|
|
Colapse all |
Post message
Re: Winamp 5.02 Long Filename Buffer Overflow Vulnerability 2004-03-20 b0f www.b0f.net (b0fnet yahoo com) In-Reply-To: <20040319164427.31207.qmail (at) www.securityfocus (dot) com [email concealed]> Hmm i noticed this before with .pls and .m3u files winamp will open when a .m3u or .pls link is clicked via internet explorer but winamp doesn't seem to crash. Also if winamp is opened in cmd.exe like winamp.exe [long file name] it wil [ more ] [ reply ] Concerning The Recent Invision power Board Issues 2004-03-20 GulfTech Security (security gulftech org) Hi all, As you have seen there have been a good number of IPB issues posted lately to BugTraq, Everything from cross site scripting to path disclosure to sql issues. The sql issues in search have been fixed as seen here. http://forums.invisionpower.com/index.php?act=ST&f=&t=116163 I have found t [ more ] [ reply ] Any dissasemblies of the Witty worm yet? 2004-03-20 Nicholas Weaver (nweaver CS berkeley edu) (1 replies) Has anyone done a dissassembly of the "Witty" worm yet? http://isc.incidents.org/diary.html?date=2004-03-20 http://securityresponse.symantec.com/avcenter/venc/data/w32.witty.worm.h tml using the http://seclists.org/lists/bugtraq/2004/Mar/0181.html recent bug in BlackICE/RealSecure? We are [ more ] [ reply ] Re: Any dissasemblies of the Witty worm yet? 2004-03-20 Kostya Kortchinsky (kostya kortchinsky renater fr) Re: Samba 'smbprint' script tmpfile vulnerability. 2004-03-20 Gerald (Jerry) Carter (jerry samba org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For the record, Shaun Colley first email <security (at) samba (dot) org [email concealed]> on "Thu, 18 Mar 2004 20:21:48 +0000 (GMT)". The set of core Samba developers were given no prior notice that the potential bug would be published on BUGtraq. Nor we were notified when the a [ more ] [ reply ] Ref: NGSSoftware Advisories NISR19042004a and NISR19042004b 2004-03-19 Sym Security (secure symantec com) In response to NGSSoftware Advisories NISR19042004a and NISR19042004b, ------------------------------------------------------------------ Symantec Security Advisory SYM04-005 19 March, 2004 Symantec Norton Internet Security and Norton AntiSpam Remote Access Vulnerability Revision History Non [ more ] [ reply ] [Full-Disclosure] iDEFENSE Security Advisory 03.19.04: Borland Interbase admin.ib Administrative Access Vulnerability 2004-03-19 idlabs-advisories idefense com Borland Interbase admin.ib Administrative Access Vulnerability iDEFENSE Security Advisory 03.19.04 www.idefense.com/application/poi/display?id=80&type=vulnerabilities March 19, 2004 I. BACKGROUND Borland Interbase is a small, high performance commercial database for Linux, Solaris, and Windows op [ more ] [ reply ] [ANNOUNCE] Apache HTTP Server 2.0.49 Released (fwd) 2004-03-19 je sekure net ---------- Forwarded message ---------- Date: Fri, 19 Mar 2004 22:55:38 +0100 From: Sander Striker <striker (at) apache (dot) org [email concealed]> To: announce (at) httpd.apache (dot) org [email concealed] Subject: [ANNOUNCE] Apache HTTP Server 2.0.49 Released Apache HTTP Server 2.0.49 Released The Apache Software Foundation and [ more ] [ reply ] Internet Explorer Causing Explorer.exe - Null Pointer Crash 2004-03-19 Rafel Ivgi, The-Insider (theinsider 012 net il) Winamp 5.02 Long Filename Buffer Overflow Vulnerability 2004-03-19 Tobias Welter (newbie e-mails ru) Eudora 6.0.3 attachment spoof, LaunchProtect 2004-03-19 psz maths usyd edu au (Paul Szabo) Eudora 6.0.3 for Windows was released recently. Though known for years, the spoofing of attachments is still not fixed; the problem with LaunchProtect is not fixed either. Spoofing demo (essentially identical to 6.0.1 version) below. Cheers, Paul Szabo - psz (at) maths.usyd.edu (dot) au [email concealed] http://www.maths.us [ more ] [ reply ] Re: mac osx- admin service buffer overflow 2004-03-19 programming_rocks1 hotmail com (1 replies) In-Reply-To: <20040318232447.29522.qmail (at) search.securityfocus (dot) com [email concealed]> As several people have asked, I will post the following: 1) I beleive the version was 10.3, SERVER 2) The service did not have a header or anything, however nmap reported it as "osx-admin" 3) I'm very sorry, I misstyped the por [ more ] [ reply ] Norton Internet Security Remote Command Execution (#NISR19042004b) 2004-03-19 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Norton Internet Security Remote Command Execution Systems Affected: XP (not confirmed on 2000); NIS & NIS Pro 2004, not confirmed on previous versions. Severity: High Vendor URL: http://www.symantec.com Author: Mark Litchfield [ mark@ngssoftware. [ more ] [ reply ] Norton AntiSpam Remote Buffer Overrun (#NISR19042004a) 2004-03-19 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Norton AntiSpam Remote Buffer Overrun Systems Affected: Windows XP (not confirmed on 2000) Severity: High Vendor URL: http://www.symantec.com Author: Mark Litchfield [ mark (at) ngssoftware (dot) com [email concealed] ] Date Vendor Notified: 4th March 2004 Date of Public [ more ] [ reply ] EEYE: Internet Security Systems PAM ICQ Server Response Processing Vulnerability 2004-03-18 Marc Maiffret (mmaiffret eeye com) Internet Security Systems PAM ICQ Server Response Processing Vulnerability Release Date: March 18, 2004 Date Reported: March 8, 2004 Severity: High (Remote Code Execution) Vendor: Internet Security Systems Systems Affected: RealSecure Network 7.0, XPU 22.11 and before RealSecure Server Sensor 7 [ more ] [ reply ] mac osx- admin service buffer overflow 2004-03-18 programming_rocks1 hotmail com I discovered that by netcatting/telneting/otherwise sending 2057 A's to port 610 (admin service) of an osx server box that the serivce will crash and restart. I infered that the buffer must be set at 2056 charactors. I was only able to test this on one box, and I was not able to get on it and dump [ more ] [ reply ] HOTMAIL / PASSPORT: phishing expedition 2004-03-18 http-equiv (at) excite (dot) com [email concealed] (1 malware com) Thursday, March 18, 2004 Unbelievably ridiculous insertion of arbitrary html into the Hotmail web based email account of your targeted "buddy". In order to gain your "little pal's" credentials, simply send him or her an email with an extra long subject like so: heylittlebuddyheylittlebuddyhey [ more ] [ reply ] [waraxe-2004-SA#010 - Multiple vulnerabilities in Error Manager v2.1 for PhpNuke] 2004-03-18 Janek Vind (come2waraxe yahoo com) ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow 2004-03-18 Pentest Security Alerts (alerts pentest co uk) Pentest Limited Security Advisory RealNetworks Helix Server 9 Administration Server Buffer Overflow Advisory Details ---------------- Title: RealNetworks Helix Server 9 Administration Server Buffer Overflow Announcement date: 18 March 2004 Advisory Reference: ptl-2004-02 CVE Name: CAN-2004-0049 Pr [ more ] [ reply ] [OpenPKG-SA-2004.007] OpenPKG Security Advisory (openssl) 2004-03-18 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] |
|
Privacy Statement |
According to that link the worm sends itself to 20K random IP's,
It's also on a repeat though.
To block it you need to block packets coming from UDP source port 4000.
I'd suggest blocking local port 4000, as well. This thin
[ more ] [ reply ]