WebCrime

HEADSUP
Home
THE PROFIT MOTIVE: MyDoom Redux:
MALICIOUS CODE
HORROR STORIES
SPYWARE
SPOOFING
ANTHRAX
VIRUSES BY OTHER NAMES
PROGRAMMING VIA BIOLOGICAL ENGINEERING TECHNIQUES
MYDOOM
WORMS
KEYLOGGER
SPYWARE
HYBRIDS
ANTHRAX ON THE INTERNET
ANTHRAX CHATTER
CELLPHONE VIRUS CHATTER
VIRUS CHATTER
ANTHRAX CHATTER
MICROSOFT CHATTER
"link=bacillus"
MSBLASTER
PHISHING
SWEN
FIREWALLS
TERMS GLOSSARY
MALICIOUS SCRIPTS: THE STATE OF THE ART DELIVERY METHOD
RESOURCES: FIGHTING BACK - FREE UTILITIES
CODE RED
WHAT'S IN A NAME
MICROSOFT
NIMDA
ANTHRAX-NIMDA CONNECTION
SCRIPT KIDDIES VRS ENGINEERS
THE UNLIKELY LADDS
VIRUS ALLERTS
IDENTITY THEFT
HEADS OFF
HEADSUP

 
"An attacker could then install programs; view, change, or delete data; or create new accounts with full privileges."

SECURITY ADVISORIES: TRENDMICRO

 

Information Technology and Telecommunications Sector

 

19. January 11, 2005 Secunia Linux kernel multiple vulnerabilities.

 

Multiple vulnerabilities have been reported in the Linux kernel, which potentially can be exploited by malicious, local to cause a denial of service, disclose sensitive information, or gain escalated privileges on vulnerable system. The solution is to grant only trusted users access to affected systems.

Source: http://secunia.com/advisories/13784/

 

 

20. January 11, Secunia mpg123 Mpeg layer-2 buffer overflow vulnerability.

 

A vulnerability has been reported in mpg123, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the of frame headers for layer-2 streams. This may be exploited to cause a heap-based buffer overflow via a specially crafted MP2 or MP3 file. Successful exploitation may allow execution of arbitrary code with the privileges of the user executing mpg123. There is no solution at6 this time.

Source: http://secunia.com/advisories/13779/

 

 

21. January 11, SecurityTracker Squid NTLM fakeauth_auth helper.

 

A vulnerability known as a memory leak has been reported in Squid in the NTLM fakeauth_auth helper. A remote hacker can trigger a segmentation fault. Under high load or when running for a long period of time, application may run out of memory. In addition, a remote user can send a specially crafted NTLM type 3 message to cause a segmentation fault and can cause denial of service conditions.

http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.ST ABLE7-fakeauth_auth.patch

Source: http://securitytracker.com/alerts/2005/Jan/1012818.html

 

 

22. January 11, SecurityTracker NetWare running CIFS.NLM.

 

A denial of service vulnerability was reported in NetWare when running CIFS.NLM. A remote user can conduct a network port scan against the target system to cause the target system to 'hard lock' if the system is running CIFS.NLM at the time of the scan. This creates a denial of service condition.

As a solution, the vendor has issued a CIFS update for NetWare 5.1 and 6.0, described at:

http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970 488.htm

Source: http://www.securitytracker.com/alerts/2005/Jan/1012817.html

 

23. January 11, Microsoft Microsoft Security Bulletin MS05-001: Vulnerability in HTML Help Could Allow Code Execution.

 

A vulnerability exists in the HTML Help ActiveX control

in Windows that could allow information disclosure or remote code execution on an affected system. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

 

An attacker could then install programs; view, change, or delete data; or create new accounts with full privileges.

 

Users whose accounts are configured to have fewer privileges on the system could

be less impacted than users who operate with administrative privileges. Microsoft has assigned a risk rating of "Critical" to this issue and recommends that customers install the update immediately.

Source: http://www.microsoft.com/technet/security/Bulletin/MS05-001. mspx

 

 

24. January 11, Microsoft Microsoft Security Bulletin MS05-002: Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution.

 

This update resolves several newly-discovered, privately reported and public vulnerabilities.

 

An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, install programs; view, change, or delete data; or create new accounts that have full privileges.

 

Microsoft has assigned a risk rating of "Critical" to these issues and

recommends that customers apply the update immediately.

 

Source: http://www.microsoft.com/technet/Security/bulletin/ms05-002. mspx

 

 

25. January 11, Microsoft Microsoft Security Bulletin MS05-003: Vulnerability in the Indexing Service Could Allow Remote Code Execution.

 

A remote code execution vulnerability exists in the Indexing Service because of the way that it handles query validation.

 

An attacker could exploit the vulnerability by constructing a malicious query that could potentially allow remote code execution on an affected system.

 

An attacker who successfully exploited this vulnerability could take complete control of an affected system.

 

While remote code execution is possible, an attack would most likely result in a denial of service condition.

 

Microsoft has assigned a risk rating of "Important" to this issue and recommends that system administrators consider applying the security update.

Source: http://www.microsoft.com/technet/security/bulletin/MS05-003. mspx

HEADS OFF

HOME

HOME