Virus Warnings from April 2001
______________________________________________________________
[Jump to Amiga] [Jump to Windows] [Jump to Mac]
[Jump to Linux] [Jump to Misc]
______________________________________________________________
Amiga
Date: April 25, 2001
Platform: Amiga
Update About: Installer Of Linkvirus BOBEK Found
Report From: Virus Help Team Denmark (VHT-DK)
* Release Note: Virus Help Denmark reports the archive (OozeAGA.lha) was
on Aminet for a very short time, but it has been removed now.
* Click here for VHT-DK Virus Warning vht-dk99
* VirusExecutor v2.15 finds and removes BOBEK link-virus
* Subscribe online to the VHT-DK Virus Warnings Announcement list.
Date: April 24, 2001
Platform: Amiga
Warning About: "BOBEK" Link-virus Found
Report From: Virus Help Team Denmark (VHT-DK)
* Release Note: a new link-virus has been found, the installer
is still unknown, we are looking for it. This new virus will add 460
bytes to every file that is opened or executet. That also means that
even an antivirus program (that the virus is unknown to), will infect
every file it checks for virus. The new virus patches dos.library ExNext
function to spread it self. The new virus has been given the name
"BOBEK", this is the text you can read in the end of every infected tile.
At this time there is no cure to this virus, but we hope to have an
update of VirusExecutor ready later today, to fix this virus.
Since the time of the vht-dk alert, VE had been updated to v2.14.
* Click here for VHT-DK Virus Warning vht-dk98
* VirusExecutor v2.14 updated for BOBEK link-virus
* Subscribe online to the VHT-DK Virus Warnings Announcement list.
Date: April 14, 2001
Platform: Amiga
Warning About: HitchHiker Infected Archive Found
Report From: Virus Help Denmark (VHT-DK)
* Release Note: Another infected archive has been found. The archive
is infected with "Hitch-Hiker 4.11". All the big antivirus programs
can find HitchHiker 4.11 linkvirus, so there is no problem there.
* Click here for VHT-DK Virus Warning vht-dk97
Date: April 10, 2001
Platform: Amiga
Warning About: New Linkvirus Found
Report From: Virus Help Team Denmark (VHT-DK)
* Release Note: A new link virus has been found. The virus is polymorphic
and hacks VirusCheckerII in memory to make it infect all files you
check. The virus is very well coded as for the things we see these
days. Be sure to get Safe v15.1 SE which can find this virus.
* Click here for VHT-DK Virus Warning vht-dk96
* Click here for Latest Safe v15.1 SE
Date: April 10, 2001 * Updated to Include Safe v14.10
Platform: Amiga
Warning About: TCP Trojans Inside Aminet Files
Report From: Virus Help Team Denmark (VHT-DK)
* Release Note: Four archives with TCP trojan's has been found on Aminet
today. The four archives reported at vht-dk are:
o fblit.lha - v 3.84 - 142.086 bytes
o Safe.lha - v14.10 - 20.737 bytes
o stackattack.lha - v 1.2b - 69.229 bytes
o BlazeWCP.lha - v 1.8 - 32.862 bytes
If you have installed one or more of these archives, then delete the
files you have installed. All of these archives has a new TCP trojan
inside, and the trojan will send an e-mail to Haage & Partner, with a
stupid text. Virus Help Denmark hopes to have a cure for these trojan
later tody, so please check back here or at VHT-Denmark Amiga News.
Virus Help Denmark have been able to get some clean versions of the fake
archives, so if if you have installed one or more of the fake archives
you can download the clean archives by following the links on their
Amiga News page above. Aminet says that as a protest against this abuse
of Aminet, they will shut down their services on "us.aminet.net" and
"de.aminet.net" until Friday.
* Click here for VHT-DK Virus Warning vht-dk95
Date: April 09, 2001
Platform: Amiga
Warning About: BlazeWCP.lha, FBlit.lha, and StackAttack.lha
and possibly others
Report From: Amiga.org and Subscriber to VirusChecker2 Mail List
* Release Note: If you downloaded said files, please do not install
them. Virus Help Denmark should have a fix shortly.
* Click here for Amiga.org Post on Aminet Virus warning
Top of Page
Windows
Date: April 30, 2001
Platform: Windows / Win32
Warning About: Magistr Worm
Aliases: IWorm_Magistr, I-Worm.Magistr, W32/Magistr@mm
Report From: F-Secure
* Release Note: Magistr is a very dangerous memory resident Win32 worm
combined with virus infection routines. It was found in-the-wild in
the middle of March 2001. Magistr virus spreads via Internet with
infected emails, infects Windows executable files on an affected
machine (local machine) and is able to spread itself over a local
network (LAN). The virus has an extremely dangerous payload.
* Click here for Report on Magistr Worm
Date: April 29, 2001
Platform: Windows NT and Windows NT Server. Possibly also on
Windows 95,98,ME, and Windows 2000
Warning About: The Glacier Backdoor
Report From: CIAC Bulletins
* Release Note: The Glacier backdoor program allows an intruder to remote
control a Windows computer. The intruder can see the desktop, click on
files, and type on the keyboard of the remote computer.
* Click here for Bulletin Number L-077
Date: April 26, 2001
Platform: Microsoft WebDAV
Security Bug: Security Flaw in MS Internet Information Services 5
Report From: MSNBC Bug Of The Day
* Release Note: Because of the flaw, IIS is vulnerable to a denial of
service attack that would temporarily cause CPU time to go to 100
percent for the duration of the attack.
* Click here for Bug Report on MS IIS 5
Date: April 26, 2001
Platform: MSN Messenger Service
Warning About: W32.FunnyFiles.Worm Worm
Aliases: W32/Hello
Report From: Norton / Symantec Security Updates
* Release Note: W32.FunnyFiles.Worm is a worm that spreads using the MSN
Messenger Service program. This is the first known worm to use MSN
Messenger Service to propagate. The worm itself does nothing more than
spread, and if it is executed on a system without the MSN MSN Messenger
Service installed in the default folder, the worm will crash.
* Click here for Report on W32.FunnyFiles.Worm Worm
Date: April 26, 2001
Platform: MS Windows
Warning About: X97M.Squared.B.Gen Virus
Variant: X97M/Laroux
Report From: Norton / Symantec Security Updates
* Release Note: X97M.Squared.B.Gen infects active workbooks and inserts an
infected workbook in the \XLStart folder.
* Click here for Report on X97M.Squared.B.Gen
Date: April 26, 2001
Platform: PC
Warning About: Zag.1106 Virus
Report From: Norton / Symantec Security Updates
* Release Note: Zag.1106 is a DOS .exe virus. Damaged done by the virus
is not repairable. It writes its viral code onto all files that are in
the same folder as the virus, as well as in the root directory.
* Click here for Report on Zag.1106 Virus
Date: April 25, 2001
Platform: PC
Warning About: Internet-worm "Stator"
Report From: Kaspersky Lab, Network Associates and Symantec
* Release Note: This worm utilizes the popular e-mail client "The Bat!"
in order to spread. The worms copy contains the name "photo1.jpg.pif".
The worm also installs itself to the system and infects a few files in
the system, and sends passwords and other confidential information out
of the computer. To hide its activity the worm displays a JPEG image
of a girl.
* Click here for KLabs Virus Alert on Stator
* Click here for NAI Report on W32/Stator.worm
* Click here for Symantec Report on W32.Stator@mm
Date: April 25, 2001
Platform: MS Windows 95, 98, and Me
Warning About: VBS.Zeichen.A Trojan horse
Report From: Norton / Symantec Security Updates
* Release Note: VBS.Zeichen.A is a Trojan horse written in Visual Basic
Script (VBS). It pretends to be a script that obtains URLs to the
sites with porno-related contents.
* Click here for Report on VBS.Zeichen.A
Date: April 25, 2001
Platform: MS Internet Information Services 5
Security Bug: Security flaw in MS Internet Information Services 5
Report From: MSNBC Bug Of The Day
* Release Note: Because of the flaw, IIS is vulnerable to a denial of
service attack that would temporarily cause CPU time to go to 100
percent for the duration of the attack. Microsoft is working on a fix.
* Click here for Bug Report on Security flaw
Date: April 25, 2001
Platform: Yahoo or MSN's instant messaging services
Security Bug: Instant Messaging Vulnerability
Report From: MSNBC Bug Of The Day
* Release Note: An innocent chat with a co-worker using your favorite
instant messaging software could expose you to eavesdroppers or make
it possible for someone to send you malicious code. Fortunately,
plug-in antivirus help is now available for users of Yahoo or MSN's
instant messaging services.
* Click here for Report on How To Secure Instant Messaging
Date: April 25, 2001
Platform: PC
Warning About: "Carko" Distributed Denial-of-Service Tool
Report From: CERT
* Release Note: The CERT/CC has received reports that a distributed
denial-of-service (DDoS) tool named Carko is being installed on
compromised hosts. Compromised hosts are at high risk for being
used to attack other Internet sites, having system binaries and
configuration files altered, and exposing sensitive information
to external parties.
* Click here for CERT IN-2001-04
Date: April 25, 2001
Platform: Microsoft ISA Server 2000
Warning About: Microsoft ISA Web Proxy Service Denial of Service
Report From: CIAC Bulletins
* Release Note: The ISA server web proxy service does not correctly
handle web requests that contain a particular type of malformed
argument. Processing such a request would cause the web proxy service
to fail, blocking all incoming and outgoing requests until the service
is restarted.
* Click here for Bulletin Number L-073
Date: April 25, 2001
Platform: Microsoft Data Access Component Internet Publishing
Provider. WebDAV
Warning About: Microsoft WebDAV Runs Scripts As User
Report From: CIAC Bulletins
* Release Note: The Microsoft WebDAV service does not differentiate
between requests made by a user and those made by a script. A user
browsing a web page containing a WebDAV script would unknowingly run
that script with the user's privilages and possibly compromise the
user's security.
* Click here for Bulletin Number L-074
Date: April 20, 2001
Platform: MS Windows
Security Bug: Windows Class IDs Create Vulnerability
Report From: MSNBC Bug Of The Day
* Release Note: Security analyst Georgi Guninski has recently shown,
malicious users can play a devastating trick on Windows systems using
a CLSID extension, and thereby disguise a potentially dangerous COM
object as a lowly .TXT file.
* Click here for Bug Report on Windows Class IDs
Date: April 19, 2001
Platform: Any Microsoft Operating System
Patch Available: WebDAV Service Provider Can Allow Scripts
to Levy Requests as User
Report From: MicroSoft TechNet Security
* Release Note: Web-based script could levy WebDAV requests on the users
behalf. Recommendation: Customers should consult the FAQ to determine
whether they have an affected version and consider applying the patch
if they do.
* Click here for MS Security Bulletin MS01-022
Date: April 18, 2001
Platform: PC
Warning About: Matcher Worm
Aliases: I-Worm_Matcher, I-Worm.Matcher
Report From: Kaspersky Lab, F-Secure and Symantec
* Release Note: Kaspersky Labs warns computer users about the discovery
"in-the-wild" of the Internet-worm "Matcher" that spreads via e-mail.
W32.Matcher is an executable that arrives via email. When executed,
the worm will email itself to everyone in the Microsoft Outlook
Address book. The worm will continue to send emails while the process
is running in the background.
* Click here for Kap Lab Alert on Matcher Worm
* Click here for F-Secure Report on Matcher
* Click here for Symantec Report on W32.Matcher
Date: April 16, 2001
Platform: Microsoft ISA Server 2000
Patch Available: Invalid Web Request Can Cause Access Violation
in ISA Server Web Proxy Service
Report From: MicroSoft TechNet Security
* Release Note: The ISA Server Web Proxy service does not correctly
handle web requests that contain a particular type of malformed
argument. System administrators who have enabled the ISA Server Web
Publishing feature should apply the patch immediately.
* Click here for MS Security Bulletin MS01-021
Date: April 16, 2001
Platform: MS Windows
Warning About: X97M.Hihihoho Virus
Report From: Norton / Symantec Security Updates
* Release Note: X97M.Hihihoho is a macro virus that infects Microsoft
Excel worksheets. The virus does not attempt to stealth itself in any
way, so when an infected worksheet is opened in Excel 97 or Excel 2000,
the Microsoft macro virus warning dialog box should appear.
* Click here for Report on X97M.Hihihoho Virus
Date: April 16, 2001
Platform: MS Windows
Warning About: W97M.Bobo.F.Gen Virus
Report From: Norton / Symantec Security Updates
* Release Note: W97M.Bobo.F.Gen is a Microsoft Word macro virus that
spreads by infecting the active Microsoft Word document and the global
template, Normal.dot.
* Click here for Report on W97M.Bobo.F.Gen Virus
Date: April 12, 2001
Platform: Windows NT 4 Service Pack 3 and 2000 systems
Reported Bug: McAfee VirusScan 5.1 Lock Ups
Report From: MSNBC Bug Of The Day
* Release Note: According to McAfee, VSMAIN may freeze on a Windows NT 4
Service Pack 3 and 2000 system while running VirusScan 5.1x. Read the
report for fixes.
* Click here for Bug Report on McAfee VirusScan 5.1 Lock Ups
Date: April 12, 2001
Platform: MS Windows
Warning About: QDel157 Trojan
Aliases: Trojan.Taliban (NAV)
Report From: Network Associates
* Release Note: This is a DOS trojan which attempts to delete critical
files in the C:\WINDOWS directory and selected subdirectories.
* Click here for Report on QDel157 Trojan
Date: April 12, 2001
Platform: PC
Warning About: W32/Badtrans@MM Virus
Aliases: Backdoor-NK.svr, BadTrans (F-Secure),
I-Worm.Badtrans (AVP), W32.Badtrans.13312@mm (NAV)
Report From: Network Associates, F-Secure and Symantec
* Release Note: This mass mailing worm attempts to send itself using MS
Outlook by replying to unread email messages. It also drops a remote
access trojan.
* Click here for NAI Report on W32/Badtrans@MM Virus
* Click here for F-Secure Report on BadTrans Worm
* Click here for Symantec Report on W32.Badtrans.13312@mm
Date: April 12, 2001
Platform: MS Windows
Warning About: W97M.Eight941.T Virus
Report From: Norton / Symantec Security Updates
* Release Note: W97M.Eight941.T is a macro virus that infects the active
document and the Microsoft Word template file, Normal.dot.
* Click here for Symantec Report on W97M.Eight941.T
Date: April 12, 2001
Platform: MS Windows
Warning About: VBS.Ptnet.A@mm Worm
Report From: Norton / Symantec Security Updates
* Release Note: The VBS.Ptnet.A worm spreads by sending itself to all
addresses in your MS Outlook Address book. This worm also overwrites
.vbs and .vbe files that are on all local or mapped network drives. It
also spreads through mIRC.
* Click here for Symantec Report on VBS.Ptnet.A@mm
Date: April 12, 2001
Platform: MS Windows. but not Windows NT or 2000
Warning About: W95.Miam.4716 Resident Infector
Report From: Norton / Symantec Security Updates
* Release Note: W95.Miam.4716 is a per-process resident infector of .exe
files. When an infected file is executed, the virus will hook the
CreateFileA() function in the host, and will then infect .exe files in
the current folder.
* Click here for Symantec Report on W95.Miam.4716
Date: April 12, 2001
Platform: MS Windows
Warning About: VBS.GodWill.A@mm Worm
Report From: Norton / Symantec Security Updates
* Release Note: This Worm attempts to spread to all recipients in your MS
Outlook Address Book. This worm configures itself to run every time
that an infected computer starts.
* Click here for Symantec Report on VBS.GodWill.A@mm
Date: April 12, 2001
Platform: PC
Warning About: VBS.Homemade@mm Worm
Aliases: Bloodhound.VBS.Worm
Report From: Norton / Symantec Security Updates
* Release Note: VBS.Homemade@mm is a worm written in the Visual Basic
scripting language. VBS.Homemade@mm sends email to everyone in the MS
Outlook Address Book. After doing so, it adds a registry key so that
the action is not performed more than once.
* Click here for Symantec Report on VBS.Homemade@mm
Date: April 12, 2001
Platform: PC
Warning About: W32.ThreeForOne Trojan Horse
Report From: Norton / Symantec Security Updates
* Release Note: This Trojan horse, which is packed with the "Petite"
packing utility, lauches three instances of itself for each one that
is closed.
* Click here for Symantec Report on W32.ThreeForOne
Date: April 12, 2001
Platform: PC
Warning About: Amanita.1151 Virus
Aliases: Amanita.1135
Report From: Norton / Symantec Security Updates
* Release Note: Amanita.1151 is an encrypted, polymorphic, memory-
resident virus. Files with the .com and .exe extensions are infected
if the virus is in memory. The infection size varies betweeen 1143 and
1151 bytes.
* Click here for Symantec Report on Amanita.1151 Virus
Date: April 12, 2001
Platform: PC
Warning About: Logo.Logic Worm
Report From: Norton / Symantec Security Updates and Kapersky Labs
* Sympatec Release Note: Logo.Logic is a worm that uses SuperLogo to
create text files, which it uses to spread. It drop a .vbs file and
an .ini file to spread by email and mIRC.
* Kapersky Release Note: KLabs firmly states that this Internet-worm
still has not yet been found "in-the-wild," and poses absolutely no
threat to the majority of computer users, simply because, in order to
be activated, "Logic" requires the Logo interpreter to be installed
on the target systems (for example, SuperLogo for Windows). Therefore,
the worm's possible existence is severely limited by the dearth of
computers that have the Logo interpreter installed.
* Click here for Symantec Report on Logo.Logic Worm
* Click here for Kapersky Labs Report on Logic
Date: April 12, 2001
Platform: PC
Warning About: VBS.Zeam.A@mm
Report From: Norton / Symantec Security Updates
* Release Note: VBS.Zeam.A@mm uses Microsoft Outlook to send itself to
all recipients in your Outlook address book.
* Click here for Symantec Report on VBS.Zeam.A@mm
Date: April 12, 2001
Platform: MS Windows
Warning About: Futs Virus
Aliases: Tojan/Futs (Panda, Sophos), Trojan.Futs (AVX)
Report From: Network Associates
* Release Note: Futs is a program with many dangerous possibilities. It's
intended to be an "anti-school" package, capable of trojan activity
like deleting files, sending e-mail bombs, but it can also drop a
virus.
* Click here for Report on Futs Virus
Date: April 09, 2001
Platform: PC
Warning About: Magistr Virus
Report From: Kaspersky Lab
* Release Note: Taking into account that the first reports about
infection with this virus were received in the middle of March,
Kaspersky Labs expects a real avalanche of destructive incidents by
Magistr to happen in the middle-end of April. As a result, Magistr can
cause the loss of important information and infect computer hardware.
* Click here for Virus Alert on Magistr
Date: April 09, 2001
Platform: MS Windows
Warning About: JS.StartPage Trojan Horse
Report From: Norton / Symantec Security Updates
* Release Note: JS.StartPage is a Trojan horse program, which alters the
default home page of Microsoft Internet Exporer. It sometimes arrives
as a file with the .hta extension.
* Click here for Report on JS.StartPage Trojan Horse
Date: April 09, 2001
Platform: PC DOS
Warning About: BW.770.B Virus
Report From: Norton / Symantec Security Updates
* Release Note: BW.770.B is a virus that infects DOS .exe and .com files.
It appears to have been created with the "Biological Warfare" virus
creation kit, then modified manually after being created with the kit.
* Click here for Report on BW.770.B Virus
Date: April 09, 2001
Platform: PC DOS
Warning About: LittleChild.754 Virus
Report From: Norton / Symantec Security Updates
* Release Note: LittleChild.754 is a small, non-memory-resident virus
that infects only .com files when it is run from DOS.
* Click here for Report on LittleChild.754 Virus
Date: April 09, 2001
Platform: PC
Warning About: W32.BrainProtect Trojan Horse
Report From: Norton / Symantec Security Updates
* Release Note: W32.BrainProtect is a simple mIRC script-dropping Trojan
horse.
* Click here for Report on W32.BrainProtect Trojan Horse
Date: April 05, 2001
Platform: Microsoft Windows 98/95 and Windows NT 4.0
Warning About: Rit Research Labs "The Bat!" Concealed Attachment
Vulnerability
Report From: Security Focus
* Release Note: "The Bat!" is an MUA for Windows by Rit Research Labs.
A remote attacker can compose an email message which contains an
attached file having a carefully-composed filename, in which excess
whitespace is used to conceal the filename, and the file's presence,
in the "The Bat!" user's inbox. This could lead a victim user to
execute a potentially malicious attachment without being properly
alerted that the attachment is of an executable type.
* Click here for Advisory on Rit Research Labs "The Bat!"
Date: April 05, 2001
Platform: Microsoft
Warning About: X97M.Barisada.K Virus
Report From: Norton / Symantec Security Updates
* Release Note: This is a simple Excel macro virus that looks for the
file iod.vxd, and then performs certain actions if it is found.
* Click here for Report on X97M.Barisada.K Virus
Date: April 05, 2001
Platform: Microsoft
Warning About: W97M.NSI.G Virus
Report From: Norton / Symantec Security Updates
* Release Note: This is a simple Microsoft Word macro virus that infects
Normal.dot and other open documents when you open an infected document.
* Click here for Report on W97M.NSI.G Virus
Date: April 05, 2001
Platform: PC
Warning About: T&E.927 Virus
Report From: Norton / Symantec Security Updates
* Release Note: T&E.927 is a small memory-resident virus that infects
only .exe files. The size of infected files is increased by 927 bytes.
* Click here for Report on T&E.927 Virus
Date: April 05, 2001
Platform: PC
Warning About: ADT.1765 Virus
Report From: Norton / Symantec Security Updates
* Release Note: ADT.1765 is a memory-resident DOS virus, which infects
.exe and .com files. If the virus is executed on the 19th of any month,
the virus also hooks INT 6 to display certain text at the DOS prompt.
* Click here for Report on ADT.1765 Virus
Date: April 05, 2001
Platform: PC
Warning About: Viroped.460 Virus
Report From: Norton / Symantec Security Updates
* Release Note: Viroped.460 is a small, non-memory-resident virus that
infects .com files when they are run. Infected files are enlarged by
492 bytes. Viroped.460 is not usually seen in the wild.
* Click here for Report on Viroped.460 Virus
Date: April 04, 2001
Platform: Microsoft Internet Explorer 5.5 SP1 or earlier,
except IE 5.01 SP2
Warning About: Automatic Execution of Embedded MIME Types
Report From: CERT
* Release Note: Microsoft Internet Explorer has a vulnerability triggered
when parsing MIME parts in a document that allows a malicious agent to
execute arbitrary code.
* Click here for CERT CA-2001-06
Date: April 04, 2001
Platform: Windows platforms with mail readers that use Internet Explorer
to render html formatted mail messages
Warning About: IE MIME Header Vulnerability
Report From: CIAC Bulletins
* Release Note: Internet Explorer incorrectly handles some unusual MIME
types which could allow binary attachments to be run in mail messages.
* Click here for Bulletin Number L-066
Date: April 04, 2001
Platform: PC
Warning About: W97M.Thus.BQ Virus
Report From: Norton / Symantec Security Updates
* Release Note: W97M.Thus.BQ is a stealth macro virus, which infects
active documents and the normal template file (Normal.dot). On certain
dates, it displays messages and may attempt to shut down Windows.
* Click here for Report on W97M.Thus.BQ Virus
Date: April 04, 2001
Platform: PC
Warning About: VBS.Yabran.A@mm Worm
Report From: Norton / Symantec Security Updates
* Release Note: This is a simple worm, which spreads from an infected
computer by emailing itself to everyone listed in the Microsoft Outlook
address book.
* Click here for Report on VBS.Yabran.A@mm Worm
Date: April 01, 2001
Platform: MS Windows 98, 98se and Windows ME
Warning About: Microsoft Plus! 98 Password Disclosure Vulnerability
Report From: Security Focus
* Release Note: Due to a flaw in the implementation of the Compressed
Folders feature in Microsoft Plus! 98 and Windows ME, the password
used to protect the compressed folder is stored on the user's machine
in plaintext. A user who gains access to a machine with this feature
installed may locate the file where the password is stored and use it
to access any compressed folder and the contents within the folder.
* Click here for Advisory on Microsoft Plus! 98 Vulnerability
Date: April 01, 2001
Platform: PC
Warning About: W97M.Mxc.A Virus
Report From: Norton / Symantec Security Updates
* Release Note: This Macro Virus is a simple macro virus that will infect
on opening an infected document. It will export its viral source code
to your c directory under the name tk.mxc. This virus will also disable
the Security setting under Office 2000.
* Click here for Report on W97M.Mxc.A Virus
Date: April 01, 2001
Platform: PC
Warning About: HLLC.Laufwerk.7040 Virus
Report From: Norton / Symantec Security Updates
* Release Note: HLLC.Laufwerk.7040 is a companion virus, which is written
in a high-level language. Using random file names, the virus makes
multiple copies of itself that are 7040 bytes in size. This virus only
replicates if you run one of these files, but does not infect or
modify any files on your computer.
* Click here for Report on HLLC.Laufwerk.7040 Virus
Date: April 01, 2001
Platform: PC
Warning About: Butterfly.302 Virus
Report From: Norton / Symantec Security Updates
* Release Note: Butterfly.302 is a small DOS-based, memory-resident
virus, that only infects .com files. When it is run, the virus infects
.com files in directory in which it resides.
* Click here for Report on Butterfly.302 Virus
Date: April 01, 2001
Platform: PC
Warning About: VBS/Breberka.A@MM Virus
Report From: Network Associates
* Release Note: This virus is detected generically under a different
name, VBS/Anjulie.gen@MM. This virus writes itself to the local
system in two places and then sends itself via Outlook email to
others.
* Click here for Report on VBS/Breberka.A@MM
Date: April 01, 2001
Released: April 01, 2001
Platform: Microsoft Internet Explorer 5.01 and 5.5
Patch Available: Incorrect MIME Header Can Cause IE to Execute
E-mail Attachment
Report From: MicroSoft TechNet Security
* Release Note: Impact of vulnerability: Run code of attackers choice.
Recommendation: Customers using IE should install the patch
immediately.
* Click here for MS Security Bulletin MS01-020
Top of Page
Macintosh
No virus warnings for April 2001
Top of Page
Linux
Date: April 29, 2001
Platform: Linux-Mandrake
Updates To: gftp and rpmdrake
Report From: Linux Daily News
* Release Note: Linux Mandrake has issued a security update for gftp,
which has a format string vulnerability in all versions of gftp prior
to version 2.0.8. There is also a temporary file vulnerability in
rpmdrake.
* Click here for LWN Security Update To gftp
* Click here for LWN Security Update To rpmdrake
Date: April 27, 2001
Platform: Red Hat Linux 7.0 that are running the LPRng service
Updates To: Linux-targeted worm: lpdw0rm, plus
Red Hat's patch for LPRng
Report From: Linux Daily News
* Release Note: SecurityFocus has released their analysis of a new worm,
lpdw0rm. This particular worm is targeted at systems running unpatched
versions of Red Hat Linux 7.0 that are running the LPRng service, one
of the vulnerabilities that previous worms have also targeted.
Installing Red Hat's patch for LPRng (made available back in October)
will prevent a system from being successfully attacked.
* Click here for SecurityFocus Analysis To lpdw0rm
* Click here for Red Hat's patch for LPRng
Date: April 27, 2001
Platform: Engarde
Updates To: ntp Advisory
Report From: Linux Daily News
* Release Note: Engarde has an updated version of their ntp advisory
* Click here for LWN Update To ntp Advisory
Date: April 27, 2001
Platform: Debian
Updates To: NEdit
Report From: Linux Daily News
* Release Note: Debian's new packages to fix the security vulnerability
reported in NEdit
* Click here for LWN Security Update To NEdit
* Click here for NEdit at http://nedit.org/
Date: April 27, 2001
Platform: Progeny
Updates To: ftpd and bsdftp
Report From: Linux Daily News
* Release Note: Progeny report on which ftp packages are vulnerable to
the off-by-one and recent globbing vulnerabilities, plus package
updates for those that are (ftpd and bsdftp).
* Click here for LWN Security Update To ftpd and bsdftp
Date: April 27, 2001
Platform: Red Hat
Updates To: gftp
Report From: Linux Daily News
* Release Note: gftp is a multi-threaded X-based ftp client. Red Hat has
issued updated packages for gftp that fix a format string vulnerability
in the package.
* Click here for LWN Security Update To gftp updated packages
* Click here for gftp at http://gftp.seul.org/
Date: April 26, 2001
Platform: Linux
Warning About: Kork Worm
Aliases: Linux/Kork, Unix/Kork, Worm.Linux.Kork
Variant: Kork.A
Report From: F-Secure
* Release Note: Kork is a worm that uses the known vulnerability in lpd
service to propagate from a vulnerable Linux system to another. This
service is part of the default installation of Red Hat Linux 7.0.
* Click here for Report on Kork Worm
Date: April 26, 2001
Platform: Debian
Updates To: Zope
Report From: Linux Daily News
* Release Note: The Debian Project has issued a new security update to
Zope. There are no new problems with Zope itself, but apparently the
previous version of this update had some, um, problems. People running
Debian's Zope package should probably apply this update.
* Click here for LWN Security Update To Zope
Date: April 25, 2001
Platform: Red Hat Linux 6.2 and 7.0
Warning About: Red Hat Ptrace and Exec Race Conditions
Report From: CIAC Bulletins
* Release Note: A race condition exists in ptrace, exec, and other suid
utilities that can result in a local denial of service or local root
compromise.
* Click here for Bulletin Number L-076
Date: April 25, 2001
Platform: Debian
Updates To: Netscape GIF comment issue
Report From: Linux Daily News
* Release Note: Debian has made available Netscape 4.77 in .deb format
to address problems found with the way earlier versions handled GIF
comments.
* Click here for LWN Security Update To Netscape GIF comment issue
Date: April 25, 2001
Platform: Red Hat
Updates To: mgetty
Report From: Linux Daily News
* Release Note: Red Hat has issed an advisory for mgetty to address
packaging errors in previous updates for that package.
* Click here for LWN Security Update To mgetty
Date: April 25, 2001
Platform: Progeny
Updates To: sendfile
Report From: Linux Daily News
* Release Note: Progeny has issed an advisory for sendfile to address
local root vulnerabilities in that package.
* Click here for LWN Security Update To sendfile
Date: April 20, 2001
Platform: Progeny
Updates To: Netscape Javascript Vulnerabilities
Report From: Linux Daily News
* Release Note: Progeny posted their advisory for the Netscape Javascript
vulnerabilities that were recently uncovered.
* Click here for LWN Advisory for Netscape Javascript
Date: April 20, 2001
Platform: SuSE
Updates To: Hylafax server
Report From: Linux Daily News
* Release Note: SuSE posted a security advisory for the Hylafax server
side program to address potential root vulnerabilities.
* Click here for LWN Security Advisory for Hylafax server
Date: April 20, 2001
Platform: Debian
Updates To: sendfile
Report From: Linux Daily News
* Release Note: Debian posted an advisory for sendfile addressing
improper priviledge dropping issues.
* Click here for LWN Advisory To sendfile
Date: April 20, 2001
Platform: Conectiva
Updates To: kernel and Samba
Report From: Linux Daily News
* Release Note: Conectiva has issued advisories for kernels prior to
2.2.19 and for Samba.
* Click here for LWN Security Update To kernel
* Click here for LWN Security Update To Samba
Date: April 20, 2001
Platform: Red Hat
Advisory For: update to FTP iptables in 2.4 kernel
Report From: Linux Daily News
* Release Note: Red Hat has issued a security advisory for the 2.4 kernel
to address vulnerabilities in the FTP iptables. The problem does not
affect the default configuration of Red Hat Linux, but can affect some
custom configurations of Red Hat Linux 7.1 only and is specific to the
Linux 2.4 kernel series.
* Click here for LWN Security Advisory To FTP iptables
Date: April 20, 2001
Platform: Caldera
Updates To: Samba
Report From: Linux Daily News
* Release Note: Caldera joins the list of responders to the recent Samba
vulnerability report.
* Click here for LWN Security Update To Samba
Date: April 20, 2001
Platform: Progeny
Updates To: Samba
Report From: Linux Daily News
* Release Note: Progeny joins the list of responders to the recent Samba
vulnerability report.
* Click here for LWN Security Update To Samba
Date: April 20, 2001
Platform: SuSE
Updates To: nedit and sudo
Report From: Linux Daily News
* Release Note: SuSE has issued a security update to nedit, fixing a
temp file vulnerability in that package. Also out is an update to sudo
fixing a buffer overflow problem (which was discussed in the March 1 LWN
LWN security page).
* Click here for LWN Security Update To nedit
* Click here for LWN Security Update To sudo
* Click here for LWN March 1 Security Page for sudo
Date: April 18, 2001
Platform: Various Linux Distributions
Warning About: Network Time Protocol (NTP) Vulnerabilities
Report From: CIAC Bulletins
* Release Note: A remote intruder can use the buffer overflow to cause
the NTP code to crash. It is possible that the buffer overflow can be
used to execute arbritrary code.
* Click here for Bulletin Number L-071
Date: April 18, 2001
Platform: Linux
Updates To: Samba 2.0.8 Security Issue
Report From: Linux Daily News
* Release Note: Andrew Tridgell posted a note to BugTraq that Samba 2.0.8
has been released to address a significant security vulnerability that
allows local users to corrupt local devices (such as raw disks).
* Click here for LWN Security Issue for Samba 2.0.8
Date: April 18, 2001
Platform: Trustix Secure Linux
Updates To: Samba 2.0.8 Advisory
Report From: Linux Daily News
* Release Note: Distribution update posted from Trustix Secure Linux
* Click here for LWN Security Advisory To Samba 2.0.8
Date: April 18, 2001
Platform: Debian
Updates To: Samba 2.0.8 Advisory
Report From: Linux Daily News
* Release Note: Distribution update posted from Debian
* Click here for LWN Security Advisory To Samba 2.0.8
Date: April 18, 2001
Platform: Immunix OS
Updates To: Samba 2.0.8 Advisory
Report From: Linux Daily News
* Release Note: Distribution update posted from Immunix OS
* Click here for LWN Security Advisory To Samba 2.0.8
Date: April 18, 2001
Platform: Linux Mandrake
Updates To: kernel update Advisory
Report From: Linux Daily News
* Release Note: Linux Mandrake released a security advisory to update
kernels in their distributions ranging from 6.0 to 7.2 and the
Corporate Server 1.0.1. According to the advisory, a number of
security problems have been found in the Linux kernels prior to the
latest 2.2.19 kernel.
* Click here for LWN Security Advisory To kernel update
Date: April 18, 2001
Platform: Conectiva
Updates To: Netscape
Report From: Linux Daily News
* Release Note: Another netscape security update has been posted, this
time from Brazilian Linux distributor Conectiva.
* Click here for LWN Security Update To Netscape
Date: April 18, 2001
Platform: Immunix
Updates To: pine and netscape
Report From: Linux Daily News
* Release Note: Immunix has posted security advisories for the pine and
netscape packages provided as part of their distribution.
* Click here for LWN Security Update To Pine
* Click here for LWN Security Update To Netscape
Date: April 18, 2001
Platform: Red Hat
Updates To: 7.1 update for Netscape, kernel patches for 6.2, 7
Report From: Linux Daily News
* Release Note: Red Hat has posted a security update for the just
released 7.1 distribution for the Netscape packages. This is just an
update for previous notices in order to make the updated Netscape
packages available for 7.1. Red Hat has also issued updates for their
Red Hat Linux 6.2 and Red Hat Linux 7 distributions to make kernel
2.2.19 available for those distributions.
* Click here for LWN Security Update To 7.1 Netscape package
* Click here for LWN Security Update To kernel 2.2.19
Date: April 16, 2001
Platform: Debian
Updates To: kernel
Report From: Linux Daily News
* Release Note: The Debian Project has released a security update to the
kernel fixing the numerous problems that existed in kernels prior to
2.2.19. Also out from Debian is a set of instructions and packages for
those wanting to run the 2.4 kernel on Debian 2.2 systems.
* Click here for LWN Security Update To kernel
* Click here for LWN Set of Instructions
Date: April 16, 2001
Platform: Debian
Advisory for: exuberant-ctags
Report From: Linux Daily News
* Release Note: Colin Phipps discovered that the exuberant-ctags packages
as distributed with Debian GNU/Linux 2.2 creates temporary files
insecurely. This has been fixed in version 1:3.2.4-0.1 of the Debian
package, and upstream version 3.5.
* Click here for LWN Security Advisory for exuberant-ctags
Date: April 16, 2001
Platform: Red Hat
Updates To: Netscape and pine
Report From: Linux Daily News
* Release Note: Red Hat has issued security advisories for Netscape and
pine. Both advisories are applicable to RH 6.2 and 7, while the pine
advisory is also applicable to RH 5.2.
* Click here for LWN Security Update To Netscape
* Click here for LWN Security Update To pine
Date: April 12, 2001
Platform: Linux
Warning About: Linux/Adore.worm
Aliases: Linux/Red
Report From: Network Associates
* Release Note: The Linux/Adore package, containing "Elf" binary files
as well as script files, targets to scan the internet to look for
vulnerable Linux systems to exploit.
* Click here for Report on Linux/Adore.worm
Date: April 09, 2001
Platform: Red Hat
Updates To: xntp
Report From: Linux Daily News
* Release Note: Red Hat updates are now available.
* Click here for LWN Security Update To xntp
Date: April 09, 2001
Platform: Trustix
Updates To: xntp
Report From: Linux Daily News
* Release Note: Trustix updates are now available.
* Click here for LWN Security Update To xntp
Date: April 09, 2001
Platform: Slackware
Updates To: xntp
Report From: Linux Daily News
* Release Note: Everyone is on the ball with this patch, with Slackware
being the latest distribution to release a fix for xntp.
* Click here for LWN Security Update To xntp
Date: April 09, 2001
Platform: Red Hat
Updates To: Unofficial xntp fix
Report From: Linux Daily News
* Release Note: Dan Anderson has provided an unofficial patch for Red Hat
systems package xntp3-5.93-14.
* Click here for LWN Security Update To Unofficial xntp fix
Date: April 09, 2001
Platform: Caldera
Updates To: ntp and xntp3
Report From: Linux Daily News
* Release Note: Caldera has issued this security update for the recently
reported vulnerabilites for ntp and xntp3.
* Click here for LWN Security Update To ntp and xntp3
Date: April 09, 2001
Platform: Immunix
Updates To: ntp and xntp3
Report From: Linux Daily News
* Release Note: Immunix have posted security updates for the recently
reported vulnerabilites for ntp and xntp3.
* Click here for LWN Security Update To ntp and xntp3
Date: April 09, 2001
Platform: Linux Mandrake
Updates To: ntp and xntp3
Report From: Linux Daily News
* Release Note: Linux Mandrake have posted security updates for the
recently reported vulnerabilites for ntp and xntp3.
* Click here for LWN Security Update To ntp and xntp3
Date: April 09, 2001
Platform: Debian
Updates To: NTP
Report From: Linux Daily News
* Release Note: The Debian Project has released a security update to
NTP fixing the remotely-exploitable buffer overflow problem in that
package.
* Click here for LWN Security Update To NTP
Date: April 09, 2001
Platform: Trustix
Updates To: Releases 1.5 beta and kernel update
Report From: Linux Daily News
* Release Note: Trustix has announced the release of Trustix Secure Linux
1.4.80, a beta release toward the 1.5 stable version. It is nicknamed
"Ooops," and is incompatible with 1.2 in a number of ways; read the
announcement closely. Also released is a security update to the kernel
which brings it up to 2.2.19 and fixes the security holes there.
* Click here for LWN Trustix Releases 1.5 beta
* Click here for LWN Trustix kernel update
Date: April 05, 2001
Platform: Linux
Warning About: Adore Worm
Aliases: Unix/Adore, Red worm, Linux/Adore
Report From: F-Secure
* Release Note: Adore is a worm, that spreads in Linux systems using four
diffrent, known vulnerabilities already used by Ramen and Lion worms.
All four vulnerabilities have been already fixed by different Linux
vendors. Read the report for further information.
* Click here for Report on Adore Worm
Date: April 04, 2001
Platform: Linux on x86 platforms with unpatched BIND services but could
be expanded to other UNIX platforms
Warning About: The Lion Internet Worm DDOS Risk
Report From: CIAC Bulletins
* Release Note: Further analysis of the Lion Internet worm by the NIPC
indicates that it has the potential for causing much more damage than
originally expected.
* Click here for Bulletin Number L-064
Date: April 04, 2001
Platform: Caldera
Updates To: kernel fixes
Report From: Linux Daily News
* Release Note: Caldera has posted a security advisory to announce that
patches for kernel problems that are now available in 2.2.19 have been
backported to kernels in some of their previous releases.
* Click here for LWN Security Update To kernel
Date: April 04, 2001
Platform: Linux
Warning About: New Linux worm Adore
Report From: Linux Daily News
* Release Note: The SANS Institute has issued a warning regarding a new
variant of the Ramen and Lion worms. The warning includes tools for
detection and removal of the worm.
* Click here for LWN Warning about Adore Worm
Date: April 04, 2001
Platform: Linux
Updates To: RSBAC 1.1.1 released
Report From: Linux Daily News
* Release Note: Version 1.1.1 of the Rule Set Based Access Control (RSBAC)
system has been released. RSBAC is a set of kernel patches which add a
general security mechanism, allowing for a large number of different
security policies to be implemented. It's a comprehensive implementation,
with several policy modules available; it has also been in production for
some time. Worth a look for those interested in building secure systems.
* Click here for LWN Security Update To RSBAC 1.1.1
Date: April 01, 2001
Platform: Trustix
Updates To: OpenSSH
Report From: Linux Daily News
* Release Note: Here is a security advisory for Trustix Secure Linux on
its update to OpenSSH-2.5.2p2.
* Click here for LWN Security Update To OpenSSH
Date: April 01, 2001
Platform: Red Hat
Updates To: OpenSSH
Report From: Linux Daily News
* Release Note: Red Hat has issued a security update to OpenSSH which
picks up the latest passive analysis defenses.
* Click here for LWN Security Update To OpenSSH
Top of Page
Miscellaneous
Date: April 29, 2001
Platform: Misc
Hoax Report: E-Mail Tax HOAX Resurfaces In Australia
Report From: Infowar.Com
* Release Note: Infowar.Com News says Australia Post has had to publicly
refute an e-mail message circulating around the Australian Internet
after the old hoax has continued to spiral out of control Down Under
in spite of the efforts of the media and the Australian government to
put it to death.
* Click here for E-Mail Tax HOAX Resurfaces In Australia
Date: April 27, 2001
Platform: Misc
Hoax Alert: Playboy Girls HOAX
Aliases: Meninas da Playboy, bancoc.vbs
Report From: Symantec Security HOAX Updates
* Release Note: This information is a hoax and should be ignored. Sample
of hoax message located at the Inside Information Systems webite at
http://mail.iis.com.br/ The english translation of the MS announcement
is available in Symantec hoax report.
* Click here for Symantec HOAX Report on Playboy Girls
Date: April 27, 2001
Platform: Misc
Warning To: U.S. warns about China hacking
Report From: MSNBC Tech News
* Release Note: Federal authorities and security companies are warning
American businesses to protect themselves next week during a planned
Labor Day Strike from Chinese hackers upset over the recent spy plane
incident.
* Click here for U.S. warns about China hackingpdate To
Date: April 26, 2001
Platform: None
Hoax Report: Nokia Cellphone Radiation HOAX
Aliases: Nokia 3310,6210 radiation hoax
Report From: F-Secure Hoax information
* Release Note: This hoax is about some new Nokia models giving out much
higher amounts of radiation compared to previous ones. This is a typical
cancer or radiation warning hoax, there's no truth in the story. No
deaths or injuries caused by mobile phone radiation have been reported.
F-Secure asks that you please ignore these messages and don't spread them
any further.
* Click here for F-Secure Report on Nokia Cellphone Radiation HOAX
Date: April 26, 2001
Platform: None
Hoax Alert: SULFNBK.EXE Warning HOAX
Report From: Symantec Security HOAX Updates
* Release Note: This email hoax has been reported in Brazil. The original
email is in Portuguese. Symantec has the original and also followed by
an English translation. They ask that you please ignore any messages
regarding this hoax and do not pass on messages. Passing on messages
about the hoax only serves to further propagate it.
* Click here for Symantec HOAX Report on SULFNBK.EXE Warning
Date: April 25, 2001
Platform: Versions of FreeBSD
Warning About: FreeBSD IPFilter May Incorrectly Pass Packets
Report From: CIAC Bulletins
* Release Note: The IPFilter package is used to implement the FreeBSD
firewall function. A vulnerability may allow packets to bypass the
filter.
* Click here for Bulletin Number L-075
Date: April 19, 2001
Platform: 5000 series switches and Some Models
Warning About: Cisco Catalyst 5000 Series 802.1x Vulnerability
Report From: CIAC Bulletins
* Release Note: A 802.1x frame received on a STP blocked port causes a
network storm in the immediate network.
* Click here for Bulletin Number L-072
Date: April 12, 2001
Platform: Alcatel Speed Touch Home ADSL Modem and
Alcatel 1000 ADSL Network Termination Device
Warning About: Multiple Vulnerabilities in Alcatel ADSL Modems
Report From: CERT
* Release Note: The San Diego Supercomputer Center (SDSC) has recently
discovered several vulnerabilities in the Alcatel Speed Touch
Asymmetric Digital Subscriber Line (ADSL) modem. These vulnerabilities
are the result of weak authentication and access control policies.
* Click here for CERT CA-2001-08
Date: April 12, 2001
Platform: FTP servers on various platforms
Warning About: File Globbing Vulnerabilities in Various FTP Servers
Report From: CERT, CIAC Bulletins and COVERT Labs at PGP Security
* Release Note: A variety of FTP servers incorrectly manage buffers in a
way that can lead to remote intruders executing arbitrary code on the
FTP server.
* Click here for CERT CA-2001-07
* Click here for CIAC Bulletin Number L-070
* Click here for COVERT Advisories No. 048
Date: April 12, 2001
Platform: FreeBSD, NetBSD, OpenBSD and SGI IRIX
Warning About: Multiple Vendor BSD ftpd glob() Buffer Overflow
Vulnerabilities
Report From: Security Focus
* Release Note: The BSD ftp daemon and derivatives contain a number of
buffer overflows that may lead to a compromise of root access to
malicious users.
* Click here for Advisory on BSD ftp daemon
Date: April 12, 2001
Platform: Sun Solaris
Warning About: Solaris ftpd glob() Expansion LIST Heap Overflow
Vulnerability
Report From: Security Focus
* Release Note: The Solaris ftp daemon contains a heap-based buffer
overflow condition. The overflow occurs when the LIST command is issued
with an argument that expands into an oversized string after being
processed by glob().
* Click here for Advisory on Solaris ftp daemon
Date: April 12, 2001
Platform: HP HP-UX 10.0 - 11.0
Warning About: HP-UX ftpd glob() Expansion STAT Buffer Overflow
Vulnerability
Report From: Security Focus
* Release Note: Hewlett Packard's HP-UX ftp daemon contains a stack-based
buffer overflow condition. The overflow occurs when the STAT command is
issued with an argument that expands into an oversized string after
being processed by glob().
* Click here for Advisory on HP HP-UX ftp daemon
Date: April 09, 2001
Platform: Cisco VPN 3000 series
Warning About: Cisco VPN3000 Concentrator TELNET Vulnerability
Report From: CIAC Bulletins
* Release Note: The SSL and telnet connections are not handled properly
for failed logon attempts. A flood of data sent to either the SSL or
telnet port can cause Cisco VPN 3000 series concentrators to reboot.
* Click here for Bulletin Number L-068
Date: April 09, 2001
Platform: Cisco CSS 11050, CSS 11150, and CSS 11800 units
Warning About: Cisco Content Services Switch User Account Vulnerability
Report From: CIAC Bulletins
* Release Note: The Cisco Content Services (CSS) switch product, also
known as Arrowpoint, has a security vulnerability which allows privilege
escalation. Follow the Cisco advice in the bulletin for establishing
access control lists or apply the patch.
* Click here for Bulletin Number L-069
Date: April 05, 2001
Platform: Palm OS PDA Operating System
Warning About: Phage Virus
Aliases: PalmOS/Phage, Palm virus
Report From: F-Secure
* Release Note: Phage can spread from one Palm to another if infected
files are shared via beaming or installed via a docking station.
* Click here for Report on Phage Virus
Date: April 05, 2001
Platform: Misc
Hoax Report: ERICELL enginer HOAX
Aliases: DIGIPHONE hoax
Report From: F-Secure Hoax information
* Release Note: This is English translation of a Swedish hoax about
someone posing as telecom engineer. F-Secure asks that you please
ignore these messages and don't spread them any further.
* Click here for F-Secure Report on ERICELL enginer HOAX
Date: April 04, 2001
Platform: Any machine running Solaris 2.6, 7, or 8 with snmpXdmid
installed and enabled.
Warning About: Solaris Exploitation of snmpXdmid
Report From: CIAC Bulletins
* Release Note: A buffer overflow exists in the snmpXdmid code. Local
and remote users can exploit the buffer overflow.
* Click here for Bulletin Number L-065
Date: April 04, 2001
Platform: Misc
Hoax Alert: Foot N Mouth Virus Warning HOAX
Report From: Symantec Security HOAX Updates
* Release Note: Please ignore any messages regarding this hoax and do not
pass on messages.
* Click here for Symantec HOAX Report on Foot N Mouth Virus Warning
Date: April 01, 2001
Platform: Solaris 2.6, 7, or 8
Warning About: Exploitation of snmpXdmid
Report From: CERT
* Release Note: Exploitation of this vulnerability allows an intruder to
gain privileged (root) access to the system.
* Click here for CERT CA-2001-05
Date: April 01, 2001
Platform: Such as Sun Solaris 8.0, SGI IRIX 6.5 and Linux/UNIX
Warning About: Apache Tomcat 3.0 Directory Traversal Vulnerability
Report From: Security Focus
* Release Note: Apache Tomcat in a Windows NT environment could be led
to traverse the normal directory structure and return requested files
from outside of the document root.
* Click here for Advisory on Apache Tomcat Vulnerability
Date: April 01, 2001
Platform: Sun Solaris 8.0_x86 plus other versions
Warning About: Solaris tip Buffer Overflow Vulnerability
Report From: Security Focus
* Release Note: tip is a utility included with Sun Microsystems Solaris
Operating Environment. tip allows a user to establish a full duplex
terminal connection with a remote host. Due to the improper handling
of environment variables by tip, it is possible to overflow a buffer
in the program, and execute arbitrary code.
* Click here for Advisory on Solaris tip Vulnerability
Top of Page
Back to the Virus Archives page