Virus Warnings from November 2000
______________________________________________________________
[Jump to Amiga] [Jump to Windows] [Jump to Mac]
[Jump to Linux] [Jump to Misc]
______________________________________________________________
Amiga
No virus warnings or alerts
Top of Page
Windows
Date: November 29, 2000
Released: November 27, 2000
Platform: MS Windows 3.11WfW/3.1/98/95/NT 4.0/NT 3.5/NT 2000
Warning About: Winsock FTPd Directory Transversal Vulnerability
Report From: Security Focus
* Release Note: Winsock FTPd is a popular FTP server from Texas
Imperial Software. A vulnerability exists in Winsock FTPd that
could allow an unauthorized user to browse the root directory of
the drive where Winsock FTPd has been installed.
* Click here for Advisory on Winsock FTPd Vulnerability
Date: November 28, 2000
Released: November 27, 2000
Platform: MS Windows 9x
Warning About: BackDoor-JD Internet Backdoor Trojan
Aliases: BackDoor.BrainSpy, BrainSpy
Report From: Network Associates
* Release Note: This is a Windows 9x Internet Backdoor trojan. When
running it gives full access to the system over the Internet to
anyone running the appropriate client software. This trojan installs
a file on the infected computer and adds itself in the registry.
* Click here for Report on BackDoor-JD Internet Backdoor Trojan
Date: November 28, 2000
Released: November 27, 2000
Platform: MicrosSoft
Warning About: W32/Lara.worm Internet Worm
Report From: Network Associates
* Release Note: This is a file-overwriting worm. In most environments
the user will be required to choose a mail recipient in order for
the worm to spread. Read the NAI report for Method Of Infection and
Removal Instructions.
* Click here for Report on W32/Lara.worm Internet Worm
Date: November 28, 2000 * Updated
Platform: MS Windows
Warning About: LoveLetter VBScript Worm
Aliases: Lovebug, I-Worm.LoveLetter, ILOVEYOU
Variants: See List Below
Report From: F-Secure
* Release Note: VBS/LoveLetter is a VBScript worm. It spreads through
e-mail as a chain letter. You can protect yourself against VBScript
worms by uninstalling the Windows Script Host. For further information,
please look at http://www.F-Secure.com/virus-info/u-vbs/
The worm uses the Outlook e-mail application to spread. LoveLetter is
also an overwriting VBS virus and it spreads using a mIRC client as
well. When it is executed, it first copies itself to the Windows System
directory
* Click here for Report on LoveLetter VBScript Worm
* Click here for Report on LoveLetter.F Variant
* Click here for Report on LoveLetter.E Variant
* Click here for Report on LoveLetter.M Variant
* Click here for Report on LoveLetter.P Variant
* Click here for Report on LoveLetter.V Variant
* Click here for Report on LoveLetter.R Variant
* Click here for Report on LoveLetter.S Variant
* Click here for Report on LoveLetter.Q Variant
* Click here for Report on LoveLetter.O Variant
* Click here for Report on LoveLetter.K Variant
* Click here for Report on LoveLetter.L Variant
* Click here for Report on LoveLetter.N Variant
* Click here for Report on LoveLetter.I Variant
* Click here for Report on LoveLetter.H Variant
* Click here for Report on LoveLetter.G Variant
* Click here for Report on LoveLetter.D Variant
* Click here for Report on LoveLetter.J Variant
* Click here for Report on LoveLetter.BJ Variant
Date: November 28, 2000 * Updated
Released: November 24, 2000
Platform: MS Windows
Warning About: Jean Mass Mailer Worm
Aliases: Santa, I-Worm.Santa, Xmas
Variants: Jean.A@mm
Report From: F-Secure
* Release Note: Jean is a mass mailer (worm) written in Visual Basic.
Jean.A spreads to first 50 recipients written in MS Outlook address
book. Jean.A was found in the wild in Germany on 24 of November 2000.
* Click here for Report on Jean Mass Mailer Worm
Date: November 27, 2000
Released: November 24, 2000
Platform: MicrosSoft
Warning About: VBS/Jean@MM VBScript Worm
Aliases: I-Worm.Santa, JEAN.A and VBS_JEAN.A
Report From: Network Associates
* Release Note: This VBScript worm that originated in Germany,
affects users who have the Windows Scripting Host (part of Internet
Explorer 5), and Microsoft Outlook installed. Ensure that the
extensions .VBS, .HTM are included when scanning. Read the NAI
report for method of infection and removal instructions.
* Click here for Report on VBS/Jean@MM VBScript Worm
Date: November 24, 2000
Released: November 23, 2000
Platform: MS Windows 98 /95 / NT 4.0 / NT 2000
Warning About: IE 5.5 Index.dat Vulnerability
Report From: Security Focus
* Release Note: IE 5.5 (and possibly other versions) stores recently
visited URLs and cache folder names in a local file called index.dat.
This file will register as local content in IE's security mechanism,
but arbitrary code can be written to it by including scripting
commands in a URL.
* Click here for Advisory on IE 5.5 Index.dat Vulnerability
Date: November 24, 2000
Released: November 23, 2000
Platform: MS Windows 98 / 95 / NT 4.0 / NT 2000
Warning About: MS Win Media Player 6.4/7 .ASX Buffer Overflow
Report From: Security Focus
* Release Note: Windows Media Player is an application used for digital
audio, and video content viewing. An unsafe buffer copy involving
remotely-obtained data exists in the Active Stream Redirector (ASX)
component in Windows Media Player.
* Click here for Advisory on MS Win Media Player Buffer Overflow
Date: November 24, 2000
Released: November 23, 2000
Platform: MS IIS 5.0 / NT 2000 and Apache 1.3.9win32
Warning About: Caucho Technology Resin 1.2 JSP Source Disclosure
Report From: Security Focus
* Release Note: Resin is a servlet and JSP engine that supports java
and javascript. ServletExec will return the source code of JSP
files when an HTTP request is appended with certain characters. This
vulnerability is dependent on the platform that Resin is running on.
Successful exploitation could lead to the disclosure of sensitive
information contained within JSP pages.
* Click here for Advisory on Resin 1.2 JSP Source Disclosure
Date: November 24, 2000
Released: November 23, 2000
Platform: MS Windows NT 4.0 / IBM AIX / Various Linux Versions
Warning About: IBM HTTP Server Denial of Service Vulnerability
Report From: Security Focus
* Release Note: IBM HTTP Server is a web server powered by Apache.
IBM HTTP Server is subject to a denial of service. Requesting an
unusually long GET request comprised of approx 219 characters will
cause the server to stop responding with an error message.
* Click here for Advisory on IBM HTTP Server DoS Vulnerability
Date: November 24, 2000
Released: November 23, 2000
Platform: MS Windows NT 4.0 / NT 2000
Warning About: McAfee WebShield SMTP Content Filter Bypass
Report From: Security Focus
* Release Note: McAfee WebShield SMTP is an email virus scanner
designed for internet gateways. The Content Filtering mechanism in
WebShield SMTP filters incoming and outgoing email based upon certain
criteria set by the administrator. It is possible to bypass Content
Filtering if the email transmitted contains Extended ASCII characters
such as d, e or v. This vulnerability does not affect the
effectiveness of viral detection in any manner.
* Click here for Advisory on WebShield SMTP Bypass
Date: November 23, 2000
Released: November 21, 2000
Platform: Sun Solaris 8.0, MS Windows98 /NT 4.0 / NT 2000,
Linux kernel 2.3.x, IBM AIX 4.3.2, HP HP-UX 11.4
Warning About: Unify eWave ServletExec JSP Source Disclosure
Vulnerability
Report From: Security Focus
* Release Note: Unify eWave ServletExec is a Java/Java Servlet engine
plug-in for major web servers such as Microsoft IIS, Apache,
Netscape Enterprise Server, etc. ServletExec will return the source
code of JSP files when a HTTP request is appended with a specific
character. Read the full report.
* Click here for Advisory on Unify eWave ServletExec
Date: November 23, 2000
Released: November 21, 2000
Platform: MS Windows NT 2000 Datacenter, MS Windows NT 2000
Warning About: Domain Account Lockout Bypass Vulnerability
Report From: Security Focus
* Release Note: Under certain circumstances, it is possible to bypass
a domain account lockout policy on a local machine which would
render this protective measure against brute force password
attempts ineffective.
* Click here for Advisory on Lockout Bypass Vulnerability
Date: November 23, 2000
Platform: MS Windows
Patch Available: .ASX Buffer Overrun and .WMS Script
Execution Vulnerabilities
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates
two security vulnerabilities in Microsoft Windows Media Player.
These vulnerabilities could potentially enable a malicious user
to cause a program of his choice to run on another users computer.
* Click here for MS Security Bulletin MS00-090
Date: November 23, 2000
Platform: MS Windows 2000
Patch Available: Domain Account Lockout Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates
a security vulnerability in Microsoft Windows 2000. The
vulnerability could allow a malicious user to use repeated
attempts to guess an account password even if the domain
administrator had set an account lockout policy.
* Click here for MS Security Bulletin MS00-089
Date: November 23, 2000 * Updated from Nov 16th
Released: November 22, 2000
Platform: MS Windows
Warning About: Music VBInternet Worm
Aliases: IWorm_Music, I-Worm.Music
Report From: F-Secure
* Release Note: Music is an Internet worm written in Visual Basic that
spreads itself as an attachment to e-mail messages. On activation
the worm displays a Christmas-related picture and plays a tune as a
disguise.
* Click here for Report on Music Internet Worm
Date: November 23, 2000 * Updated from Nov 03rd
Released: November 22, 2000
Platform: PC
Warning About: Aureate 'Spying' Case
Aliases: Aureate rumours
Report From: F-Secure
* Release Note: A message appeared to one Internet forum in March,
2000, which accused Aureate.com of spying computer users that have
Aureate components installed. F-Secure and other companies have been
unable to confirm these rumours to be true or false. The company
behind Aureate, called Radiate, has denied all such allegations.
The F-Secure report, has the original message that was forwarded to
the forum by another person.
* Click here for Report on Aureate 'Spying' Case
Date: November 23, 2000 * Updated from Nov 18th
Released: November 21, 2000
Platform: MicrosSoft
Warning About: Cobra Word 97 Virus
Variants: Cobra.A, Cobra.F and Cobra.Z
Report From: F-Secure
* Release Note: Cobra is a Word 97 virus that contains a destructive
payload. The virus infects when a document is opened, closed or
saved. When the current date is September 11 and a document is closed,
the virus inserts a small code in another module - the class module
ThisDocument. Read the report for the complete description.
* Click here for Report on Cobra Virus
Date: November 21, 2000
Platform: MicrosSoft
Warning About: VBS/Req.A@MM VBScript Worm
Aliases: I-WORM.REQ, VBS_REQ.A
Report From: Network Associates
* Release Note: This is an Internet worm coded in VBScript. It arrives
via email. Due to its configuration, it is not likely for this one
to be spread far, other than by complete accident or lack of reading
by the end user.
* Click here for Report on VBS/Req.A@MM
Date: November 21, 2000 * Updated from Nov 17th
Platform: MS Windows/Windows98/NT
Warning About: BleBla Worm
Aliases: IWorm_Blebla, I-Worm.Blebla, Verona
Report From: F-Secure
* Release Note: BleBla is a worm spreading via Internet. It was
discovered in Poland on November 16th, 2000. The worm appears as an
email message that has HTML formal and 2 attached files.
* Click here for Report on BleBla Worm
Date: November 21, 2000
Platform: MicrosSoft
Warning About: Cobra Word 97 Virus
Variants: Cobra.A, Cobra.F and Cobra.Z
Report From: F-Secure
* Release Note: Cobra is a Word 97 virus that contains a destructive
payload. The virus infects when a document is opened, closed or
saved. When the current date is September 11 and a document is closed,
the virus inserts a small code in another module - the class module
ThisDocument. Read the report for the complete description.
* Click here for Report on Cobra Virus
Date: November 20, 2000
Released: November 16, 2000
Platform: MS Windows 98/95/NT 4.0/NT 2000, PeleSoft NetSnap 1.2
Warning About: PeleSoft NetSnap Buffer Overflow Vulnerability
Report From: Security Focus
* Release Note: NetSnap is a webcam application which transmits images
and enables a user to directly publish footage to the web. NetSnap
is shipped with an http server. Due to an unchecked buffer in the
handling of GET requests, NetSnap is subject to a buffer overflow
attack.
* Click here for Advisory on PeleSoft NetSnap Vulnerability
Date: November 20, 2000
Released: November 16, 2000
Platform: MS Windows NT 2000, MS Exchange Server 2000
Warning About: MS Exchange Server EUSR_EXSTOREEVENT Account
Report From: Security Focus
* Release Note: Microsoft Exchange 2000 Server is a messaging and
collaboration application designed specifically for Windows 2000.
Successful exploitation would grant the user access to files that
the EUSR_EXSTOREEVENT account had read, write, and execute permissions
to. The malicious user may also install other programs or exploit
other vulnerabilities in order to aid them in escalating their
privilege level.
* Click here for Advisory on MS Exchange Server 2000
Date: November 20, 2000
Released: November 14, 2000
Platform: Windows 98/95/NT 4.0/NT 2000, ITServ Incorporated
RideWayPN 6.22
Warning About: Rideway PN Denial of Service Vulnerability
Report From: Security Focus
* Release Note: Rideway PN is a proxy server from ITServ Incorporated
that allows information to be transferred securely across the Internet.
If the Rideway PN proxy server is running with the telnet proxy
enabled, a remote attacker could launch a denial of service attack
against the proxy.
* Click here for Advisory on Rideway PN Denial of Service Vulnerability
Date: November 20, 2000
Released: November 14, 2000
Platform: MS Windows 98/95, Max Feoktistov Small HTTP Server 2.01
Warning About: Small HTTP Server Non-Existent File DoS Vulnerability
Report From: Security Focus
* Release Note: Small HTTP Server is a full service web server. This
utility is less than 30Kb and requires minimal system resources.
Small HTTP Server is subject to a denial of service.
* Click here for Advisory on Small HTTP Server DoS Vulnerability
Date: November 20, 2000
Released: November 14, 2000
Platform: MS Windows 98/95, Max Feoktistov Small HTTP Server 2.01
Warning About: Small HTTP Server Incomplete Request Denial of
Service Vulnerability
Report From: Security Focus
* Release Note: Small HTTP Server is a full service web server. This
utility is less than 30Kb and requires minimal system resources.
By requesting multiple GET, HEAD or POST commands and closing the
connection before the server has responded, the server will crash. A
restart of the application is required in order to gain normal
functionality.
* Click here for Advisory on Max Feoktistov Small HTTP Server
Date: November 17, 2000
Released: November 16, 2000
Platform: MS WindowsNT/2000
Warning About: AdClicker Trojan
Report From: Network Associates
* Release Note: This trojan affects WindowsNT/2000 systems. It is
designed to connect to the author's website and click banner
advertisements. When ran, the trojan copies itself to the Windows
System directory and adds a key value to the registry to run at
startup.
* Click here for Report on AdClicker Trojan
Date: November 17, 2000
Released: November 16, 2000
Platform: MS Win32
Warning About: W32/BleBla@MM Internet Worm
Aliases: I-Worm.Blebla, W32/Verona
Report From: Network Associates
* Release Note: This is an Internet worm which implements an I-Frame
exploit in HTML in order to run and propagate. This Internet worm
was written in Delphi and compressed with UPX. This worm can arrive
by email in HTML format. The HTML code instructs Windows to save
the attachments and execute them from that location.
* Click here for Report on W32/BleBla@MM Internet Worm
Date: November 17, 2000
Platform: MS Exchange 2000 Server / Enterprise 2000 Server
Patch Available: Exchange User Account Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability in Microsoft Exchange 2000 Server and
Exchange 2000 Enterprise Server. This vulnerability could
potentially allow an unauthorized user to remotely login to an
Exchange 2000 server and possibly other servers on the affected
computers network.
* Click here for MS Security Bulletin MS00-088
Date: November 17, 2000
Platform: MS Windows/Windows98/NT
Warning About: BleBla Worm
Aliases: IWorm_Blebla, I-Worm.Blebla, Verona
Report From: F-Secure
* Release Note: BleBla is a worm spreading via Internet. It was
discovered in Poland on November 16th, 2000. The worm appears as an
email message that has HTML formal and 2 attached files.
* Click here for Report on BleBla Worm
Date: November 17, 2000
Released: November 16, 2000
Platform: MS Windows
Warning About: Music VBInternet Worm
Aliases: IWorm_Music, I-Worm.Music
Report From: F-Secure
* Release Note: Music is an Internet worm written in Visual Basic that
spreads itself as an attachment to e-mail messages. On activation
the worm displays a Christmas-related picture and plays a tune as a
disguise.
* Click here for Report on Music Internet Worm
Date: November 17, 2000 * Updated from Nov 13th
Platform: MS Win32 Systems
Warning About: Hybris Internet Worm
Aliases: IWorm_Hybris, I-Worm.Hybris
Report From: F-Secure and Kaspersky Lab
* Release Note: Hybris is an Internet worm that spreads itself as
an attachment to email messages. The worm works under Win32 systems
only. The worm contains components (plugins) in its code that are
executed depending on what the worm needs, and these components can
be upgraded from an Internet Web site. The major worm versions are
encrypted with semi-polymorphic encryption loop.
* Click here for F-Secure Report on Hybris Internet Worm
* Click here for KLabs Report on Hybris Internet Worm
Date: November 17, 2000 * Updated from Nov 13th
Platform: MS Windows
Warning About: Navidad Internet worm
Aliases: I-Worm.Navidad, W32/Watchit.intd, I-Worm_Navidad,
W32/Navidad
Report From: F-Secure
* Release Note: Navidad is an Internet worm. It spreads itself as
NAVIDAD.EXE attachment to e-mail messages sent from an infected
computer. The original worm sample that F-Secure received has a
bug that makes an infected system inoperable after infection, no
EXE files could be started.
* Click here for Report on Navidad Internet worm
Date: November 14, 2000
Released: November 1, 2000
Platform: PC
Warning About: X97M/Jini Excel 97 Macro Virus
Variant: Jini.A, Jini.A1
Aliases: Jini.corrupted
Report From: F-Secure
* Release Note: This is a Excel macro virus that infects by copying
the contents of workbook. The virus relies in a protected module,
and replicates. When an infected workbook is opened, the virus
creates an infected workbook "shn.xls" to the Excel startup directory.
The virus does not infect if the name of the workbook start with
"Book". The payload activates when the system has been infected for
thirty days. At this time the virus chages the names of items in the
"File" menu.
* Click here for Report on X97M/Jini
Date: November 14, 2000
Released: November 1, 2000
Platform: MS Win32 Systems
Warning About: Hybris Internet Worm
Aliases: IWorm_Hybris, I-Worm.Hybris
Report From: F-Secure and Kaspersky Lab
* Release Note: Hybris is an Internet worm that spreads itself as
an attachment to email messages. The worm works under Win32 systems
only. The worm contains components (plugins) in its code that are
executed depending on what the worm needs, and these components can
be upgraded from an Internet Web site. The major worm versions are
encrypted with semi-polymorphic encryption loop.
* Click here for F-Secure Report on Hybris Internet Worm
* Click here for KLabs Report on Hybris Internet Worm
Date: November 14, 2000 * Updated from Nov 8th
Released: November 13, 2000
Platform: MS Windows
Warning About: Navidad Internet worm
Aliases: I-Worm.Navidad, W32/Watchit.intd, I-Worm_Navidad,
W32/Navidad
Report From: F-Secure
* Release Note: Navidad is an Internet worm. It spreads itself as
NAVIDAD.EXE attachment to e-mail messages sent from an infected
computer. The original worm sample that F-Secure received has a
bug that makes an infected system inoperable after infection, no
EXE files could be started.
* Click here for Report on Navidad Internet worm
Date: November 14, 2000
Released: November 10, 2000
Platform: Windows 2000
Warning About: MS Indexing Services File Verification Vulnerability
Report From: Security Focus
* Click here for Advisory on MS Indexing Services Vulnerability
Date: November 14, 2000
Released: November 10, 2000
Platform: MS Operating System
Warning About: CA InoculateIT MSExchange Agent Vulnerability
Report From: Security Focus
* Click here for Advisory on MSExchange Agent Vulnerability
Date: November 10, 2000
Released: November 08, 2000
Platform: MS Windows NT 4.0 Terminal Server
Patch Available: Terminal Server Login Buffer Overflow
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability in Microsoft. Windows NT 4.0 Terminal
Server. The vulnerability could allow a malicious user to cause
the Terminal Server to fail or, in certain instances, to execute
hostile code on the server.
* Click here for MS Security Bulletin MS00-087
Date: November 10, 2000
Released: November 08, 2000
Platform: Windows NT 4.0 Terminal Server
Warning About: RegAPI.DLL Buffer Overflow
Report From: Security Focus
* Click here for Advisory on RegAPI.DLL Buffer Overflow
Date: November 10, 2000
Released: November 08, 2000
Platform: Lotus Notes Users
Warning About: Lotus Notes R5 S/MIME Vulnerability
Report From: Security Focus
* Click here for Advisory on Lotus Notes
Date: November 08, 2000
Released: November 06, 2000
Platform: MS Internet Information Services 5.0
Patch Available: Web Server File Request Parsing Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
serious security vulnerability in Microsoft Internet Information
Services 5.0. The vulnerability could enable a malicious user to
run operating system commands on an affected web server. Microsoft
strongly urges all customers using IIS 5.0 to apply the patch
immediately. IIS 4.0 is not affected by the vulnerability.
* Click here for MS Security Bulletin MS00-086
Date: November 08, 2000
Released: November 07, 2000
Platform: MS Windows
Warning About: Navidad Internet worm
Aliases: I-Worm.Navidad, W32/Watchit.intd, I-Worm_Navidad,
W32/Navidad
Report From: F-Secure
* Release Note: Navidad is an Internet worm. It spreads itself as
NAVIDAD.EXE attachment to e-mail messages sent from an infected
computer. The original worm sample that F-Secure received has a
bug that makes an infected system inoperable after infection, no
EXE files could be started.
* Click here for Report on Navidad Internet worm
Date: November 08, 2000
Released: November 03, 2000
Platform: PC with F-Secure Anti-Virus Program
Warning About: Heuristic
Report From: F-Secure
* Release Note: F-Secure Anti-Virus analyzes scanned files and gives
warnings if it finds suspicious code inside. When a file is
suspected having a "Type_XXX" virus it means that heuristic
scanner found a virus- or a trojan-like code in the analyzed file.
In some cases the heuristic engine can give false alarms.
* Click here for Report on Heuristic
Date: November 08, 2000
Released: November 07, 2000
Platform: MS Windows
Warning About: QDel121 Trojan
Report From: Network Associates
* Release Note: When ran, this trojan deletes the current wallpaper
.BMP file. It then creates a registry key value to instruct Windows
to launch the program at Startup. Read the NAI report on the method
of infection and removal instructions.
* Click here for Report on QDel121 Trojan
Date: November 08, 2000
Released: November 06, 2000
Platform: PC
Warning About: QZap160 Trojan
Report From: Network Associates
* Release Note: When ran, this trojan displays a blank screen.
The program proceeds in attempting to overwrite the floppy
diskette in drive A:, such that the diskette and data are no
longer accessible. Read the NAI report on the method of
infection and removal instructions.
* Click here for Report on QZap160 Trojan
Date: November 08, 2000
Released: November 03, 2000
Platform: MS Windows
Warning About: W32/Navidad Internet Worm
Report From: Network Associates
* Release Note: The samples of W32/Navidad obtained by AVERT are not
fully funtionally. When ran, this intended worm displays a dialog
box entitled, "Error" which reads "UI". A blue eye icon appears in
the system tray, next to the clock in the lower right corner of the
screen, and a copy of the trojan is saved to a file in the Windows
System directory. Registry key values are created.
* Click here for Report on W32/Navidad Internet Worm
Date: November 08, 2000
Released: November 01, 2000
Platform: MS Windows with VBScript enabled
Warning About: VBS/Scary.A@mm VBScript worm
Report From: Network Associates and F-Secure
* Release Note: This is a virus written in VBScript. It contains
code to distribute itself via MAPI email. If this script is
loaded, it may display suggestive instructions in order to trick
the user into running the code
* Click here for NAI Report on VBS/Scary.A@mm VBScript worm
* Click here for F-Secure Report on VBS/Scary
Date: November 04, 2000
Released: November 02, 2000
Platform: MS Windows 2000
Patch Available: ActiveX Parameter Validation Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability in Microsoft Windows 2000. The vulnerability
could allow enable a malicious user to potentially run code on
another users machine.
* Click here for MS Security Bulletin MS00-085
Date: November 04, 2000
Released: November 02, 2000
Platform: MS Windows 2000
Patch Available: Indexing Services Cross Site Scripting Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability in Microsoft Indexing Services for Windows
2000. This vulnerability could allow a malicious web site operator
to misuse another web site as a means of attacking users.
* Click here for MS Security Bulletin MS00-084
Date: November 04, 2000
Released: November 01, 2000
Platform: MS Windows NT and Windows 2000
Patch Available: Netmon Protocol Parsing Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability in Microsoft Windows NT and Windows 2000
server products and Systems Management Server. The vulnerability
could allow a malicious user to gain control of an affected server.
* Click here for MS Security Bulletin MS00-083
Date: November 04, 2000
Released: November 03, 2000
Platform: PC
Warning About: Aureate 'Spying' Case
Aliases: Aureate rumours
Report From: F-Secure
* Release Note: A message appeared to one Internet forum in March,
2000, which accused Aureate.com of spying computer users that have
Aureate components installed. F-Secure and other companies have been
unable to confirm these rumours to be true or false. The company
behind Aureate, called Radiate, has denied all such allegations.
The F-Secure report, has the original message that was forwarded to
the forum by another person.
* Click here for Report on Aureate 'Spying' Case
Date: November 04, 2000
Released: November 01, 2000
Platform: Win32 machines
Warning About: Sonic Worm
Aliases: I_Worm_Sonic, I-Worm.Sonic, Sonic.b
Report From: F-Secure
* Release Note: This is multi-component Internet worm infecting
Win32 machines and spreading itself in email messages as attached
EXE file. The worm has several components and is able to 'upgrade'
itself from an Internet Web site. The Main worm component also has
backdoor abilities. It can provide a limited access to an infected
computer for a remote hacker.
* Click here for Report on Sonic Worm
Date: November 04, 2000
Released: October 31, 2000
Platform: PE executable (Win32 application)
Warning About: Bymer Worm
Aliases: Worm_Bymer_a, Worm.Bymer, Worm.RC5
Report From: F-Secure
* Release Note: During autumn 2000 there appeared 2 worms that drop
RC5 clients on computers they infect. At F-Secure, you can find
descriptions of both of these worms. This worm infects Win9x
machines with open file shares.
* Click here for Report on Bymer Worm
Top of Page
Macintosh
No virus warnings or alerts
Top of Page
Linux
Date: November 29, 2000
Released: November 26, 2000
Platform: Linux Versions RedHat, MandrakeSoft, Debian, Debian, ebian
Warning About: Secure Locate Heap Corruption Vulnerability
Report From: Security Focus
* Release Note: Secure Locate maintains an index of the entire
filesystem, including files only visible by root. The slocate binary
is setgid "slocate" so it can read this index. Slocate contains a
heap-corruption vulnerability that may compromise disclosure of
these files if exploited.
* Click here for Advisory on Secure Locate Heap Vulnerability
Date: November 29, 2000
Released: November 28, 2000
Platform: MandrakeSoft
Updates To: bash1
Report From: Linux Daily News
* Release Note: MandrakeSoft has issued a security update to bash1
fixing the symlink vulnerability there.
* Click here for LWN Security Update To bash1
Date: November 29, 2000
Released: November 28, 2000
Platform: Debian
Updates To: ed Editor
Report From: Linux Daily News
* Release Note: The Debian project has issued a security update to
the ed editor fixing a symlink vulnerability. This advisory also
apparently initiates a new scheme of advisory numbers for Debian
- it's advisory 001-1.
* Click here for LWN Security Update To ed Editor
Date: November 28, 2000
Released: November 27, 2000
Platform: Caldera Systems
Updates To: bash
Report From: Linux Daily News
* Release Note: Caldera Systems has put out this update to bash fixing
the symlink vulnerability in that package.
* Click here for LWN Security Update To bash
Date: November 28, 2000
Released: November 27, 2000
Platform: MandrakeSoft
Updates To: Pine Advisory
Report From: Linux Daily News
* Release Note: MandrakeSoft has updated its pine advisory to reflect
a second vulnerability.
* Click here for LWN Security Update To Pine Advisory
Date: November 28, 2000
Released: November 27, 2000
Platform: Red Hat
Updates To: bash Package
Report From: Linux Daily News
* Release Note: Red Hat has an updated bash package available.
* Click here for LWN Security Update To bash Package
Date: November 28, 2000
Released: November 27, 2000
Platform: RedHat
Updates To: Red Hat 7 for Alpha distribution
Report From: Linux Daily News
* Release Note: If you are using the newly-announced Red Hat 7 for
Alpha distribution, you should be aware that many (!) updates have
been reissued for that platform; we'll not reproduce them here.
* Release Note: Virus Help Team Canada suggests visiting the Security
Focus Site
* Click here for Security Focus LINUX: RedHat Advisories
Date: November 27, 2000
Released: November 26, 2000
Platform: Conectiva
Updates To: tcsh, ethereal, ghostscript, netscape and OpenSSH
Report From: Linux Daily News
* Release Note: Conectiva has issued updates to tcsh (symlink
vulnerability), ethereal (remotely-exploitable buffer overflow),
ghostscript (symlink and dynamic library vulnerabilities), netscape
(HTML parsing buffer overflow), and OpenSSH (port forwarding
vulnerability).
* Click here for LWN Security Update To tcsh
* Click here for LWN Security Update To ethereal
* Click here for LWN Security Update To ghostscript
* Click here for LWN Security Update To netscape
* Click here for LWN Security Update To OpenSSH
Date: November 27, 2000
Released: November 26, 2000
Platform: Debian
Updates To: ghostscript and mc
Report From: Linux Daily News
* Release Note: Debian has updates to ghostscript and mc (file
overwrite vulnerability).
* Click here for LWN Security Update To ghostscript
* Click here for LWN Security Update To mc
Date: November 27, 2000
Released: November 26, 2000
Platform: MandrakeSoft
Updates To: ghostscript and modutils
Report From: Linux Daily News
* Release Note: MandrakeSoft's updates include ghostscript, and
modutils (the updated version of this fix).
* Click here for LWN Security Update To ghostscript
* Click here for LWN Security Update To modutils
Date: November 27, 2000
Released: November 26, 2000
Platform: Red Hat
Updates To: ncurses and modutils
Report From: Linux Daily News
* Release Note: Red Hat has issued updates to ncurses (buffer
overrun problem) and modutils.
* Click here for LWN Security Update To ncurses
* Click here for LWN Security Update To modutils
Date: November 27, 2000
Released: November 26, 2000
Platform: SuSE
Updates To: OpenSSH
Report From: Linux Daily News
* Release Note: SuSE has an OpenSSH Update Available.
* Click here for LWN Security Update To OpenSSH
Date: November 24, 2000
Released: November 23, 2000
Platform: GNU Linux modutils 2.3.9/2.3.11 / Wirex Immunix OS / S.u.S.E.
Linux / RedHat Linux / MandrakeSoft / Connectiva Linux
Warning About: Linux modprobe Buffer Overflow Vulnerability
Report From: Security Focus
* Release Note: Modutils is a component of many linux systems that
includes tools for using loadable kernel modules. One of these tools,
modprobe, loads a set of modules that correspond to a provided "name"
(passed at the command line) automatically. Though fixes for a recent
(as of 11/23/2000) high-profile vulnerability in modprobe have been
made available by most vulnerable Linux vendors, it has been reported
that there exists another method for an attacker to gain root
privileges exploiting modprobe. If the version of linux you are using
has not made a patch available for this vulnerability, a temporary
workaround is to disable modprobe or remove the setuid bit from ping.
Read the report for links to the RedHat and Debian fixes for this
vulnerability.
* Click here for Advisory on modprobe Overflow Vulnerability
Date: November 24, 2000
Released: November 23, 2000
Platform: MS Windows NT 4.0 / IBM AIX / Various Linux Versions
Warning About: IBM HTTP Server Denial of Service Vulnerability
Report From: Security Focus
* Release Note: IBM HTTP Server is a web server powered by Apache.
IBM HTTP Server is subject to a denial of service. Requesting an
unusually long GET request comprised of approx 219 characters will
cause the server to stop responding with an error message.
* Click here for Advisory on IBM HTTP Server DoS Vulnerability
Date: November 23, 2000
Released: November 21, 2000
Platform: Sun Solaris 8.0, MS Windows98 /NT 4.0 / NT 2000,
Linux kernel 2.3.x, IBM AIX 4.3.2, HP HP-UX 11.4
Warning About: Unify eWave ServletExec JSP Source Disclosure
Vulnerability
Report From: Security Focus
* Release Note: Unify eWave ServletExec is a Java/Java Servlet engine
plug-in for major web servers such as Microsoft IIS, Apache,
Netscape Enterprise Server, etc. ServletExec will return the source
code of JSP files when a HTTP request is appended with a specific
character. Read the full report.
* Click here for Advisory on Unify eWave ServletExec
Date: November 23, 2000
Platform: Red Hat
Warning About: Security Update To ghostscript
Report From: Linux Daily News
* Release Note: This update from Red Hat covers a problem in
ghostscript where mktemp is used instead of mkstemp and an
improper use of LD_RUN_PATH can cause local vulnerabilities.
* Click here for LWN Security Update To ghostscript
Date: November 23, 2000
Platform: Debian
Warning About: Security Update To elvis-tiny, modutils, khoules
Report From: Linux Daily News
* Release Note: More security updates from Debian:
An update for a /tmp file vulnerability in elvis-tiny, uncovered
during an audit of that package. The modutils update that everyone
will eventually have to deal with. An update for a buffer overflow
problem in koules,
* Click here for LWN Security Update To elvis-tiny
* Click here for LWN Security Update To modutils
* Click here for LWN Security Update To khoules
Date: November 23, 2000
Platform: Conectiva
Warning About: Modutils Vulnerabilities
Report From: Linux Daily News
* Release Note: Conectiva has provided an update for the recently
reported modutils vulnerabilities.
* Click here for LWN Modutils Vulnerabilities
Date: November 23, 2000
Platform: Linux
Kernel Update: Linux 2.2.18pre23 Kernel
Report From: Linux Daily News
* Release Note: Alan Cox sent notice today of the release of
stable 2.2.18 kernel prepatch 23.
* Click here for LWN Report on Stable 2.2.18 kernel
Date: November 23, 2000
Platform: Debian
Warning About: Security Update To xmcd and ncurses
Report From: Linux Daily News
* Release Note: Debian released two security updates today, one for
xmcd and one for ncurses. The version of xmcd shipped with Debian
2.2 (alias potato) included two CDDB helper applications that were
installed setuid. A buffer overflow in the ncurses library, which
is linked to the "cda" application, opened a vulnerability. These
two updates address this issue.
* Click here for LWN Security Update To xmcd
* Click here for LWN Security Update To ncurses
Date: November 23, 2000
Released: November 20, 2000
Platform: Some Linux and BSD variants
Warning About: Increased Probes To TCP port 515
Report From: SANS
* Release Note: Since November 1 we have been receiving reports to
GIAC regarding probes to port 515. The Unix LPR service runs on
this port. We did some searching and we found that on October 4,
2000 there were advisories released regarding vulnerabilities for
the LPR service, for many distributions of Linux and for the BSD
variants. We believe that the increase in probes to port 515 is
for attackers looking for this vulnerability.
* Click here for SANS link on Increased Probes
Date: November 21, 2000
Released: November 20, 2000
Platform: RedHat Linux 7.0 and FreeBSD
Warning About: thttpd Remote File Access Vulnerability
Report From: Security Focus
* Release Note: thttpd is a lightweight httpd package by Acme Labs. A
problem exists that can allow remote access to restricted files on
a system running thttpd.
* Click here for Advisory on Acme thttpd 2.1x Vulnerability
Date: November 21, 2000
Released: November 20, 2000
Platform: Slackware, RedHat, FreeBSD and Debian Linux
Warning About: Koules SVGALIB Vulnerability
Report From: Security Focus
* Release Note: Jan Hubicka Koules 1.4 on Slackware Linux 7.1, RedHat
Linux 7.0, FreeBSD and Debian Linux Koules is an original, arcade-
style game authored by Jan Hubicka. A problem exists which can allow
a user to gain higher priviledges. Koules is an SUID installed
package on that runs on the Unix/Linux Operating System.
* Click here for Advisory on Koules SVGALIB Vulnerability
Date: November 21, 2000
Released: November 17, 2000
Platform: Some Debian Linux
Warning About: Vixie Cron File Vulnerability
Report From: Security Focus
* Release Note: Vixie cron is a scheduling daemon written by Paul
Vixie, and distributed with many free UNIX Operating Systems. A
problem exists that could allow a user to execute commands with
priviledge of another user.
* Click here for Advisory on Paul Vixie Vixie Cron 3.0pl1
Date: November 22, 2000
Platform: Linux-Mandrake
Warning About: Security Update To Pine and joe Editor
Report From: Linux Daily News
* Release Note: MandrakeSoft has issued a couple of new security updates.
The update to pine fixes a buffer overflow problem in its mail header
handling. And this update to the joe editor fixes a symlink
vulnerability in its crash handling.
* Click here for LWN Security Update To Pine
* Click here for LWN Security Update To joe Editor
Date: November 22, 2000
Platform: Debian
Warning About: Security Updates To Modutils and tcpdump
Report From: Linux Daily News
* Release Note: The Debian Project has issued a security update to
modutils fixing the local root exploit there. Also out is this update
to tcpdump fixing some buffer overflow problems.
* Click here for LWN Security Update To Modutils
* Click here for LWN Security Update To tcpdump
Date: November 20, 2000
Released: November 18, 2000
Platform: Linux kernel 2.0
Warning About: WatchGuard Firebox II DoS Vulnerability
Report From: Security Focus
* Release Note: The Watchguard Firebox II is a popular hardware based
firewall. A vulnerability exists in the Firebox II that could allow
a remote attacker to launch a Denial of Service attack against the
FTP proxy of the firewall.
* Click here for Advisory on WatchGuard Firebox II
Date: November 20, 2000
Released: November 16, 2000
Platform: Slackware Linux 7.1, RedHat Linux 7.0
Warning About: Joseph Allen joe 2.8
Report From: Security Focus
* Release Note: joe is a text editor by Joseph Allen, which features
familar functions to users of both Microsoft text editors and vi
users. A problem occurs with the editor when a session abnormally
exits.
* Click here for Advisory on joe Text Editor Vulnerability
Date: November 20, 2000
Platform: Debian
Warning About: Security Update To CUPS Printing System
Report From: Linux Daily News
* Release Note: The Debian Project has issued a security update to
the CUPS printing system fixing the "anybody on the net can use
your printer" problem.
* Click here for LWN Security Update To CUPS Printing
Date: November 20, 2000
Reported: November 18, 2000
Platform: Red Hat
Warning About: Security Update To Netscape
Report From: Linux Daily News
* Release Note: Red Hat has issued a security update to netscape. It
appears there is a buffer overflow problem in its HTML parser.
* Click here for LWN Security Update To Netscape
Date: November 20, 2000
Reported: November 18, 2000
Platform: Debian
Warning About: Security Updates For OpenSSH and cron
Report From: Linux Daily News
* Release Note: The Debian Project has issued a security update to
OpenSSH fixing the hostile server vulnerability in that package.
Also from Debian is this update to cron fixing a number of local
vulnerabilities.
* Click here for LWN Security Updates on OpenSSH
* Click here for LWN Security Updates on cron
Date: November 17, 2000
Reported: November 16, 2000
Platform: Linux-Mandrake
Warning About: Modutils and CUPS
Report From: Linux Daily News
* Release Note: Linux-Mandrake issued a pair of security advisories
today, one for modutils and one for CUPS, the Internet printer
daemon. The modutils issue was discussed previously here. The CUPS
problem allows users on the Internet access to local printers.
* Click here for LWN Security Advisory on Modutils
* Click here for LWN Security Advisory on CUPS
Date: November 17, 2000
Reported: November 16, 2000
Platform: Red Hat
Warning About: Security Update to Modutils
Report From: Linux Daily News
* Release Note: Here is Red Hat's security update to modutils fixing
the local root compromise problem in that package.
* Click here for LWN Security Update to Modutils
Date: November 17, 2000
Reported: November 16, 2000
Platform: SuSE
Warning About: SuSE Updates to Bind
Report From: Linux Daily News
* Release Note: SuSE has put out an update advisory for bind in
versions 6.0 through 6.4 of their Linux distribution.
* Click here for LWN SuSE Updates to Bind
Date: November 17, 2000
Reported: November 16, 2000
Platform: Linux
Warning About: Modutils 2.3.20 (security fix) Released
Report From: Linux Daily News
* Release Note: Modutils 2.3.20 has been released. This version fixes
the various local root compromise vulnerabilities found in all
recent versions of modutils, an upgrade is recommended - even if
you just upgraded to 2.3.19, which only fixed some of the problems.
Expect the distributors to come out with packaged versions shortly.
(See this week's LWN kernel page for a detailed description of the
modutils problem).
* Click here for LWN Modutils 2.3.20 Release
Date: November 14, 2000
Reported: November 13, 2000
Platform: SuSE
Warning About: Security Update to Modules Package
Report From: Linux Daily News
* Release Note: SuSE has issued a security update to its modules
package fixing the local root vulnerability in modutils.
* Click here for LWN SuSE Security Update to Modules
Date: November 14, 2000
Reported: November 13, 2000
Platform: Systems running kmod and modutils greater than 2.1.121
Warning About: Security Problem in Modutils
Report From: Linux Daily News
* Release Note: Modutils maintainer Keith Owens has reported a security
problem in modutils which makes it possible for a local user to
obtain root privileges. It affects all systems running kmod and
modutils greater than 2.1.121 - i.e. almost all distributions as
they come out of the box. Expect updates from the distributors
shortly. Keith's message also contains a patch for those who do not
want to wait. (Thanks to Peter Samuelson).
* Click here for LWN Update on Local root exploit problem in modutils
Date: November 14, 2000
Reported: November 12, 2000
Platform: Linux-Mandrake
Warning About: Security Update To nss_ldap
Report From: Linux Daily News
* Release Note: MandrakeSoft has issued a security update to nss_ldap
fixing a denial of service problem.
* Click here for LWN Security Update To nss_ldap
Date: November 14, 2000
Reported: November 12, 2000
Platform: Debian
Warning About: Security Updates To tcsh and gnupg
Report From: Linux Daily News
* Release Note: It turns out that tcsh has a symlink vulnerability
which can be exploited in some circumstances; the Debian Project
has issued this security update fixing the problem. Also from
Debian is this update to gnupg fixing a bug in the signature
checking code.
* Click here for LWN Security Updates To tcsh
* Click here for LWN Security Updates To gnupg
Date: November 14, 2000
Reported: November 12, 2000
Platform: Various
Warning About: More Security Updates to BIND
Report From: Linux Daily News
* Release Note: More security updates to bind have come in which fix
the remote denial of service problem. They include:
* Click here for LWN Updates to BIND from Debian
* Click here for LWN Updates to BIND from Linux-Mandrake
* Click here for LWN Updates to BIND from Red Hat
* Click here for LWN Updates to BIND from Slackware
Date: November 14, 2000
Reported: November 10, 2000
Platform: Slackware
Warning About: Security Update For Pine and Imap
Report From: Linux Daily News
* Release Note: Slackware has issued a security update for possible
Denial of Service exploits in the pine and imap mail package.
* Click here for LWN Security Update For Pine and Imap
Date: November 14, 2000
Reported: November 10, 2000
Platform: Various
Warning About: BIND Updates
Report From: Linux Daily News
* Release Note: Conectiva and Definite Linux have released updates to
BIND in response to recent security issues in that daemon.
* Click here for LWN Updates to BIND from Conectiva
* Click here for LWN Updates to BIND from Definite Linux
Date: November 14, 2000
Reported: November 10, 2000
Platform: Red Hat
Warning About: Security Updates For pine, imap
Update For Exposed Bug in Fetchmail
Report From: Linux Daily News
* Release Note: Red Hat has issued a security update for possible
Denial of Service exploits in pine and imap mail services.
Update: The updated IMAP server released in this notice exposed a
bug in fetchmail. An update has been issued for this problem as well.
* Click here for LWN Security Updates For pine, imap
* Click here for LWN Update For Exposed Bug in Fetchmail
Date: November 14, 2000
Released: November 12, 2000
Platform: Linux
Warning About: modprobe Arbitrary Command Execution Vulnerability
Report From: Security Focus
* Click here for Advisory on modprobe Vulnerability
Date: November 10, 2000
Reported: November 09, 2000
Platform: Slackware
Warning About: security update to pine
Report From: Linux Daily News
* Release Note: Slackware has issued a security update to pine
dealing with the buffer overflow problems in that package.
* Click here for LWN Updates for security update to pine
Date: November 10, 2000
Reported: November 09, 2000
Platform: Red Hat
Warning About: security update to usermode
Report From: Linux Daily News
* Release Note: Red Hat has issued a security update to usermode
which fixes a couple of new problems not addressed in the previous
(October 5) update.
* Click here for LWN Updates for security update to usermode
Date: November 05, 2000
Reported: November 04, 2000
Platform: Linux-Mandrake
Warning About: dump exploits
Report From: Linux Daily News
* Release Note: Linux-Mandrake has posted their update for the dump
exploits recently covered in BugTraq.
* Click here for LWN Updates for dump exploits
Date: November 05, 2000
Reported: November 04, 2000
Platform: Red Hat
Warning About: gnorpm and dump
Report From: Linux Daily News
* Release Note: A couple of Red Hat updates of note have come in:
gnorpm - a re-release of the previous errata caused by a missing
patch.
dump - 7.0 version is being released to 6.x and 5.x users to
remove root setuid bits to prevent a known dump exploit.
* Click here for LWN Updates for gnorpm
* Click here for LWN Updates for dump
Top of Page
Miscellaneous
Date: November 30, 2000
Released: November 29, 2000
Platform: Networks Running SonicWALL SOHO 5.0.0 / 4.0.0
Warning About: SonicWALL SOHO Denial of Service Vulnerability
Report From: Security Focus
* Release Note: SonicWALL SOHO provides a secure internet connection
for a network. SonicWALL SOHO is subject to a denial of service.
* Click here for Advisory on SonicWALL SOHO Vulnerability
Date: November 30, 2000
Released: November 28, 2000
Platform: Telco's Running Cisco DSL Router 675.0
Warning About: Cisco 675 Web AdminDenial of Service Vulnerability
Report From: Security Focus
* Release Note: The Cisco 675 DSL Router is a popular DSL router in
wide use and distributed to major telco's for their SOHO clients.
A vulnerability exists in the Cisco 675 DSL Router that could allow a
remote attacker to initiate a Denial of Service attack against the
router requiring it to be power cycled in order to resume normal
operation.
* Click here for Advisory on Cisco DSL Router 675.0
Date: November 29, 2000
Released: November 27, 2000
Platform: BSDI BSD / OS 4.0.1 / 4.0/ 3.1 / 3.0
Warning About: rcvtty Arbitrary Command Execution Vulnerability
Report From: Security Focus
* Release Note: rcvtty is a component of the unix NH mail system. The
version of rcvtty for BSD/OS systems is known to contain a
vulnerability that may allow local users to elevate their privileges.
* Click here for Advisory on rcvtty Execution Vulnerability
Date: November 28, 2000
Released: November 27, 2000
Platform: Systems Running Christopher Heschong Twig 2.5.1
Warning About: Twig Remote Arbitrary Script Execution Vulnerability
Report From: Security Focus
* Release Note: Twig is a popular web-based email system written in PHP3.
Version 2.5.1 and possibly earlier versions of Twig contain a
vulnerability that may allow a remote attacker to gain local access to
the webserver on which it is installed with httpd privileges. One of
Twig's component scripts, index.php3, uses a variable called vhosts[],
containing entries for each virtual host on the webserver. It is
referenced in index.php3 when loading "include" PHP3 scripts, which
will be interpreted and executed when loaded.
* Click here for Advisory on Twig Vulnerability
Date: November 28, 2000 * Updated
Platform: UNIX
Warning About: Unix.LoveLetter VBScript Worm
Report From: F-Secure
* Release Note: Unix.LoveLetter is the VBS/LoveLetter.A virus that is
ported to a generic unix shell script and contains the functionality
of the original Windows e-mail worm. Unix.LoveLetter is not widespread
at all. Information about the original VBS/LoveLetter.A is available
at: http://www.F-Secure.com/v-descs/love.htm
* Click here for Report on Unix.LoveLetter VBScript Worm
Date: November 27, 2000
Released: November 24, 2000
Platform: Java Virtual Machine (VM)
Warning About: Lotus Notes Client R5 Vulnerability
Report From: Security Focus
* Release Note: Lotus Notes Client R5 is a messaging and collaboration
tool that contains a built in web browser. The web browser implements
a Java Virtual Machine (VM) designed specifically for Lotus Notes.
A security vulnerability exists in the Execution Control List (ECL)
feature within the Java VM that may allow a third party intruder to
verify the existence of files on the system.
* Click here for Advisory on Lotus Notes Client R5 Vulnerability
Date: November 24, 2000
Released: November 23, 2000
Platform: UNIX Balabit syslog-ng 1.4.7/1.4.6 and prior
Warning About: Balabit syslog-ng Incomplete Priority String
Remote DoS
Report From: Security Focus
* Release Note: syslog-ng is a replacement for syslogd on Unix systems.
Due to a fault in the log message parsing function, it can be
remotely terminated via a SIGSEGV by causing a certain string to be
included in a log message.
* Click here for Advisory on syslog-ng Incomplete Priority String
Date: November 24, 2000
Released: November 23, 2000
Platform: Phorum Phorum 3.1.x to 3.2.7
Warning About: Phorum PHP Source Disclosure Vulnerability
Report From: Security Focus
* Release Note: Phorum is a PHP based web forums package. Due to an
error in the implementation of forum selection in administrative
scripts, any user can view the source of any PHP script on the
target host.
* Click here for Advisory on PHP Vulnerability
Date: November 23, 2000
Released: November 21, 2000
Platform: Sun Solaris 8.0, MS Windows98 /NT 4.0 / NT 2000,
Linux kernel 2.3.x, IBM AIX 4.3.2, HP HP-UX 11.4
Warning About: Unify eWave ServletExec JSP Source Disclosure
Vulnerability
Report From: Security Focus
* Release Note: Unify eWave ServletExec is a Java/Java Servlet engine
plug-in for major web servers such as Microsoft IIS, Apache,
Netscape Enterprise Server, etc. ServletExec will return the source
code of JSP files when a HTTP request is appended with a specific
character. Read the full report.
* Click here for Advisory on Unify eWave ServletExec
Date: November 20, 2000
Released: November 16, 2000
Platform: Netopia 650-ST ISDN Router
Warning About: Netopia 650-ST ISDN Router 3.3.2 firmware
Report From: Security Focus
* Release Note: A vulnerability exists in the Netopia 650-ST ISDN router,
firmware version 3.3.2. A user connected to the unit's telnet interface
can cause the device's system logs to be displayed with a simple
keystroke entered by the user at the login screen.
* Click here for Advisory on Netopia 650-ST ISDN Router
Date: November 20, 2000
Released: November 14, 2000
Platform: DC Scripts DCForum 6.0
Warning About: cgforum.cgi Arbitrary File Disclosure Vulnerability
Report From: Security Focus
* Release Note: DCForum is a commercial cgi script from DCScripts which
is designed to facilitate web-based threaded discussion forums.
The script improperly validates user-supplied input, which allows the
remote viewing of arbitrary files on the host which are readable by
user 'nobody' or the webserver. Additionally, it has been reported
that the dcforum.cgi script can be made to delete itself if the
attacker attempts to read its source code using this method,
effectively permitting a denial-of-service attack.
* Click here for Advisory on cgforum.cgi Vulnerability
Date: November 14, 2000
Reported: November 13, 2000
Platform: Internet Software Consortium (ISC) BIND v8.2 - 8.2.2-P6
Name Servers derived from BIND v8.2 - 8.2.2-P6
Warning About: Mulitple Denial-of-Service Problems in ISC BIND
Report From: CERT
* Release Note: The Internet Software Consortium, the maintainer
of BIND, the software used to provide domain name resolution
services, has recently posted information about several
denial-of-service vulnerabilities. If exploited, any of these
vulnerabilities could allow remote intruders to cause site DNS
services to be stopped. For more information about these
vulnerabilities and others, please read the CERT advisory.
* Click here for CERT CA-2000-20
Date: November 14, 2000
Released: November 10, 2000
Platform: Foundry Firmware
Warning About: Telnet Login Denial of Service Vulnerability
Report From: Security Focus
* Click here for Advisory on Telnet Login DoS Vulnerability
Date: November 14, 2000
Released: November 10, 2000
Platform: McMurtrey/Whitaker & Associates Cart32
Warning About: Path Disclosure Vulnerability
Report From: Security Focus
* Click here for Advisory on Cart32 Path Disclosure Vulnerability
Date: November 14, 2000
Released: November 10, 2000
Platform: McMurtrey/Whitaker & Associates Cart32
Warning About: DoS Vulnerability
Report From: Security Focus
* Click here for Advisory on Cart32 DoS Vulnerability
Date: November 10, 2000
Reported: November 08, 2000
Platform: HP's HP-UX Operating System
Warning About: Local Arbitrary File Read Vulnerability
Report From: Security Focus
* Release Note: The registrar service that ships with version 10.20
(possibly others) of HP's HP-UX operating system contains a
vulnerability that may allow a local user to read any file on the
hosts filesystem.
* Click here for Advisory on File Read Vulnerability
Date: November 10, 2000
Reported: November 08, 2000
Platform: StarOffice with Some Versions of Sun Solaris / S.u.S.E.
Linux / and RedHat Linux
Warning About: StarOffice Vulnerability
Report From: Security Focus
* Release Note: Vulnerability in StarOffice /tmp Directory Symbolic
Link
* Click here for Security Focus Advisory on StarOffice
Date: November 10, 2000
Reported: November 08, 2000
Platform: ISC BIND 8.2.2-P5
Warning About: Denial of Service Vulnerability
Report From: Security Focus
* Click here for Security Focus Advisory on DDoS Vulnerability
Back to the Virus Archives page