exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

CS-96.06

CS-96.06
Posted Sep 23, 1999

CS-96.06

SHA-256 | f925dca73a4760d925c80dd185235247e2e963dce4570cf2fea5a089a519b0e1

CS-96.06

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------
CERT(*) Summary CS-96.6
November 26, 1996
Last Revised: October 2, 1997
Updated copyright statement

The CERT Coordination Center periodically issues the CERT Summary to
draw attention to the types of attacks currently being reported to our
Incident Response Team. The summary includes pointers to sources of
information for dealing with the problems. We also list new or updated
files that are available for anonymous FTP from
ftp://info.cert.org/pub/

Past CERT Summaries are available from
ftp://info.cert.org/pub/cert_summaries/
- ----------------------------------------------------------------------------


Recent Activity
- ---------------

Since the September CERT Summary, we have noticed these continuing trends
in incidents reported to us.

1. cgi-bin/phf Exploits

We continue to see frequent reports of attempts to exploit the vulnerability
in the CGI example program "phf". The phf program, which is installed by
default with several implementations of httpd servers, contains a weakness
that can allow intruders to execute arbitrary commands on the server. The
most common attack involves an attempt to retrieve the httpd server's
/etc/passwd file, and sample scripts for exploiting this vulnerability in phf
have been widely posted on the Internet.

While we are encouraged to see that the majority of the recently reported
attacks have failed (because the attacked sites had already removed the phf
program), the steady reports of continuing attacks indicate that these phf
exploits are still being widely attempted.

For more information about this vulnerability, see

ftp://info.cert.org/pub/cert_advisories/CA-96.06.cgi_example_code

For related information about protecting your password files, please see

ftp://info.cert.org/pub/tech_tips/passwd_file_protection


2. Continuing Linux Exploits

We continue to see incidents in which Linux machines have been the victims
of root compromises. In many of these incidents, the compromised systems
were unpatched or misconfigured, and the intruders exploited well-known
vulnerabilities for which CERT advisories have been published.

If you are running Linux, we strongly urge you to keep current with all
security patches and workarounds. If your system has been root compromised,
we also recommend that you review

ftp://info.cert.org/pub/tech_tips/root_compromise

Further, you may want to monitor the Linux newsgroups and mailing lists for
security patches and workarounds. More information can be found at

http://bach.cis.temple.edu/linux/linux-security/


- ----------------------------------
What's New in the CERT FTP Archive
- ----------------------------------
We have made the following changes since the last CERT Summary (September 24,
1996).

* New Additions

ftp://info.cert.org/pub/cert_advisories/

CA-96.22.bash_vuls Addresses two problems with the GNU
Project's Bourne Again SHell (bash):
one in yy_string_get() and one in
yy_readline_get().

CA-96.23.workman_vul Describes a vulnerability in the
WorkMan compact disc-playing program
that affects UNIX System V Release 4.0
and derivatives and Linux systems.

CA-96.24.sendmail.daemon.mode Addresses a vulnerability that allows
intruders to gain root
privileges. Includes patch and upgrade
information.



ftp://info.cert.org/pub/cert_bulletins/

VB-96.17.linux Linux Security FAQ Update from
Alexander Yuriev. Includes information
about a mount/umount vulnerability.

VB-96.18.sun Addresses vulnerabilities in the libc
and libnsl libraries of Solaris 2.5
(SunOS 5.5) and Solaris 2.5.1
(SunOS 5.5.1) from Sun Microsystems,
Inc. Includes patch information.


ftp://info.cert.org/pub/latest_sw_versions/

bash Added information on bash 1.14.7.

sendmail Added information on sendmail 8.8.3.



* Updated Files

ftp://info.cert.org/pub/

Sysadmin_Tutorial.announcement Added date of next course offering.


ftp://info.cert.org/pub/cert_advisories/

CA-94:01.ongoing.network.monitoring.attacks
Clarified introductory
information. Added a pointer to the
CERT tech tip on root compromises.

CA-95:02.binmail.vulnerabilities Removed Appendices B & C, which
contained outdated information. In
section B, added information that
mail.local is now part of
sendmail. Added a pointer to sendmail.

CA-96.09.rpc.statd Updated information from Silicon
Graphics Inc.

CA-96.20.sendmail_vul Added a pointer to CA-96.24.

CA-96.21.tcp_syn_flooding Revised second paragraph of
introduction for clarity. Added new
information for Silicon Graphics
Inc. (SGI), Berkeley Software Design,
Inc. (BSDI), Sun Microsystems, Inc.
Revised appendix information on
reserved private network
numbers. Added pointer to information
in ftp://info.cert.org/pub/vendors.

CA-96.22.bash_vuls Added Appendix A containing
information from IBM Corporation,
LINUX, and Silicon Graphics,
Inc. (SGI). Removed patch for problem
in yy_readline_get, as the problem
described for yy_string_get is not
exploitable for yy_readline_get.


ftp://info.cert.org/pub/tools/mail.local/

README Added information that mail.local is
now a part of sendmail. Added a
pointer to sendmail.


ftp://info.cert.org/pub/tools/sendmail/

sendmail.8.8.3.patch
sendmail.8.8.3.tar.Z
sendmail.8.8.3.tar.gz
sendmail.8.8.3.tar.sig


ftp://info.cert.org/pub/vendors/hp/

HP.contact_info Replaced instructions for subscribing
by email with the new URLs people must
use.


- ---------------------------------------------------------------------------
How to Contact the CERT Coordination Center

Email cert@cert.org

Phone +1 412-268-7090 (24-hour hotline)
CERT personnel answer 8:30-5:00 p.m. EST
(GMT-5)/EDT(GMT-4), and are on call for
emergencies during other hours.

Fax +1 412-268-6989

Postal address
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
USA

To be added to our mailing list for CERT advisories and bulletins, send your
email address to
cert-advisory-request@cert.org

CERT advisories and bulletins are posted on the USENET news group
comp.security.announce

CERT publications, information about FIRST representatives, and other
security-related information are available for anonymous FTP from
http://www.cert.org/
ftp://info.cert.org/pub/

If you wish to send sensitive incident or vulnerability information to CERT
staff by electronic mail, we strongly advise you to encrypt your message.
We can support a shared DES key or PGP. Contact the CERT staff for more
information.

Location of CERT PGP key
ftp://info.cert.org/pub/CERT_PGP.key

- ------------------------------------------------------------------------------

Copyright 1996 Carnegie Mellon University. Conditions for use, disclaimers,
and sponsorship information can be found in
http://www.cert.org/legal_stuff.html and ftp://ftp.cert.org/pub/legal_stuff .
If you do not have FTP or web access, send mail to cert@cert.org with
"copyright" in the subject line.

CERT is registered in the U.S. Patent and Trademark Office.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Revision History:

Oct 02, 1997 Updated copyright history

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNDgCFXVP+x0t4w7BAQH4kAP+MpxqZxWSPOsdIbNNnq+gCri7vzzFbyMq
spt1s0B1/3nOLXW9chKrjEVa+/ovCLR32ajiqX3or8jtoqZF7S7TwbGByg3//wyc
ICqoSNMoiny4A6KgSfxQ4H2UBF0nlDDRJwOTlC+w7WelnmWWlqrzSvqclOKB8llF
NDmVncj1oJs=
=Shb0
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close