what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

CS-2000-02

CS-2000-02
Posted Jun 1, 2000

CERT Quarterly Hacker Activity Summary CS-2000-02 - The BIND "NXT bug" continues to be exploited every day. Kerberos services are a new popular remote root target. Many denial of service packet flood attacks are now being bounced off of nameservers. CERT keeps track of current hacker activity here.

tags | remote, denial of service, root
SHA-256 | 6c4ed9066fbdba4cde964f576c93812864bee03cb271ff07cb87bba6f263fec5

CS-2000-02

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CERT Summary CS-2000-02

May 31, 2000

Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT
Summary to draw attention to the types of attacks reported to our
incident response team, as well as other noteworthy incident and
vulnerability information. The summary includes pointers to sources of
information for dealing with the problems.

Past CERT summaries are available from
http://www.cert.org/summaries/
______________________________________________________________________

Recent Activity

Since the last regularly scheduled CERT summary, issued in February
(CS-2000-01), we have published information on buffer overflows in
Kerberos authenticated services, improper validation of SSL sessions
in Netscape Navigator, the Love Letter Worm, denial-of-service attacks
using nameservers, and the exploitation of unprotected Windows shares.
We also continue to receive a large number of reports of machines
compromised by exploiting vulnerabilities in BIND.

1. Multiple Vulnerabilities in BIND

We continue to receive daily reports of systems being root
compromised via one of the vulnerabilities in BIND. The "NXT bug"
described in advisory CA-99-14 is being exploited to gain root
access to systems running vulnerable versions of BIND. This
activity has been ongoing and constant since late last year. Sites
are strongly encouraged to follow the advice contained in CA-99-14
and CA-2000-03 to protect systems running BIND nameservers.

CERT Advisory CA-2000-03
Continuing Compromises of DNS servers
http://www.cert.org/advisories/CA-2000-03.html

CERT Advisory CA-99-14
Multiple Vulnerabilities in BIND
http://www.cert.org/advisories/CA-99-14-bind.html

2. Multiple Buffer Overflows in Kerberos Authenticated Services

There are several buffer overflow vulnerabilities in the Kerberos
authentication software. The most severe vulnerability allows
remote intruders to gain root privileges on systems running
services using Kerberos authentication. If vulnerable services are
enabled on the Key Distribution Center (KDC) system, the entire
Kerberos domain may be compromised. For more details and vendor
information, see

CERT Advisory CA-2000-06
Multiple Buffer Overflows in Kerberos Authenticated Services
http://www.cert.org/advisories/CA-2000-06.html

3. Netscape Navigator Improperly Validates SSL Sessions

The ACROS Security Team of Slovenia recently discovered a flaw in
the way Netscape Navigator validates SSL sessions. Attackers can
trick users into disclosing information intended for a legitimate
web site, even if that web site uses SSL to authenticate and
secure transactions.

CERT Advisory CA-2000-05
Netscape Navigator Improperly Validates SSL Sessions
http://www.cert.org/advisories/CA-2000-05.html

4. Love Letter Worm

The "Love Letter" worm is a malicious VBScript program which
spreads in a variety of ways. As of 5:00 pm EDT(GMT-4) on May 8,
2000, the CERT/CC Coordination Center had received reports from
more than 650 individual sites indicating more than 500,000
individual systems were affected. In addition, we had several
reports of sites suffering considerable network degradation as a
result of mail, file, and web traffic generated by the "Love
Letter" worm. Despite several variations being found in the wild,
reports indicate that activity related to the Love Letter worm has
subsided. Information about the worm can be found in

CERT Advisory CA-2000-04
Love Letter Worm
http://www.cert.org/advisories/CA-2000-04.html

5. Denial-of-Service Attacks Using Nameservers

We have received a number of reports of intruders using
nameservers to execute packet flooding denial-of-service attacks,
which are described in a CERT incident note:

CERT Incident Note IN-2000-04
Denial of Service Attacks Using Nameservers
http://www.cert.org/incident_notes/IN-2000-04.html

6. Exploitation of Unprotected Windows Shares

Intruders are actively exploiting Windows networking shares that
are made available for remote connections across the Internet.
This is not a new problem, but the potential impact on the overall
security of the Internet is increasing. Unprotected Windows shares
allow worms like network.vbs (IN-2000-02) or the 911 Worm
(IN-2000-03) to spread. Exploitation may also lead to the
installation of Windows based DDoS agents (IN-2000-01). Here are
the URLs for information on these problems.

CERT Incident Note IN-2000-03
911 Worm
http://www.cert.org/incident_notes/IN-2000-03.html

CERT Incident Note IN-2000-02
Exploitation of Unprotected Windows Shares
http://www.cert.org/incident_notes/IN-2000-02.html

CERT Incident Note IN-2000-01
Windows Based DDoS Agents
http://www.cert.org/incident_notes/IN-2000-01.html
______________________________________________________________________

New Windows Security Tech Tips

The CERT/CC and AusCERT (Australian Computer Emergency Response Team)
jointly published the following tech tips addressing security issues
related to Microsoft Windows-based systems. These documents provide a
broad range of information about Windows 95, Windows 98, and Windows
NT security. Some of this information applies to UNIX systems as well.

Windows 95/98 Computer Security Information
http://www.cert.org/tech_tips/win-95-info.html

Windows NT Configuration Guidelines
http://www.cert.org/tech_tips/win_configuration_guidelines.html

Windows NT Security and Configuration Resources
http://www.cert.org/tech_tips/win-resources.html

Windows NT Intruder Detection Checklist
http://www.cert.org/tech_tips/win_intruder_detection_checklist.html

Steps for Recovering from a UNIX or NT System Compromise
http://www.cert.org/tech_tips/win-UNIX-system_compromise.html
______________________________________________________________________

"CERT/CC Channel"

The CERT/CC Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents and
vulnerabilities currently being reported to the CERT/CC. It is
available from

http://www.cert.org/channels/
______________________________________________________________________

"CERT/CC Current Activity" Web Page

The CERT/CC Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents and
vulnerabilities currently being reported to the CERT/CC. It is
available from

http://www.cert.org/current/current_activity.html

The information on the Current Activity page is reviewed and updated
as reporting trends change.
______________________________________________________________________

What's New and Updated

Since the last CERT summary, we have published new and updated
* Advisories
* Incident notes
* Tech tips/FAQs
* CERT/CC statistics
* Infosec Outlook newsletter
* Announcement of CERT Conference 2000
* Copies of Congressional testimony by our staff
* Security improvement implementations

There are descriptions of these documents and links to them on our
"What's New" web page at http://www.cert.org/nav/whatsnew.html
______________________________________________________________________

This document is available from:
http://www.cert.org/summaries/CS-2000-02.html
______________________________________________________________________

CERT/CC Contact Information

Email: cert@cert.org
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
Postal address:
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
U.S.A.

CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4)
Monday through Friday; they are on call for emergencies during other
hours, on U.S. holidays, and on weekends.

Using encryption

We strongly urge you to encrypt sensitive information sent by email.
Our public PGP key is available from

http://www.cert.org/CERT_PGP.key

If you prefer to use DES, please call the CERT hotline for more
information.

Getting security information

CERT publications and other security information are available from
our web site

http://www.cert.org/

To be added to our mailing list for advisories and bulletins, send
email to cert-advisory-request@cert.org and include SUBSCRIBE
your-email-address in the subject of your message.

* "CERT" and "CERT Coordination Center" are registered in the U.S.
Patent and Trademark Office.
______________________________________________________________________

NO WARRANTY
Any material furnished by Carnegie Mellon University and the Software
Engineering Institute is furnished on an "as is" basis. Carnegie
Mellon University makes no warranties of any kind, either expressed or
implied as to any matter including, but not limited to, warranty of
fitness for a particular purpose or merchantability, exclusivity or
results obtained from use of the material. Carnegie Mellon University
does not make any warranty of any kind with respect to freedom from
patent, trademark, or copyright infringement.
_________________________________________________________________

Conditions for use, disclaimers, and sponsorship information

Copyright 2000 Carnegie Mellon University.

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBOTV9Wlr9kb5qlZHQEQJqGQCfW/VC8YEk+mjYEJRUmiSrQtWj2uEAoLeF
Wpq42LPCZB05y8ZJNeLDhNrO
=D4z/
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close