CS-96.01
6086577dbb6e4281f529085f8183b578b3168a0c12b5971c203a96395d1f0618
-----BEGIN PGP SIGNED MESSAGE-----
- ---------------------------------------------------------------------------
CERT(*) Summary CS-96.01
January 23, 1996
Last Revised: October 2, 1997
Updated copyright statement
The CERT Coordination Center periodically issues the CERT Summary to
draw attention to the types of attacks currently being reported to our
strategic incident response staff. The summary includes pointers to
sources of information for dealing with the problems. We also list new
or updated files that are available for anonymous FTP from
ftp://info.cert.org/pub/
Past CERT Summaries are available from
ftp://info.cert.org/pub/cert_summaries/
- ---------------------------------------------------------------------------
Recent Activity
- ---------------
In the last two months we have seen the same types of activity that we
described in the CERT advisory CA-95:18 Widespread Attacks on Internet
Sites. If you have not yet taken steps to protect your site against
the activities described below, we urge you to do so as soon as
possible.
Description
Intruders are doing the following:
- using automated tools to scan sites for NFS and NIS vulnerabilities
- exploiting the rpc.ypupdated vulnerability to gain root access
- exploiting the loadmodule vulnerability to gain root access
- installing Trojan horse programs and packet sniffers
- launching IP spoofing attacks
Solution
The CERT staff urges you to immediately take the steps described in
the advisories referenced below. Note that it is important to
periodically recheck these files as they contain updated
information received after the advisory was published.
a. Using automated tools to scan sites for NFS and NIS vulnerabilities
* CA-94:15.NFS.Vulnerabilities
* CA-92:13.SunOS.NIS.vulnerability
b. Exploiting the rpc.ypupdated vulnerability to gain root access
* CA-95:17.rpc.ypupdated.vul
c. Exploiting the loadmodule vulnerability to gain root access
* CA-93:18.SunOS.Solbourne.loadmodule.modload.vulnerability
* CA-95:12.sun.loadmodule.vul
d. Installing Trojan horse programs and packet sniffers
* CA-94:01.ongoing.network.monitoring.attacks
e. Launching IP spoofing attacks
* CA-95:01.IP.spoofing
The CERT advisories are available from
ftp://info.cert.org/pub/cert_advisories
What's New in the CERT FTP Archive
- ----------------------------------
We have made the following changes since the last CERT Summary (November 28,
1995).
* New Additions
ftp://info.cert.org/pub/
Sysadmin_Tutorial.announcement (This CERT course will be given
four times this year in Pittsburgh,
Pennsylvania, USA.)
ftp://info.cert.org/pub/cert_advisories/
CA-95:16.wu-ftpd.vul
CA-95:17.rpc.ypupdated.vul
CA-95:18.widespread.attacks
ftp://info.cert.org/pub/cert_bulletins/
VB-95:10.elm
VB-95:10a.elm (listed additional FTP sites)
* Updated Files
ftp://info.cert.org/pub/
cert_faq
ftp://info.cert.org/pub/cert_advisories/
CA-95:13 (syslog - added info from Digital Equipment)
CA-95:15 (SGI lp - added info)
CA-95:16 (wu-ftpd - added clarification and Solaris 2.4 info)
CA-95:17 (rpc.ypupdated - added vendor info for Digital & HP)
ftp://info.cert.org/pub/tech_tips/
AUSCERT_checklist1.1 (replaced AUSCERT checklist version 1.0)
- ---------------------------------------------------------------------------
How to Contact the CERT Coordination Center
Email cert@cert.org
Phone +1 412-268-7090 (24-hour hotline)
CERT personnel answer 8:30-5:00 p.m. EST
(GMT-5)/EDT(GMT-4), and are on call for
emergencies during other hours.
Fax +1 412-268-6989
Postal address
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
USA
To be added to our mailing list for CERT advisories and bulletins, send your
email address to
cert-advisory-request@cert.org
CERT advisories and bulletins are posted on the USENET news group
comp.security.announce
If you wish to send sensitive incident or vulnerability information to CERT
staff by electronic mail, we strongly advise you to encrypt your message.
We can support a shared DES key or PGP. Contact the CERT staff for more
information.
Location of CERT PGP key
ftp://info.cert.org/pub/CERT_PGP.key
- ------------------------------------------------------------------------------
Copyright 1996 Carnegie Mellon University. Conditions for use, disclaimers,
and sponsorship information can be found in
http://www.cert.org/legal_stuff.html and ftp://ftp.cert.org/pub/legal_stuff .
If you do not have FTP or web access, send mail to cert@cert.org with
"copyright" in the subject line.
CERT is registered in the U.S. Patent and Trademark Office.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Revision History:
Oct 02, 1997 Updated copyright history
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNDgBpHVP+x0t4w7BAQEkVwP/W9/mjYa62uSrjTUUoFFjRmKffjNlcWnx
vN0qkXKPdGHOMU0RMC2f48bkUveoCgphCWVHfMfFKG4gEVsjC0rSfDXdaTWOe78g
XwPeHh0hwzmAxTI+crqeviGnnxc/hLJWdMbUq206tb4cQtpjRpEcy26CVePt3s2f
6gK6u46IHq8=
=6mqK
-----END PGP SIGNATURE-----