 |
 |
|
 |
|
|
|
|
 |
|
 |
 |
 |
 |
 |
 |
 |
The
following are the latest security alerts and the top ten viruses:
| Jan 27/04 | Email-borne Viruses | (Cert) |
| Systems
Affected: Any system running Microsoft Windows (all versions from
Windows 95 and up) and used for reading email or accessing peer-to-peer
file sharing services.
Overview: In recent weeks there have been several mass-mailing viruses released on the Internet. It is important for users to understand the risks posed by these pieces of malicious code and the steps necessary to protect their systems from virus infection.
|
||
| Nov 11/03 | Buffer
Overflow in Windows Workstation Service |
(Cert) |
|
Systems Affected: Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4; Microsoft Windows XP; Microsoft Windows XP Service Pack 1; Microsoft Windows XP 64-Bit Edition Overview: A buffer overflow vulnerability exists in Microsoft's Windows Workstation Service (WKSSVC.DLL). A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service.
|
||
| Oct 16/03 | Multiple
Vulnerabilities in Microsoft Windows and Exchange |
|
| Systems
Affected: Multiple versions of Microsoft Windows (ME, NT 4.0, NT 4.0
TSE, 2000, XP, Server 2003), Microsoft Exchange Server 5.5 and Microsoft
Exchange Server 2000
Overview: There are multiple vulnerabilities in Microsoft Windows and Microsoft Exchange, the most serious of which could allow remote attackers to execute arbitrary code.
|
||
| Oct 1/03 | Multiple
Vulnerabilities in SSL/TLS Implementations |
|
| Systems
Affected: OpenSSL versions prior to 0.9.7c and 0.9.6k, Multiple SSL/TLS
implementations, SSLeay library
Overview: There are multiple vulnerabilities in different implementations of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. These vulnerabilities occur primarily in Abstract Syntax Notation One (ASN.1) parsing code. The most serious vulnerabilities may allow a remote attacker to execute arbitrary code. The common impact is denial of service.
|
||
| Sept 18/03 | Buffer Overflow in Sendmail |
|
|
Systems Affected: Systems running open-source sendmail versions prior to 8.12.10, including UNIX and Linux systems; Commercial releases of sendmail including Sendmail Switch, Sendmail Advanced Message Server (SAMS), and Sendmail for NT Overview: A vulnerability in sendmail could allow a remote attacker to execute arbitrary code with the privileges of the sendmail daemon, typically root. |
||
| Sept 16/03 | Buffer
Management Vulnerability in OpenSSH |
|
|
Systems Affected: Systems running versions of OpenSSH prior to 3.7, Systems that use or derive code from vulnerable versions of OpenSSH Overview: There is a remotely exploitable vulnerability in a general buffer management function in versions of OpenSSH prior to 3.7. This may allow a remote attacker to corrupt heap memory which could cause a denial-of-service condition. It may also be possible for an attacker to execute arbitrary code.
|
||
| Sept 10/03 | RPCSS Vulnerabilities in Microsoft Windows |
|
| Systems
Affected: Microsoft Windows NT Workstation 4.0, Microsoft Windows
NT Server 4.0, Microsoft Windows NT Server 4.0, Terminal Server Edition,
Microsoft Windows 2000, Microsoft Windows XP, Microsoft Windows Server
2003
Overview: Microsoft has published a bulletin describing three vulnerabilities that affect numerous versions of Microsoft Windows. Two of these vulnerabilities are remotely exploitable buffer overflows that may allow an attacker to execute arbitrary code with system privileges. The third vulnerability may allow a remote attacker to cause a denial of service. |
||
| Aug 26/03 | Multiple
Vulnerabilities in Microsoft Internet Explorer |
|
| Systems
Affected: Microsoft Windows systems running Internet Explorer 5.01;
Internet Explorer 5.50; Internet Explorer 6.01
Previous, unsupported versions of Internet Explorer may also be affected. Overview: Microsoft Internet Explorer (IE) contains multiple vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code with the privileges of the user running IE. |
||
| Aug 13/03 | GNU
Project FTP Server Compromise |
|
|
Overview : The CERT/CC has received a report that the system housing the primary FTP servers for the GNU software project was compromised.
|
||
| Aug11/03 | W32/Blaster worm |
|
|
Systems Affected: Microsoft Windows NT 4.0, Microsoft Windows 2000, Microsoft Windows XP, Microsoft Windows Server 2003 Overview: The CERT/CC is receiving reports of widespread activity related to a new piece of malicious code known as W32/Blaster. This worm appears to exploit known vulnerabilities in the Microsoft Remote Procedure Call (RPC) Interface.
|
||
| July 31/03 | Exploitation of Vulnerabilities in Microsoft RPC Interface |
|
|
Systems Affected: Microsoft Windows NT 4.0, Microsoft Windows NT 4.0 Terminal Services Edition, Microsoft Windows 2000, Microsoft Windows XP, Microsoft Windows Server 2003 Overview: The CERT/CC is receiving reports of widespread scanning and exploitation of two recently discovered vulnerabilities in Microsoft Remote Procedure Call (RPC) Interface.
|
||
| July 25/03 | Integer Overflows in Microsoft Windows DirectX MIDI Library |
|
| Systems
Affected: Microsoft Windows systems running DirectX (Windows 98, 98SE,
NT, 4.0, NT 4.0 TSE, 2000, Server 2003)
Overview: A set of integer overflows exists in a DirectX library included in Microsoft Windows. An attacker could exploit this vulnerability to execute arbitrary code or to cause a denial of service. |
||
| July 18/03 | Exploit available for for the Cisco IOS Interface Blocked Vulnerabilities |
|
|
Systems Affected: All Cisco devices running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets. Overview:
An exploit has been posted publicly for the vulnerability described
in VU#411332, which was announced in this
document
|
||
| July 17/03 | Buffer
Overflow in Microsoft RPC |
|
|
Systems Affected: Microsoft Windows NT 4.0, Microsoft Windows NT 4.0 Terminal Services Edition, Microsoft Windows 2000, Microsoft Windows XP, Microsoft Windows Server 2003. Overview: A buffer overflow vulnerability exists in Microsoft's Remote Procedure Call (RPC) implementation. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service. |
||
| July 16/03 | Cisco IOS Interface Blocked by IPv4 Packet |
|
|
Systems Affected : All Cisco devices running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets. Overview: A vulnerability in many versions of Cisco IOS could allow an intruder to execute a denial-of-service attack against a vulnerable device.
|
||
| July 14/03 | Buffer Overflow in Microsoft Windows HTML Conversion Library |
|
|
Systems Affected: Windows 98 and 98 Second Edition (SE), Windows NT 4.0 and 4.0 Terminal Server Edition (TSE), Windows Millennium Edition (Me), Windows 2000, Windows XP, Windows Server 2003 Overview: A buffer overflow vulnerability exists in a shared HTML conversion library included in Microsoft Windows. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service. |
||
| July 3/03 |
ISS warns of coordinated hacker attack on July 6 click here to see full story-->. |
|
| Apr. 17/03 | Multiple Vulnerabilities in Snort Preprocessors |
|
| Systems
Affected: Snort IDS, versions 1.8 through 2.0 RC1
Overview: There are two vulnerabilities in the Snort Intrusion Detection System, each in a separate preprocessor module. Both vulnerabilities allow remote attackers to execute arbitrary code with the privileges of the user running Snort, typically root. (click here for more information)
|
||
| Mar 29/03 | Buffer Overflow in Sendmail |
|
| Systems
Affected: Sendmail Pro (all versions), Sendmail Switch 2.1 prior to
2.1.6, Sendmail Switch 2.2 prior to 2.2.6, Sendmail Switch 3.0 prior
to 3.0.4, Sendmail for NT 2.X prior to 2.6.3, Sendmail for NT 3.0
prior to 3.0.4, Systems running open-source sendmail, versions prior
to 8.12.9, including UNIX and Linux systems
Overview: There is a vulnerability in sendmail that can be exploited to cause a denial-of-service condition and could allow a remote attacker to execute arbitrary code with the privileges of the sendmail daemon, typically root. (Click here for more information)
|
||
| Mar 26/03 | Multiple Vulnerabilities in Lotus Notes and Domino |
|
| Systems
Affected: Lotus Notes and Domino versions prior to 5.0.12 and 6.0
Gold, VU#571297 affects 5.0.12, 6.0.1 and prior versions.
Overview:
Multiple vulnerabilities have been reported to affect Lotus Notes
clients and Domino servers. Multiple reporters, the close timing,
and some ambiguity caused confusion about what releases are vulnerable.
We are issuing this advisory to help clarify the details of the
vulnerabilities, the versions affected, and the patches that resolve
these issues. (click here for more information)
|
||
| Mar 19/03 | Integer overflow in Sun RPC XDR library routines |
|
| Systems
Affected: Applications using vulnerable implementations of SunRPC-derived
XDR libraries, which include: Sun Microsystems network services library
(libnsl); BSD-derived libraries with XDR/RPC routines (libc); GNU
C library with sunrpc (glibc)
Overview: There is an integer overflow in the xdrmem_getbytes() function distributed as part of the Sun Microsystems XDR library. This overflow can cause remotely exploitable buffer overflows in multiple applications, leading to the execution of arbitrary code. Although the library was originally distributed by Sun Microsystems, multiple vendors have included the vulnerable code in their own implementations. (click here for more information)
|
||
| Mar 17/ 03 | Buffer Overflow in Microsoft IIS 5.0 | (Cert) |
| Systems
Affected: Systems running Microsoft Windows 2000 with IIS 5.0 enabled
Overview: A buffer overflow vulnerability exists in Microsoft IIS 5.0 running on Microsoft Windows 2000. IIS 5.0 is installed and running by default on Microsoft Windows 2000 systems. This vulnerability may allow a remote attacker to run arbitrary code on the victim machine. An exploit is publicly available for this vulnerability, which increases the urgency that system administrators apply a patch. (click here for more information)
|
||
| Mar 8/03 | Increased Activity Targeting Windows Shares | (Cert) |
| Systems
Affected: Microsoft Windows 2000, Microsoft Windows XP
Overview: In recent weeks, the CERT/CC has observed an increase in the number of reports of systems running Windows 2000 and XP compromised due to poorly protected file shares. |
||
| Mar 3/03 | Remote Buffer Overflow in Sendmail | (Cert) |
| Systems
Affected: Sendmail Pro (all versions), Sendmail Switch 2.1 prior to
2.1.5, Sendmail Switch 2.2 prior to 2.2.5, Sendmail Switch 3.0 prior
to 3.0.3, Sendmail for NT 2.X prior to 2.6.2, Sendmail for NT 3.0
prior to 3.0.3, Systems running open-source sendmail versions prior
to 8.12.8, including UNIX and Linux systems
Overview: There is a vulnerability in sendmail that may allow remote attackers to gain the privileges of the sendmail daemon, typically root. |
||
| Feb 21/03 | Multiple vulnerabilities in implementations of the Session Initiation Protocol (SIP) | (Cert) |
| Systems
Affected: SIP-enabled products from a wide variety of vendors are
affected. Other systems making use of SIP may also be vulnerable but
were not specifically tested. Not all SIP implementations are affected.
Overview: Numerous vulnerabilities have been reported in multiple vendors' implementations of the Session Initiation Protocol. These vulnerabilities may allow an attacker to gain unauthorized privileged access, cause denial-of-service attacks, or cause unstable system behavior. If your site uses SIP-enabled products in any capacity, the CERT/CC encourages you to read this advisory and follow the advice provided in the Solution section below. |
||
| Feb 19/03 | Multiple Vulnerabilities in Oracle Servers |
|
| Systems
Affected:Systems running Oracle9i Database (Release 1 and 2), Systems
running Oracle8i Database v 8.1.7, Systems running Oracle8 Database
v 8.0.6, Systems running Oracle9i Application Server (Release 9.0.2
and 9.0.3)
Multiple vulnerabilities exist in Oracle software that may lead to execution of arbitrary code; the ability to read, modify, or delete information stored in underlying Oracle databases; or denial of service. All of these vulnerabilites were discovered by Next Generation Security Software Ltd. |
||
| Jan 25/03 | MS-SQL Server Worm |
|
| Systems
Affected : Microsoft SQL Server 2000
The CERT/CC has received reports of self-propagating malicious code that exploits multiple vulnerabilities in the Resolution Service of Microsoft SQL Server 2000. The propagation of this worm has caused varied levels of network degradation across the Internet, in addition to the compromise of vulnerable machines |
||
| Jan 23/03 | Buffer Overflow in Windows Locator Service | (Cert) |
|
Systems Affected: Microsoft Windows NT 4.0, Microsoft Windows NT 4.0, Terminal Server Edition, Microsoft Windows 2000, Microsoft Windows XP A buffer overflow vulnerability in the Microsoft Windows Locator service could allow a remote attacker to execute arbitrary code or cause the Windows Locator service to fail. This service is enabled and running by default on Windows 2000 domain controllers and Windows NT 4.0 domain controllers. |
||
| Jan 22/03 | Double-Free Bug in CVS Server | (cert) |
|
Systems Affected: Systems running CVS Home project versions of CVS prior to 1.11.5; Operating system distributions that provide CVS;* Source code repositories managed by CVS A "double-free"
vulnerability in the Concurrent Versions System (CVS) |
||
| Jan 15/03 | Buffer Overflows in ISC DHCPD Minires Library | (cert) |
|
Systems Affected :Systems running ISC DHCPD versions 3.0 through 3.0.1RC10, inclusive. The Internet Software Consortium (ISC) has discovered several buffer overflow vulnerabilities in their implementation of DHCP (ISC DHCPD). These vulnerabilities may allow remote attackers to execute arbitrary code on affected systems. At this time, we are not aware of any exploits. |