Further Information

AL-2004.17 -- Korgo Worm Variants Exploiting LSASS Vulnerability - New variants of a worm named Korgo, aka Padobot, are currently being created and detected in the wild on a daily basis. AusCERT has received reports that new variants are not being detected by some anti-virus software with previous Korgo signatures. Reports to AusCERT detail network traffic congestion, in addition to the potential compromise of data through the creation of a backdoor on infected computers. (25/06/2004)

AL-2004.15 -- CVS Heap Overflow Vulnerability - A heap overflow vulnerability in the Concurrent Versions System (CVS) could allow a remote attacker to execute arbitrary code on a vulnerable system. (28/05/2004)

AL-2004.14 -- WORM_SASSER.A - The W32.Sasser worm is known to exploit the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system. (03/05/2004)

AL-2004.13 -- Vulnerabilities in SNMP Message Processing - Cisco Internetwork Operating System (IOS) Software releases may contain a vulnerability in processing SNMP requests which, if exploited, could cause the device to reload. (21/04/2004)

AL-2004.12 -- NISCC Vulnerability Advisory 236929 - Vulnerability Issues in TCP - There is a vulnerability in TCP which allows remote attackers to terminate network sessions. The Border Gateway Protocol (BGP) is judged to be potentially most affected by this vulnerability. (21/04/2004)

AL-2004.11 -- Exploit activity targeting academic computing resources - AusCERT has received reports of attackers specifically targeting high performance computing resources at educational and research organisations. (16/04/2004)

AL-2004.10 -- AUSCERT ALERT -- Bogus Banking Email Allows Trojan Infection for Outlook Users - A vulnerability in Microsoft Internet Explorer and Outlook Express is being used to trick online banking customers into visiting a malicious web site. The vulnerability[2] allows a URL to be spoofed by manipulating the information displayed in the status bar using an embedded form. (04/04/2004)

AL-2004.09 -- W32/Netsky.P@mm spreading with new attack methods - A new variant of the mass-mailing worm "Netsky" is spreading. The indications are that the rate of infections of W32/Netsky.P@mm being reported to antivirus suppliers is increasing. (23/03/2004)

AL-2004.07 -- New Bagle.Q Worm Spreading Rapidly - AusCERT is aware of local activity by a new type of mass-mailing worm. Dubbed Bagle.Q, this worm exploits a recent vulnerability in the Microsoft Internet Explorer engine to allow infection without active user intervention and without including the virus executable in the email message. (18/03/2004)

AL-2004.06 -- Variants of mass-mailing worms Netsky and Bagle spreading rapidly - AusCERT has received reports from European CERTs and antivirus vendors that new variants of the mass-mailing worms Netsky and Bagle are spreading rapidly overseas. (02/03/2004)

AL-2004.05 -- Malicious Software Report - W32/Netsky.b - AusCERT has become aware of a new mass-mailer worm named W32/Netsky-B (also know as Moodown.B). The worm arrives in email messages with varying subjects and spoofed From: addresses. (19/02/2004)

AL-2004.03 -- "Police investigation" Fraudulent E-mail and Malicious Web Site - AusCERT has become aware of an e-mail with the subject "Police investigation" circulating in Australia and overseas which is used to entice the reader to visit a malicious web site. This web site contains executable Java code which will install a trojan keylogging program. (16/02/2004)

AL-2004.02 -- Email worm W32/Mydoom@MM (W32.Novarg.A@mm) - AusCERT has become aware of a new mass-mailer worm that arrives in email messages with varying subjects and spoofed From addresses. (27/01/2004)

AL-2004.01 -- Email worm W32.Beagle.A/Win32.Bagle.A - AusCERT has become aware of a new mass-mailer worm (Beagle/Bagle) that is causing disruption to regular traffic on Australian email servers. (19/01/2004)

AL-2003.24 -- rsync Security Advisory - The rsync team has received evidence that a vulnerability in rsync was recently used in combination with a Linux kernel vulnerability to compromise the security of a public rsync server. (05/12/2003)

AL-2003.23 -- Microsoft Workstation Service Buffer Overflow - Microsoft has released Security Bulletin MS03-049 to address a serious buffer overflow vulnerability in the Microsoft Workstation service. The Workstation service is responsible for handling remote connections between computers and network resources such as fileservers or networked printers. (12/11/2003)

AL-2003.22 -- Vulnerability in Microsoft Windows Messenger Service - There is a overflow flaw in the Windows "Messenger Service" which is enabled by default on all Windows NT, Windows 2000, and Windows XP desktops and servers. (16/10/2003)

AL-2003.21 -- Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (829436) - A security vulnerability exists in Microsoft Exchange Server that could allow an unauthenticated attacker to execute arbitrary code or cause a denial of service. (16/10/2003)

AL-2003.20 -- Microsoft RPC Race Condition Denial of Service - Another vulnerability has been discovered in Microsoft RPC (DCOM) services which is not patched by MS03-026 or MS03-039. Publicly available exploit code, which expands upon that described in AU-2003.014, has been released which exploits this vulnerability. (15/10/2003)

AL-2003.19 -- Cumulative Patch for Internet Explorer (828750) - This security bulletin provides information regarding a patch for all previous and two newly discovered vulnerabilities Internet Explorer 5.01, 5.5 and 6.0. This bulletin is being released as an AusCERT Alert due to the severity and current exploitation of these vulnerabilities. (05/10/2003)

AL-2003.18 -- Vulnerability Issues in Implementations of the TLS and SSL Protocols - The vulnerabilities described in this advisory affect the TLS and SSL protocols, which are typically used to provide security services to a range of Internet application protocols and in support of web and email applications. (30/09/2003)

AL-2003.17 -- Sendmail prescan() buffer overflow vulnerability - New sendmail buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code (potentially as root) or cause a denial of service. (18/09/2003)

AL-2003.16 -- Buffer Management Vulnerability in OpenSSH - Sites running OpenSSH prior to 3.7, and any implementations of code derived from OpenSSH prior to 3.7, to evaluate their exposure to this vulnerabilities and to apply the vendor patches, and/or network filters as deemed necessary. (17/09/2003)

AL-2003.15 -- Buffer Overrun In RPCSS Service Could Allow Code Execution (824146) - Three newly discovered vulnerabilities in the Windows RPC service could allow remote attackers to execute arbitrary code with Local System privileges. The patch in this bulletin supersedes the patch from the Microsoft bulletin MS03-026. (11/09/2003)

AL-2003.04 -- Increase in fraudulent activity targeting users of online banking and electronic payment sites - AusCERT has received a significant increase in numbers of reports of scams targeting online banking and electronic payment sites. This AusCERT Alert details these scams and provides some mitigation strategies. (21/08/2003)

AL-2003.14 -- Mass-mailing virus/worm W32/Sobig.F-mm - W32/Sobig.F-mm affecting organisations and users Australia-wide. (20/08/2003)

AL-2003.13 -- Remote root vulnerability in wu-ftpd - A buffer overflow vulnerability has been discovered in the Washington University FTP daemon: wu-ftpd. (01/08/2003)

AL-2003.12 -- Cisco IOS Interface Blocked by IPv4 Packet - A vulnerability has been discovered in Cisco IOS (Internetwork Operating System) Software. This vulnerability potentially allows an attacker to send a specially crafted IPv4 packet directly to a routers interface to cause a DoS (Denial of Service). (17/07/2003)

AL-2003.11 -- Buffer Overrun In RPC Interface Could Allow Code Execution (Q823980) - The potential impact resulting from an attack involving successful exploitation of this vulnerability is considered to be critical. A successful compromise would result in the attacker having full Local System privileges. (17/07/2003)

AL-2003.10 -- W32/BUGBEAR.B@MM virus spreading rapidly - There is a new variant of the BUGBEAR virus spreading rapidly. This new incarnation is known as BUGBEAR.B and has similar capabilities as the original variant BUGBEAR, although BUGBEAR.B can infect specific executable files and is polymorphic in nature. (06/06/2003)

AL-2003.09 -- Cumulative Patch for Internet Explorer (818529) - This is a cumulative patch that includes the functionality of all previously released patches for Internet Explorer 5.01, 5.5 and 6.0. In addition, it eliminates two newly discovered vulnerabilities which could allow a remote attacker to execute arbitrary code on a vulnerable computer. (05/06/2003)

AL-2003.08 -- Unchecked Buffer In Windows Component Could Cause Server Compromise (815021) - A security vulnerability is present in a core component of Windows NT/2000/XP. An attacker could exploit this vulnerability to cause the server to fail or to execute code of the attacker's choice. (29/05/2003)

AL-2003.07 -- "Fizzer" Worm Increased Activity - AusCERT is currently monitoring a malicious new email worm. Dubbed "Fizzer", this virus spreads via e-mail and the Kazaa peer-to-peer file-sharing network. (13/05/2003)

AL-2003.06 -- Security bugfix for Samba - A vulnerability has been discovered in Samba, that if exploited correctly, leads to an anonymous user gaining root access on a Samba serving system. All versions of Samba up to and including Samba 2.2.8 are vulnerable. An active exploit of the bug has been reported in the wild. (08/04/2003)

AL-2003.05 -- Buffer Overflow in Sendmail - There is a vulnerability in sendmail that can be exploited to cause a denial-of-service condition and could allow a remote attacker to execute arbitrary code with the privileges of the sendmail daemon, typically root. (30/03/2003)


Previous  1, 2, 3 ... 15, 16, 17, 18  Next denotes AusCERT member only content.