exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

alien_os.html

alien_os.html
Posted Aug 17, 1999

CERT Advisory: ID4 Virus - Alien/OS

tags | virus
systems | unix
SHA-256 | cb173b5b70800468b20de13531a43711d912cc4ed570ee6e7ea766b992d42ef6

alien_os.html

Change Mirror Download
<!DOCTYPE HTML PUBLIC "html.dtd">
<HTML>
<HEAD>
<TITLE> ATTRITION Advisory Archive</TITLE>
</HEAD>
<BODY BGCOLOR="#000000" VLINK="#C0C0C0" TEXT="#FFFFFF" LINK="#FF0000" ALINK="#FF0000">
<PRE>

Subject: CERT Advisory CA-96.13 - Alien/OS Vulnerability
From: CERT Bulletin
Newsgroups: comp.security.announce, rec.humor
Message-ID: 4rshfm$cfe@brando.ece.utexas.edu
Date: 8 Jul 1996 21:51:34 -0500

CERT(sm) Advisory CA-96.13

July 4, 1996

Topic: ID4 virus, Alien/OS Vulnerability

----------------------------------------------------------------------------
The CERT Coordination Center has received reports of weaknesses in Alien/OS
that can allow species with primitive information sciences technology to
initiate denial-of-service attacks against MotherShip(tm) hosts. One report
of exploitation of this bug has been received.

When attempting takeover of planets inhabited by such races, a trojan horse
attack is possible that permits local access to the MotherShip host,
enabling the implantation of executable code with full root access to
mission-critical security features of the operating system.

The vulnerability exists in versions of EvilAliens' Alien/OS 34762.12.1 or
later, and all versions of Microsoft's Windows/95. CERT advises against
initiating further planet takeover actions until patches are available from
these vendors. If planet takeover is absolutely necessary, CERT advises that
affected sites apply the workarounds as specified below.

As we receive additional information relating to this advisory, we will
place it in

ftp://info.cert.org/pub/cert_advisories/CA-96.13.README

We encourage you to check our README files regularly for updates on
advisories that relate to your site.

----------------------------------------------------------------------------

I. Description

Alien/OS contains a security vulnerability, which strangely enough can be
exploited by a primitive race running Windows/95. Although Alien/OS has been
extensively field tested over millions of years by EvilAliens, Inc., the bug
was only recently discovered during a routine invasion of a backwater
planet. EvilAliens notes that the operating system had never before been
tested against a race with "such a kick-ass president."

The vulnerability allows the insertion of executable code with root access
to key security features of the operating system. In particular, such code
can disable the NiftyGreenShield (tm) subsystem, allowing child processes to
be terminated by unauthorized users.

Additionally, Alien/OS networking protocols can provide a low-bandwidth
covert timing channel to a determined attacker.

II. Impact

Non-privileged primitive users can cause the total destruction of your
entire invasion fleet and gain unauthorized access to files.

III. Solution

EvilAliens has supplied a workaround and a patch, as follows:

A. Workaround

To prevent unauthorized insertion of executables, install a firewall to
selectively vaporize incoming packets that do not contain valid aliens.
Also, disable the "Java" option in Netscape.

To eliminate the covert timing channel, remove untrusted hosts from
routing tables. As tempting as it is, do not use target species' own
satellites against them.

B. Patch

As root, install the "evil" package from the distribution tape.

(Optionally) save a copy of the existing /usr/bin/sendmail and modify
its permission to prevent misuse.

----------------------------------------------------------------------------
The CERT Coordination Center thanks Jeff Goldblum and Fjkxdtssss for
providing information for this advisory.
----------------------------------------------------------------------------
If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in the Forum of Incident Response
and Security Teams (FIRST).

We strongly urge you to encrypt any sensitive information you send by email.
The CERT Coordination Center can support a shared DES key and PGP. Contact
the CERT staff for more information.

Location of CERT PGP key
ftp://info.cert.org/pub/CERT_PGP.key

CERT Contact Information
------------------------
Email cert@cert.org

Phone +1 412-268-7090 (24-hour hotline)
CERT personnel answer 8:30-5:00 p.m. EST
(GMT-5)/EDT(GMT-4), and are on call for
emergencies during other hours.

Fax +1 412-268-6989

Postal address
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
USA

CERT publications, information about FIRST representatives, and other
security-related information are available for anonymous FTP from
http://www.cert.org/
ftp://info.cert.org/pub/

CERT advisories and bulletins are also posted on the USENET newsgroup
comp.security.announce

To be added to our mailing list for CERT advisories and bulletins, send
your email address to
cert-advisory-request@cert.org

Copyright 1996 Carnegie Mellon University
This material may be reproduced and distributed without permission provided
it is used for noncommercial purposes and the copyright statement is
included.

CERT is a service mark of Carnegie Mellon University.
----------------------------------------------------------------------------
Auswege: Humor im Internet, meine Homepage.
Links: Humor on the Internet, my homepage.
----------------------------------------------------------------------------
Thomas Bätzler, Herrenstr. 62, 76133 Karlsruhe, bath0011@fh-karlsruhe.de

$Id: alien_os.html,v 1.1 1996/10/29 03:01:02 thb Exp thb $

</PRE>
</BODY>
</HTML>


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close