificates.
* Click here for CERT CA-2000-19
Date: October 12, 2000
Released: October 10, 2000
Platform: Boot Sector Virus
Warning About: TMC
Report From: F-Secure
* Release Note: TMC is an old boot sector virus, which encrypts
itself with variable encryption both on disk and in memory.
This has sometimes caused false alarms on the virus. TMC was
in the wild years ago, but is nowadays considered extinct.
* Click here for Report on Boot Sector Virus
Date: October 12, 2000
Released: October 05-10, 2000
Platform: Various
Warning About: Various
Report From: Security Focus
* Release Note: There are a number of new advisories listed for
the dates of Oct 5th to Oct 10th.
* Click here for SecurityFocus: Latest Advisories
Date: October 06, 2000
Released: October 04, 2000
Platform: Multiple versions of FreeBSD, NetBSD, OpenBSD
Warning About: Multiple Vendor BSD libutil pw_error()
Format String
Report From: Security Focus
* Release Note: Libutil is a shared library used by almost every
unix that contains code for "standard" functions used in many
different unix untilities. The BSD libutil contains a format
string vulnerability in the pw_error() function, used in the
setuid chpass utility.
* Click here for BSD libutil pw_error() Format String
Date: October 06, 2000
Released: October 04, 2000
Platform: OpenBSD 2.7/2.6/2.5/2.4/2.3
Warning About: Multiple Vendor BSD fstat Format String
Vulnerability
Report From: Security Focus
* Release Note: fstat is a program shipped with BSD unix variants
that is used to list the open files on a system. It is possible
for a user to exec fstat with a value for the PWD variable that
contains malicious format specifiers.
* Click here for BSD fstat Format String Vulnerability
Date: October 03, 2000
Reported: October 02, 2000
Platform: Regular ssh and OpenSSH
Warning About: Security Trouble With SSH
Report From: Linux Daily News
* Release Note: It turns out that there is a security vulnerability
in ssh which bears watching. If a user employs scp to move files
from a server that has been compromised, the operation can be used
to replace arbitrary files on the user's system. Thus, a corrupt
ssh server can be used to crack the systems of people using that
server. Fixes are not yet available, but presumably will be in
short order. Check back to Linux Weekly News for more.
* Click here for LWN Security Trouble With SSH
Date: October 01, 2000
Reported: September 29, 2000
Platform: All platforms with network connections
Warning About: New Variants of Trinity and Stacheldraht DDoS
Report From: CIAC
* Release Note: The clients of these tools are used to flood
networks with packets causing a denial of service. Router
configurations designed to block packets from the original
tools should still work on these variants.
* Click here for CIAC Bulletin K-072
Date: October 01, 2000
Reported: September 28, 2000
Platform: All versions and platforms of Check Point Firewall-1
Warning About: Multiple Vulnerabilities in Check Point Firewall-1
Report From: CIAC
* Release Note: Eight security holes in Firewall-1 were identified
at the Black Hat 2000 briefings. These holes could allow an
intruder to bypass the firewall's protections.
* Click here for CIAC Bulletin K-073
Back to the Virus Archives page