exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

fedcirc.98.16.txt

fedcirc.98.16.txt
Posted Sep 23, 1999

fedcirc.98.16.txt

SHA-256 | 1f20977368fd18fe9e3b134f89ced4938eb8802aec9e6342130991095ac7cad4

fedcirc.98.16.txt

Change Mirror Download
******************************************************************************
------ ----- ----- --- -----
| ----- ---- | | | | |
|--- | | | | | | | |
| |-- | | | | |-- |
| | | | | | | \ |
| ----- ---- ----- ----- | \ -----

A D V I S O R Y

FA-98.16
******************************************************************************
Topic: CERT Summary CS-98.03
Source: CERT/CC

Creation Date: March 10, 1998
Last Updated:


To aid in the wide distribution of essential security information,
FedCIRC is forwarding the following information from CERT/CC Summary
CS-98.03. FedCIRC urges you to act on this information as soon as possible.

If you have any questions, please contact FedCIRC:

Telephone: +1 888 282 0870
Email: fedcirc@fedcirc.gov



=======================FORWARDED TEXT STARTS HERE============================

-----BEGIN PGP SIGNED MESSAGE-----

- ---------------------------------------------------------------------------
CERT* Summary CS-98.03
March 10, 1998

The CERT Coordination Center periodically issues the CERT Summary to
draw attention to the types of attacks currently being reported to our
Incident Response Team. The summary includes pointers to sources of
information for dealing with the problems. We also list new or updated
files that are available for anonymous FTP from
ftp://ftp.cert.org/pub/

Past CERT Summaries are available from
ftp://ftp.cert.org/pub/cert_summaries/
- ---------------------------------------------------------------------------

Recent Activity
- ---------------
Since the last regularly scheduled CERT Summary issued in December 1997
(CS-97.06), we have seen these continuing trends in incidents reported to us.

1. Root Compromises and Network Sniffers

We continue to receive daily reports of UNIX systems that have suffered a
root compromise. Many of these compromises can be traced to systems that
are unpatched or misconfigured, on which the intruders exploit well-known
vulnerabilities for which CERT advisories have been published. On many
root-compromised systems, the intruders also install packet sniffers to
collect account names and passwords on other systems. (The packet sniffers
are frequently installed as part of several widely available intruder
toolkits that also replace common system files with Trojan horse programs.)

For information about recovering from a UNIX root compromise, see

ftp://ftp.cert.org/pub/tech_tips/root_compromise

To learn about methods for detecting intruders' packet sniffers and Trojan
horse programs, see

http://www.cert.org/pub/advisories/CA-94.01.ongoing.network.monitoring.attacks.html
or ftp://ftp.cert.org/pub/cert_advisories/CA-94:01.network.monitoring.attacks


2. Large-Scale Scanning and Attacks

We have been receiving reports of large-scale scanning of hosts on the
Internet, where intruders are using automated programs to identify systems
that are running vulnerable services. In one incident reported to the
CERT/CC, more than 250,000 hosts were scanned. Many of these scans have led
to root compromises on systems that were not patched against various
well-known problems that have been addressed in previous CERT advisories.

In recent months, the most commonly reported types of intruder scanning
and exploitation attacks continue to be against IMAP and rpc-statd
services.

A. IMAP Attacks

We continue to receive reports of IMAP attacks, as mentioned in previous
CERT Summaries (CS-98.01, CS-97.06, and CS-97.04). These reports show that
intruders are still launching large-scale, automated scans against many
networks, identifying potentially vulnerable systems.

Any system that is running a vulnerable version of certain implementations
of IMAP servers may allow an intruder to gain root-level access on that
vulnerable host.

We encourage you to check for the IMAP vulnerability and take immediate
action to address the problem. For related information, see

http://www.cert.org/pub/advisories/CA-97.09.imap_pop.html
or ftp://ftp.cert.org/pub/cert_advisories/CA-97.09.imap_pop

ftp://ftp.cert.org/pub/cert_summaries/CS-97.04

ftp://ftp.cert.org/pub/cert_summaries/CS-97.06

B. rpc-statd Attacks

We are also receiving reports of attacks involving a vulnerability in
rpc.statd (also known as statd on some systems), as mentioned in CERT
Summary CS-98.01 - SPECIAL EDITION. This vulnerability can allow an
intruder to gain root access.

For related information, see CERT Advisory CA-97.26 and CERT Summary
CS-98.01:

http://www.cert.org/pub/advisories/CA-97.26.statd.html
or ftp://ftp.cert.org/pub/cert_advisories/CA-97.26.statd

ftp://ftp.cert.org/pub/cert_summaries/CS-98.01


3. Denial-of-Service Attacks

We are still receiving daily reports of various types of denial-of-service
attacks.

You can find information about protecting your systems against several common
types of denial-of-service attacks in the following documents:

ftp://ftp.cert.org/pub/tech_tips/denial_of_service

ftp://ftp.cert.org/pub/cert_summaries/CS-98.02

http://www.cert.org/pub/advisories/CA-98.01.smurf.html
or ftp://ftp.cert.org/pub/cert_advisories/CA-98.01.smurf

http://www.cert.org/pub/advisories/CA-97.28.Teardrop_Land.html
or ftp://ftp.cert.org/pub/cert_advisories/CA-97.28.Teardrop_Land

http://www.cert.org/pub/advisories/CA-96.26.ping.html
or ftp://ftp.cert.org/pub/cert_advisories/CA-96.26.ping

http://www.cert.org/pub/advisories/CA-96.21.tcp_syn_flooding.html
or ftp://ftp.cert.org/pub/cert_advisories/CA-96.21.tcp_syn_flooding

http://www.cert.org/pub/advisories/CA-96.01.UDP_service_denial.html
or ftp://ftp.cert.org/pub/cert_advisories/CA-96.01.UDP_service_denial

We encourage you to read the above documents and apply the appropriate vendor
patches. We also encourage you to consider implementing router filters to
reduce your site's exposure to certain types of attacks.

A. More Denial-of-Service Attacks Targeting Windows 95/NT Machines

This section is a follow-up to the information provided in the Special
Edition CERT Summary released on March 4. This document is available at

ftp://ftp.cert.org/pub/cert_summaries/CS-98.02

We have received reports of sites continuing to experience "teardrop2"
denial-of-service attacks targeted at multiple hosts. Again, we encourage
you to install the appropriate patches to minimize the effect of this
attack.

Microsoft has released a new "Security Bulletin" addressing network
denial-of-service attacks. This bulletin contains pointers to Windows NT
hotfixes and a Windows 95 update which patch vulnerable machines. The
bulletin is available from the Microsoft security web site at

http://www.microsoft.com/security/netdos.htm


New Location of "New Additions" and "Updated Files" Information
- ---------------------------------------------------------------
Before we publish the next regular issue of the CERT Summary, we will have a
"What's New" page on our Web site at

http://www.cert.org/

On this page we'll highlight new documents we've made available as well as
noteworthy document updates.

As a result, this is the last time we will include the "New Additions" and
"Updated Files" sections in the CERT Summary.



What's New in the CERT FTP Archive and Web Site
- -----------------------------------------------
We have made the following changes to our FTP and Web sites since the last
regularly scheduled CERT Summary (December 1, 1997).

* New Additions

http://www.cert.org/pub/advisories/index.html
ftp://ftp.cert.org/pub/cert_advisories/

CA-97.26.statd Reports a vulnerability that
exists in the statd(1M)
program, available on a
variety of UNIX platforms.

CA-97.27.FTP_bounce Discusses the use of the PORT
command in the FTP protocol.

CA-97.28.Teardrop_Land Reports on two IP
denial-of-service attacks.

CA-98.01.smurf Describes the "smurf" IP
denial-of-service attacks. The
attack described in this
advisory is different from the
denial-of-service attacks
described in CERT advisory
CA-97.28.

CA-98.02.CDE Reports several
vulnerabilities in some
implementations of the Common
Desktop Environment (CDE).

CA-98.03.ssh-agent Details a vulnerability in the
SSH cryptographic login
program.

CA-98.04.Win32.WebServers Reports an exploitation
involving long file names on
Microsoft Windows-based web
servers.


ftp://ftp.cert.org/pub/cert_bulletins/

VB-97.15.nis_cachemgr Addresses a vulnerability that
allows attackers to specify
rogue NIS+ servers that are
under their control.

VB-97.16.CrackLib Describes a weakness in a
published version of CrackLib
(v2.5, dated 1993) that could
lead to a compromise of system
privileges.

VB-98.01.excite Discusses a security hole that
could allow a malicious user
of the software to execute
shell commands on the the host
system on which EWS has been
installed.

VB-98.02.apache Describes several possible
security issues that have been
discovered during an internal
security review of the Apache
source code.


ftp://ftp.cert.org/pub/cert_summaries/

CS-98.01 Highlights increasing attacks
involving a vulnerability in
rpc.statd, also known as statd
on some systems.

CS-98.02 Describes denial-of-service
attacks targeting a
vulnerability in the Microsoft
TCP/IP stack.


ftp://ftp.cert.org/pub/tools/cracklib/

cracklib26_small.diff

cracklib26_small.tgz


http://www.cert.org/pub/reports.html

Annual Report 1997 CERT/CC 1997 Annual Report
(Summary)

Security of the Internet Article written by the CERT/CC
staff for The Froehlich/Kent
Encyclopedia of
Telecommunications vol. 15


* Updated Files

http://www.cert.org/pub/advisories/index.html
ftp://ftp.cert.org/pub/cert_advisories/

CA-96.08.pcnfsd Added information for NCR
Corporation.

CA-96.09.rpc.statd Added information for NCR
Corporation.

CA-96.14.rdist_vul Updated information for NCR
Corporation.

CA-96.26.ping Updated information for NCR
Corporation.

CA-97.03.csetup Added information for Data
General.

CA-97.06.rlogin-term Added information for NCR
Corporation.

CA-97.09.imap_pop Updated information for Sun
Microsystems, Inc.

CA-97.11.libXt Updated information for Data
General Corporation. Added
information for Silicon
Graphics, Inc.

CA-97.16.ftpd Added information for NCR
Corporation.

CA-97.17.sperl Added information for NCR
Corporation.

CA-97.18.at Updated information for
Silicon Graphics, Inc.

CA-97.21.sgi_buffer_overflow Updated information for
Silicon Graphics, Inc.

CA-97.23.rdist Updated information for NCR
Corporation.

CA-97.25.CGI_metachar Updated tech tip and removed
Appendix A.

CA-98.03.ssh-agent In Updates section, described
two cases in which the
vulnerability is present.


ftp://ftp.cert.org/pub/tech_tips/

cgi_metacharacters Updated information.

FTP_PORT_attacks Updated information.



- ---------------------------------------------------------------------------
How to Contact the CERT Coordination Center

Email cert@cert.org

Phone +1 412-268-7090 (24-hour hotline)
CERT personnel answer 8:30-5:00 p.m. EST (GMT-5)/EDT(GMT-4),
Monday-Friday, and are on call for emergencies during other
hours.

Fax +1 412-268-6989

Postal address
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
USA

To be added to our mailing list for CERT advisories and bulletins, send your
email address to
cert-advisory-request@cert.org
In the subject line, type
SUBSCRIBE your-email-address

CERT advisories and bulletins are posted on the USENET news group
comp.security.announce

CERT publications, information about FIRST representatives, and other
security-related information are available for anonymous FTP from
http://www.cert.org/
ftp://ftp.cert.org/pub/

If you wish to send sensitive incident or vulnerability information to CERT
staff by electronic mail, we strongly advise you to encrypt your message.
We can support a shared DES key or PGP. Contact the CERT staff for more
information.

Location of CERT PGP key
ftp://ftp.cert.org/pub/CERT_PGP.key

- ---------------------------------------------------------------------------

Copyright 1998 Carnegie Mellon University. Conditions for use, disclaimers,
and sponsorship information can be found in
http://www.cert.org/legal_stuff.html and ftp://ftp.cert.org/pub/legal_stuff .
If you do not have FTP or web access, send mail to cert@cert.org with
"copyright" in the subject line.

* CERT is registered in the U.S. Patent and Trademark Office.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNQWAVnVP+x0t4w7BAQHzNQP9EmDSMKFwRsLQkX7rsxRDYnMmOHkUAUve
O107MYkhmeBBKn0P9G37wSvAhdxeqMJ7wgvVINIYEkG7DBwapBd325VS589E2dmL
r5ZLqt6cr7O7Ji3pCGVys4Xw957uMMst9BnyT3pNySBeZBX/3lc3VCxXnGUu3nX9
rzW9DUOGDJY=
=EiP3
-----END PGP SIGNATURE-----


========================FORWARDED TEXT ENDS HERE=============================

The National Institute of Standards and Technology (NIST) has
established a Federal Computer Incident response Capability (FedCIRC)
to assist federal civilians agencies in their incident handling
efforts by providing proactive and reactive computer security related
services. FedCIRC is a partnership among NIST, the Computer Incident
Advisory Capability (CIAC), and the CERT* Coordination Center
(CERT/CC).

If you believe that your system has been compromised, please contact
FedCIRC:

Telephone: +1 888 282 0870
Email: fedcirc@fedcirc.gov
Web Server: http://www.fedcirc.gov/

* Registered in U.S. Patent and Trademark Office

The CERT Coordination Center is part of the Software Engineering
Institute. The Software Engineering Institute is sponsored by the
U.S. Department of Defense.

CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.

This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close