Virus Warnings from December 2000
______________________________________________________________
[Jump to Amiga] [Jump to Windows] [Jump to Mac]
[Jump to Linux] [Jump to Misc]
______________________________________________________________
Amiga
Date: December 28, 2000
Platform: Amiga
Warning About: Another Amiga trojan found !!!
Report From: Virus Help Denmark
* Release Note: Today we recived a new 'lame' trojan. This trojan
will delete your "sys:" if you run the program. At this time non
of the anti-virus programs can detect this trojan, but in the next
update they will be known.
* Click here for VHT-DK Virus Warning vht-dk93
Date: December 19, 2000
Platform: Amiga
Warning About: New Amiga trojan found !!!
Report From: Virus Help Denmark
* Release Note: Today we recived a new 'lame' trojan. This trojan
will only execute it self if you have named your hard-disk "DH0"
and "DH1". The trojan is spread in and archive with the name
"DKG-BLUM.LHA".
* Click here for VHT-DK Virus Warning vht-dk92
Top of Page
Windows
Date: December 31, 2000
Released: December 29, 2000
Platform: Windows NT 4.0 / NT 2000 / Linux Versions
Warning About: ikonboard Arbitrary Command Execution Vulnerability
Report From: Security Focus
* Release Note: ikonboard is a forum management software package
available from ikonboard.com. A problem exists with could allow
users access to restricted resources.
* Click here for Advisory on ikonboard Vulnerability
Date: December 31, 2000
Released: December 28, 2000
Platform: Windows NT 4.0 / NT 2000
Warning About: Technote Inc Technote 'filename' Variable File
Disclosure Vulnerability
Report From: Security Focus
* Release Note: Technote Inc. offers a Multicommunication Package which
includes a web board type of service. Successful exploitation of this
vulnerability could lead to the disclosure of sensitive information
and possibly assist in further attacks against the victim.
* Click here for Advisory on Technote Vulnerability
Date: December 31, 2000
Released: December 29, 2000
Platform: Windows
Warning About: VBS/Tqll.a@MM Worm
Aliases: VBS/Tqll-A
Report From: Network Associates
* Release Note: The Windows Scripting Host (part of Internet Explorer
5) is required for this virus to function. When run this script
creates the executable, "3K.EXE" in the Windows directory, and runs
it. This file is a trojan, and the script then mails itself to
everyone in your Windows Address Book. Read the complete report for
Method Of Infection and Removal Instructions
* Click here for Report on VBS/Tqll.a@MM Worm
Date: December 31, 2000
Released: December 29, 2000
Platform: Windows / Outlook
Warning About: W97M/Ftip.a@mm Internet Worm
Aliases: ftip.doc
Report From: Network Associates
* Release Note: This is an Internet worm written in Visual Basic for
Applications within a Word97 document. This worm may arrive via
email. Read the complete report for Method Of Infection and Removal
Instructions
* Click here for Report on W97M/Ftip.a@mm Internet Worm
Date: December 31, 2000
Released: December 29, 2000
Platform: Windows Scripting Host
Warning About: VBS/Sorry.a Worm
Aliases: VBS.Sorry.A, VBS_TTFLOADER.A
Report From: Network Associates
* Release Note: This script is detected by current DAT files and
Engine as VBS/Pica.worm.gen. The Windows Scripting Host (part of
Internet Explorer 5) is required for this virus to function. When
this Visual Basic Script virus is executed, it copies itself to
a .vbs file, and makes registry modifications. Read the complete
report for Method Of Infection and Removal Instructions
* Click here for Report on VBS/Sorry.a Worm
Date: December 31, 2000
Released: December 29, 2000
Platform: Windows Scripting Host
Warning About: VBS/Mill.f@MM Worm
Report From: Network Associates
* Release Note: The Windows Scripting Host (part of Internet Explorer
5) is required for this virus to function. When run this script
creates copies of itself to some files. The script then mails it
self to all entries in the Windows Address Book using certain
information. Read the complete report for Method Of Infection and
Removal Instructions
* Click here for Report on VBS/Mill.f@MM Worm
Date: December 28, 2000
Released: December 27, 2000
Platform: PC
Warning About: VBS/Yelp@M.intd VBScript Worm
Report From: Network Associates
* Release Note: This script contains a bug which prevents it from
running. The intention of the script is an Internet worm which when
executed emails itself once to the first entry in the address book.
This script may arrive via email, or may also modify mIRC client
script to distribute itself when joining IRC chat. Read the complete
report for Method Of Infection and Removal Instructions
* Click here for Report on VBS/Yelp@M.intd Worm
Date: December 26, 2000
Released: December 22, 2000
Platform: MS IIS 5.0 / 4.0
Windows NT 2000 / NT 4.0 / BackOffice 4.5
Warning About: Front Page Server Extension DoS Vulnerability
Report From: Security Focus
* Release Note: Microsoft IIS ships with Front Page Server Extensions
(FPSE) which enables administrators remote and local web page and
content management. Browse - time support is another feature within
FPSE which provides users with functional web applications. Due to
the way FPSE handles the processing of web forms, IIS is subject to
a denial of service.
* Click here for Advisory on Microsoft IIS DoS Vulnerability
Date: December 26, 2000
Released: December 22, 2000
Platform: Microsoft IIS (Internet Information Server)
Patch Available: Malformed Web Form Submission Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a security
vulnerability in a component that ships as part of Microsoft Internet
Information Server. The vulnerability could potentially allow an
attacker to prevent an affected web server from providing useful
service.
* Click here for MS Security Bulletin MS00-100
Date: December 21, 2000
Released: December 20, 2000
Platform: MS Windows 2000
Warning About: MS Win2000 Directory Services Restore Mode
Blank Password Vulnerability
Report From: Security Focus
* Release Note: Please read the report for the full details.
* Click here for Advisory on Dir Services Vulnerability
Date: December 21, 2000
Platform: Windows
Warning About: VBS/Season Virus
Aliases: BAT_SEASON.A, IRC_SEASON.A, VBS_SEASON.A
Report From: Network Associates
* Release Note: The Windows Scripting Host (part of Internet Explorer
5) is required for this virus to function. When this Visual Basic
Script virus is executed, the script performs certain functions.
Read the complete report for Method Of Infection and Removal
Instructions
* Click here for Report on VBS/Season Virus
Date: December 21, 2000
Released: December 20, 2000
Platform: Windows
Warning About: VBS/Sheep Virus
Aliases: VBS/Sheep-A
Report From: Network Associates
* Release Note: The Windows Scripting Host (part of Internet Explorer
5) is required for this virus to function. When this Visual Basic
Script virus is executed, it will modify the a file to instruct
mIRC to distribute the worm to others when connecting to a chat
room. Read the complete report for Method Of Infection and Removal
Instructions
* Click here for Report on VBS/Sheep Virus
Date: December 21, 2000
Released: December 19, 2000
Platform: Windows
Warning About: VBS/Stertor Virus
Report From: Network Associates
* Release Note: This Visual Basic Script virus is contained in a .HTM
file. The Windows Scripting Host (part of Internet Explorer 5) is
required for this virus to function. When an infected document is
opened, the user is prompted by Internet Explorer to allow the
execution of potentially unsafe ActiveX controls. Read the complete
report for Method Of Infection and Removal Instructions
* Click here for Report on VBS/Stertor Virus
Date: December 21, 2000
Released: December 18, 2000
Platform: MS Word97 and Word2000
Warning About: W97M/Jedan.b Macro Virus
Aliases:
Report From: Network Associates
* Release Note: This virus propagates by infecting Word Documents
and Templates in MS Word97 and Word2000. The virus consists of
a macro "ThisDocument". When a file is opened the virus checks
for a prior W97M/Jedan infection. If the document or template is
not currently infected the virus proceeds in copying its code to
that file. Read the complete report for Method Of Infection and
Removal Instructions
* Click here for Report on W97M/Jedan.b Macro Virus
Date: December 21, 2000
Released: December 20, 2000
Platform: MS Windows 2000 Domain Controllers
Patch Available: Directory Service Restore Mode Password
Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability affecting Microsoft. Windows. 2000 domain
controllers. The vulnerability could allow a malicious user with
physical access to a domain controller to install malicious
software on it.
* Click here for MS Security Bulletin MS00-099
Date: December 21, 2000
Released: December 19, 2000
Platform: MS Windows 2000
Patch Available: Indexing Service File Enumeration Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability in a component that ships as part of MS
Windows 2000. The vulnerability could allow a malicious web site
operator to learn the names and properties of files and folders on
the machine of a visiting user.
* Click here for MS Security Bulletin MS00-098
Date: December 17, 2000
Released: December 15, 2000
Platform: MS Windows Media Services
Patch Available: Severed Windows Media Server Connection
Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability in Microsoft Windows Media Services. The
vulnerability could allow a malicious user to degradhe performance
of a Windows Media server, possibly to the point where it could no
longer provide useful service.
* Click here for MS Security Bulletin MS00-097
Date: December 15, 2000
Released: December 14, 2000
Platform: Windows and UNIX
Warning About: Subscribe-Me Lite Administration Access Vulnerability
Report From: Security Focus
* Release Note: A vulnerability exists in certain versions of
Subscribe-Me Lite, the non-commercial version of a mailing list
administration script from cgiscriptcenter.com. Windows and Unix
versions are affected. It is possible for an attacker to obtain
access to the script's administration panel, and to delete arbitrary
members from the mailing lists supported by the vulnerable script.
* Click here for Advisory on Subscribe-Me Lite Vulnerability
Date: December 15, 2000
Released: December 13, 2000
Platform: PC
Warning About: Thus Macro Virus
Aliases: Thursday
Report From: F-Secure
* Release Note: Thus is a Word 97 macro virus that has a destructive
payload. Many Thus variants activate their payload at December 13th.
Then the virus deletes all files frome root of "C:" drive and from
all its subdirectories, but it does not delete directories
themselves.
* Click here for Report on Thus Macro Virus
Date: December 14, 2000
Released: December 13, 2000
Platform: Various MS IIS Far East Editions, Running Windows NT 2000
Along With Some Versions Of MS BackOffice
Warning About: MS IIS Far East Edition DBCS File Disclosure Vulnerability
Report From: Security Focus
* Release Note: The Far East editions of Microsoft IIS do not properly
validate HTTP requests containing double-byte character sets (DBCS) which may lead
to the disclosure of files contained within the web root. The editions
that are affected include Traditional Chinese, Simplified Chinese,
Japanese, and Korean (Hangeul). This vulnerability affects IIS prior
to SP6.
* Click here for Advisory on MS IIS Far East Edition
Date: December 13, 2000
Released: December 12, 2000
Platform: MS Windows
Warning About: Backdoor-JN Trojan
Aliases:
Report From: Network Associates
* Release Note: This backdoor trojan is being distributed on a website
via the VBS/RunScript.gen4 script. The trojan sends information
about your system to an ICQMail user. This information contains the
instructions for that user to take control of your computer remotely,
to perform various tasks including the retrieval of usernames and
passwords. For those using Internet Explorer 5, viewing this website
installs this trojan on your system. Read the complete report for
Method Of Infection and Removal Instructions
* Click here for Report on Backdoor-JN Trojan
Date: December 13, 2000
Released: December 12, 2000
Platform: MS Outlook, mIRC and Pirch
Warning About: Forgotten Worm
Aliases: VBS/Forgotten.A-mm, VBS/Pica.worm.gen
Variants: Forgotten.A
Report From: F-Secure
* Release Note: Forgotten is a worm written in Visual Basic Scipt that
speads without any attachment.
* Click here for Report on Forgotten Worm
Date: December 13, 2000
Released: December 11, 2000
Platform: MS Windows
Warning About: BleBla Worm
Aliases: Romeo-and-Juliet, Romeo, Juliet
Verona, IWorm_Blebla, I-Worm.Blebla
Report From: F-Secure
* Release Note: BleBla is a worm spreading via Internet. It was
discovered in Poland on November 16th, 2000. The worm appears as
an email message that has HTML formal and 2 attached files:
MyJuliet.CHM and MyRomeo.EXE.
* Click here for Report on BleBla Worm
Date: December 13, 2000
Released: December 11, 2000
Platform: Win32
Warning About: Win32 DDoS Trojan
Aliases: DDoS_Kozog, DDoS.Kozog, Kozirog
Report From: F-Secure
* Release Note: Kozog is Win32 DDoS (Distributed Denial of Service
attack) trojan that was distributed by a hacker (or hackers group)
in November 2000. The trojan was sent as email messages with
attached file.
* Click here for Report on Kozog
Date: December 12, 2000
Released: December 09, 2000
Platform: MS Windows 95 / 98 / Windows ME
Warning About: SmartStuff FoolProof Security Program Restriction
Bypass Vulnerability
Report From: Security Focus
* Release Note: A vulnerability exists in SmartStuff's FoolProof
Security for Windows 9x/Me. The application, which is designed to
restrict the executables which can be run on a (usually public)
workstation, can be circumvented by downloading (ie, via FTP) and
renaming a copy of the disallowed executable.
* Click here for Advisory on SmartStuff FoolProof Vulnerability
Date: December 08, 2000
Platform: MS Win32
Warning About: Hybris Internet Worm
Aliases: IWorm_Hybris, I-Worm.Hybris
Report From: F-Secure
* Release Note: Hybris is an Internet worm that spreads itself as an
attachment to email messages. The worm works under Win32 systems
only. The worm contains components (plugins) in its code that are
executed depending on what worm needs, and these components can be
upgraded from an Internet Web site. The major worm versions are
encrypted with semi-polymorphic encryption loop.
* Click here for Report on Hybris Internet Worm
Date: December 07, 2000
Released: December 06, 2000
Platform: MS Windows NT 4.0 / NT 2000
Warning About: Apache Web Server with Php 3 File Disclosure
Vulnerability
Report From: Security Focus
* Release Note: Apache Web Server is subject to disclose files to
unauthorized users when used in conjunction with the PHP3 script
language. By requesting a specially crafted URL by way of php,
it is possible for a remote user to gain read access to a known
file that resides on the target host.
* Click here for Advisory on Apache Web Server with Php 3
Date: December 07, 2000
Released: December 06, 2000
Platform: MS Windows NT Terminal Server / Windows NT 4.0
Warning About: MS WinNT 4.0 RAS Administration Registry
Key Vulnerability
Report From: Security Focus
* Release Note: The registry key in Windows NT 4.0 that handles the
administration of Remote Access Service (RAS) third-party tools is
not properly configured to deny write access to unprivileged users.
Therefore, the malicious user would be able to perform any action
under the LocalSystem security context which would basically yield
full control over the local machine.
* Click here for Advisory on MS WinNT 4.0 RAS Vulnerability
Date: December 07, 2000
Released: December 06, 2000
Platform: MS Windows NT Terminal Server / Windows NT 4.0
Warning About: MS WinNT 4.0 MTS Package Administration Registry
Key Vulnerability
Report From: Security Focus
* Release Note: Microsoft Transaction Server (MTS) is the mechanism
used by Microsoft Windows NT to handle transactions or MTS packages
which are series of software modules that form a transaction.
The registry key in Windows NT 4.0 that handles the administration of
Microsoft Transaction Server (MTS) is not properly configured to deny
write access to unprivileged users.
* Click here for Advisory on MS WinNT 4.0 MTS Vulnerability
Date: December 07, 2000
Released: December 06, 2000
Platform: MS Windows NT 4.0 / NT 2000
Warning About: MS WinNT & 2000 SNMP Registry Key Modification
Vulnerability
Report From: Security Focus
* Release Note: The SNMP protocol in Windows NT4 and 2000 enables an
administrator to manage network devices remotely. Due to a default
configuration error the SNMP Registry Key premits any user, that is
logged into that particular machine, to edit the settings.
Successful exploitation of this vulnerability could allow a user to
gain full control of network devices.
* Click here for Advisory on MS WinNT & 2000 SNMP Vulnerability
Date: December 07, 2000
Platform: Microsoft Windows
Warning About: QDel126 Trojan Virus
Report From: Network Associates
* Release Note: This is a file deleting trojan. When loaded in memory,
it will delete all files on non-write-protected diskettes that are
placed into the foppy dive. It then copies itself to the diskette.
The Visual Basic runtime files (vesion 6 or higher) are required for
this program to run. Upon execution the trojan saves a copy of itself
to the SYSTEM directory under the name "VMM66.EXE" and creates
a registry key value to allow the program to load at system
startup.
* Click here for Report on QDel126 Virus
Date: December 07, 2000
Platform: Microsoft Windows
Warning About: W32/HLL.ow Virus
Report From: Network Associates
* Release Note: This, file overwriting, virus infects all .EXE files
in the directory which it is executed from that do not have the
HIDDEN file attribute set. Infected files must be deleted and
restored from backup. The Visual Basic Runtimes files (version 6
or higher) are required for this virus to function.
* Click here for Report on W32/HLL.ow Virus
Date: December 07, 2000
Platform: MS Windows 2000
Patch Available: SNMP Parameters Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a tool that corrects the
permissions on several registry values in Microsoft Windows 2000.
The default permissions could allow a malicious user to monitor or
reconfigure certain devices on a network.
* Click here for MS Security Bulletin MS00-096
Date: December 07, 2000
Platform: MS Windows NT. 4.0
Patch Available: Registry Permissions Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a tool that corrects the
permissions on several registry values in Microsoft Windows NT 4.0.
The default permissions could allow a malicious user to gain
additional privileges on an affected machine.
* Click here for MS Security Bulletin MS00-095
Date: December 05, 2000
Platform: Microsoft Windows NT 4.0 / NT 2000
Warning About: Microsoft PhoneBook Server Buffer Overflow
Report From: Security Focus
* Release Note: The Phone Book Service is an optional component that
ships with the NT 4 Option Pack and Windows 2000. It is not installed
by default. A buffer overflow vulnerability was discovered in the URL
processing routines of the Phone Book Service requests on IIS 4 and
IIS 5.
* Click here for MS PhoneBook Server Buffer Overflow
Date: December 05, 2000
Platform: MS Windows 98 / 95 / NT 4.0 / NT 2000
Warning About: MS Internet Explorer 'INPUT TYPE=FILE' Vulnerability
Report From: Security Focus
* Release Note: One of the ways users submit information to remote
websites is through the INPUT type form options. Users can upload
files to remote webservers with the input type=FILE option. Due to
a design error in the implementation of the INPUT TYPE=FILE variable,
it is possible for a website operator to specify a known filename
from the visitors machine for upload to the website.
* Click here for MS IE 'INPUT TYPE=FILE' Vulnerability
Date: December 05, 2000
Platform: MS Windows 9x / Windows ME
Warning About: W32/XTC@MM Virus Internet Worm
Aliases: I-Worm.XTC
Report From: Network Associates
* Release Note: This is a mass mailing Internet worm and backdoor
trojan which is also capable of spreading via open local network
shares. It arrives as an encrypted and compressed executable.
Read the report for Method Of Infection and Removal Instructions.
* Click here for Report on W32/XTC@MM Virus Internet Worm
Date: December 05, 2000
Platform: MS Windows NT 4.0 and Windows 2000 Servers
Patch Available: Phone Book Server Buffer Overflow Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability in an optional service that ships with
Microsoft Windows NT. 4.0 and Windows. 2000 Servers. The vulnerability
could allow a malicious user to execute hostile code on a remote
server that is running the service.
* Click here for MS Security Bulletin MS00-094
Date: December 04, 2000 * Updated from Dec 1st
Platform: Windows 95/98/ME/NT/2000
Warning About: Creative Email Worm
Aliases: Prolin, Shockwave, W32/Prolin@mm, TROJ_SHOCKWAVE,
TROJ_PROLIN
Report From: F-Secure
* Release Note: Prolin is an e-mail worm that spreads itself using
MS Outlook. The worm itself is a Windows EXE file about 37Kb long
written in VisualBasic. This vandal arrives as an executable
attachment named CREATIVE.EXE, masquerading as a Shockwave animation.
The worm uses the standard "Melissa"-like way of spreading itself. It
opens MS Outlook's address book, gets e-mail addresses from there and
sends its copies to these addresses.
* Click here for Report on Creative Email Worm
* Click here for AISS Report on Creative
Date: December 03, 2000
Released: December 01, 2000
Platform: Multiple Versions of MS Windows Running Certain MS Apps
Warning About:
Report From: Security Focus
* Release Note: The API Srv_paraminfo(), which is implemented by
Extended Stored Procedures (XPs) in Microsoft SQL Server and Data
Engine, is susceptible to a buffer overflow vulnerability which
may cause the application to fail or arbitrary code to be executed
on the target system depending on the data entered into the buffer.
* Click here for xp_displayparamstmt Buffer Overflow Vulnerability
* Click here for xp_enumresultset Buffer Overflow Vulnerability
Date: December 03, 2000
Released: December 01, 2000
Platform: MS Windows Running Certain MS Applications
Warning About: Microsoft SQL Server / Data Engine
Report From: Security Focus
* Release Note: The API Srv_paraminfo(), which is implemented by
Extended Stored Procedures (XPs) in Microsoft SQL Server and Data
Engine, is susceptible to a buffer overflow vulnerability which
may cause the application to fail or arbitrary code to be executed
on the target system depending on the data entered into the buffer.
* Click here for xp_showcolv Buffer Overflow Vulnerability
* Click here for xp_updatecolvbm Buffer Overflow Vulnerability
* Click here for xp_peekqueue Buffer Overflow Vulnerability
* Click here for xp_printstatements Buffer Overflow Vulnerability
* Click here for xp_proxiedmetadata Buffer Overflow Vulnerability
* Click here for xp_SetSQLSecurity Buffer Overflow Vulnerability
Date: December 03, 2000
Released: December 01, 2000
Platform: MS Internet Explorer 5.x
Patch Available: Browser Print Template and File Upload via Form
Vulnerabilities
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates four
security vulnerabilities in Microsoft Internet Explorer
* Click here for MS Security Bulletin MS00-093
Date: December 03, 2000
Released: December 01, 2000
Platform: MS SQL Server and SQL Server Desktop Engine (MSDE)
Patch Available: Extended Stored Procedure Parameter Parsing
Vulnerabilities
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability in Microsoft SQL Server and Microsoft SQL
Server Desktop Engine. The vulnerability could enable a malicious
user to run code on the server, subject to a number of restrictions.
* Click here for MS Security Bulletin MS00-092
Date: December 03, 2000
Released: December 01, 2000
Platform: MS Windows NT 2000 / Windows 95/98/NT with VB 6.0
Warning About: Prolin Internet-worm
Report From: Kaspersky Lab
* Release Note: Kaspersky Lab, announces the discovery of a new
Internet- worm, "Prolin", that has been developed by an unknown
hacker going by the pseudonym of "The Penguin." To date, Kaspersky
Lab has received many reports of infections by this worm from Poland.
* Click here for Virus Alert on Prolin Internet-worm
Date: December 01, 2000
Released: November 30, 2000
Platform: MS Windows NT 2000
Warning About: MS Windows 2000 Telnet Session Timeout DoS
Report From: Security Focus
* Release Note: The Telnet daemon shipped with Windows 2000 is
susceptible to a trivial denial of service attack if an initiated
session is not reset.
* Click here for Advisory on Telnet Session Timeout
Date: December 01, 2000
Released: November 30, 2000
Platform: MS Windows ME / 98se / 98 / 95 / NT 4.0
Warning About: MS Windows 9x / NT 4.0 NetBIOS Resource
Exhaustion Vulnerability
Report From: Security Focus
* Release Note: Microsoft's implementation NetBIOS is vulnerable to
a remotely exploitable denial of service attack. An attacker who
has access to the NBT port can cause the system to become exhausted
of network resources and cease functioning.
* Click here for Advisory on Resource Exhaustion Vulnerability
Date: December 01, 2000
Released: November 30, 2000
Platform: MS Windows NT 4.0 / 95, 98, 98 2nd Edition, and Windows Me
Patch Available: Incomplete TCP/IP Packet Vulnerability
Report From: MicroSoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates a
security vulnerability in Microsoft Windows NT 4.0 and a recommended
workaround for Windows 95, 98, 98 Second Edition, and Windows Me. The
vulnerability could allow a malicious user to temporarily prevent an
affected machine from providing any networking services or cause it
to stop responding entirely.
* Click here for MS Security Bulletin MS00-091
Date: December 01, 2000
Platform: Microsoft
Warning About: Creative Email Worm
Aliases: Prolin, Shockwave, W32/Prolin@mm, TROJ_SHOCKWAVE,
TROJ_PROLIN
Report From: F-Secure
* Release Note: Prolin is a email worm that arrives in a messages.
When the attached file is executed, the worm will send itself to all
recipients on all address book using Outlook and adds itself to the
Windows startup directory.
* Click here for Report on Creative Email Worm
Date: December 01, 2000
Released: November 30, 2000
Platform: Microsoft
Warning About: VBS/Draft VBScript Worm
Aliases: Forwarder, I-Worm.Draft
Variants: Draft.A@mm
Report From: F-Secure
* Release Note: VBS/Draft is a mass mailing email worm written in
VBScript. VBS/Draft.A@mm is a worm that replicates by forwarding
the infected message. When the attachment is executed, the worm
forwards the infected message to all recipients from "All Users"
distribution list.
* Click here for Report on VBS/Draft VBScript Worm
Top of Page
Macintosh
Date: December 21, 2000
Platform: Apple MacIntosh
Warning About: Apple Macintosh MRJ Unauthorized File Access
Vulnerability
Report From: Security Focus
* Release Note: Please read the report for the full details.
* Click here for Advisory on MRJ Vulnerability
Top of Page
Linux
Date: December 31, 2000
Released: December 29, 2000
Platform: Windows NT 4.0 / NT 2000 / Linux Versions
Warning About: ikonboard Arbitrary Command Execution Vulnerability
Report From: Security Focus
* Release Note: ikonboard is a forum management software package
available from ikonboard.com. A problem exists with could allow
users access to restricted resources.
* Click here for Advisory on ikonboard Vulnerability
Date: December 31, 2000
Released: December 29, 2000
Platform: Connectiva
Updates To: Security Announcement: gnupg
Report From: Linux Daily News
* Release Note: Connectiva has released a security announcement
concerning a Vulnerability with detached signatures and web of
trust in gnupg.
* Click here for LWN Security Announcement: gnupg
Date: December 28, 2000
Platform: RedHat Linux 6.1 i386
Warning About: Security-Enhanced Linux Buffer Overflow Vulnerability
Report From: Security Focus
* Release Note: Security-Enhanced Linux is an add-on access control
infrastructure developed and distributed by the U.S. National Security
Agency. A problem exists which could allow the altering of sensitive
information on a running system.
* Click here for Advisory on Security-Enhanced Linux Vulnerability
Date: December 28, 2000
Released: December 27, 2000
Platform: Debian Linux
Warning About: dialog /tmp File Race Condition Vulnerability
Report From: Security Focus
* Release Note: dialog is a program available with the Debian
distribution of the Linux Operating System. A problem exists which
could allow a user to append to or overwrite files owned by another
user.
* Click here for Advisory on dialog /tmp Vulnerability
Date: December 28, 2000
Platform: TurboLinux
Updates To: Security Announcement
Report From: Linux Daily News
* Release Note: Turbolinux has reported a security hole in fetchmail
5.5.0-2 and earlier.
* Click here for LWN Security Update To fetchmail-5.5.0-2
Date: December 26, 2000
Released: December 24, 2000
Platform: Debian
Updates To: Debian Security Advisories
Report From: Linux Daily News
* Release Note: Debian has issued security advisories for dialog,
stunnel and gnupg.
* Click here for LWN Security Advisory For dialog
* Click here for LWN Security Advisory For stunnel
* Click here for LWN Security Advisory For gnupg
Date: December 26, 2000
Released: December 21, 2000
Platform: Red Hat
Updates To: Stunnel Packages
Report From: Linux Daily News
* Release Note: Red Hat has issued another update for its stunnel
packages. This one addresses writing to non-existent directories.
* Click here for LWN Security Update To Stunnel Packages
Date: December 21, 2000
Released: December 18, 2000
Platform: Linux / FreeBSD
Warning About: BSD ftpd Single Byte Buffer Overflow Vulnerability
Report From: Security Focus
* Release Note: Please read the report for the full details.
* Click here for Advisory on ftpd Vulnerability
Date: December 21, 2000
Released: December 18, 2000
Platform: Linux / FreeBSD
Warning About: FreeBSD procfs Access Control Vulnerability
Report From: Security Focus
* Release Note: Please read the report for the full details.
* Click here for Advisory on procfs Vulnerability
Date: December 21, 2000
Released: December 18, 2000
Platform: Linux / FreeBSD
Warning About: FreeBSD procfs Denial of Service Vulnerability
Report From: Security Focus
* Release Note: Please read the report for the full details.
* Click here for Advisory on procfs DoS Vulnerability
Date: December 21, 2000
Released: December 18, 2000
Platform: Linux / FreeBSD
Warning About: FreeBSD procfs jail Breaking Vulnerability
Report From: Security Focus
* Release Note: Please read the report for the full details.
* Click here for Advisory on procfs Vulnerability
Date: December 17, 2000
Released: December 16, 2000
Platform: Linux Mandrake
Updates To: Security Update For pam
Report From: Linux Daily News
* Release Note: Linux Mandrake issued a security update for the pam
module. Shortly after that they issued an updated advisory.
* Click here for LWN Security Update To pam
* Click here for LWN Updated Advisory To pam
Date: December 17, 2000
Released: December 16, 2000
Platform: Slackware Linux
Updates To: OpenSSL Cryptography Libraries
Report From: Linux Daily News
* Release Note: Slackware Linux announced the addition of the OpenSSL
cryptography libraries and the OpenSSH suite of network connectivity
tools. Users of Slackware 7.1 and -current can download these
packages from Slackware's current developmental tree.
* Click here for LWN OpenSSL Cryptography Libraries
Date: December 17, 2000
Released: December 16, 2000
Platform: Linux-Mandrake
Updates To: Security Alert For jpilot
Report From: Linux Daily News
* Release Note: Linux-Mandrake reports that the jpilot program
automatically creates a directory called .jpilot/ in the user's home
directory with 777 (world read/write/execute) permissions. This
directory is used to store all backups, configuration and
synchronized Palm Pilot information.
* Click here for LWN Security Alert To jpilot
Date: December 15, 2000
Released: December 14, 2000
Platform: Windows and UNIX
Warning About: Subscribe-Me Lite Administration Access Vulnerability
Report From: Security Focus
* Release Note: A vulnerability exists in certain versions of
Subscribe-Me Lite, the non-commercial version of a mailing list
administration script from cgiscriptcenter.com. Windows and Unix
versions are affected. It is possible for an attacker to obtain
access to the script's administration panel, and to delete arbitrary
members from the mailing lists supported by the vulnerable script.
* Click here for Advisory on Subscribe-Me Lite Vulnerability
Date: December 15, 2000
Released: December 14, 2000
Platform: Linux-Mandrake
Updates To: BitchX
Report From: Linux Daily News
* Release Note: Linux-Mandrake has posted a security bulletin for
BitchX. A possible stack overflow condition exists if a malformed
DNS answer is processed by the client, and a second bug allows
this malformed DNS record to be embedded in a valid DNS packet.
* Click here for LWN Security Bulletin To BitchX
Date: December 15, 2000
Released: December 14, 2000
Platform: Conectiva
Updates To: ed Editor And pam Module
Report From: Linux Daily News
* Release Note: Conectiva has posted security bulletins for both ed
and pam. The "ed" editor creates temporary files in an insecure way,
making it vulnerable to symlink attacks. The pam_localuser module,
part of the PAM package, has a buffer overflow vulnerability in it,
though it's not used in any dfault configurations.
* Click here for LWN Security Update To ed
* Click here for LWN Security Update To pam
Date: December 14, 2000
Released: December 12, 2000
Platform: Various Versions Of Linux
Warning About: Multiple Oops Proxy Server Buffer Overflow
Vulnerability
Report From: Security Focus
* Release Note: Oops is a freely available proxy server package,
written by Igor Khasilev. A problem exists in the package which
could allow for the arbitrary execution of code. Multiple buffer
overflows exist in this product.
* Click here for Advisory on Multiple Oops Proxy Server
Date: December 14, 2000
Released: December 12, 2000
Platform: Linux / Unix
Warning About: University of Washington Pico File Overwrite Vulnerability
Report From: Security Focus
* Release Note: A vulnerability exists in several versions of University
of Washington's Pico, a widely-distributed text editor shipped with
most versions of Linux / Unix. Under very specific circumstances, it
is possible to cause this version of Pico to overwrite arbitrary
files with the privilege level of the victim user.
* Click here for Advisory on Univ. of Wash Pico Vulnerability
Date: December 14, 2000
Released: December 12, 2000
Platform: Linux / NetBSD
Warning About: Roaring Penguin PPPoE Denial of Service Vulnerability
Report From: Security Focus
* Release Note: Roaring Penguin Software's PPPoE is a freeware PPP over
Ethernet client often used by ADSL subscribers running Linux or NetBSD.
PPPoE contains a possibly remotely exploitable denial of service
vulnerability in its handling of TCP packets when the Clamp_MSS option
is used.
* Click here for Advisory on Roaring Penguin PPPoE DDoS Vulnerability
Date: December 14, 2000
Platform: Linux / UNIX / BSDI / AT & T SVR4 4.0
Warning About: Leif M. Wright ad.cgi Unchecked Input Vulnerability
Report From: Security Focus
* Release Note: ad.cgi is an ad rotation script freely available, and
written by Leif Wright. A problem exists in the script which may
allow access to restricted resources. The problem occurs in the
method in which the script checks input.
* Click here for Advisory on Leif M. Wright ad.cgi
Date: December 14, 2000
Platform: Red Hat
Updates To: Security Update To bitchx
Report From: Linux Daily News
* Release Note: Red Hat has issued a security update to bitchx
(part of the Powertools package) fixing a vulnerability to
malformed DNS answers.
* Click here for LWN Security Update To bitchx
Date: December 13, 2000
Released: December 12, 2000
Platform: Conectiva
Updates To: Security Update To rp-pppoe
Report From: Linux Daily News
* Release Note: Conectiva has issued a security update to rp-pppoe
(a user-space PPP-over-ethernet client) fixing a problem wherein
an attacker could cause a network connection to be dropped.
* Click here for LWN Security Update To rp-pppoe
Date: December 13, 2000
Released: December 12, 2000
Platform: Linux-Mandrake
Updates To: Security Updates To apcupsd And mc
Report From: Linux Daily News
* Release Note: MandrakeSoft has issued a security update to apcupsd
fixing a problem that could allow a local attacker to kill any
process on the system. Also issued is this update to mc addressing
a vulnerability that could allow the corruption of arbitrary files
on the system.
* Click here for LWN Security Update To apcupsd
* Click here for LWN Security Update To mc
Date: December 13, 2000
Reported: December 12, 2000
Platform: RedHat Open Source Or Other Systems Running Unpatched
LPRng Software
Warning About: Input Validation Problems in LPRng
Report From: CERT
* Release Note: A popular replacement software package to the BSD
lpd printing service called LPRng contains at least one software
defect, known as a "format string vulnerability", which may allow
remote users to execute arbitrary code on vulnerable systems.
* Click here for CERT CA-2000-22
Date: December 12, 2000
Released: December 11, 2000
Platform: Linux - Various Flavours
Warning About: ssldump Format String Vulnerability
Report From: Security Focus
* Release Note: ssldump is a traffic analyzer for monitoring network
traffic in real time. It is written and maintained by Eric Rescorla.
A problem exists which could allow the arbitrary execution of code.
* Click here for Advisory on ssldump Format String Vulnerability
Date: December 10, 2000
Released: December 09, 2000
Platform: Linux Mandrake
Updates To: GNU ed line editor package
Report From: Linux Daily News
* Release Note: Linux Mandrake has issued a security advisory for
the GNU ed line editor package, which can create temporary files
unsafely.
* Click here for LWN Security Update To ed
Date: December 10, 2000
Released: December 08, 2000
Platform: Zope / Digital Creations
Updates To: Zope Security Update
Report From: Linux Daily News
* Release Note: All Zope versions up through 2.2.4 have a security
vulnerability that could allow anonymous users (i.e. anybody on
the net) to do things inside the server that they should not be
able to do. A security update has been issued by Digital Creations.
It is highly recommended that people running Zope apply this fix.
* Click here for LWN Security Update To Zope
Date: December 08, 2000
Platform: UNIX / Linux
Warning About: Lexmark Markvision Printer Driver Buffer Overflow
Vulnerabilities
Report From: Security Focus
* Release Note: MarkVision is a driver software package engineered
to allow UNIX systems use Lexmark Printers. It is distributed by
Lexmark International. A problem in the driver software could allow
elevation of priviledges.
* Click here for Advisory on Markvision Printer Driver Vulnerabilities
Date: December 07, 2000
Released: December 06, 2000
Platform: Various Linux Versons
Warning About: phpGroupWare Remote Include File Vulnerability
Report From: Security Focus
* Release Note: phpGroupWare is a multi-user groupware suite originally
developed by Joseph Engo, and freely distributed. A problem in the
software could allow users to remotely execute malicious code.
* Click here for Advisory on phpGroupWare Vulnerability
Date: December 05, 2000
Platform: Varioius Versions / Flavours of Linux
Warning About: phpWebLog Administrator Authentication Bypass
Vulnerability
Report From: Security Focus
* Release Note: phpWebLog is an Open Source web news management system,
authored by Jason Hines. A problem exists which can allow users
administrative access to the management interface.
* Click here for Advisory on phpWebLog Adm Vulnerability
Date: December 05, 2000
Released: December 04, 2000
Platform: Red Hat
Updates To: Diskcheck Utility
Report From: Linux Daily News
* Release Note: Red Hat has issued a security update to the diskcheck
utility, which was part of the 6.x Powertools release. It seems
that diskcheck has a symlink vulnerability.
* Click here for LWN Security Update To Diskcheck Utility
Date: December 03, 2000 * Revised
Released: December 02, 2000
Platform: Debian
Updates To: joe Editor
Report From: Linux Daily News
* Release Note: The Debian Project has issued a revised security
update to joe, evidently the previous version didn't work quite right.
* Click here for LWN Security Update To joe Editor
Top of Page
Miscellaneous
Date: December 28, 2000
Platform: Upland Solutions Program
Warning About: 1st Up Mail Server 4.1
Report From: Security Focus
* Release Note: 1st Up Mail Server is an email server which supports
most common internet protos and email software offered by Upland
Solutions. It is possible to cause a denial of service in 1st Up
Mail Server, the vulnerability exists in the "mail from" field.
* Click here for Advisory on 1st Up Mail Server 4.1
Date: December 28, 2000
Platform: GNU Privacy Guard 1.0.3 / 1.0.3b / 1.0.2 / 1.0.1
Warning About: GnuPG Silent Import of Secret Keys Vulnerability
Report From: Security Focus
* Release Note: GnuPG is the GNU Privacy Guard, a public key program
designed to facilitate secure email between parties. A problem exists
which could allow a breaking of the ring of trust.
* Click here for Advisory on GnuPG Secret Keys Vulnerability
Date: December 21, 2000
Released: December 19, 2000
Platform: Miscellaneous
Warning About: Alt-Daemon 3.5.0 Denial of Service Vulnerability
Report From: Security Focus
* Release Note: Please read the report for the full details.
* Click here for Advisory on Alt-Daemon DoS Vulnerability
Date: December 21, 2000
Released: December 19, 2000
Platform: Miscellaneous
Warning About: Stunnel Weak Encryption Vulnerability
Report From: Security Focus
* Release Note: Please read the report for the full details.
* Click here for Advisory on Stunnel Vulnerability
Date: December 21, 2000
Released: December 18, 2000
Platform: Miscellaneous
Warning About: Sonata Local Arbitrary Command Excution
Vulnerability
Report From: Security Focus
* Release Note: Please read the report for the full details.
* Click here for Advisory on Sonata Vulnerability
Date: December 21, 2000
Released: December 18, 2000
Platform: Miscellaneous
Warning About: Solaris patchadd Race Condition Vulnerability
Report From: Security Focus
* Release Note: Please read the report for the full details.
* Click here for Advisory on patchadd Vulnerability
Date: December 21, 2000
Released: December 18, 2000
Platform: Miscellaneous
Warning About: Stunnel Local Arbitrary Command Execution
Vulnerability
Report From: Security Focus
* Release Note: Please read the report for the full details.
* Click here for Advisory on Stunnel Vulnerability
Date: December 21, 2000
Released: December 17, 2000
Platform: Miscellaneous
Warning About: Nano Local File Overwrite Vulnerability
Report From: Security Focus
* Release Note: Please read the report for the full details.
* Click here for Advisory on Nano Vulnerability
Date: December 17, 2000
Released: December 15, 2000
Platform: Watchguard SOHO Firewall 1.6
Warning About: Watchguard SOHO Firewall Fragmented IP Packet
DoS Vulnerability
Report From: Security Focus
* Release Note: SOHO Firewall is an appliance firewall by Watchguard
Technologies Inc. designed for Small Office/Home Office users.
Sending a large number of fragmented IP packets to SOHO Firewall will
cause the service to drop network connections and cease packetforwing.
Watchguard has addressed this vulnerability with the release of
version 2.x.
* Click here for Advisory on SOHO Firewall Vulnerability
Date: December 15, 2000
Released: December 14, 2000
Platform: Palm OS 3.5.2 / 3.3
Warning About: SafeWord e.Id Trivial PIN Brute-Force Vulnerability
Report From: Security Focus
* Release Note: Safeword e.Id is a one-time password based
authentication system. In this sort of authentication system, the
security of the shared secret (the user's PIN) is critical. If an
attacker can gain access to the PDB file, it is possible to easily
brute-force the valid PIN number.
* Click here for Advisory on SafeWord e.Id Vulnerability
Date: December 15, 2000
Released: December 14, 2000
Platform: Leif M. Wright's simplestguest.cgi
Warning About: Leif M. Wright simplestguest.cgi Remote Command
Execution Vulnerability
Report From: Security Focus
* Release Note: A vulnerabiliy exists in Leif M. Wright's
simplestguest.cgi, a script designed to coordinate guestbook
submissions from website visitors. An insecurely call to the
open() function leads to a failure to properly filter shell
metacharacters from user supplied input.
* Click here for Advisory on simplestguest.cgi Vulnerability
Date: December 15, 2000
Released: December 14, 2000
Platform: CoffeeCup Direct FTP 1.0 / CoffeeCup Free FTP 1.0
Warning About: CoffeeCup FTP Clients Weak Password Encryption
Vulnerability
Report From: Security Focus
* Release Note: A vulnerability exists in the FTP clients CoffeCupt
Direct and CoffeeCup Free. The clients use the file FTPServers.ini
to store password information for sites to which the client has
been connected. The encryption method designed to obfuscate these
passwords can be easily defeated.
* Click here for Advisory on CoffeeCup Vulnerability
Date: December 14, 2000
Released: December 13, 2000
Platform: KDE kmail 1.102
Warning About: KDE Kmail Weak Password Encryption Vulnerability
Report From: Security Focus
* Release Note: A vulnerability exists in the K Destop Environment's
integrated mail client KMail. The encryption system used by the
program to secure a given user's mail is weak and may be trivially
defeated.
* Click here for Advisory on KDE Kmail Vulnerability
Date: December 14, 2000
Released: December 13, 2000
Platform: Leif M. Wright everythingform.cgi 2.0
Warning About: Leif M. Wright everythingform.cgi Arbitrary
Command Execution Vulnerability
Report From: Security Focus
* Release Note: An input validation vulnerability exists in Leif M.
Wright's everything.cgi, a Perl-based form design tool. The script
fails to properly filter shell commands from user-supplied input
to the 'config' field.
* Click here for Advisory on Leif M. Wright everythingform.cgi
Date: December 14, 2000
Released: December 13, 2000
Platform: Leif M. Wright simplestmail.cgi 1.0
Warning About: Leif M. Wright simplestmail.cgi Remote Command
Execution Vulnerability
Report From: Security Focus
* Release Note: A vulnerabiliy exists in Leif M. Wright's
simplestmail.cgi, a script designed to coordinate email responses
from web forms.
* Click here for Advisory on Leif M. Wright simplestmail.cgi
Date: December 13, 2000
Reported: December 12, 2000
Platform: RedHat Open Source Or Other Systems Running Unpatched
LPRng Software
Warning About: Input Validation Problems in LPRng
Report From: CERT
* Release Note: A popular replacement software package to the BSD
lpd printing service called LPRng contains at least one software
defect, known as a "format string vulnerability", which may allow
remote users to execute arbitrary code on vulnerable systems.
* Click here for CERT CA-2000-22
Date: December 12, 2000
Released: November 29, 2000
Platform: Java Development Kit (JDKTM) 1.1.x and
Java 2 Standard Edition SDKTM v 1.2.x releases
Warning About: Potential Security Issue in Class Loading
Report From: Sun
* Release Note: Through its own research and rigorous testing, Sun
has discovered a potential security issue in the JavaTM Runtime
Environment that affects both Java Development Kit (JDKTM)
1.1.x and Java 2 Standard Edition SDKTM v 1.2.x releases. The
issue poses a possible security risk by allowing an untrusted
class to call into a disallowed class under certain circumstances.
Read the report for update releases that are available as a remedy
for this issue.
* Click here for Advisory on Potential Security Issue
Date: December 10, 2000
Released: December 08, 2000
Platform: Firmware versions 2.2.1 and below
Warning About: Watchguard SOHO 2.2 Denial of Service Vulnerability
Report From: Security Focus
* Release Note: The SOHO 2.2 is a popular SOHO firewall by Watchguard
Technologies Inc. A vulnerability exists in Watchguard SOHO 2.2
firewalls with firmware versions 2.2.1 and below that could allow
a remote attacker to execute a Denial of Service attack on the
firewall and render it in-operable.
* Click here for Advisory on Watchguard SOHO 2.2 DoS Vulnerability
Date: December 07, 2000
Released: December 06, 2000
Platform: Endymion MailMan WebMail v3.x
Warning About: Endymion MailMan WebMail Remote Arbitrary Command
Execution Vulnerability
Report From: Security Focus
* Release Note: A vulnerability exists in 3.x versions of Endymion
MailMan Webmail prior to release 3.0.26. The widely-used Perl script
provides a web-email interface. Affected versions make insecure use
of the perl opn() function. As a result, an attacker can execute
arbitrary commands on a vulnerable host.
* Click here for Advisory on Endymion MailMan WebMail
Date: December 07, 2000
Released: December 06, 2000
Platform: Most Versions of Linux / UNIX
Warning About: APC apcupsd Local Denial of Service Vulnerability
Report From: Security Focus
* Release Note: A denial-of-service vulnerability exists in certain
versions of APC's UPS daemon, apcupsd. apcupsd is the Unix daemon
driving various popular models of uninterruptible power supply
manufactured by American Power Conversion.
* Click here for Advisory on APC apcupsd Vulnerability
Date: December 07, 2000
Released: December 06, 2000
Platform: VPNet Technologies VPN Service Units
Warning About: VPNet VSU Source Routed Session Vulnerability
Report From: Security Focus
* Release Note: VPNos is the firmware developed by VPNet technologies
for use on their VPN Service Units (VSUs). A problem exists in the
firmware that could allow a remote user unauthorized access.
* Click here for Advisory on VPNet VSU Vulnerability
Date: December 03, 2000
Released: December 01, 2000
Platform: Great Circle Associates Majordomo 1.94.5 / 1.94.4
Warning About: Majordomo Config-file admin_password Configuration
Vulnerability
Report From: Security Focus
* Release Note: Majordomo is a popular open-source e-mail list server
written in Perl. There exists a common configuration error in
Majordomo's authentication system that may allow for remote attackers
to execute administrative commands.
* Click here for Advisory on Majordomo Config Vulnerability
Date: December 03, 2000
Released: December 01, 2000
Platform: Multiple Versions of IBM AIX
Warning About: AIX Buffer Overflow Vulnerabilities
Report From: Security Focus
* Release Note: AIX is a variant of the UNIX Operating System,
distributed by IBM. A problem exists which can allow a local user
elevated priviledges.
* Click here for setsenv Buffer Overflow Vulnerability
* Click here for digest Buffer Overflow Vulnerability
* Click here for enq Buffer Overflow Vulnerability
* Click here for setclock Buffer Overflow Vulnerability
* Click here for pioout Buffer Overflow Vulnerability
* Click here for piobe Buffer Overflow Vulnerability
Top of Page
Back to the Virus Archives page