CERT Summary CS-2000-03

   Aug 25, 2000
   
   Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT
   Summary to draw attention to the types of attacks reported to our
   incident response team, as well as other noteworthy incident and
   vulnerability information. The summary includes pointers to sources of
   information for dealing with the problems.
   
   Past CERT summaries are available from
   
   http://www.cert.org/summaries/
   ______________________________________________________________________
   
Recent Activity

   Since the last regularly scheduled CERT summary, issued in May
   (CS-2000-02), we have published information on a vulnerability in
   rpc.statd on Linux systems, several ActiveX controls, vulnerabilities
   in Outlook and Outlook Express, security considerations for using chat
   software, hidden file extensions, and vulnerabilities in many FTP
   daemons.
   
    1. Input Validation Vulnerability in rpc.statd

       We have begun receiving multiple daily reports of sites being
       root compromised via a recently discovered vulnerability in
       rpc.statd. These issues are described in CERT Advisory
       CA-2000-17
       
        CERT Advisory CA-2000-17, Input Validation Problem in rpc.statd
        http://www.cert.org/advisories/CA-2000-17.html
        
       We have received a number of reports that indicate that intruders
       are performing widespread scanning for this vulnerability and
       using toolkits to automate the compromise of vulnerable machines.

    2. Multiple Vulnerabilities in FTP daemons

       The CERT/CC continues to receive regular reports of intruders
       probing for and exploiting vulnerabilities in many FTP server
       implementations. Sites are strongly encouraged to follow the
       advice contained in CA-2000-13 to protect systems running FTP
       servers.
       
        CERT Advisory CA-2000-13, Two Input Validation Problems In FTPD
        http://www.cert.org/advisories/CA-2000-13.html
        
       Additionally, we receive daily reports from sites indicating that
       intruders are scanning large network blocks for vulnerable FTP
       servers.

    3. ActiveX Control Vulnerabilities

       Exploitations of a vulnerability in the Scriptlet.Typelib
       ActiveX control are discussed in CERT Incident Note
       IN-2000-06. This vulnerability allows local files to be created
       or modified, and is used in viruses such as Bubbleboy and kak.
       
        CERT Incident Note IN-2000-06, Exploitation of
        "Scriptlet.Typelib" ActiveX Control
        http://www.cert.org/incident_notes/IN-2000-06.html
        
       Additionally, information about a serious vulnerability in the
       HHCtrl ActiveX control was published in CERT Advisory CA-2000-12.
       This vulnerability could allow remote intruders to execute
       arbitrary code.
       
        CERT Advisory CA-2000-12, HHCtrl ActiveX Control Allows Local
        Files to be Executed
        http://www.cert.org/advisories/CA-2000-12.html
        
    4. Exploitation of Hidden File extensions

       Attackers have used a number of malicious programs to exploit
       the default behavior of Windows operating systems to hide file
       extensions from the user.  This behavior can be used to trick
       users into executing malicious code by making a file appear to
       be something it is not.
       
        CERT Incident Note IN-2000-07, Exploitation of Hidden File
        Extensions
  http://www.cert.org/incident_notes/IN-2000-07.html
        
    5. Outlook and Outlook Express Cache Bypass Vulnerability

       A vulnerability in Microsoft Outlook and Outlook Express that
       can allow a remote attacker to read certain types of files on
       the user's machine is detailed in CERT Advisory CA-2000-14.
       
        CERT Advisory CA-2000-14, Microsoft Outlook and Outlook
        Express Cache Bypass Vulnerability
        http://www.cert.org/advisories/CA-2000-14.html
        
    6. Chat Clients and Network Security

       CERT Incident Note IN-2000-08 outlines the security issues
       inherent in the use of chat client software. We have published
       this information in response to inquiries about the risks this
       type of software poses to an organization.
       
        CERT Incident Note IN-2000-08, Chat Clients and Network
  Security
  http://www.cert.org/incident_notes/IN-2000-08.html

   ______________________________________________________________________
   
Expiration of CERT PGP keys

   On September 30, 2000, the operational CERT PGP keys will expire.
   Sites using these keys should be prepared to update their keyrings.
   More information about the CERT PGP keys can be found at:
   
   http://www.cert.org/contact_cert/encryptmail.html
          
   The new PGP keys will also be available at this location when they are
   created.
   ______________________________________________________________________
   
"CERT/CC Channel"

   The CERT Coordination Center publishes an XML RSS 0.91 format file
   containing headlines about recently published CERT Advisories,
   Incident Notes, Vulnerability Notes, and Summaries. Using this RSS
   channel, Internet sites can automate creation of web site pointers to
   the latest computer security information from the CERT/CC.
   
   More information about the CERT/CC RSS channel can be found at
   
   http://www.cert.org/channels/
   ______________________________________________________________________
   
"CERT/CC Current Activity" Web Page

   The CERT/CC Current Activity web page is a regularly updated summary
   of the most frequent, high-impact types of security incidents and
   vulnerabilities currently being reported to the CERT/CC. It is
   available from
   
   http://www.cert.org/current/current_activity.html
       
   The information on the Current Activity page is reviewed and updated
   as reporting trends change.
   ______________________________________________________________________
   
What's New and Updated

   Since the last CERT summary, we have published new and updated
     * Advisories
     * Incident notes
     * Vulnerability notes
     * Tech tips/FAQs, including one on how the FBI investigates computer
       crimes
     * CERT/CC statistics
     * Infosec Outlook newsletter
     * Security improvement modules
     * Security improvement implementations
       
   There are descriptions of these documents and links to them on our
   "What's New" web page at
   http://www.cert.org/nav/whatsnew.html
   ______________________________________________________________________
   
   This document is available from:
   http://www.cert.org/summaries/CS-2000-03.html
   ______________________________________________________________________
   
CERT/CC Contact Information

   Email: cert@cert.org
          Phone: +1 412-268-7090 (24-hour hotline)
          Fax: +1 412-268-6989
          Postal address:
          CERT Coordination Center
          Software Engineering Institute
          Carnegie Mellon University
          Pittsburgh PA 15213-3890
          U.S.A.
          
   CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4)
   Monday through Friday; they are on call for emergencies during other
   hours, on U.S. holidays, and on weekends.
   
Using encryption

   We strongly urge you to encrypt sensitive information sent by email.
   Our public PGP key is available from
   
   http://www.cert.org/CERT_PGP.key
       
   If you prefer to use DES, please call the CERT hotline for more
   information.
   
Getting security information

   CERT publications and other security information are available from
   our web site
   
   http://www.cert.org/
       
   To be added to our mailing list for advisories and bulletins, send
   email to cert-advisory-request@cert.org and include SUBSCRIBE
   your-email-address in the subject of your message.
   
   * "CERT" and "CERT Coordination Center" are registered in the U.S.
   Patent and Trademark Office.
   ______________________________________________________________________
   
   NO WARRANTY
   Any material furnished by Carnegie Mellon University and the Software
   Engineering Institute is furnished on an "as is" basis. Carnegie
   Mellon University makes no warranties of any kind, either expressed or
   implied as to any matter including, but not limited to, warranty of
   fitness for a particular purpose or merchantability, exclusivity or
   results obtained from use of the material. Carnegie Mellon University
   does not make any warranty of any kind with respect to freedom from
   patent, trademark, or copyright infringement.
     _________________________________________________________________
   
   Conditions for use, disclaimers, and sponsorship information
   
   Copyright 2000 Carnegie Mellon University.

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBOaa9+1r9kb5qlZHQEQJ4sQCfbjYqxPZ4aYJqe+DN+tc1BWEY314AnRc7
9i1lvivd8i34P0W6Q/gGCiM3
=fbC6
-----END PGP SIGNATURE-----