The Most Critical New Vulnerabilities Discovered or Patched During the First Quarter of 2005
May 2, 2005
Principal Investigator: Rohit Dhamankar
Co-investigators: Gerhard Eschelbeck, Marcus Sachs, Johannes Ullrich [SANS]
The SANS Top20 Internet Security Vulnerabilities (www.sans.org/top20) is an annual consensus effort of leading information security organizations around the world. In 2004, the United Kingdom’s NISCC hosted the announcement of the 2004 Top20 with the direct support of the US White House and Public Safety and Emergency Preparedness Canada.
Thousands of organizations rely on the Top20 to help set priorities for what needs to be fixed first. However, since new Internet threats are discovered daily, user organizations that rely on the Top20 as a list of high priority threats have been asking for more frequent updates.
On May 2, 2005, the sponsors of the Top20 project released the first installment in a new program of quarterly updates to the Top20. It updates the annual Top20 and provides an additional roadmap to the new vulnerabilities that must be eliminated in any Internet-connected organization.
The list below summarizes the most critical new vulnerabilities discovered during the first quarter of 2005 by vendor.
Following the brief list, the critical new vulnerabilities are grouped by the vulnerability categories employed in the 2004 Top20 announcement, and summarized with a brief assessment of the impact of exploiting the vulnerabilities and pointers to more detailed information.