Virus Warnings from March 2001
______________________________________________________________
[Jump to Amiga] [Jump to Windows] [Jump to Mac]
[Jump to Linux] [Jump to Misc]
______________________________________________________________
Amiga
No virus warnings for March 2001
Top of Page
Windows
Date: March 29, 2001
Platform: PC
Warning About: Anaconda Clipper Directory Traversal Vulnerability
Report From: Security Focus
* Release Note: Clipper is a headline-gathering tool from Anaconda!
Partners which, in certain versions, is vulnerable to directory
traversal attacks.
* Click here for Advisory on Anaconda Vulnerability
Date: March 29, 2001
Platform: MS Windows Media Player 7
Security Bug: Security patch for Microsoft Media Player 7
Report From: MSNBC Bug Of The Day
* Release Note: Grab the patch that eliminates a security vulnerability
in MS Windows Media Player 7 here. Without the patch, a malicious user
may be able to download a Media Player skin (.wmz) file, and then run
Java code to read and browse files on another user's computer.
* Click here for Bug Report on MS Windows Media Player 7
Date: March 29, 2001
Platform: Microsoft Plus! 98 and Microsoft Windows Me
Patch Available: Passwords For Compressed Folders Are Recoverable
Report From: MicroSoft TechNet Security
* Release Note: Impact of vulnerability: Data compression passwords can
be recovered. Recommendation: Customers who password-protect their
compressed folders should apply the patch and delete c:\windows\dynazip.log.
* Click here for MS Security Bulletin MS01-019
Date: March 29, 2001
Platform: MS Visual Studio 6.0 Enterprise Edition and
MS Visual Basic 6.0 Enterprise Edition
Patch Available: Visual Studio VB T-SQL Object Contains Unchecked Buffer
Report From: MicroSoft TechNet Security
* Release Note: Impact of vulnerability: Run code of attackers choice.
Recommendation: Customers running either Visual Studio 6.0 Enterprise
or Visual Basic 6.0 Enterprise Edition should install this patch.
* Click here for MS Security Bulletin MS01-018
Date: March 29, 2001
Platform: Windows PE and Linux ELF
Warning About: Lindose Cross-platform Virus / W32/Lindose.2132
Aliases: Winux, Peelf, ELF/Winux (CAI), Linux.Peelf.2132 (NAV)
Linux/Lindose, W32.Peelf.2132 (NAV), W32/Winux (CAI)
Win32.PEELF.2132 (AVX)
Report From: F-Secure, NAI and Symantec
* Release Note: Lindose is a cross-platform virus that is able to infect
both Windows PE and Linux ELF executables. This is proof of concept
virus and has not been found from the field.
* Click here for F-Secure Report on Lindose Cross-platform Virus
* Click here for NAI Report on W32/Lindose.2132
* Click here for Symantec Report on W32.PEElf.2132
Date: March 27, 2001
Platform: PC
Security Bug: JavaScript Trips Up Navigator
Report From: MSNBC Bug Of The Day
* Release Note: BugNet discovered that Netscape 6 is having problems with
standard JavaScript radio buttons. There are no workarounds for this
bug at the present time. The best defense is vigilance.
* Click here for Bug Report on JavaScript Trips Up Navigator
Date: March 25, 2001
Platform: Redi RediPlus 1.0 with MS Windows ME, 98/95, NT 4.0 Win 2000
Warning About: Redi Locally Readable Username/Password Vulnerability
Report From: Security Focus
* Release Note: Redi.exe is part of a suite of realtime stock trading
tools used by professional traders. Sensitive user information,
including usernames and passwords, are stored on the client's system
in cleartext in a log file used for troubleshooting. This file has a
known default location, and is readable by a local attacker.
* Click here for Advisory on Redi Username/Password Vulnerability
Date: March 25, 2001
Platform: PC
Warning About: Angel Worm
Aliases: I-Worm.SSIWG2, VBS/Angel@mm, VBS.Rewind@mm
Variant: VBS/Angel.A@mm
Report From: F-Secure
* Release Note: VBS/Angel.A@mm is e-mail worm (mass mailer) which
propagates using Outlook application.
* Click here for Report on Angel Worm
Date: March 25, 2001
Platform: PC
Warning About: Opera DOS-based Virus
Report From: F-Secure
* Release Note: F-Secure Anti-Virus had a relatively common false alarm
with this virus in March 2001. This false alarm caused FSAV to report
the Opera virus in several different VxD files. If you find Opera in
a file with vxd extension, simply download the latest updates for your
F-Secure Anti-Virus to fix this false alarm.
* Click here for Report on Opera Virus
Date: March 25, 2001
Platform: PC
Updates About: Invalid Certificates
Report From: Network Associates
* Release Note: The EXTRA.DAT provided here will detect these fradulent
digital certificates. Action of detected items is left to the
discretion of the user.
* Click here for Report on Invalid Certificates
Date: March 25, 2001
Platform: PC
Warning About: VBS/Anjulie@MM Worm
Aliases: VBS.Rewind.A@mm (NAV)
Report From: Network Associates
* Release Note: This VBScript worm attempts to mail itself to all
recipients in the MS Outlook address book and drops a CIH file
infector virus.
* Click here for Report on VBS/Anjulie@MM Worm
Date: March 23, 2001
Platform: MS Windows NT 4.0 and MS Windows 2000
Warning About: Gordano NTMail 6.0.3c Web Services DoS Vulnerability
Report From: Security Focus
* Release Note: NTMail is an email server by Gordano. If an unusually
long URL is requested to the web services in NTMail, the server could
stop responding. A restart of the server is required in order to gain
normal functionality.
* Click here for Advisory on Gordano NTMail Vulnerability
Date: March 23, 2001
Platform: MS Windows 95/98, Windows Me, NT 4.0, MS Windows 2000
MS Bulletin: Erroneous VeriSign-Issued Digital Certificates
Pose Spoofing Hazard
Report From: MicroSoft TechNet Security
* Release Note: Impact of vulnerability: Attacker could digitally sign
code using the name Microsoft Corporation. Recommendation: All
customers should follow the administrative procedures detailed in the
FAQ. A software update will be issued shortly to provide permanent
remediation.
* Click here for MS Security Bulletin MS01-017
Date: March 23, 2001
Platform: MS IE 5.01/5.5, MS Windows Scripting Host 5.1/5.5
Warning About: Microsoft IE can Divulge Location of Cached Content
Report From: CIAC Bulletins
* Release Note: Because IE can divulge the physical location of cached
content, an attacker could potentially plant and execute code of her
choice.
* Click here for Bulletin Number L-061
Date: March 23, 2001
Platform: MS Windows 95/98, MS Windows Me, MS Windows NT. 4.0
Microsoft Windows 2000
Warning About: Erroneous Verisign-Issued Digital Certificates for
Microsoft
Report From: CIAC Bulletins
* Release Note: Verisign erroneously issued two VeriSign Class 3 code-
signing digital certificates to an individual fraudulently claiming to
be a Microsoft employee. Both certificates use the name, "Microsoft
Corporation".
* Click here for Bulletin Number L-062
Date: March 22, 2001
Platform: PC
Warning About: W97M.Marker.EN Virus
Report From: Norton / Symantec Security Updates
* Release Note: This virus is a variant of W97M.Marker. It always infects
the Normal.dot template. It can also infect the active document. The
virus has a date-triggered payload.
* Click here for Report on W97M.Marker.EN Virus
Date: March 22, 2001
Platform: PC
Warning About: VBS.Linda.A@mm Worm
Aliases: VBS/Linda-A, VBS/LoveLetter.CH, VBS.Vbswg2.gen
Report From: Norton / Symantec Security Updates
* Release Note: SARC has been alerted to a new worm, VBS.Linda.A@mm. It
is a variant of VBS.Loveletter. NAV currently detects this worm as
VBS.Vbswg2.gen. SARC will be adding specific detection for this worm
shortly. SARC has received no wild submissions of this worm.
* Click here for Report on VBS.Linda.A@mm Worm
Date: March 22, 2001
Platform: PC
Warning About: W97M.Goober.E Virus
Report From: Norton / Symantec Security Updates
* Release Note: W97M.Goober.E is a stealth macro virus that infects the
active document and the Normal.dot template. Certain words in the
active document may be replaced.
* Click here for Report on W97M.Goober.E Virus
Date: March 22, 2001
Platform: PC
Warning About: VBSWG.V@mm
Report From: F-Secure
* Release Note: This variant spreads in messages. When the attached file
is executed, the worm will mail itself to the each recipient in every
address book. This variant also replicates using mIRC and Pirch IRC
clients.
* Click here for Report on VBSWG.V@mm
Date: March 22, 2001
Platform: PC
Warning About: Staple Worm
Variant: Staple.A
Report From: F-Secure
* Release Note: VBS/Staple is a mass mailing worm written in Visual Basic
Script. This worm arrives in a email messages with an Attachment:
injustice.TXT.vbs. When executed, the worm copies itself to the Windows
System directory as "injustice.TXT.vbs".
* Click here for Report on Staple Worm
Date: March 22, 2001
Platform: PC
Warning About: Three_Tunes Virus
Aliases: 1784, 3Tunes
Report From: F-Secure
* Release Note: This virus is probably made in South America. Three_Tunes
allocates approximately two kilobytes of memory and infects practically
all executed COM and EXE files. Three_Tunes activates during June, when
it randomly plays one of three simple tunes through the speaker.
* Click here for Report on Three_Tunes Virus
Date: March 19, 2001
Platform: PC
Warning About: W32/Scrambler.g@MM Virus
Aliases: I-Worm.Xanax, Win32.HLLP.Xanax, Xanax.exe
Report From: Network Associates
* Release Note: This is a prepending virus for Windows. This virus will
also attempt to distribute itself via Outlook, and also through mIRC.
* Click here for Report on W32/Scrambler.g@MM Virus
Date: March 19, 2001
Platform: PC
Warning About: VBS/VBSWG.gen@MM Virus
Aliases: VBS.Vbswg2.gen (NAV)
Report From: Network Associates
* Release Note: This is a generic detection for VBScript viruses created
with the VBSWG (Vbs Worms Generator) toolkit. Scripts created with this
toolkit are capable of several different operations.
* Click here for Report on VBS/VBSWG.gen@MM Virus
Date: March 19, 2001
Platform: MS Internet Information Services 5.0
Patch Available: Malformed WebDAV Request Can Cause IIS to Exhaust
CPU Resources
Report From: MicroSoft TechNet Security
* Release Note: If an attacker exploited this vulnerability against an
affected server, she could temporarily prevent it from providing web
services.
* Click here for MS Security Bulletin MS01-016
Date: March 19, 2001
Platform: Win32 Systems
Warning About: MTX Worm
Aliases: IWorm_MTX, I-Worm.MTX, Matrix, Apol, W32/Apology
Report From: F-Secure
* Release Note: The MTX worm has three components - worm, virus and
backdoor. The virus component infects Win32 executable files, attempts
to send e-mail messages with infected attachments and installs the
backdoor component to download and spawn "plugins" on an affected
system.
* Click here for Report on MTX Worm
Date: March 19, 2001
Platform: MS Internet Information Services 5.0
Warning About: Microsoft IIS WebDAV Denial of service Vulnerability
Report From: CIAC Bulletins
* Release Note: Certain malformed WebDAV Request packets can temporarily
cause IIS to Exhaust CPU Resources. Temporary denial of service. Does
not permanently damage, nor require reboot or reset once attack is
complete.
* Click here for Bulletin Number L-059
Date: March 19, 2001
Platform: Windows NT/2000, Windows 95/98
Warning About: Magistr Virus
Report From: Kaspersky Lab, F-Secure, Network Associates and Symantec
* Release Note: "Magistr" carries a very dangerous destructive payload.
One month after the day of the first infection, the virus destroys all
files on local and network drives on computers running Windows NT/2000
by replacing their original contents with the string "YOUARESHIT".
* Click here for KLabs Virus Alert on Magistr
* Click here for F-Secure Report on Magistr
* Click here for NAI Report on W32/Magistr@MM
* Click here for Symantec Report on W32.Magistr.24876@mm
Date: March 19, 2001
Platform: PC
Warning About: Several Level 1 Warnings
Report From: Norton / Symantec Security Updates
* Release Note:
W97M.Marker.GI Payload Trigger: Upon first infection and also on the
first day of the week.
W97M.StasOne: This is a Microsoft Word metamorphic macro virus that
spreads by infecting Microsoft Word documents and the global template,
Normal.dot.
Backdoor.Subseven.22.a: is version 2.2 of the SubSeven backdoor Trojan.
Behaves similar to Netbus or BackOrifice.
W97M.Cross.Epik: Infects the Normal.dot template when an infected
document is opened.
Trojan.RASDialer: A malicious Trojan horse that attempts to connect to
a BBS service. This could result in excessive charges on your phone
bill.
W97M.Aleja.M: Macro virus that checks a Microsoft Word setting to
determine whether or not to infect files.
VBS.MXBot@mm: Worm that emails itself to all addresses in the Microsoft
Outlook address book.
* Click here for Report on W97M.Marker.GI
* Click here for Report on W97M.StasOne
* Click here for Report on Backdoor.Subseven.22.a
* Click here for Report on W97M.Cross.Epik
* Click here for Report on Trojan.RASDialer
* Click here for Report on W97M.Aleja.M
* Click here for Report on VBS.MXBot@mm
Date: March 08, 2001
Platform: Windows 95, 98, NT, ME, and 2000 with Outlook installed
Warning About: Naked Wife (W32.Naked@mm) Trojan
Aliases: I-Worm.Naked, W32/naked@MM, Naked Wife,
W32.HLLW.JibJab@MM TROJ_NakedWife
Report From: CIAC Advisory Bulletins, Kaspersky Lab, Ariz State U,
F-Secure, Network Associates, FBI National Infrastructure
Protection Center (NIPC) and Symantec
* Release Note: A new Trojan program is spreading rapidly around the
Internet. The program travels as an executable attachment to an e-mail
message purporting to be a flash movie of a naked wife. The Trojan
destroys multiple files in the Windows and Windows\System folders. If
the Trojan is allowed to run to completion, Windows will no longer be
able to run and must be reinstalled along with most of your apps.
* Click here for CIAC Bulletin Number L-056
* Click here for Kaspersky Lab Report on "Naked"
* Click here for ASU Report on W32/Naked@MM
* Click here for F-Secure Report on NakedWife
* Click here for NAI Report on W32/Naked@MM
* Click here for NIPC Report on "Naked Wife" Virus/Worm
* Click here for Symantec Report on W32.Naked@mm
Date: March 08, 2001
Platform: Rasmus J.P. Allenheim SunFTP 1.0 Build 9
Warning About: SunFTP Unauthorized File Access Vulnerability
Report From: Security Focus
* Release Note: SunFTP is a freeware ftp server written by Rasmus J.P.
Allenheim and associates for the Windows platform. SunFTP contains a
vulnerability that may allow ftp users to compromise the server. Users
may be able to upload or retrieve files from outside the protected
ftp-root directory.
* Click here for Advisory on SunFTP Vulnerability
Date: March 08, 2001
Platform: PC
Warning About: W97M.Turn.A Virus
Report From: Norton / Symantec Security Updates
* Release Note: W97M.Turn.A is a macro virus that infects the Normal.dot
template upon opening an infected document. It then infects documents
when they are closed. This virus also disables the Visual Basic Editor.
Read the complete report for Removal Instructions.
* Click here for Report on W97M.Turn.A Virus
Date: March 08, 2001
Platform: PC
Warning About: W97M.Coco.A Virus
Report From: Norton / Symantec Security Updates
* Release Note: W97M.Coco.A is a stealth Word macro virus that infects
the active document and the Normal.dot template. W97M.Coco.A stealths
by switching off the VirusProtection option. Read the complete report
for Removal Instructions.
* Click here for Report on W97M.Coco.A Virus
Date: March 08, 2001
Platform: PC
Warning About: VBS.Sppst Virus
Aliases:
Report From: Norton / Symantec Security Updates
* Release Note: VBS.Sppst is a virus written in the Visual Basic
scripting language. The virus attempts to propagate by infecting
files that have the .vbs extension and that are in the same folder
as the virus. However, because this is the only way that this virus
can propagate, it is highly unlikely that it will spread.
* Click here for Report on VBS.Sppst Virus
Date: March 08, 2001
Platform: PC
Warning About: VBS/Vierika@MM Virus
Aliases: I-Worm.Vierika.A (AVX, AVP), VBS.Vierika@mm (NAV),
VBS/Vierika-a (Sophos), Vierika (F-Secure)
Report From: Network Associates
* Release Note: This threat has been annihilated due to efforts of the AV
community in connection with the hosting site of this threat. This is a
VBScript threat which arrives via email. Read the complete report for
Method Of Infection and Removal Instructions
* Click here for Report on VBS/Vierika@MM Virus
Date: March 08, 2001
Platform: Microsoft Windows
Warning About: BackDoor-CA.dr Trojan
Aliases: Backdoor.MiniCommander.dr (AVP), JS/Cheese (VirusScan),
VBS/Godwill_based.Trojan (Norman)
Report From: Network Associates
* Release Note: Creation of an .HTA file after allowing execution of an
ActiveX component when viewing an HTML page, email or newsgroup
posting. The next time Windows is started, the .HTA file will execute
and create the server component, identified as BackDoor-CA.svr. Read
the complete report for Method Of Infection and Removal Instructions
* Click here for Report on BackDoor-CA.dr Trojan
Date: March 08, 2001
Platform: PC
Warning About: Vierika Worm
Aliases: VBS/Vierika.A@MM
Variant: Vierika.A, Vierika.B
Report From: F-Secure and Symantec Security Updates
* Release Note: VBS/Vierika is a mass mailer (worm) written in Visual
Basic Script. This worm consists of two different script parts, one
that arrives in an Outlook message as an attachment and another that
is available on a web site.
* Click here for F-Secure Report on Vierika Worm
* Click here for Symantec Report on VBS.Vierika@mm Worm
Date: March 08, 2001
Platform: Microsoft Windows
Warning About: Padania Virus
Aliases: Win95.Padania, Win95_Padania
Report From: F-Secure
* Release Note: Padania is a harmless memory resident Win95 virus. It
stays resident in the Windows memory, hooks system IFS API calls,
intercepts EXE file opening and then writes itself to the end of the
file and modifies file's header to get control when infected programs
are executed. A short virus entry code is also written into file's
PE header.
* Click here for Report on Padania Virus
Date: March 08, 2001
Platform: Microsoft Internet Explorer 5.01 and 5.5
Windows Scripting Host 5.1 and 5.5
Patch Available: IE can Divulge Location of Cached Content
Report From: MicroSoft TechNet Security
* Release Note: A vulnerability exists because it is possible for a web
page or HTML e-mail to learn the physical location of cached content.
Armed with this information, an attacker could cause the cached content
to be opened in the Local Computer Zone. This would enable him to
launch compiled HTML help (.CHM) files that contain shortcuts to
executables, thereby enabling him to run the executables.
* Click here for MS Security Bulletin MS01-015
Date: March 03, 2001
Platform: Microsoft IIS 5.0 and Exchange 2000
Warning About: Microsoft IIS and Exchange Malformed URL Denial of Service
Report From: CIAC Bulletins
* Release Note: If a malformed URL were repeatedly sent to an affected
system, a confluence of events could cause a memory allocation error
that would result in the failure of the service.
* Click here for Bulletin Number L-054
Date: March 03, 2001
Platform: Windows
Warning About: Open mail relays used to deliver "Hybris Worm"
Report From: CERT
* Release Note: The CERT/CC has received reports of intruders using open
mail relays to propagate malicious code such as the "Hybris Worm." The
code propagates through email messages and newsgroup postings,
specifically targeting Windows machines.
* Click here for CERT IN-2001-02
Date: March 03, 2001
Platform: PC
Warning About: W97M.Wu.A Virus
Report From: Norton / Symantec Security Updates
* Release Note: W97M.Wu.A is a macro virus that poses as a Virus
Inspector when it infects other documents. This virus infects documents
when a clean document is opened.
* Click here for Report on W97M.Wu.A Virus
Date: March 03, 2001
Platform: PC
Warning About: VBS.Oap@mm Worm
Report From: Norton / Symantec Security Updates
* Release Note: VBS.Oap@mm is a worm that spreads by replying to all
messages in the Microsoft Outlook inbox. The message that the worm
sends is the same message that is in the inbox, but with the worm
attached at the bottom.
* Click here for Report on VBS.Oap@mm Worm
Date: March 03, 2001
Platform: PC
Warning About: W32.Taz@mm Worm
Report From: Norton / Symantec Security Updates
* Release Note: W32.Taz@mm is a worm written in Visual Basic. The worm
can spread using mIRC, Pirch, and Microsoft Outlook. However, to
function, this worm requires the Msbvm60.dll file.
* Click here for Report on W32.Taz@mm Worm
Date: March 03, 2001
Platform: PC
Warning About: VBS.Challenge Worm
Report From: Norton / Symantec Security Updates
* Release Note: VBS.Challenge spreads by using Microsoft Outlook Express.
This worm copies itself into every email message that is sent.
* Click here for Report on VBS.Challenge Worm
Date: March 01, 2001
Platform: PC
Warning About: VBS.JongBoy@mm Worm
Report From: Norton / Symantec Security Updates
* Release Note: VBS.JongBoy@mm is a worm that can spread using the popular
chat program mIRC and through Microsoft Outlook. NOTE: Definitions dated
prior to 27 February detect this worm as Bloodhound.VBS.Worm.
* Click here for Report on VBS.JongBoy@mm Worm
Date: March 01, 2001
Platform: Microsoft Internet Information Server 5.0, MS Exchange 2000
Report About: Malformed URL can cause Service Failure in IIS 5.0
and Exchange 2000
Report From: MicroSoft TechNet Security
* Release Note: IIS 5.0 contains a flaw affecting the way that an URL is
handled if it has a specific construction and its length is within a
very narrow range of values. Exchange 2000 is affected by the same
vulnerability.
* Click here for MS Security Bulletin MS01-014
Date: March 01, 2001
Platform: Microsoft
Warning About: MyBabyPic Worm
Aliases: IWorm_Myba, I-Worm.Myba
Report From: F-Secure
* Release Note: Myba is the Internet worm spreading with emails by
sending infected messages from affected computers.
* Click here for Report on MyBabyPic Worm
Top of Page
Macintosh
No virus warnings for March 2001
Top of Page
Linux
Date: March 29, 2001
Platform: Trustix
Updates To: OpenSSH
Report From: Linux Daily News
* Release Note: Here is a security advisory for Trustix Secure Linux on
its update to OpenSSH-2.5.2p2.
* Click here for LWN Security Update To OpenSSH
Date: March 29, 2001
Platform: Red Hat
Updates To: OpenSSH
Report From: Linux Daily News
* Release Note: Red Hat has issued a security update to OpenSSH which
picks up the latest passive analysis defenses.
* Click here for LWN Security Update To OpenSSH
Date: March 29, 2001
Platform: Windows PE and Linux ELF
Warning About: Lindose Cross-platform Virus / W32/Lindose.2132
Aliases: Winux, Peelf, ELF/Winux (CAI), Linux.Peelf.2132 (NAV)
Linux/Lindose, W32.Peelf.2132 (NAV), W32/Winux (CAI)
Win32.PEELF.2132 (AVX)
Report From: F-Secure, NAI and Symantec
* Release Note: Lindose is a cross-platform virus that is able to infect
both Windows PE and Linux ELF executables. This is proof of concept
virus and has not been found from the field.
* Click here for F-Secure Report on Lindose Cross-platform Virus
* Click here for NAI Report on W32/Lindose.2132
* Click here for Symantec Report on W32.PEElf.2132
Date: March 25, 2001
Platform: BIND versions 8.2.0-8.2.3(beta)
Updates To: Security Alerts and Risks - Lion Worm
Aliases: Unix/Lion, Linux/Lion
Report From: COVERT Labs at PGP Security, F-Secure and NAI
* Release Note: A potentially dangerous worms been discovered in the
wild, propagating itself by exploiting vulnerable versions of BIND
DNS software. SANS estimates that 20% of all DNS servers on the
Internet could be affected. COVERT released an advisory about BIND
being vulnerable on January 29th, 2001. Users who upgraded their
version of BIND at that time are not vulnerable to this worm.
* Click here for COVERT Security Alert - Lion Worm
* Click here for F-Secure Report on Lion Worm
* Click here for NAI Report on Linux/Lion.worm
Date: March 23, 2001
Platform: Linux Mandrake
Updates To: timed and openssh
Report From: Linux Daily News
* Release Note: Linux Mandrake has posted security advisories for their
timed and openssh packages.
* Click here for LWN Security Advisory for timed
* Click here for LWN Security Advisory for openssh
Date: March 23, 2001
Platform: Red Hat
Updates To: Advisory for licq, vim and sudo
Report From: Linux Daily News
* Release Note: Red Hat has posted security advisories for licq and vim.
The licq update affects only RH 7 for x86 and Alpha's while the vim
update affects both RH 7 and Red Hat 6.2. Additionally, RH has posted
a security advisory for sudo which affects the Red Hat Powertools 6.2
distributions.
* Click here for LWN Security Advisory for licq
* Click here for LWN Security Advisory for vim
* Click here for LWN Security Advisory for sudo
Date: March 23, 2001
Platform: SuSE
Updates To: Advisory for in.ftpd, timed, pop
Report From: Linux Daily News
* Release Note: SuSE has posted a security advisory for their nkitb/
nkitserv packages which contain the in.ftpd and timed daemons.
Additionally, SuSE posted an update for their pop package, which
includes imapd, ipop2d and ipop3d, to address several buffer overflow
vulnerabilities.
* Click here for LWN Security Advisory for in.ftpd and timed
* Click here for LWN Security Advisory for pop
Date: March 23, 2001
Platform: Red Hat Linux 7.0 - alpha, i386
Warning About: RedHat Linux Log Code Buffer Overflow/Unguarded
Browser Call
Report From: CIAC Bulletins
* Release Note: Two Security Vulnerabilities: Logging code flaw provides
potential buffer overflow. There exists an unguarded system call to
execute an external browser when receiving an URL.
* Click here for Bulletin Number L-063
Date: March 22, 2001
Platform: OpenSSH
Updates To: OpenSSH 2.5.2p2 released
Report From: Linux Daily News
* Release Note: OpenSSH 2.5.2p2 has been released. It includes a number
of fixes (including improvements in the defenses against the passive
analysis attacks discussed in this week's LWN security page) and quite
a few new features as well.
* Click here for LWN Security Update To OpenSSH 2.5.2p2
Date: March 22, 2001
Platform: Red Hat Linux 5.2, 6.0, and 6.1 are vulnerable. Red Hat
Linux 6.2 and 7.0 have GSSAPI incompatibilities
Warning About: Mutt Format String Vulnerability and Incompatibility
Report From: CIAC Bulletins
* Release Note: Mutt, a program for reading electronic mail, has a "format
string" vulnerability and a GSSAPI incompatibility. The "format string"
vulnerability could allow a compromised or malicious IMAP server to
execute code on the local machine.
* Click here for Bulletin Number L-060
Date: March 19, 2001
Platform: Linux-Mandrake
Updates To: sgml-tools
Report From: Linux Daily News
* Release Note: Linux-Mandrake has also issued an advisory and updated
packages for sgml-tools, fixing the temporary file problems reported
last week.
* Click here for LWN Security Update To sgml-tools
Date: March 19, 2001
Platform: Immunix
Updates To: mutt mailer, slrn and sgmltools
Report From: Linux Daily News
* Release Note: Immunix, a Linux distribution based on Red Hat but
compiled with StackGuard and FormatGuard (which prevent many security
attacks based on buffer overflows and format string vulnerabilities),
has issued their own advisories and package updates for mutt, slrn and
sgml-tools.
* Click here for LWN Security Update To mutt
* Click here for LWN Security Update To slrn
* Click here for LWN Security Update To sgml-tools
Date: March 19, 2001
Platform: Red Hat
Updates To: sgmltools, mutt mailer and slrn
Report From: Linux Daily News
* Release Note: Red Hat has put out a few security advisories:
o There is a /tmp vulnerability in sgmltools which could expose
documents to local users.
o The mutt mailer has a format string vulnerability in its IMAP code
which could cause problems when talking to a hostile IMAP server.
This vulnerability does not exist in Red Hat 7.0.
o There is a buffer overflow in slrn which could be remotely
exploitable.
* Click here for LWN Security Update To sgmltools
* Click here for LWN Security Update To mutt mailer
* Click here for LWN Security Update To slrn
Date: March 08, 2001
Platform: Debian
Updates To: smgl-tools Advisories
Report From: Linux Daily News
* Release Note: Debian posted security advisory too late to make it
into our Weekly edition. The sgml update addresses insecure temporary
file creation issues.
* Click here for LWN Advisory on sgml-tools
Date: March 08, 2001
Platform: Debian
Updates To: nextaw/xaw3d/xaw95 Advisories
Report From: Linux Daily News
* Release Note: Debian posted security advisory too late to make it
into our Weekly edition. The xaw related updates address insecure
temporary file updates in a couple of Athena widgets.
* Click here for LWN Advisory on nextaw/xaw3d/xaw95
Date: March 03, 2001
Platform: Red Hat
Updates To: Advisory for joe Packages
Report From: Linux Daily News
* Release Note: Red Hat has issued an advisory for the joe text editor
packages to address malicious configuration files from being read in
the current working directory.
* Click here for LWN Advisory for joe Packages
Date: March 03, 2001
Platform: Caldera
Updates To: /bin/mail advisory
Report From: Linux Daily News
* Release Note: Caldera has issued a security advisory for a /bin/mail
buffer overflow vulnerability. Local user exploits are possible.
* Click here for LWN Advisory To /bin/mail
Date: March 03, 2001
Platform: Conectiva
Updates To: Zope advisory
Report From: Linux Daily News
* Release Note: Conectiva has issued its advisory for the ZClasses
vulnerability in the Zope package.
* Click here for LWN Advisory To ZClasses vulnerability
Top of Page
Miscellaneous
Date: March 29, 2001
Platform: Windows PE and Linux ELF
Warning About: Lindose Cross-platform Virus / W32/Lindose.2132
Aliases: Winux, Peelf, ELF/Winux (CAI), Linux.Peelf.2132 (NAV)
Linux/Lindose, W32.Peelf.2132 (NAV), W32/Winux (CAI)
Win32.PEELF.2132 (AVX)
Report From: F-Secure, NAI and Symantec
* Release Note: Lindose is a cross-platform virus that is able to infect
both Windows PE and Linux ELF executables. This is proof of concept
virus and has not been found from the field.
* Click here for F-Secure Report on Lindose Cross-platform Virus
* Click here for NAI Report on W32/Lindose.2132
* Click here for Symantec Report on W32.PEElf.2132
Date: March 27, 2001
Platform: IT Security World
Bug Watch: Here Comes The Cyberwoozle
Report From: VNUNet Security Publications
* Release Note: The cyberwoozle poses a far more serious threat with its
ability to secretly siphon company confidential data from the
computer's hard drive. This could include the deliberate stripping of
sales proposals or accounts information, causing a serious confiden-
tiality threat especially in the hands of a competitor.
* Click here for Bug Watch: Here Comes The Cyberwoozle
Date: March 22, 2001
Platform: Misc
Hoax Alert: MobilVirus HOAX
Report From: Symantec Security HOAX Updates
* Release Note: Symantec reports that Mobilvirus is a hoax and is not a
real virus. This hoax is written in Swedish. Please ignore any messages
regarding this hoax and do not pass on messages.
* Click here for Symantec HOAX Report on MobilVirus HOAX
Date: March 22, 2001
Platform: Misc
Warning About: St.Patrick's Day HOAX
Report From: Network Associates
* Release Note: NAI has released a report on an email hoax message, with
a Subject: St. Patrick's Day Irish Virus Alert. Please ignore this
specific e-mail, delete the e-mail message, don't forward to others.
* Click here for NAI HOAX Report on St.Patrick's Day HOAX
Date: March 19, 2001
Platform: Networks that use an Intrusion Detection System (IDS)
Warning About: Intrusion Detection Systems Exploit
Report From: National Infrastructure Protection Center (NIPC)
* Release Note: The NIPC is releasing this notice to provide system
administrators developing information about a potential new network
security vulnerability. The NIPC is still reviewing this information
both for accuracy and to determine the level of threat.
* Click here for Assessment No: 01-004
Date: March 19, 2001
Platform: AOL Client Software
Warning About: Cool Trojan
Aliases: Trojan.Cool, Trojan.AOL.Cool, Mine, Trojan/Mine
Report From: F-Secure
* Release Note: Trojan.AOL.Cool is a trojan that affects AOL client
software and steals information from AOL users. Also according to
reports it can spread itself to other AOL users (we can't confirm
that so far).
* Click here for Report on Cool Trojan
Date: March 19, 2001
Platform: HP9000 Series 700/800 running HP-UX releases 10.01, 10.10,
10.20 and 11.00 only
Warning About: HPUX Sec. Vulnerability asecure
Report From: CIAC Bulletins
* Release Note: Certain files used by the asecure program have unsafe
permissions. HP states that a possible denial of service (DoS)
condition exists.
* Click here for Bulletin Number L-058
Date: March 19, 2001
Platform: Certain MIT-derived implementations of Kerberos 4
Warning About: Kerberos /tmp Root Vulnerability
Report From: CIAC Bulletins
* Release Note: A /tmp race condition can lead to root privileges. A
local user may be able to overwrite arbitrary files as root, with
limited contents. This could potentially result in unauthorized root
access.
* Click here for Bulletin Number L-057
Date: March 19, 2001
Platform: Sun Solaris 2.6, 7 and 8
Warning About: Solaris snmpXdmid Buffer Overflow Vulnerability
Report From: Security Focus
* Release Note: Versions 2.6, 7, and 8 of Sun Microsystem's Solaris OE
ship with service called 'snmpXdmid'. This daemon is used to map SNMP
management requests to DMI requests and vice versa. SnmpXdmid contains
a remotely exploitable buffer overflow vulnerability.
* Click here for Advisory on Solaris snmpXdmid Vulnerability
Date: March 19, 2001
Platform: Jelsoft vBulletin versions prior to 2.0 beta 3 and 1.1.6.
Warning About: Jelsoft vBulletin PHP Command Execution Vulnerability
Report From: Security Focus
* Release Note: Jelsoft vBulletin is an online discussion forum package
written in PHP. The vunerability could allow an attacker to gain a
local interactive shell with privileges of the web server.
* Click here for Advisory on Jelsoft vBulletin Vulnerability
Date: March 19, 2001
Platform: HP HP-UX 11.0 / Elm Development Group Elm 2.5alpha3
Warning About: Elm Subject Line Buffer Overflow Vulnerability
Report From: Security Focus
* Release Note: Elm is a popular Mail User Agent distributed with various
versions of the UNIX Operating System. This vulnerability affects the
version distributed by Hewlett Packard, as well as other operating
systems using Elm 2.5alpha3 with setuid or setgid flags.
* Click here for Advisory on Elm Buffer Overflow Vulnerability
Date: March 08, 2001
Platform: Palm Palm OS 3.5.2 and OS 3.3
Warning About: Palm Debugger Password Bypass Vulnerability
Report From: Security Focus
* Release Note: The Palm OS provides password protection, allowing the
device's owner to restrict access to sensitive data on the unit. An
inbuilt Palm OS debugging mode, accessible from the Graffiti stylus
interface, allows any user with physical access to the PDA to bypass
the unit's password protection.
* Click here for Advisory on Palm Password Vulnerability
Date: March 08, 2001
Platform: pcAnywhere v 9.x and 10.x
Warning About: pcAnywhere Denial of Service, abnormal server connection
Report From: CIAC Info Bulletins
* Release Note: A software error exists in the Symantec pcAnywhere remote
control solution. An abnormal number of random characters sent to the
port, immediately upon connection, causes communications to fail.
* Click here for CIAC Bulletin Number L-055
Date: March 03, 2001
Platform: Cisco IOS software running on Cisco routers and switches
Warning About: Cisco IOS Software TCP Initial Sequence Number Improvements
Report From: CIAC Bulletins
* Release Note: Cisco IOS software contains a flaw that permits the
successful prediction of TCP Initial Sequence Numbers.
* Click here for Bulletin Number L-053
Date: March 01, 2001
Platform: Cisco IOS software
Warning About: Cisco IOS Software SNMP Read-Write ILMI Community String
Report From: CIAC Bulletins
* Release Note: Cisco IOS software allows SNMP objects to be modified
without authorization by using an undocumented community string.
* Click here for Bulletin Number L-052
Top of Page
Back to the Virus Archives page