Secunia Security Summary 2041305
Secunia Security Summary
The world doesn't patch!
How is it possible for the Bagle.Q worm to exploit a very well known 7
month old vulnerability?
Secunia warned about an extremely critical vulnerability
in the popular browser Internet Explorer, which allowed web sites and
emails to download and execute any code on a user's system.
Medias all over the world wrote about the vulnerability, which got even
more attention when scammers and adult sites started to exploit it to
install back doors and dialer programs on innocent people's PCs by
sending malicious SPAM emails.
More articles were published when Microsoft failed to plug the hole
properly in the first attempt, effectively leaving hundreds of millions
of people vulnerable from 7th September when Microsoft's plug publicly
was proven inadequate until the final patch arrived on 4th October
2003.
One should have thought that by now everyone, who are even the least
concerned about IT security should have gotten the message and have
installed the patch - and the troubled days should be over.
Since sometime in October 2003, we haven't heard much about the Object
Data vulnerability, despite the fact that it is very easy and simple to
exploit; so simple that even the most impaired amateur hacker could do
it blind folded.
The worm breaks out...
Finally, on 18th March 2004 the Bagle.Q worm hits people's inboxes and
we were all about to learn how many really patched up. Based on the
apparently rapid spread of Bagle.Q, it seemed that too many had failed,
forgotten, or simply didn't care to patch up.
The Bagle.Q virus downloaded the malicious payload from a large number
of infected or compromised hosts as soon as it was viewed in the
preview pane using Outlook or Outlook Express. Fortunately, the Bagle.Q
virus made the mistake of downloading the payload from a number of
fixed hosts. This allowed anti-virus fighters and authorities to shut
down or block access to the distribution servers, limiting the
distribution rate.
Once again Secunia warned about the old flaw and some Internet medias
warned about the new threat and asked their readers to take Secunia's
online test to see if they were still vulnerable.
Secunia's online test, which allows everyone to check if they are
vulnerable. From our statistics it appears that a shocking 29% still
are vulnerable. It should also be taken into account that those, who
actually take such a test, are the ones concerned about security. This
raises a big question about the vast number of people, who don't know
or care about security.
One thing is certain, millions of Windows users are still vulnerable
and have yet to feel the sting of a greedy adult web master breaking
laws and all ethic rule-sets to earn a profit or a malicious virus
wiping the hard-drive or mass-mailing your love letters.
2) This Week in Brief:
Stefan Esser has discovered no less than 13 buffer overflow
vulnerabilities in Ethereal, which potentially can be exploited to
execute arbitrary code on a vulnerable system.
An updated version is reportedly available from the vendor.
--
Mark Litchfield of NGSSoftware has discovered vulnerabilities in
Symantec Norton AntiSpam and Symantec Internet Security, which can be
exploited to compromise a vulnerable system.
For both products applies that this can be exploited through HTML
documents e.g. by visiting a website.
Symantec has reported that updates are available for both products
via the "LiveUpdate" feature.
--
eEye Digital Security discovered a vulnerability in the way multiple
products from Internet Security Systems (ISS) handles ICQ Server
Responses.
The vulnerability could be exploited via a specially crafted packet
with a source port of 4000/UDP.
Just one day after the disclosure from eEye and release of patches
from ISS, a worm began exploiting this vulnerability.
Please refer to the Secunia Advisory below for more information about
this vulnerability.
3) This Weeks Top Ten Most Read Advisories:
1. [SA10395] Internet Explorer URL Spoofing Vulnerability
2. [SA9935] Microsoft Internet Explorer Update fixes the Object Data
Vulnerability
3. [SA11139] OpenSSL SSL/TLS Handshake Denial of Service
Vulnerabilities
4. [SA9580] Microsoft Internet Explorer Multiple Vulnerabilities
5. [SA11168] Symantec Internet Security ActiveX Component Arbitrary
File Execution
6. [SA11073] ISS Multiple Products ICQ Server Response Processing
Vulnerability
7. [SA11169] Symantec Norton AntiSpam ActiveX Component Buffer
Overflow Vulnerability
8. [SA11170] Apache 2 Connection Denial of Service Vulnerability
9. [SA10736] Internet Explorer File Download Extension Spoofing
10. [SA9729] Eudora Multiple Vulnerabilities
4) Vulnerabilities Summary Listing
Windows:
[SA11182] Terminator 3: War Of The Machines Broadcast Buffer Overflow
[SA11169] Symantec Norton AntiSpam ActiveX Component Buffer Overflow
Vulnerability
[SA11168] Symantec Internet Security ActiveX Component Arbitrary File
Execution
[SA11205] DameWare Mini Remote Control Weak Encryption Implementation
[SA11204] Kerio WinRoute HTTP Header Parser Denial of Service
[SA11201] VP-ASP Shopping Cart "catalogid" Parameter SQL Injection
Vulnerability
[SA11180] News Manager Lite Multiple Vulnerabilities
[SA11179] Member Management System Multiple Vulnerabilities
[SA11206] WS_FTP Server Multiple Vulnerabilities
[SA11199] Microsoft Visual C++ Constructed ISAPI Extensions Denial of
Service
UNIX/Linux:
[SA11198] Debian update for ecartis
[SA11183] Sun Cobalt update for Pine
[SA11195] PHP-Nuke Script Insertion Vulnerabilities
[SA11186] XWeb Directory Traversal Vulnerability
[SA11181] 4D WebSTAR update for OpenSSL
[SA11177] Clam AntiVirus RAR Archive Processing Denial of Service
Vulnerability
[SA11175] LiteSpeed Web Server OpenSSL Vulnerabilities
[SA11171] Fedora update for OpenSSL
[SA11163] OpenPKG update for OpenSSL
[SA11161] Trustix update for OpenSSL
[SA11197] Red Hat update for mod_ssl
[SA11193] SSH Tectia Server ssh-passwd-plugin Private Host Key
Exposure
[SA11190] Xine Insecure Temporary File Creation Vulnerability
[SA11172] Borland Interbase "admin.ib" Insecure Default File
Permissions
[SA11162] Trustix update for systat
Other:
[SA11184] Blue Coat Products update for OpenSSL
[SA11167] NetScreen Instant Virtual Extranet update for OpenSSL
[SA11188] Novell NetWare Admin/Install Password Disclosure
Cross Platform:
[SA11196] Mod_Survey Script and SQL Insertion Vulnerability
[SA11194] Invision Gallery! SQL Injection Vulnerabilities
[SA11192] First Virtual Communications Products H.323 Implementation
Vulnerabilities
[SA11187] Invision Power Top Site List SQL Injection Vulnerability
[SA11185] Ethereal Multiple Vulnerabilities
[SA11178] Stonesoft Multiple Products OpenSSL Vulnerability
[SA11174] Tarantella Enterprise OpenSSL Vulnerability
[SA11170] Apache 2 Connection Denial of Service Vulnerability
[SA11166] Jetty Unspecified Denial of Service Vulnerability
[SA11164] Error Manager Cross Site Scripting Vulnerabilities
[SA11203] MS-Analysis Multiple Vulnerabilities
[SA11191] FirstClass "TargetName" Parameter Cross Site Scripting
Vulnerability
[SA11189] phpBB "profile.php" Cross Site Scripting Vulnerability
[SA11173] Tarantella Enterprise CGI Utilities Cross-Site Scripting
Vulnerabilities
[SA11176] Apache 2 mod_disk_cache Stores Credentials
5) Vulnerabilities Content Listing
Windows:--
[SA11182] Terminator 3: War Of The Machines Broadcast Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-03-22
Luigi Auriemma has reported a vulnerability in Terminator 3: War Of The
Machines, allowing malicious people to cause a Denial of Service or
potentially compromise a vulnerable system.
[SA11169] Symantec Norton AntiSpam ActiveX Component Buffer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-03-19
NGSSoftware has discovered a vulnerability in Norton AntiSpam 2004,
which can be exploited by malicious people to compromise a user's
system.
[SA11168] Symantec Internet Security ActiveX Component Arbitrary File
Execution
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-03-19
NGSSoftware has discovered a vulnerability in Norton Internet Security
2004, which can be exploited by malicious people to compromise a user's
system.
[SA11205] DameWare Mini Remote Control Weak Encryption Implementation
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-03-24
ax09001h has reported a design error in DameWare Mini Remote Control,
possibly allowing malicious people to gain knowledge of the encryption
key.
[SA11204] Kerio WinRoute HTTP Header Parser Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-24
The vendor has reported an unspecified vulnerability in the HTTP header
parser, which may allow malicious people to cause a Denial of Service.
[SA11201] VP-ASP Shopping Cart "catalogid" Parameter SQL Injection
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2004-03-24
The vendor has reported a vulnerability in VP-ASP Shopping Cart,
allowing malicious people to conduct SQL injection attacks.
[SA11180] News Manager Lite Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data
Released: 2004-03-22
Manuel López has reported some vulnerabilities in News Manager Lite,
allowing malicious people to gain administrative access, conduct Cross
Site Scripting and SQL injection attacks.
[SA11179] Member Management System Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2004-03-22
Manuel López has reported some vulnerabilities in Member Management
System, allowing malicious people to conduct script insertion, Cross
Site Scripting and SQL injection attacks.
[SA11206] WS_FTP Server Multiple Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Privilege escalation, DoS, System access
Released: 2004-03-24
Hugh Mann has reported multiple vulnerabilities in WS_FTP Server, which
can be exploited by malicious users to cause a DoS (Denial-of-Service),
gain escalated privileges, or compromise the system.
[SA11199] Microsoft Visual C++ Constructed ISAPI Extensions Denial of
Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-03-24
A vulnerability has been reported in Microsoft Visual C++, which
potentially can be exploited by malicious people to cause a DoS
(Denial-of-Service) on certain applications.
[SA11183] Sun Cobalt update for Pine
Critical: Highly critical
Where: From remote
Impact:
Released: 2004-03-23
Sun has issued updates for Pine, which fix some unspecified
vulnerabilities.
[SA11195] PHP-Nuke Script Insertion Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2004-03-24
Janek Vind "waraxe" has reported some vulnerabilities in PHP-Nuke,
allowing malicious people to conduct script insertion attacks.
[SA11186] XWeb Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-03-23
Donato Ferrante has discovered a vulnerability in XWeb, allowing
malicious people to read arbitrary files on a vulnerable system.
[SA11181] 4D WebSTAR update for OpenSSL
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-22
The vendor has acknowledged a vulnerability in the 4D WebSTAR OpenSSL
implementation, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).
[SA11177] Clam AntiVirus RAR Archive Processing Denial of Service
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-22
A vulnerability has been discovered in Clam AntiVirus, which can be
exploited by malicious people to cause a DoS (Denial-of-Service).
[SA11175] LiteSpeed Web Server OpenSSL Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-22
An updated version has been released of LiteSpeed Web Server. This
fixes some vulnerabilities in the OpenSSL implementation, which can be
exploited by malicious people to cause a DoS (Denial-of-Service).
[SA11171] Fedora update for OpenSSL
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-23
Fedora has issued updated packages for OpenSSL. These fix three
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).
[SA11163] OpenPKG update for OpenSSL
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-19
OpenPKG has issued an updated package for OpenSSL. These fix two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).
[SA11161] Trustix update for OpenSSL
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-19
Trustix has issued updated packages for OpenSSL. These fix three
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).
[SA11197] Red Hat update for mod_ssl
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-03-23
Red Hat has issued updated packages for mod_ssl. These fix a
vulnerability allowing malicious people to cause a DoS (Denial of
Service).
[SA11193] SSH Tectia Server ssh-passwd-plugin Private Host Key
Exposure
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2004-03-23
A vulnerability has been discovered in SSH Tectia Server, which can be
exploited by malicious, authenticated users to gain knowledge of
sensitive information.
[SA11190] Xine Insecure Temporary File Creation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-03-24
Shaun Colley has reported a vulnerability in Xine, potentially allowing
malicious users to escalate their privileges.
[SA11172] Borland Interbase "admin.ib" Insecure Default File
Permissions
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-03-20
iDEFENSE has reported a vulnerability in Borland Interbase, which can
be exploited by malicious, local users to gain escalated privileges.
[SA11162] Trustix update for systat
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-03-19
Trustix has issued updated packages for sysstat. These fix a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.
[SA11167] NetScreen Instant Virtual Extranet update for OpenSSL
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-19
NetScreen Technologies has issued an update for OpenSSL on the IVE
platform. This fixes a vulnerability, which can be exploited by
malicious people to cause a DoS (Denial-of-Service).
[SA11188] Novell NetWare Admin/Install Password Disclosure
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2004-03-24
A security issue has been discovered in NetWare 6.5 Support Pack 1.1,
which can be exploited by malicious, local users to gain knowledge of
sensitive information.
[SA11194] Invision Gallery! SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2004-03-23
JeiAr has reported some vulnerabilities in Invision Gallery!, allowing
malicious people to conduct SQL injection attacks.
[SA11192] First Virtual Communications Products H.323 Implementation
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-23
First Virtual Communications has acknowledged some vulnerabilities in
various products' H.323 protocol implementation, which can be exploited
by malicious people to cause a DoS (Denial-of-Service).
[SA11187] Invision Power Top Site List SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, Exposure of system
information, Manipulation of data
Released: 2004-03-23
JeiAr has reported a vulnerability in Invision Power Top Site List,
allowing malicious people to conduct SQL injection attacks.
[SA11185] Ethereal Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2004-03-23
Multiple vulnerabilities have been discovered in Ethereal, which can be
exploited by malicious people to compromise a vulnerable system or
cause a DoS (Denial-of-Service).
[SA11178] Stonesoft Multiple Products OpenSSL Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-22
Stonesoft has reported that some products may be affected by a
vulnerability in the OpenSSL implementation. This can potentially be
exploited by malicious people to cause a DoS (Denial-of-Service).
[SA11174] Tarantella Enterprise OpenSSL Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-22
The vendor has acknowledged a vulnerability in the Tarantella OpenSSL
implementation, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).
[SA11170] Apache 2 Connection Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-20
The vendor has reported a vulnerability in Apache 2, which can be
exploited by malicious people to cause a Denial of Service.
[SA11166] Jetty Unspecified Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-19
An unspecified vulnerability has been reported in Jetty, which can be
exploited by malicious people to cause a DoS (Denial-of-Service).
[SA11164] Error Manager Cross Site Scripting Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of system
information
Released: 2004-03-19
Janek Vind has reported some vulnerabilities in Error Manager for
PHP-Nuke, allowing malicious people to see the installation path and
conduct Cross Site Scripting and script insertion attacks.
[SA11203] MS-Analysis Multiple Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-03-24
Janek Vind has reported some vulnerabilities in MS-Analysis, allowing
malicious people to conduct Cross Site Scripting and SQL injection
attacks.
[SA11191] FirstClass "TargetName" Parameter Cross Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-03-23
Richard Maudsley has reported a vulnerability in FirstClass, allowing
malicious people to conduct Cross Site Scripting attacks.
[SA11189] phpBB "profile.php" Cross Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-03-23
Cheng Peng Su has reported a vulnerability in phpBB, allowing malicious
people to conduct Cross Site Scripting attacks.
[SA11173] Tarantella Enterprise CGI Utilities Cross-Site Scripting
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-03-20
Sanjay Shah has discovered two vulnerabilities in Tarantella
Enterprise, which can be exploited by malicious people to conduct
cross-site scripting attacks.
[SA11176] Apache 2 mod_disk_cache Stores Credentials
Critical: Not critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2004-03-22
Andreas Steinmetz has reported a weakness in Apache 2 mod_disk_cache,
allowing a malicious, administrative user to see user credentials for
remote web sites.
Please verify all advisories you receive.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
