[iwar] [fc:CyberNotes.Latest.Issue.2002-03]

From: Fred Cohen (fc@all.net)
Date: 2002-02-14 22:11:22


Return-Path: <sentto-279987-4465-1013752316-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 14 Feb 2002 22:14:10 -0800 (PST)
Received: (qmail 16149 invoked by uid 510); 15 Feb 2002 05:52:14 -0000
Received: from n14.groups.yahoo.com (216.115.96.64) by all.net with SMTP; 15 Feb 2002 05:52:14 -0000
X-eGroups-Return: sentto-279987-4465-1013752316-fc=all.net@returns.groups.yahoo.com
Received: from [216.115.97.190] by n14.groups.yahoo.com with NNFMP; 15 Feb 2002 05:53:55 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_2); 15 Feb 2002 05:51:55 -0000
Received: (qmail 94649 invoked from network); 15 Feb 2002 05:51:55 -0000
Received: from unknown (216.115.97.167) by m4.grp.snv.yahoo.com with QMQP; 15 Feb 2002 05:51:55 -0000
Received: from unknown (HELO red.all.net) (12.232.72.152) by mta1.grp.snv.yahoo.com with SMTP; 15 Feb 2002 05:51:23 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g1F6BNQ08731 for iwar@onelist.com; Thu, 14 Feb 2002 22:11:23 -0800
Message-Id: <200202150611.g1F6BNQ08731@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Thu, 14 Feb 2002 22:11:22 -0800 (PST)
Subject: [iwar] [fc:CyberNotes.Latest.Issue.2002-03]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit

Welcome to the National Infrastructure Protection Center's (NIPC's)
latest issue of  CyberNotes, a free publication of the Federal Bureau of
Investigation (FBI).  CyberNotes is designed to support security and 
information system professionals with timely information on cyber
vulnerabilities, exploit scripts, hacker trends, virus information, and
other critical infrastructure-related best practices. CyberNotes is
published every two weeks.

The attached file is in HTML format.  An Adobe PDF version of this
document, along with archive issues, can be found on the NIPC web site
at http://www.nipc.gov.  The latest version of 
CyberNotes on the NIPC
website is usually 24-48 hours behind the e-mail distribution.

The NIPC welcomes your comments, suggestions, and contributions. Please
email any input or requests to be added to the distribution list to NIPC
through IPDigest@mitre.org. 

You are encouraged to share this publication with colleagues in the
information security and infrastructure protection fields. If they wish
to be added to the mailing list, they should email a request to the
above address including their name, organization, and how they learned
about CyberNotes.

Sincerely,  
CyberNotes List Administrator
Content-Type: text/html; charset=iso-8859-1; name="CyberNotes-2002-03.htm"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline; filename="CyberNotes-2002-03.htm"

</pre>

<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<META NAME="Generator" CONTENT="Microsoft Word 97">
<TITLE>Bugs, Holes &amp; Patches</TITLE>
<META NAME="Template" CONTENT="C:\Program Files\Microsoft Office\Office\html.dot">
</HEAD>
<BODY LINK="#0000ff" VLINK="#800080">

<B><FONT FACE="Baskerville Old Face,Times New Roman" SIZE=5 COLOR="#000080"><P ALIGN="CENTER">National 
Infrastructure Protection Center CyberNotes</P><DIR>
<DIR>

</FONT><I><FONT FACE="Baskerville Old Face,Times New Roman" SIZE=1 COLOR="#0000ff"><P>Issue 
#2002-03&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;              February 11, 2002</P></DIR>
</DIR>

</B></I></FONT><FONT SIZE=1 COLOR="#ff0000"><P>&nbsp;</P>
</FONT><B><FONT SIZE=2><P>CyberNotes is published every two weeks by the National 
Infrastructure Protection Center (NIPC). Its mission is to support security and information 
system professionals with timely information on cyber vulnerabilities, malicious 
scripts, information security trends, virus information, and other critical infrastructure-related 
best practices. </P>
</B><P>You are encouraged to share this publication with colleagues in the information 
and infrastructure protection field. Electronic copies are available on the NIPC 
Web site at </FONT>http://www.nipc.gov<FONT 
SIZE=2>.</P>
<P>Please direct any inquiries regarding this publication to the Editor-CyberNotes, 
National Infrastructure Protection Center, FBI Building, Room 11719, 935 Pennsylvania 
Avenue, NW, Washington, DC, 20535.</P>
</FONT><B><I><FONT FACE="Baskerville Old Face,Times New Roman" SIZE=5 COLOR="#0000ff"><P>Bugs, 
Holes &amp; Patches </P>
</B></I></FONT><FONT SIZE=2><P>The following table provides a summary of software 
vulnerabilities identified between January 21 and February 7, 2002. The table provides 
the vendor, operating system, software name, potential vulnerability/impact, identified 
patches/workarounds/alerts, common name of the vulnerability, potential risk, and 
an indication of whether attacks have utilized this vulnerability or an exploit script 
is known to exist. Software versions are identified if known. <B>This information 
is presented only as a summary; complete details are available from the source of 
the patch/workaround/alert, indicated in the footnote or linked site. </B>Please 
note that even if the method of attack has not been utilized or an exploit script 
is not currently widely available on the Internet, a potential vulnerability has 
been identified. <B>Updates to items appearing in previous issues of CyberNotes are 
listed in bold. New information contained in the update will appear in italicized 
colored text. </B>Where applicable, the table lists a "CVE number" (in red) which 
corresponds to the Common Vulnerabilities and Exposures (CVE) list, a compilation 
of standardized names for vulnerabilities and other information security exposures.</P></FONT>
<TABLE BORDER CELLSPACING=1 CELLPADDING=7 WIDTH=780>
<TR><TD WIDTH="9%" VALIGN="MIDDLE" BGCOLOR="#ffffff" HEIGHT=27>
<P ALIGN="CENTER"><A NAME="_Toc426442378"><B><FONT SIZE=1>Vendor</B></FONT></TD>
<TD WIDTH="9%" VALIGN="MIDDLE" BGCOLOR="#ffffff" HEIGHT=27>
<B><FONT SIZE=1><P ALIGN="CENTER">Operat-ing System</B></FONT></TD>
<TD WIDTH="10%" VALIGN="MIDDLE" BGCOLOR="#ffffff" HEIGHT=27>
<B><FONT SIZE=1><P ALIGN="CENTER">Software Name</B></FONT></TD>
<TD WIDTH="22%" VALIGN="MIDDLE" BGCOLOR="#ffffff" HEIGHT=27>
<B><FONT SIZE=1><P ALIGN="CENTER">Vulnerability/Impact</B></FONT></TD>
<TD WIDTH="18%" VALIGN="MIDDLE" BGCOLOR="#ffffff" HEIGHT=27>
<B><FONT SIZE=1><P ALIGN="CENTER">Patches/Work-arounds/Alerts</B></FONT></TD>
<TD WIDTH="12%" VALIGN="MIDDLE" BGCOLOR="#ffffff" HEIGHT=27>
<B><FONT SIZE=1><P ALIGN="CENTER">Common Name</B></FONT></TD>
<TD WIDTH="8%" VALIGN="MIDDLE" BGCOLOR="#ffffff" HEIGHT=27>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Risk*</B></FONT></TD>
<TD WIDTH="12%" VALIGN="MIDDLE" BGCOLOR="#ffffff" HEIGHT=27>
<B><FONT SIZE=1><P ALIGN="CENTER">Attacks/ Scripts</B></FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>AHG</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Multiple</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>HTML search 1.0</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists because user input is not properly sanitized 
in the ‘search.cgi’ script, which could let a remote malicious user execute arbitrary 
code.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">HTML ‘Search.CGI’ Arbitrary Command </FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">High</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. Vulnerability can be exploited 
via a web browser.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Apache Group</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Multiple</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Apache 2.0.28 Beta</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists in ‘php.exe,’ which could let a malicious 
user obtain sensitive information.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Apache ‘php.exe’ Path Disclosure</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. Vulnerability can be exploited 
via a web browser.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Caldera</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>UnixWare 7.1.1</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists in the library functions that are used to 
manipulate message catalogs, which could let a malicious user obtain elevated privileges.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Patch available at: </FONT>ftp://stage.caldera.com/pub/security/unixware/CSSA-2002-SCO.3/erg711179.Z</TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">UnixWare Library Function</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Castelle</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Multiple</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>FaxPress Software 6.3</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists when a print job is submitted with an incorrect 
password, which could let a malicious user obtain sensitive information.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">FaxPress Password Disclosure</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Cisco Systems</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>tac_plus F4.0.4 alpha</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists because accounting files are created insecurely, 
which could let a malicious user modify/remove accounting files.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Tac_Plus Insecure Accounting File</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Cisco Systems </FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows NT 4.0/2000</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Secure ACS for Windows NT 3.0.1</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists because users in the NDS (Novell Directory 
Services) database that have expired or disabled accounts may still authenticate 
with the service.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Patch available at: </FONT>http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-acs-win</TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Secure ACS NDS Expired/ Disabled User Authent-ication</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Compaq</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Tru64 4.0d</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A Denial of Service vulnerability exists when a scan is received 
across the network.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Tru64 Scan Denial Of Service</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Low</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. This vulnerability can 
be exploited with a scanning tool.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=227>
<FONT SIZE=1><P>Compaq</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=227>
<FONT SIZE=1><P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=227>
<FONT SIZE=1><P>Tru64 4.0g PK3 (BL17), 4.0g, 4.0f PK7 (BL18), 4.0f PK6 (BL17), 4.0f, 
4.0d PK9 (BL17), 4.0d, 5.0a PK3 (BL17), 5.0 PK4 (BL17), 5.0, 5.1a, 5.1 PK4 (BL18), 
5.1 PK3 (BL17), 5.1</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=227>
<FONT SIZE=1><P>A race condition vulnerability exists in the Unix kernel, which 
could let a malicious user obtain root access.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=227>
<FONT SIZE=1><P>Patch available at: </FONT>http://ftp1.support.compaq.com/public/unix/ 
            <FONT SIZE=1>You must have installed Tru64 UNIX 4.0G and PK3 (BL17) before 
applying the patch.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=227>
<FONT SIZE=1><P ALIGN="CENTER">Tru64 Kernel Race Condition</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=227>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">High</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=227>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Compaq</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows 98/ME/ 2000</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Intel PRO/ Wireless 2011B LAN USB Device Driver 1.5.16.0, 1.5.18.0</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists because the WEP (Wired Equivalent Privacy) 
Key is stored in plaintext, which could let an unprivileged malicious user obtain 
sensitive information.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Intel PRO/Wireless 2011B LAN USB Device Driver Plaintext 
WEP</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>DC Scripts</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>DCForum 5.0, 6.0, 6.21, 2000 1.0</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists because predictable passwords are generated, 
which could let a remote malicious user obtain elevated privileges.</P>
<P>&nbsp;</P>
<P>&nbsp;</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Upgrade available at: </FONT>http://www.dcscripts.com/FAQ/retrieve_password.txt</TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">DCForum Predictable Password </FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>DeleGate</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows NT 4.0/2000,</P>
<P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>DeleGate 7.7.0, 7.7.1, 7.8.0, 7.8.1</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Multiple buffer overflow vulnerabilities exist in various proxy 
components, which could let a remote malicious user execute arbitrary code.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">DeleGate Multiple Buffer Overflow Vulnerabilities</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">High</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Eshare Communi-cations Incorpor-ated</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows NT 4.0/2000</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Eshare Expressions 1.0, 2.0</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A Directory Traversal vulnerability exists due to insufficient string 
validation, which could let a remote malicious user obtain sensitive information.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Eshare Expressions Directory Traversal</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Etype</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows 95/98/NT 4.0/2000, XP</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Eserv 2.97</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Two vulnerabilities exist: a Denial of Service vulnerability exists 
when a large number of ‘PASV’ requests are sent to the server; and a vulnerability 
exists which could let a remote malicious user connect to an arbitrary port via the 
‘PORT’ command.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Upgrade available at:  </FONT>ftp://ftp.eserv.ru/pub/beta/2.98/Eserv3123.zip</TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">EServ Multiple Vulnerabilities</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Low</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>FAQ-O-Matic</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>FAQ-O-Matic 2.711, 2.712</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A cross-site scripting vulnerability exists because script code 
is not properly filtered from URL parameters, which could let a remote malicious 
user execute arbitrary code.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Patch available at: </FONT>http://sourceforge.net/cvs/?group_id=10674</TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Faq-O-Matic Cross-Site Scripting</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">High</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. Exploit has been published.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>FreeBSD</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>FreeBSD 4.1, 4.1.1, 4.2-4.5</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A Denial of Service vulnerability exists due to a race condition 
in the FStatFS Syscall.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Patch available at: </FONT>ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:09/fstatfs.patch</TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">FreeBSD FStatFS Syscall Race Condition</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Low</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Hanterm</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Hanterm 3.3</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A buffer overflow vulnerability exists when a maliciously constructed 
parameter is sent to the server, which could let a malicious user execute arbitrary 
code.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Hanterm Buffer Overflow</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">High</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. Exploit script has been 
published.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Hosting Controller</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows NT 4.0/2000</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Hosting Controller 1.1, 1.3, 1.4b, 1.4, 1.4.1</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists when an invalid username is entered, which 
could let a remote malicious user obtain sensitive information.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Hosting Controller Invalid Username</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Infopop</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows NT 4.0/2000, Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>UBB Threads 5.4;           Wired Commun-ity Software WWW Threads 
5.0.9, 5.0.8, 5.0.6, 5.0</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists when a second file extension is added because 
only the first file extension is checked, which could let a remote malicious user 
upload arbitrary files.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Upgrade available at: </FONT>http://www.infopop.com/support/ubbthreads/index.html</TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">UBBThreads/WWW Threads Arbitrary File </FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">High</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Internet Security Systems</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows 2000, XP</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>BlackIce Agent 3.0, 3.1, BlackICE Defender 2.9caq, 2.9cap; RealSecure 
Server Sensor 6.0.1 Win, 6.5 Win</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A remote Denial of Service vulnerability exists when a continuous 
series of ICMP Echo Request 10,000 byte packets are sent to the server.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Workarounds available at: </FONT>http://www.iss.net/security_center/alerts/advise109.php</P>
<FONT SIZE=1><P>&nbsp;</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">BlackICE and RealSecure Denial of Service</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Low/ <B>High</P>
<P ALIGN="CENTER">&nbsp;(High if DDoS best prac-tices not in place.)</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</P>
<P>&nbsp;Vulnerability has appeared in the press and other public media.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Jelsoft Enter-prises</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Multiple</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>vBulletin 2.2.0</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A cross-site scripting vulnerability exists because user input is 
not properly sanitized, which could let a malicious user execute arbitrary code.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">vBulletin Board Cross-Site Scripting</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">High</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. Vulnerability can be exploited 
via a web browser.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Khaled Mardam-Bey</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows 95/98/ME/NT 4.0/2000, XP</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>mIRC 2.1a, 2.3a, 2.4, 2.4a, 2.5a, 2.7a, 2.8c, 3.1-3.9, 4.0, 4.1, 
4.5-4.7, 5.0, 5.1, 5.3-5.91</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Two vulnerabilities exists: a buffer overflow vulnerability exists 
when a nickname over 200 characters long is used, which could let a remote malicious 
user execute arbitrary code; and a vulnerability exists which could let a remote 
malicious user direct mIRC users to a compromised IRC server by way of HTML code 
on a Web page.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Upgrade available at: </FONT>http://www.mirc.com/get.html</TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">MIRC Nickname Buffer Overflow</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">High</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. Exploit script has been 
published.</P>
<P>Vulnerability has appeared in the press and other public media.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>KICQ</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>KICQ 2.0.0b1</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A remote Denial of Service vulnerability exists when random characters 
are sent to the port.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">KICQ Denial of Service</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Low</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. Exploit has been published.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>LICQ</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>LICQ 1.0-1.0.4</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A Denial of Service vulnerability exists when excessively long requests 
containing format strings are sent to the client.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>The vendor has confirmed this issue and an upgrade is available 
via CVS.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">LICQ Format String Denial Of Service</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Low</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Lotus</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows NT 4.0/2000, OS/2 4.5Warp, OS/390 V2R9, Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Domino 4.6.1, 4.6.3, 4.6.4, 5.0, 5.0.1-5.0.9</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Two Denial of Service vulnerabilities exist because URL requests 
for MS-DOS devices are not handled correctly and when a request for a DOS device 
from the CGI-BIN has an extension of 220 characters and is submitted approximately 
400 times.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Upgrade available at: </FONT>http://notes.net/qmrdown.nsf</P>
<FONT SIZE=1><P>&nbsp;</P>
<P>&nbsp;</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Domino DOS Request Denial Of Service</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Low</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. The URL request vulnerability 
can be exploited via a web browser and there is no exploit code required for the 
CGI-BIN vulnerability.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Lotus</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows NT 4.0/2000, OS/2 4.5Warp, OS/390 V2R9, Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Domino 5.0. 5.0.1-5.0.9</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists if a malformed URL is created because database 
files are not protected with a password, which could let a remote malicious user 
bypass authentication.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<B><U><FONT SIZE=1><P>Workaround:</B></U>         Set the ACLs on the Web Administrator 
template to prevent anonymous access. </FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Domino Remote Authenti-cation Bypass</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Microsoft</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>MacOS X 10.0-10.1.2</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Office v. X</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A Denial of Service vulnerability exists when certain types of malformed 
announcements are sent to the PID Checker service.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Frequently asked questions regarding this vulnerability and the 
patch can be found at: </FONT>http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-002.asp</TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Office v. X for Macintosh PID Checker Denial of Service</P>
<P ALIGN="CENTER">&nbsp;</FONT><FONT SIZE=1 COLOR="#ff0000">CVE Name: CAN-2002-0021</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Low</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Microsoft</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows 2000</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Exchange Server 2000, 2000 SP1&amp;2</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists in the way the System Attendant makes Registry 
configuration changes, which could let a remote malicious user obtain sensitive information.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>

<FONT SIZE=1><P>Frequently asked questions regarding this vulnerability and the 
patch can be found at: </FONT>http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-003.asp</TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Exchange Inappropriate Registry Permissions</P>
<P ALIGN="CENTER">&nbsp;</FONT><FONT SIZE=1 COLOR="#ff0000">CVE Name: CAN-2002-0049</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Microsoft</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows NT 4.0/2000, XP</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows 2000 Advanced Server, 2000 Advanced Server SP2SP1&amp;2, 
2000 Datacenter Server, 2000 Datacenter Server SP1&amp;2, 2000 Profes-sional, 2000 
Profes-sional SP1&amp;2, 2000 Server, 2000 Server SP1&amp;2, 2000 Server Japanese 
Edition, 4.0, 4.0 alpha, 4.0 SP1-5, 4.0 SP1-5 alpha, XP, XP Home, XP Profes-sional</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists because NTFS could allow files to be hidden, 
which could allow viruses to remain undetected on filesystems. </FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Windows NTFS File Hiding</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. Exploit script has been 
published.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Microsoft</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows NT 4.0/2000</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows 2000 Advanced Server, 2000 Advanced Server SP1&amp;2, 2000 
Datacenter Server, 2000 Datacenter Server SP1&amp;2, 2000 Server, 2000 Server SP1&amp;2, 
NT Enterprise Server 4.0, NT Enterprise Server 4.0 SP1-6a, NT Server 4.0, NT Server 
4.0 SP1-6a</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists when a trust relationship exists between 
two domains, the trusting domain will accept the list of Security Identifiers (SIDs) 
specified within authorization data, which could let a malicious user obtain elevated 
privileges. </FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Frequently asked questions regarding this vulnerability and the 
patch can be found at: </FONT>http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-001.asp</TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Windows Trusted Domain Membership</P>
<P ALIGN="CENTER">&nbsp;</FONT><FONT SIZE=1 COLOR="#ff0000">CVE Name: CAN-2002-0018</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites.</P>
<P>&nbsp;Vulnerability has appeared in the press and other public media.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Microsoft</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows NT 4.0/2000</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>IIS 5.0, SQL Server 6.5, 7.0, 7.0 SP1-3, 7.0SP1-3 alpha, 2000, 2000 
SP1-2, 2000 Advanced Server, 2000 Advanced Server  SP1-2, 2000 Datacenter Server, 
2000 Datacenter Server  SP1-2, 2000 Profes-sional, 2000 Profes-sional  SP1-2, 2000 
Server, 2000 Server  SP1-2</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A Denial of Service vulnerability exists in the Microsoft Distributed 
Transaction Service Coordinator (MSDTC) when a malicious user sends 1024 bytes of 
data to the listening port.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Microsoft MSDTC Service Denial of Service</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Low</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Microsoft</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows NT 4.0/2000</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Interix 2.2; Windows 2000 Advanced Server, 2000 Advanced Server 
SP1&amp;2, 2000 Datacenter Server, 2000 Datacenter Server SP1&amp;2, 2000 Profes-sional, 
2000 Profes-sional SP1&amp;2, 2000 Server, 2000 ServerSP1&amp;2, 2000 Terminal Services, 
2000 Terminal Services SP1&amp;2</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A buffer overflow vulnerability exists due to unchecked buffers 
in the code that handles the processing of Telnet protocol options, which could let 
a remote malicious user execute arbitrary code.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Frequently asked questions regarding this vulnerability and the 
patch can be found at: </FONT>http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-004.asp</TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Telnet Server Unchecked Buffer</P>
<P ALIGN="CENTER">&nbsp;</FONT><FONT SIZE=1 COLOR="#ff0000">CVE Name: CAN-2002-00020</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">High</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Microsoft</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows NT 4.0</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Site Server 3.0 with SP3 &amp; prior, Commerce Edition 3.0 SP4 &amp; 
prior</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Multiple vulnerabilities exist: multiple cross-site scripting vulnerabilities 
exist, which could let a malicious user execute arbitrary code; a Denial of Service 
vulnerability exists when a TargetURL parameter is uploaded with more than 250 characters; 
multiple vulnerabilities exist in various administrative pages in the /SiteServer/Admin/ 
directory which could let an unprivileged malicious user obtain sensitive information; 
a vulnerability exists because LDAP passwords are stored in plaintext, which could 
let an unauthorized remote malicious user obtain sensitive information; a vulnerability 
exists due to the way the random LDAP_ Anonymous password is generated, which could 
let a malicious user obtain sensitive information; and a vulnerability exists in 
the web applications because user input is not properly validated before it is passed 
to an SQL query, which could let a malicious user insert arbitrary SQL commands.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Site Server Multiple Vulnerabilities</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Low/ Medium<B>/High</P>
<P ALIGN="CENTER">&nbsp;(Med-ium if sensi-tive informa-tion can be acces-sed and 
High if arbi-trary code can be exe-cuted)</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. Exploits have been published 
for the cross-site scripting vulnerabilities. There is no exploit code required for 
the information disclosure vulnerabilities in the administrative pages and the LDAP_Anony-mous 
password generation vulnerability.</P>
<P>&nbsp;Vulnerability has appeared in the press and other public media.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Microsoft</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows 95/98/ME/NT 4.0/2000, XP</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>MSN Messenger Service 4.5, 4.6</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists because sensitive information can be obtained 
through an ActiveX control that is available to JavaScript programs.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">MSN ActiveX Sensitive Information Disclosure</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Mirabilis</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>MacOS X 10.0-10.0.4 10.1-10.1.2</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>ICQ For MacOS X 2.6X Beta</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A Denial of Service vulnerability exists when an excessively long 
request is sent to ICQ clients.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">ICQ For MacOS X Denial Of Service</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Low</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. Exploit script has been 
published.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>MRTG</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows NT 4.0/2000, Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Multi Router Traffic Grapher CGI 2.9.17-win32, 2.9.17-unix</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists if a web request is submitted that contains 
unexpected arguments for script variables, which could let a malicious user obtain 
sensitive information.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">MRTG CGI File Display</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>MRTG Configura-tion Generator</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Multiple</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>MRTG config 0.5.9</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Two vulnerabilities exist: a vulnerability exists in ‘mrtg.cgi’ 
which could let a malicious user obtain sensitive information; and a vulnerability 
exists if a HTTP request is submitted that contains unusual characters, which could 
let a malicious user obtain sensitive information.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">MRTG Path Disclosure Vulnerabilities</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Multiple Vendors</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>rsync 2.3.1, 2.3.2-1.2 sparc &amp; PPC, 2.3.2-1.2 m68k, intel, ARM 
&amp; alpha, 2.3.2, 2.4.1, 2.4.3, 2.4.4, 2.4.6, </FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Several vulnerabilities exist concerning the use of signed and unsigned 
variables, which could let a remote malicious user execute arbitrary code.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Upgrade available at: </FONT>http://rsync.samba.org/rsync/download.html 
         <B><U><FONT SIZE=1>SuSE: </B></U></FONT>ftp://ftp.suse.com/pub/suse/<FONT 
SIZE=1> <B><U>Conectiva: </B></U></FONT>ftp://atualizacoes.conectiva.com.br/<B><U><FONT 
SIZE=1>  Engarde: </B></U></FONT>ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ 
<B><U><FONT SIZE=1>Debian: </B></U></FONT>http://security.debian.org/dists/stable/updates/main/ 
<B><U><FONT SIZE=1>Mandrake: </B></U></FONT>http://www.mandrakesecure.net/en/ftp.php 
        <B><U><FONT SIZE=1>Trustix: </B></U></FONT>http://www.trustix.net/pub/Trustix/updates/ 
         <B><U><FONT SIZE=1>RedHat: </B></U></FONT>ftp://updates.redhat.com/</TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">rsync Signed Variable</P>
<P ALIGN="CENTER">&nbsp;</FONT><FONT SIZE=1 COLOR="#ff0000">CVE Name: CAN-2002-0048</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">High</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Netgear</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Multiple</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>RT314/RT311 Gateway Router Firmware 3.22, 3.24, 3.25</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A cross-site scripting vulnerability exists in the web interface 
for the router, which could let a malicious user execute arbitrary script and possibly 
obtain unauthorized administrative access.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">RT314/RT311 Gateway Router Cross-Site Scripting</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">High</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>NetScreen Technolo-gies</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows 95/98/ME/NT 4.0/2000</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>ScreenOS 3.0.0- 3.0.0r3, 2.6.1- 2.6.1r4, 2.7.1-2.7.1r2</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A Denial of Service vulnerability exists in the optional feature, 
IP Spoof protection.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Patch available at: </FONT>http://www.netscreen.com/support/updates.html</TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">ScreenOS IP Spoof Protection Denial of Service</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Low</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Network Associ-ates</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows 95/98/ME/NT 4.0/2000</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>PGP Security PGPfire 7.1</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists because the TCP/IP stack of the operating 
system is altered during installation, which could let a remote malicious user obtain 
sensitive information.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">PGPFire TCP/IP Alteration</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Nortel Networks</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>WebOS 9.0</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists when a client has half-closed a session, 
which could let a remote malicious user obtain sensitive information.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">WebOS Half-Closed Session</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. Exploit has been published.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Novell</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows NT 4.0</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>NetWare 5.0, 5.0SP5, 5.1</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists because access can be obtained to NT domain 
machines using a null password, which could let an unprivileged malicious user obtain 
Domain Admin access. </FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">NetWare Null Password</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">High</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Oracle Corpora-tion</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Multiple</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Oracle9i 9.0, 9.0.1, Oracle9iAS Web Cache 2.0.0.0- 2.0.0.3</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists because source code is contained in .java 
files, which could let a malicious user obtain sensitive information. </P>
<P>&nbsp;</P>
<P>&nbsp;</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Oracle 9IAS .java Source Code </FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. Vulnerability can be exploited 
via a web browser.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Oracle Corpora-tion</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows NT 4.0/2000,</P>
<P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Oracle9i 9.0, 9.0.1, Oracle9iAS Web Cache 2.00.3, 2.0.0.3, 2.0.0.2 
NT, 2.0.0.2, 2.0.0.1, 2.0.0.0</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Multiple vulnerabilities exist: a Denial of Service vulnerability 
exists when a request is made to the ‘pls’ module with an HTTP client Authorization 
header set but with no auth type; and multiple buffer overflow vulnerabilities exist 
in the PL/SQL Apache module, which could let a malicious user execute arbitrary code. 
</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Patch available at: </FONT>http://metalink.oracle.com</TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Oracle 9iAS Denial of Service and Buffer Overflow 
Vulnerabilities</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Low/ <B>High</P>
<P ALIGN="CENTER">&nbsp;(High if arbi-trary code can be exe-cuted)</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Oracle Corpora-tion</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Multiple</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Oracle database server 8.1.7.0.0, Oracle 8i Enterprise Edition 8.0.5.0.0, 
8.0.6.0.1, 8.0.6.0.0, 8.1.5.1.0, 8.1.5.0.2, 8.1.5.0.0, 8.1.6.1.0, 8.1.6.0.0, 8.1.7.1.0, 
8.1.7.0.0, Oracle8 8.0.3, 8.0.4, 8.0.5.1, 8.0.5, 8.0.6, 8.1.5-8.1.7, 8.0.1, 8.0.2, 
8.0.4-8.0.6, 8.1.5-8.1.7.1, 9.0, 9.0.1</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists because there is no authentication required 
for the listener process, which could let a remote malicious user execute arbitrary 
functions.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Oracle TNS Listener Arbitrary Function</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">High</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>PHP</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Multiple</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>PHP 3.0- 3.0.13, 3.0.16, 4.0, 4.0.1pl2, 4.0.1, 4.0.3-4.0.6, 4.1, 
4.1.1</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists because the MySQL client library does not 
perform proper checking on ‘LOAD DATA INFILE LOCAL’ statements, which could let a 
malicious user bypass restrictions to gain unauthorized access to restricted filesystems.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">PHP MySQL Safe_Mode Filesystem Circumven-tion</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">High</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. Exploit script has been 
published. </FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>PhpSms Send</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Multiple</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>PhpSmsSend 1.0</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists because user input is not properly validated, 
which could let a remote malicious user execute arbitrary commands.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">PhpSmsSend Remote Arbitrary Command </FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">High</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. Vulnerability can be exploited 
via a web browser.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>PhpWeb Things</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Multiple</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>PhpWeb Things 0.4</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists in the ‘core/main.php’ helper script, which 
could let a remote malicious user modify database queries.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Upgrade available at: </FONT>http://freshmeat.net/redir/phpwebthings/15746/url_zip/phpwebthings-0.4.1.zip</TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">PHPWeb ‘core/ main.php' Script</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. Vulnerability can be exploited 
via a web browser.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Portix-PHP</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Portix-PHP 0.4.02, 0.4.0</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists because non-expiring cookies are used for 
session management, which could let a malicious user obtain administrative access.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Portix-PHP Cookie Manipulation</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">High</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. Exploit has been published.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Portix-PHP</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Portix-PHP 0.4.02, 0.4.0</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Two Directory Traversal vulnerabilities exist because web requests 
are not properly filtered in the ‘view.php’and ‘portix-php’ scripts, which could 
let a malicious user obtain sensitive information.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Portix-PHP ‘view.php’ and ‘index.php’ Directory Traversal 
Vulnerabilities</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. Exploit has been published.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>SAP</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows 95/98/NT 4.0/2000</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>SAPgui 4.6 for Windows, 4.6A-4.6D for Windows</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A remote Denial of Service vulnerability exists due to the way invalid 
connections are handled.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">SAPgui Denial of Service</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Low</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>SAS Institute, Incorpor-ated</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Windows, OS/390, OS/2,</P>
<P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>SAS Base 8.0, 8.1</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A buffer overflow and format string vulnerability exists in ‘sastcpd,’ 
which could let a malicious user execute arbitrary code with administrative privileges.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Patch available at: </FONT>http://ftp.sas.com/techsup/download/hotfix/v82/base/82ba10/</TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">SASTCPD Buffer Overflow and Format String </FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">High</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>SAS Institute, Incorpor-ated</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Multiple</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>SAS Base 8.0, Integration Technolo-gies 8.0</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Two vulnerabilities exist: a vulnerability exists in ‘sastcpd’, 
which could let a malicious user execute arbitrary code as a root user; and a vulnerability 
exists in the 'netencralg' environment variable, which could let a malicious user 
execute arbitrary code.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">‘SASTCPD’ and ‘netencralg’ Arbitrary Code Execution</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">High</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>SGI</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>IRIX 6.5.10m, 6.5.10f, 6.5.11, 6.5.11f, 6.5.11m, 6.5.12, 6.5.12f, 
6.5.12m, 6.5.13, 6.5.13f, 6.5.13m, 6.5.14, 6.5.14f, 6.5.14m</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists when the ‘vcp’ Default Input is set to "Output 
Video," which could let a malicious user obtain sensitive information.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Vendor workaround available at: </FONT>http://www.securityfocus.com/advisories/3836</P>
<FONT SIZE=1><P>&nbsp;</P>
<P>&nbsp;</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">IRIX Output Video Viewing </FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Sony</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Multiple</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>VAIO Manual for UAE, Southeast Asia, South Africa, Saudi Arabia, 
Oceania, East Asia, Manual Cyber Support for VAIO 3.0&amp;3.1 Japan</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists in pre-installed software by exploiting particular 
software characteristics, which let a remote malicious user obtain unauthorized access 
through hidden programs in an Internet web page or E-mail message and take full control 
of the user’s system.</P>
<I><P>Note: All VAIO personal computers from January 26th, 2002 are not susceptible 
to this issue.</I></FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Sony has prepared a new program called the "VAIO Security Enhancement 
Program" and recommends that owners download and install the new software program 
immediately. For Customers who purchased VAIO outside Japan:  </FONT>http://www.css.ap.sony.com/Vaiofaq/security/agreementen.html 
              <FONT SIZE=1>For Customers who purchased VAIO in Japan: </FONT>http://vcl.vaio.sony.co.jp/</TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">VAIO Unauthorized Access</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">High</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites.</P>
<P>&nbsp;Vulnerability has appeared in the press and other public media.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Steve Kneizys</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Multiple</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Agora.cgi 3.2-3.2r, 3.3a-3.3f, 3.3i, 3.3j, 4.0-4.0e</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists when a web request for a non-existent .html 
file is made, which could let a remote malicious user obtain sensitive information.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Agora.CGI Path Disclosure</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. Exploit has been published.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Sun Micro-Systems, Incorpor-ated</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>JRE (Linux Production Release) 1.2.2, 1.3.1</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A Denial of Service vulnerability exists when a maliciously constructed 
java program is received.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">JRE Denial of Service</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Low</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. Exploit script has been 
published.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>TarantellaIncorpor-ated</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Enterprise 3 3.01, 3.0, 3.10, 3.11, 3.20</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A race condition vulnerability exists during the installation process, 
which could let a malicious user obtain elevated privileges.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Enterprise 3 Race Condition</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Thunder-stone</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Multiple</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Texis 3.0</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists when a HTTP request for an invalid path is 
submitted, which could let a malicious user obtain sensitive information.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Texis Path Disclosure</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Tolis Group</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>BRU 17.0 Linux</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists due to the creation of insecure tmp files, 
which could let a malicious user overwrite system files, or obtain elevated privileges.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">BRU Insecure Temporary File </FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. Exploit script has been 
published.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>wliang</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>wmtv 0.6.5</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Multiple buffer overflow vulnerabilities exist in the configuration 
file, which could let a malicious user execute arbitrary code.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Upgrade available at: </FONT>http://security.debian.org/dists/stable/updates</TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">WMTV Buffer Overflow Vulnerabilities</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">High</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Xinet</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>MacOS, Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>K-AShare 11.01 IRIX</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists because the default installation installs 
an icon directory with insecure permissions, which could let a malicious user obtain 
sensitive information.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">K-AShare Insecure Permissions</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Xoops</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Xoops 1.0 RC1</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A vulnerability exists because user input is not properly sanitized 
in the ‘userinfo.php’ script, which could let a remote malicious user obtain sensitive 
information.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Xoops SQL ‘userinfo.php’ Sensitive Information</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">Medium</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. Vulnerability can be exploited 
via a web browser.</FONT></TD>
</TR>
<TR><TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Xoops</FONT></TD>
<TD WIDTH="9%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Unix</FONT></TD>
<TD WIDTH="10%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Xoops 1.0 RC1</FONT></TD>
<TD WIDTH="22%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>A cross-site scripting vulnerability exists in the ‘pmlite.php’ 
script and in the title field because script code is not sufficiently filtered, which 
could let a malicious user execute arbitrary script code.</FONT></TD>
<TD WIDTH="18%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>No workaround or patch available at time of publishing.</FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P ALIGN="CENTER">Xoops Private Message Box Cross-Site Scripting</FONT></TD>
<TD WIDTH="8%" VALIGN="TOP" HEIGHT=72>
<B><FONT SIZE=1 COLOR="#ff0000"><P ALIGN="CENTER">High</B></FONT></TD>
<TD WIDTH="12%" VALIGN="TOP" HEIGHT=72>
<FONT SIZE=1><P>Bug discussed in newsgroups and websites. There is no exploit code 
required.</FONT></TD>
</TR>
</TABLE>

<FONT SIZE=1><P>&nbsp;</P>
</FONT><FONT SIZE=2><P>*"Risk" is defined by CyberNotes in the following manner:</P>
<B><P>High</B> - A high-risk vulnerability is defined as one that will allow an 
intruder to immediately gain privileged access (e.g., sysadmin or root) to the system 
or allow an intruder to execute code or alter arbitrary system files. An example 
of a high-risk vulnerability is one that allows an unauthorized user to send a sequence 
of instructions to a machine and the machine responds with a command prompt with 
administrator privileges.</P>
<B><P>Medium</B> – A medium-risk vulnerability is defined as one that will allow 
an intruder immediate access to a system with less than privileged access. Such vulnerability 
will allow the intruder the opportunity to continue the attempt to gain privileged 
access. An example of medium-risk vulnerability is a server configuration error that 
allows an intruder to capture the password file.</P>
<B><P>Low</B> - A low-risk vulnerability is defined as one that will provide information 
to an intruder that could lead to further compromise attempts or a Denial of Service 
(DoS) attack. It should be noted that while the DoS attack is deemed low from a threat 
potential, the frequency of this type of attack is very high. <I>DoS attacks against 
mission-critical nodes are not included in this rating and any attack of this nature 
should instead be considered to be a "High" threat.</P>
</FONT><B><FONT FACE="Baskerville Old Face,Times New Roman" SIZE=5 COLOR="#0000ff"><P>Recent 
Exploit Scripts</A>/Techniques</P>
</B></I></FONT><FONT SIZE=2><P>The table below contains a representative sample 
of exploit scripts and How to Guides, identified between January 24 and February 
7, 2002, listed by date of script, script names, script description, and comments. 
<B>Items listed in boldface/red (if any) are attack scripts/techniques for which 
vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) 
have not published workarounds or patches, or which represent scripts that malicious 
users are utilizing</B>. During this period, 16 scripts, programs, and net-news messages 
containing holes or exploits were identified. <I>Note: At times, scripts/techniques 
may contain names or content that may be considered offensive. </P></I></FONT>
<TABLE BORDER CELLSPACING=1 CELLPADDING=7 WIDTH=660>
<TR><TD WIDTH="21%" VALIGN="MIDDLE" BGCOLOR="#ffffff" HEIGHT=42>
<P ALIGN="CENTER"><B><FONT SIZE=1>Date of Script (Reverse Chronological Order)</B></FONT></TD>
<TD WIDTH="30%" VALIGN="MIDDLE" BGCOLOR="#ffffff" HEIGHT=42>
<B><FONT SIZE=1><P ALIGN="CENTER">Script name</B></FONT></TD>
<TD WIDTH="49%" VALIGN="MIDDLE" BGCOLOR="#ffffff" HEIGHT=42>
<B><FONT SIZE=1><P ALIGN="CENTER">Script Description</B></FONT></TD>
</TR>
<TR><TD WIDTH="21%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>February 7, 2002</B></FONT></TD>
<TD WIDTH="30%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>Hanterm_exp.c</B></FONT></TD>
<TD WIDTH="49%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>Script which exploits the Hanterm Buffer Overflow 
vulnerability.</B></FONT></TD>
</TR>
<TR><TD WIDTH="21%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>February 5, 2002</B></FONT></TD>
<TD WIDTH="30%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>Osxicq.c</B></FONT></TD>
<TD WIDTH="49%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>Script which exploits the ICQ For MacOS X Denial 
Of Service vulnerability.</B></FONT></TD>
</TR>
<TR><TD WIDTH="21%" VALIGN="TOP" HEIGHT=14>
<FONT SIZE=1><P>February 4, 2002</FONT></TD>
<TD WIDTH="30%" VALIGN="TOP" HEIGHT=14>
<FONT SIZE=1><P>Ethereal-0.9.1.tar.gz</FONT></TD>
<TD WIDTH="49%" VALIGN="TOP" HEIGHT=14>
<FONT SIZE=1><P>A GTK+-based network protocol analyzer that lets you capture and 
interactively browse the contents of network frames.</FONT></TD>
</TR>
<TR><TD WIDTH="21%" VALIGN="TOP" HEIGHT=14>
<FONT SIZE=1><P>February 4, 2002</FONT></TD>
<TD WIDTH="30%" VALIGN="TOP" HEIGHT=14>
<FONT SIZE=1><P>Gps-0.9.0.tar.gz</FONT></TD>
<TD WIDTH="49%" VALIGN="TOP" HEIGHT=14>
<FONT SIZE=1><P>An advanced port scanner and a firewall rule disclosure tool that 
uses IP &amp; ARP spoofing, sniffing, stealth scanning, ARP poisoning, IP fragmentation, 
and other techniques to perform stealth and untrackable information collection.</FONT></TD>
</TR>
<TR><TD WIDTH="21%" VALIGN="TOP" HEIGHT=14>
<FONT SIZE=1><P>February 4, 2002</FONT></TD>
<TD WIDTH="30%" VALIGN="TOP" HEIGHT=14>
<FONT SIZE=1><P>Lcrzo-4.04-src.tgz</FONT></TD>
<TD WIDTH="49%" VALIGN="TOP" HEIGHT=14>
<FONT SIZE=1><P>A toolbox for network administrators and network malicious users 
that contains over 200 functionalities using network library lcrzo.</FONT></TD>
</TR>
<TR><TD WIDTH="21%" VALIGN="TOP" HEIGHT=14>
<FONT SIZE=1><P>February 3, 2002</FONT></TD>
<TD WIDTH="30%" VALIGN="TOP" HEIGHT=14>
<FONT SIZE=1><P>Mircexploit-v591.c</FONT></TD>
<TD WIDTH="49%" VALIGN="TOP" HEIGHT=14>
<FONT SIZE=1><P>Script which exploits the MIRC Nickname Buffer Overflow vulnerability.</FONT></TD>
</TR>
<TR><TD WIDTH="21%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>February 3, 2002</B></FONT></TD>
<TD WIDTH="30%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>Safemodexploit.php</B></FONT></TD>
<TD WIDTH="49%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>Exploit for the PHP MySQL Safe_Mode Filesystem 
Circumvention vulnerability.</B></FONT></TD>
</TR>
<TR><TD WIDTH="21%" VALIGN="TOP" HEIGHT=41>
<FONT SIZE=1><P>February 2, 2002</FONT></TD>
<TD WIDTH="30%" VALIGN="TOP" HEIGHT=41>
<FONT SIZE=1><P>Sqlinjectionwhitepaper.pdf</FONT></TD>
<TD WIDTH="49%" VALIGN="TOP" HEIGHT=41>
<FONT SIZE=1><P>A technique for exploiting web applications that uses client-supplied 
data in SQL queries without stripping illegal characters first.</FONT></TD>
</TR>
<TR><TD WIDTH="21%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>January 30, 2002</B></FONT></TD>
<TD WIDTH="30%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>Crashme.java</B></FONT></TD>
<TD WIDTH="49%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>Exploit for the Sun JRE Denial of Service vulnerability.</B></FONT></TD>
</TR>
<TR><TD WIDTH="21%" VALIGN="TOP" HEIGHT=14>
<FONT SIZE=1><P>January 30, 2002</FONT></TD>
<TD WIDTH="30%" VALIGN="TOP" HEIGHT=14>
<FONT SIZE=1><P>Nbtenum11.zip</FONT></TD>
<TD WIDTH="49%" VALIGN="TOP" HEIGHT=14>
<FONT SIZE=1><P>A utility for Windows which can be used to enumerate one single 
host or an entire class C subnet. This utility can run in two modes, query and attack.</FONT></TD>
</TR>
<TR><TD WIDTH="21%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>January 30, 2002</B></FONT></TD>
<TD WIDTH="30%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>Netgear.txt</B></FONT></TD>
<TD WIDTH="49%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>Perl script which exploits the NetGear RO318 
HTTP Filter vulnerability.</B></FONT></TD>
</TR>
<TR><TD WIDTH="21%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>January 30, 2002</B></FONT></TD>
<TD WIDTH="30%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>Ntfs-hide.bat</B></FONT></TD>
<TD WIDTH="49%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>Exploit for the Microsoft Windows NTFS File Hiding 
vulnerability.</B></FONT></TD>
</TR>
<TR><TD WIDTH="21%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>January 29, 2002</B></FONT></TD>
<TD WIDTH="30%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>Acedirector_request</B></FONT></TD>
<TD WIDTH="49%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>Exploit for the AceDirector Half-Closed Session 
vulnerability.</B></FONT></TD>
</TR>
<TR><TD WIDTH="21%" VALIGN="TOP" HEIGHT=14>
<FONT SIZE=1><P>January 26, 2002</FONT></TD>
<TD WIDTH="30%" VALIGN="TOP" HEIGHT=14>
<FONT SIZE=1><P>Kernel.keylogger.txt</FONT></TD>
<TD WIDTH="49%" VALIGN="TOP" HEIGHT=14>
<FONT SIZE=1><P>Paper that describes the basic concepts and techniques used for 
recording keystroke activity under Linux. Also includes proof of concept.</FONT></TD>
</TR>
<TR><TD WIDTH="21%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>January 26, 2002</B></FONT></TD>
<TD WIDTH="30%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>Symace.c</B></FONT></TD>
<TD WIDTH="49%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>Script which exploits the BRU Insecure Temporary 
File vulnerability.</B></FONT></TD>
</TR>
<TR><TD WIDTH="21%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>January 24, 2002</B></FONT></TD>
<TD WIDTH="30%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>CA-2002-02.aol.icq</B></FONT></TD>
<TD WIDTH="49%" VALIGN="TOP" HEIGHT=14>
<B><FONT SIZE=1 COLOR="#ff0000"><P>Exploit for the ICQ Buffer Overflow vulnerability.</B></FONT></TD>
</TR>
</TABLE>

<B><I><FONT FACE="Baskerville Old Face,Times New Roman" SIZE=5 COLOR="#0000ff"><P>&nbsp;</P>
<P>Trends</P>

<UL>
</I></FONT><FONT SIZE=2><LI>The National Infrastructure Protection Center (NIPC) 
has received reporting that infrastructure related information, available on the 
Internet, is being accessed from sites around the world. While in and of itself this 
information is not significant, it highlights a potential vulnerability. For more 
information, see NIPC ADVISORY 02-001, located at: </B></FONT><A HREF="http://www.nipc.gov/warnings/advisories/2002/02-001.htm"><B><FONT 
SIZE=2>http://www.nipc.gov/warnings/advisories/2002/02-001.htm></FONT></A><B><FONT 
SIZE=2>. </LI>
<LI>The CERT/CC has received credible reports of scanning and exploitation of Solaris 
systems running the CDE Subprocess Control Service buffer overflow vulnerability 
identified in CA-2001-31 and discussed in VU#172583. For more information, see CERT&reg; 
Advisory CA-2002-01, located at: </B></FONT><A HREF="http://www.cert.org/advisories/CA-2002-01.html"><B><FONT 
SIZE=2>http://www.cert.org/advisories/CA-2002-01.html></FONT></A><B><FONT SIZE=2>.</LI>
<LI>NIPC has updated their advisory, NIPC Advisory 01-030, regarding what Microsoft 
refers to as a critical vulnerability in the universal plug and play (UPnP) service 
in Windows. For more information see, NIPC ADVISORY 01-030.3, located at: </B></FONT><A 
HREF="http://www.nipc.gov/warnings/advisories/2001/01-030-2.htm"><B><FONT SIZE=2>www.nipc.gov/warnings/advisories/2001/01-030-2.htm</B></FONT></A><B><FONT 
SIZE=2>.</LI></UL>

<P>&nbsp;</P>
</FONT><I><FONT FACE="Baskerville Old Face,Times New Roman" SIZE=5 COLOR="#0000ff"><P>Viruses 
</P>
</B></I></FONT><FONT SIZE=2><P>The following virus descriptions encompass new viruses 
and variations of previously encountered viruses that have been discovered in the 
last two weeks. The viruses are listed alphabetically by their common name. While 
these viruses might not all be in wide circulation, it is highly recommended that 
users update anti-virus programs as often as updates become available. <I>NOTE: At 
times, viruses may contain names or content that may be considered offensive.</P>
</I><B><P>IRC/Girls.worm (Internet Worm):</B> This is a worm that spreads via IRC. 
Once received, user intervention is required to propagate the worm from your machine. 
Two files are appended to the end of the worm (compressed) - GIRLS(1).JPG and README.TXT. 
When the worm is executed as GIRLS.ZIP, these two files will be accessible to the 
user (assuming the ZIP extension is associated with ZIP archives). The JPEG image 
is a pornographic photo. If the ZIP file extension is renamed to EXE, and then executed, 
the worm's propagation routine is run. The worm copies itself to %WINDIR%\GIRLS.ZIP. 
A countdown is displayed on the screen followed by a message box. The worm searches 
for MIRC.INI and PIRCH98.INI in the following folders on drives C, D, and E: </P>

<UL>

<UL>
<LI>MIRC.INI - \mirc\, \mirc32\, \progra~1\mirc\, and \progra~1\mirc32\ </LI>
<LI>PIRCH98.INI - \pirch98\ and \progra~1\pirch98\ </LI></UL>
</UL>

<P>If found, the worm drops the file SCRIPT.INI into that folder (overwriting any 
existing files of the same name). This file contains a single instruction to send 
a copy of the worm (%WINDIR%\GIRLS.ZIP) via IRC.</P>
<B><P>PE_GOSUSUB.A (Aliases: Gosusub.A, W32.HLLP.Gosusub) (File Infector Virus):</B> 
This virus drops a copy of itself as WIN386.EXE in the Windows folder. Upon execution, 
it drops the file WIN386.EXE in the /%Windows%/ folder which is a copy of the virus. 
It modifies the system file SYSTEM.INI and the registry to allow this copy to execute. 
It modifies the SYSTEM.INI by changing a line in the [boot] section from: </P><DIR>
<DIR>

<P>Shell Explorer.exe </P>
<P>to </P>
<P>Shell Explorer.exe Win386.exe </P></DIR>
</DIR>

<P>It adds the following registry key: </P><DIR>
<DIR>

<P>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Win386" "C:\Windows\Win386.exe" 
</P></DIR>
</DIR>

<P>This virus is also capable of infecting certain EXE files. Upon execution of 
its code, it searches the system for all drives, including the system mapped drives. 
It then searches for certain .EXE files in the directory: </P>

<UL>

<UL>
<LI>C:\Windows\Winrep.exe </LI>
<LI>C:\Windows\System\!E4uinit.exe </LI>
<LI>C:\Windows\System\Tapiini.exe </LI>
<LI>C:\Windows\Command\Scanreg.exe</LI></UL>
</UL>

<P>It infects the .EXE files by prepending its code to the file and then deletes 
.TXT files found in /%root%/, /%windows%/, /%system%/, and the following directories: 
</P>

<UL>

<UL>
<LI>C:\Windows\Command </LI>
<LI>C:\Windows\Help.</LI></UL>
</UL>

<B><P>W32/Klez-G (Win32 Worm):</B> This is a Win32 worm that carries a compressed 
copy of the W32/ElKern-B virus, which it drops and executes when the worm is run. 
This worm searches for e-mail address entries in the Windows address book but uses 
it's own mailing routine. The e-mail subject is either random or chosen from a list. 
The worm randomly composes the message text but the message can also be without a 
text. An attached file is also included with randomly chosen names with extensions 
PIF, .SCR, .EXE, or .BAT. The sender address, which appears in a message, is chosen 
from a list inside the virus. W32/Klez-G attempts to disable several anti-virus products 
and delete some anti-virus related files. The worm attempts to exploit a MIME vulnerability 
in some versions of Microsoft Outlook, Microsoft Outlook Express, and Internet Explorer 
to allow the executable file to run automatically without the user double-clicking 
on the attachment. Microsoft has issued a patch that secures against this vulnerability 
that can be downloaded from </FONT><A HREF="http://www.microsoft.com/technet/security/bulletin/MS01-027.asp"><FONT 
SIZE=2>http://www.microsoft.com/technet/security/bulletin/MS01-027.asp></A><FONT 
SIZE=2>. <I>(Note: This patch fixes a number of vulnerabilities in Microsoft's software, 
including the one exploited by this worm.) </I>The virus may also spread to remote 
shares on other machines using random filenames. It copies itself to the Windows 
System directory with a random filename. The worm will set the registry key: </P><DIR>
<DIR>

<P>HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ </P></DIR>
</DIR>

<P>to point to the worm file, so that the file is run on Windows startup.</P>
<B><P>W32/Tariprox-B (Win32 Worm):</B> This is a proxy worm that attaches itself 
to out-going e-mail messages. The worm will arrive as an e-mail attachment called 
&lt;username.doc.pif, where &lt;username is the name of the e-mail recipient. When 
run, it copies itself to the Windows directory as MMOPLIB.EXE and creates the registry 
entry: </P><DIR>
<DIR>

<P>HKLM\Software\Microsoft\Windows\CurrentVersion\Run\mmoplib = Windows\MMOPLIB.EXE, 
</P></DIR>
</DIR>

<P>so that the worm is run automatically each time the machine is restarted. It 
also replaces/creates the HOSTS file, which maps machine names to IP addresses. Various 
network-related programs, such as Outlook and Outlook Express use the HOSTS file, 
in order to quickly resolve machine IP addresses (rather than having to query the 
DNS database). In order to work on both Win9x and NT machines, the worm will try 
to create or replace the file HOSTS or HOSTS.bak in the Windows and Winnt\System32\drivers\etc\ 
directories. The existing HOSTS file may be named HOSTS.sam (the default for W95/W98) 
in which case it will remain unchanged. However, the version created by the worm 
(without an extension) will be used. The worm creates an entry in the new HOSTS file, 
which maps the default SMTP server to the loop-back address 127.0.0.1. The worm then 
runs in the background waiting to accept a connection on port 25 (the SMTP port). 
When the user tries to send an e-mail, the e-mail client program (such as Outlook 
or Outlook Express) tries to establish a connection to the SMTP server on port 25, 
but mistakenly uses the address 127.0.0.1 and so actually connects to the worm. The 
worm establishes a connection to the real SMTP server (on port 25) and acts as a 
go-between, sending its own data at the appropriate moment. The worm avoids repeatedly 
sending itself to the same person by keeping a list of the five most recent recipients 
in the following registry key:</P><DIR>
<DIR>

<P>HKLM\Software\Microsoft\Media Optimization library\MRU = NULL, NULL, recipient3, 
recipient2, recipient1.</P></DIR>
</DIR>

<P>It does not attach itself to e-mail messages destined for these people. On some 
networks, the same machine acts as both the outgoing and incoming mail server. If 
this is the case, when an e-mail client attempts to connect to the server to download 
e-mail, the worm accepts the connection but doesn't pass on responses if they're 
not related to sending e-mail. This may prevent the user from downloading new e-mails. 
Any other programs that use the HOSTS file to resolve IP addresses (such as Telnet) 
will also be unable to establish a connection to the machine acting as the default 
SMTP server, because they will attempt to connect to 127.0.0.1. On many network configurations 
however, there will be one machine to handle SMTP and one to handle POP3 (or IMAP, 
DSMP etc.). On these networks the worm will function as intended. The worm was designed 
primarily to work with Outlook Express and so may not work properly with other MAPI 
client programs. W32/Tariprox-B is a Windows PE executable. UPX packed versions also 
exist. The worm contains the text: 'W32.Taricone-B.worm@proxy by I.V.E.L.'</P>
<B><P>WM97/Comical-A (Word 97 Macro Worm):</B> This is a mass mailing e-mail worm. 
It consists of three components: a Word macro file, a Visual Basic script and a Windows 
executable. These three components are detected as WM97/Comical-A, VBS/Comical-A 
and W32/Comical-A respectively. WM97/Comical-A arrives in an e-mail with the following 
characteristics: </P><DIR>
<DIR>

<P>Subject line: A comical story for you</P>
<P>Message text: I send you a comical story found on the Net. </P>
<P>Best Regards, You friend.</P>
<P>Attached file: comical_story.doc</P></DIR>
</DIR>

<P>When the attachment is launched using Microsoft Word, it will display a dialog 
box that states 'This file has some problems.' When the user clicks on the OK box, 
the worm will drop a Visual Basic script, VBS/Comical-A, to C:\twin.vbs. The worm 
will then execute VBS/Comical-A. VBS/Comical-A will collect e-mail addresses from 
the Outlook address book and write them to the file C:\backup.win. It will create 
the Word document Netinfo.doc in the Windows directory. This file is detected as 
WM97/Comical-A. It will then write avw32.exe into the Windows directory and execute 
it. The virus will attempt to send Netinfo.doc to all the e-mail addresses listed 
in C:\backup.win. It will also add the following registry key to ensure that the 
executable is run on startup:</P><DIR>
<DIR>

<P>HKLM\Software\Microsoft\Windows\CurrentVersion\Run\AntiVirus Freeware</P></DIR>
</DIR>

<P>The executable will also delete the file C:\twin.vbs.</P>
<B><P>W32/MyParty-A (Aliases: W32/Myparty@mm, </B></FONT><A HREF="mailto:W32.Myparty@mm"><B><FONT 
SIZE=2>W32.Myparty@mm</B></FONT></A><B><FONT SIZE=2>) (Win32 Worm):</B> This virus 
has been reported in the wild. It is a Windows 32 e-mail-aware worm which arrives 
as an e-mail message with the subject "new photos from my party!" and an attachment, 
</FONT>www.myparty.yahoo.com.<FONT 
SIZE=2> Some people may be fooled into believing the attached file is a link to a 
website. If the attached file is executed, the worm sends a copy of itself to everybody 
in the Windows Address book (except the current user) using a built in SMTP engine. 
It gets the SMTP server information from the registry key:</P><DIR>
<DIR>

<P>HKCU\Software\Microsoft\Internet Account Manager\Accounts\00000001 </P></DIR>
</DIR>

<P>The worm also sends an e-mail to napster@gala.net to track its spread. </P>
<B><P>W32.Myparty.B@mm (Aliases: WORM_MYPARTY.B, MYPARTY.B) (Win32 Worm):</B> This 
variant of WORM_MYPARTY.A also arrives in an e-mail with the subject line "new photos 
from my party!" but includes the attachment "myparty.photos.yahoo.com." Similar to 
WORM_MYPARTY.A, this variant copies itself to C:\Recycled\REGCTRL.EXE in Windows 
9x. In Windows NT it copies itself to C:\REGCTRL.EXE and drops a file named msstask.exe 
in "%windows%\profile\%username%\ Start Menu\Programs\Startup." It also drops the 
following file that is only visible in MS-DOS prompt: </P><DIR>
<DIR>

<P>C:\RECYCLER\F-&amp;ltRandom Number-&amp;ltRandom Number-&amp;ltRandom Number 
(This is the actual file) </P>
<P>or </P>
<P>C:\RECYCLED\F-&amp;ltRandom Number-&amp;ltRandom Number-&amp;ltRandom Number 
(This is the actual file) </P></DIR>
</DIR>

<P>However, between the system dates of January 20–24, 2002 this file with a random 
filename will not be dropped at C:\RECYCLER nor at C:\RECYCLED. This is different 
from the trigger date of WORM_MYPARTY.A that is January 25–29, 2002. It also sends 
an infected e-mail with the same message and subject used by WORM_MYPARTY.A but with 
a different file attachment name. </P>
</FONT><P><A HREF="mailto:W32.Rexli.A@mm"><B><FONT SIZE=2>W32.Rexli.A@mm</B></FONT></A><B><FONT 
SIZE=2> (Win32 Worm):</B> This is a mass-mailing worm that is written in Visual Basic. 
When executed, the worm e-mails all contacts in the Microsoft Outlook address book. 
If mIRC is found, the worm modifies a file called Script.ini. This modification causes 
an infected user to send the worm to people over the IRC network.</P>
</FONT><P><A HREF="mailto:W32.Sysnom.C@mm"><B><FONT SIZE=2>W32.Sysnom.C@mm</B></FONT></A><B><FONT 
SIZE=2> (Win32 Worm):</B> This is a mass-mailing worm that copies itself to C:\Windows 
\SoftwareKey.exe. When it is executed, it sends itself to all contacts in the Microsoft 
Outlook address book. When the AVP button is clicked, it opens Internet Explorer 
to the Web site http:/ /www.avp.ch. It will also ping the site ndovirus.8m.com. Finally, 
the worm copies itself to C:\Windows\SoftwareKey.exe.</P>
<B><P>W97M.DebilByte.A (Word 97 Macro Virus):</B> This is a simple macro virus that 
resides in eight macro modules. Each module is exported to the files Wdr1.sys, Wdr2.sys, 
. . . Wdr8.sys, which are created in the Windows directory. The module files are 
then used by the virus to infect the Normal.dot template file as well as any other 
document whenever a document is opened or closed. The virus also disables the following 
menu commands:</P>

<UL>

<UL>
<LI>Tools  Macro  Macros... (Alt+F8) </LI>
<LI>Tools  Macro  Visual Basic Editor (Alt+F11)</LI></UL>
</UL>

<P>The only text string in the virus is a URL pointing to the Russian Yandex site. 
</P>
<B><P>W97M_NOMED.A (Aliases: Macro.Word97.Demo.C, NOMED.A): </B>This macro virus 
infects Word 97 documents. It copies its viral codes to a "DEMON" module in infected 
documents. It does not have a destructive payload. </P>
<B><P>WM97/Falcon-A (Word 97 Macro Virus):</B> This virus replicates with errors. 
On an infected system, access to the File|Templates and the Visual Basic Editor is 
disabled. When a user attempts to access the VB Editor, two message boxes are displayed: 
One has the title "CVBEditor::ShowWindow() error!" and contains the text "Installation 
error 0x80000025 Please reinstall Visual Basic for Applications." The other displayed 
message box has the title "MacroProt v2.0 Beta" with the text "To prevent viruses 
the system administrator has disabled Macro editing."</P>
<B><P>WORM_COUPLE.A (Aliases: COUPLE.A, VBS_COUPLE.A, VBS_LASTSCENE.B, WORM_LASTSCENE) 
(Worm): </B>This mass-mailing worm propagates via e-mail using MAPI and Microsoft 
Outlook, and installs backdoor programs on the infected user's computer. The e-mail 
arrives with the subject line: "Nice Couple."</P>
<B><P>WORM_HUNCH.A (Aliases: HUNCH.A, </B></FONT><A HREF="mailto:W32.Hunch@mm"><B><FONT 
SIZE=2>W32.Hunch@mm</B></FONT></A><B><FONT SIZE=2>) (Worm):</B> This memory-resident 
worm propagates via Microsoft Outlook by sending copies of itself to all addresses 
listed in the infected user's address book. It arrives as an attachment called "COSTOS 
DE PRODUCCION.xls.exe." It modifies the registry to allow it to execute at every 
Windows startup.</P>
<B><P>WORM_NAVIDAD.A (Aliases: NAVIDAD, TROJ_NAVIDAD.A, W32/Navidad@M, W32.Navidad) 
(Internet Worm): </B>This Internet worm propagates via Microsoft Messaging API (MAPI). 
It responds to messages included in the user INBOX using the default MAPI client 
and e-mail. Every response has the subject, "RE:" and the worm as an attachment (NAVIDAD.EXE). 
This worm also displays a message box upon execution and maps the opening of Windows 
executables so that it is executed instead of the executable that is called.</P>
<B><P>WORM_PORMAN.A (Aliases: I-Worm.Alcaul.m, W32.Porma@mm, PORMAN.A) (Worm):</B> 
This mass-mailing worm sends an infected e-mail via Microsoft Outlook with the attachment 
http.www.sex.com, and the subject line "pornoman recommends."</P>
<B><P>WORM_WHITEBAIT.A (Aliases: WHITEBAIT.A, </B></FONT><A HREF="mailto:W32.Whitebait@mm"><B><FONT 
SIZE=2>W32.Whitebait@mm</B></FONT></A><B><FONT SIZE=2>) (Worm):</B> This mass-mailing 
worm propagates via Microsoft Outlook and arrives in an e-mail with the subject line 
attachment "WARNING : Black_Piranha" and the attachment "MSSECU.EXE." Upon execution, 
it drops two files in the Windows folder, and displays pornographic pictures with 
a link to an adult-oriented Web site. </P>
<B><P>XM97/Divi-AQ (Excel 97 Macro Virus):</B> This virus is a member of the XM97/Divi 
family with no malicious payload. It creates the viral file 874.xls in the XLSTART 
directory.</P>
<P>&nbsp;</P>
</FONT><B><I><FONT FACE="Baskerville Old Face,Times New Roman" SIZE=5 COLOR="#0000ff"><P>Trojans 
</P>
</B></I></FONT><FONT SIZE=2><P>Trojans have become increasingly popular as a means 
of obtaining unauthorized access to computer systems. This table starts with Trojans 
discussed in CyberNotes #2001-01, and items will be added on a cumulative basis. 
Trojans that are covered in the current issue of CyberNotes are listed in boldface/red. 
Following this table are write-ups of new Trojans and updated versions discovered 
in the last two weeks. Readers should contact their anti-virus vendors to obtain 
specific information on Trojans and Trojan variants that anti-virus software detects. 
<I>Note: At times, Trojans may contain names or content that may be considered offensive.</P></I></FONT>
<P ALIGN="CENTER"><CENTER><TABLE BORDER CELLSPACING=2 BORDERCOLOR="#000000" CELLPADDING=7 
WIDTH=523>
<TR><TD WIDTH="33%" VALIGN="TOP" BGCOLOR="#ffffff" HEIGHT=21>
<P ALIGN="CENTER"><B><FONT SIZE=1>Trojan</B></FONT></TD>
<TD WIDTH="36%" VALIGN="TOP" BGCOLOR="#ffffff" HEIGHT=21>
<B><FONT SIZE=1><P ALIGN="CENTER">Version</B></FONT></TD>
<TD WIDTH="31%" VALIGN="TOP" BGCOLOR="#ffffff" HEIGHT=21>
<B><FONT SIZE=1><P ALIGN="CENTER">CyberNotes Issue #</B></FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<B><FONT SIZE=2 COLOR="#ff0000"><P>APStrojan.sl</B></FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<B><FONT SIZE=1 COLOR="#ff0000"><P>N/A</B></FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<B><FONT SIZE=1 COLOR="#ff0000"><P>Current Issue</B></FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<FONT SIZE=2><P>Backdoor.Palukka</FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<FONT SIZE=1><P>N/A</FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<FONT SIZE=1><P>CyberNotes-2002-01</FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<FONT SIZE=2><P>BackDoor-AAB</FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<FONT SIZE=1><P>N/A</FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<FONT SIZE=1><P>CyberNotes-2002-02</FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<B><FONT SIZE=2 COLOR="#ff0000"><P>BackDoor-FB.svr.gen</B></FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<B><FONT SIZE=1 COLOR="#ff0000"><P>N/A</B></FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<B><FONT SIZE=1 COLOR="#ff0000"><P>Current Issue</B></FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<FONT SIZE=2><P>DlDer</FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<FONT SIZE=1><P>N/A</FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<FONT SIZE=1><P>CyberNotes-2002-01</FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<B><FONT SIZE=2 COLOR="#ff0000"><P>DoS-Winlock</B></FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<B><FONT SIZE=1 COLOR="#ff0000"><P>N/A</B></FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<B><FONT SIZE=1 COLOR="#ff0000"><P>Current Issue</B></FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<FONT SIZE=2><P>Hacktool.IPStealer</FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<FONT SIZE=1><P>N/A</FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<FONT SIZE=1><P>CyberNotes-2002-02</FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<B><FONT SIZE=2 COLOR="#ff0000"><P>Irc-Smallfeg</B></FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<B><FONT SIZE=1 COLOR="#ff0000"><P>N/A</B></FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<B><FONT SIZE=1 COLOR="#ff0000"><P>Current Issue</B></FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<FONT SIZE=2><P>JS/Seeker-E</FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<FONT SIZE=1><P>N/A</FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<FONT SIZE=1><P>CyberNotes-2002-01</FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<FONT SIZE=2><P>JS_EXCEPTION.GEN</FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<FONT SIZE=1><P>N/A</FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<FONT SIZE=1><P>CyberNotes-2002-01</FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<FONT SIZE=2><P>SecHole.Trojan</FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<FONT SIZE=1><P>N/A</FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<FONT SIZE=1><P>CyberNotes-2002-01</FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<FONT SIZE=2><P>Troj/Download-A</FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<FONT SIZE=1><P>N/A</FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<FONT SIZE=1><P>CyberNotes-2002-01</FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<B><FONT SIZE=2 COLOR="#ff0000"><P>Troj/Msstake-A</B></FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<B><FONT SIZE=1 COLOR="#ff0000"><P>N/A</B></FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<B><FONT SIZE=1 COLOR="#ff0000"><P>Current Issue</B></FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<FONT SIZE=2><P>Troj/Optix-03-C</FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<FONT SIZE=1><P>N/A</FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<FONT SIZE=1><P>CyberNotes-2002-01</FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<FONT SIZE=2><P>Troj/Sub7-21-I</FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<FONT SIZE=1><P>N/A</FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<FONT SIZE=1><P>CyberNotes-2002-01</FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<FONT SIZE=2><P>Troj/WebDL-E</FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<FONT SIZE=1><P>N/A</FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<FONT SIZE=1><P>CyberNotes-2002-01</FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<FONT SIZE=2><P>TROJ_CYN12.B</FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<FONT SIZE=1><P>N/A</FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<FONT SIZE=1><P>CyberNotes-2002-02</FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<FONT SIZE=2><P>TROJ_DANSCHL.A</FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<FONT SIZE=1><P>N/A</FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<FONT SIZE=1><P>CyberNotes-2002-01</FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE" HEIGHT=19>
<B><FONT SIZE=2 COLOR="#ff0000"><P>TROJ_DSNX.A</B></FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE" HEIGHT=19>
<B><FONT SIZE=1 COLOR="#ff0000"><P>N/A</B></FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE" HEIGHT=19>
<B><FONT SIZE=1 COLOR="#ff0000"><P>Current Issue</B></FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<FONT SIZE=2><P>TROJ_FRAG.CLI.A</FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<FONT SIZE=1><P>N/A</FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<FONT SIZE=1><P>CyberNotes-2002-02</FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<B><FONT SIZE=2 COLOR="#ff0000"><P>TROJ_ICONLIB.A</B></FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<B><FONT SIZE=1 COLOR="#ff0000"><P>N/A</B></FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<B><FONT SIZE=1 COLOR="#ff0000"><P>Current Issue</B></FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<FONT SIZE=2><P>Trojan.Badcon</FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<FONT SIZE=1><P>N/A</FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<FONT SIZE=1><P>CyberNotes-2002-02</FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<FONT SIZE=2><P>Trojan.StartPage</FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<FONT SIZE=1><P>N/A</FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<FONT SIZE=1><P>CyberNotes-2002-02</FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<FONT SIZE=2><P>Trojan.Suffer</FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<FONT SIZE=1><P>N/A</FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<FONT SIZE=1><P>CyberNotes-2002-02</FONT></TD>
</TR>
<TR><TD WIDTH="33%" VALIGN="MIDDLE">
<B><FONT SIZE=2 COLOR="#ff0000"><P>VBS_THEGAME.A</B></FONT></TD>
<TD WIDTH="36%" VALIGN="MIDDLE">
<B><FONT SIZE=1 COLOR="#ff0000"><P>N/A</B></FONT></TD>
<TD WIDTH="31%" VALIGN="MIDDLE">
<B><FONT SIZE=1 COLOR="#ff0000"><P>Current Issue</B></FONT></TD>
</TR>
</TABLE>
</CENTER></P>

<B><FONT SIZE=2><P ALIGN="CENTER">&nbsp;</P>
<P>APStrojan.sl:</B> This Trojan attempts to steal AOL Instant Messenger usernames 
and passwords. It also logs keystrokes and sends this data to a Yahoo.com e-mail 
address. When run, the Trojan copies itself to the WINDOWS\START MENU|PROGRAMS\STARTUP 
folder. If AOL Instant Messenger is not installed, an error message appears. All 
window titles and keystrokes typed are logged to the file DAT.LOG in the same directory 
as the executable (the STARTUP folder). With this information, the Trojan attempts 
to create the file C:\PROGRAM FILES\DMSYSMAIL.EML and send it, using MAPI messaging 
to </FONT><A HREF="mailto:it090d@yahoo.com"><FONT SIZE=2>it090d@yahoo.com</FONT></A><FONT 
SIZE=2>.</P>
<B><P>BackDoor-FB.svr.gen:</B> This Trojan is dropped by the </FONT><A HREF="mailto:W32/Myparty@mm"><FONT 
SIZE=2>W32/Myparty@mm</FONT></A><FONT SIZE=2> virus. When the W32/Myparty@MM virus 
executable is executed on Windows NT machines, (Windows NT, 2000 or XP) a variant 
of this backdoor is dropped to the startup folder within the profile of the current 
user, MSSTASK.EXE: </P><DIR>
<DIR>

<P>%userprofile%\Start Menu\Programs\Startup\msstask.exe</P></DIR>
</DIR>

<P>This ensures the backdoor is executed upon system startup, at which point it 
goes memory resident, and the machine is becomes vulnerable. W32/Myparty@MM only 
massmails itself and drops the backdoor component if the system date is within the 
following range: 25th - 29th January 2002, inclusive. Outside of this date range, 
no backdoor component is dropped. MSSTASK.EXE is compressed with UPX. Once running, 
the backdoor tries to connect to the following IP address: </FONT><A HREF="http://209.151.250.170/"><FONT 
SIZE=2>http://209.151.250.170/></A><FONT SIZE=2>, in order to download the 
command file that operates the backdoor. A second W32/Myparty@MM variant, which only 
operates between 20th-24th January 2002, drops an identical backdoor component to 
that described above. The only difference is the date range in which the backdoor 
is dropped.</P>
<B><P>DoS-Winlock:</B> This Trojan initiates a Denial of Service attack against 
several systems, most of which are in the langame.net domain. The executable has 
been packed with the PECompact packer. When run, the Trojan copies itself to WINDOWS 
directory as NETDLL16.EXE and the Recycle Bin as Winlock.exe with hidden file attributes. 
A WIN.INI entry is added to load itself at startup, run=C:\RECYCLED\winlock.exe. 
The next time Windows is rebooted, the Trojan starts its DoS attack and stays resident 
in memory.</P>
<B><P>Irc-Smallfeg:</B> Users are most likely to encounter this Trojan in the form 
of a dropper (which may be named ModemSpeedEnhancer.Exe). When executed on NT/2000 
the dropper creates the folder, %WINDIR%\CACHE, and drops the file SVCHOST.EXE into 
it. Subsequently, SVCHOST.EXE is executed as a process. When executed on Windows 
9x machines, the dropper is harmless - it does not drop the server component. Once 
running as a process, the file JUPE.DLL is dropped in the %WINDIR%\CACHE directory. 
This file contains a small amount of encrypted data,(possibly information about the 
victim machine). The Trojan then attempts to connect to port 6667 of 22 various remote 
servers (all -----.--.undernet.org). If successful, the Trojan then attempts to join 
a specific channel in the Undernet IRC network, with a nickname built up from two 
words stored within the SVCHOST.EXE file (e.g. gold, plat, fat, bomb, hehe, goal).</P>
<B><P>TROJ_DSNX.A (Aliases: DSNX, DSNX.A, Trojan.Win32.DSNX):</B> This destructive 
Win32 Trojan enables a remote malicious user access to an infected computer. It compromises 
network security. Upon execution, this Trojan copies itself to a WIN&lt;text.EXE 
file in the Windows System directory, where &lt;text is a randomly generated text 
string. It then adds the following registry entry that allows it to run at every 
startup:</P><DIR>
<DIR>

<P>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run = WinDSNX </P></DIR>
</DIR>

<P>The Trojan then connects to an IRC server and joins a channel where the remote 
malicious user is connected. The remote malicious user may execute any or all of 
the following in an infected system:</P>

<UL>

<UL>
<LI>Upload/Download files </LI>
<LI>Perform a port scan on the local area network </LI>
<LI>Flood a specified IP address </LI>
<LI>Log keystrokes </LI>
<LI>Delete files</LI></UL>
</UL>

<B><P>TROJ_ICONLIB.A (Aliases: Trojan.IconLib, ICONLIB.A, ICONLIB):</B> This Trojan's 
destructive payload deletes system files on the infected computer. It then replaces 
deleted files with copies of itself. Thereafter, the infected system hangs, due to 
missing system files, and will no longer restart.</P>
<B><P>Troj/Msstake-A (Alias: BackDoor-AAF):</B> This is a backdoor Trojan that allows 
others to have remote access to your machine over a network. It is dropped by the 
W32/MyParty-A virus. </P>
<B><P>VBS_THEGAME.A (Alias: THEGAME.A):</B> This Script Trojan has the ability to 
mass mail, drop other Trojan files, modify registries, and modify WIN.INI. It is 
encrypted but not destructive.</P>
<P>&nbsp;</P></FONT></BODY>

<p><!-- body="end" -->
<hr noshade>
<ul>

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Sponsored by VeriSign - The Value of Trust
Pinpoint the right security solution for your company - FREE
Guide from industry leader VeriSign gives you all the facts.
http://us.click.yahoo.com/pCuuSA/WdiDAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST