what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

CS-2002-02

CS-2002-02
Posted May 29, 2002
Site cert.org

CERT Quarterly Summary CS-2002-02 - Recent attack trends include exploitation of vulnerabilities in Microsoft SQL Server, Buffer Overflow in Microsoft's MSN Chat ActiveX Control, Heap Overflow in Cachefs Daemon (cachefsd), IIS, Oracle, and more.

tags | overflow, vulnerability, activex
SHA-256 | efde773bb7f56efc13cc4392691a982f51eb2484cc804e6e711e96318a3be282

CS-2002-02

Change Mirror Download


-----BEGIN PGP SIGNED MESSAGE-----

CERT Summary CS-2002-02

May 28, 2002

Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT
summary to draw attention to the types of attacks reported to our
incident response team, as well as other noteworthy incident and
vulnerability information. The summary includes pointers to sources of
information for dealing with the problems.

Past CERT summaries are available at http://www.cert.org/summaries/.
______________________________________________________________________

Recent Activity

Since the last regularly scheduled CERT summary, issued in February
2002 (CS-2002-01), we have released several advisories addressing
vulnerabilties in Microsoft's IIS server, Oracle Database and
Application Servers, Sun Solaris cachefsd, and MSN Instant Messenger.
In addition, we have published statistics for the first quarter of
2002, numerous white papers, and a collection of frequently asked
questions about the OCTAVE Method.

For more current information on activity being reported to the
CERT/CC, please visit the CERT/CC Current Activity page. The Current
Activity page is a regularly updated summary of the most frequent,
high-impact types of security incidents and vulnerabilities being
reported to the CERT/CC. The information on the Current Activity page
is reviewed and updated as reporting trends change.

1. Exploitation of Vulnerabilities in Microsoft SQL Server

The CERT/CC has received reports of systems being compromised
through the automated exploitation of null or weak default sa
passwords in Microsoft SQL Server and Microsoft Data Engine. This
activity is accompanied by high volumes of scanning, and appears
to be related to recently discovered self-propagating malicious
code, referred to by various sources as Spida, SQLsnake, and
Digispid.

CERT Incident Note IN-2002-04:
Exploitation of Vulnerabilities in Microsoft SQL Server
http://www.cert.org/incident_notes/IN-2002-04.html


2. Buffer Overflow in Microsoft's MSN Chat ActiveX Control

Microsoft's MSN Chat is an ActiveX control for Microsoft
Messenger, an instant messaging client. A buffer overflow exists
in the ActiveX control that may permit a remote attacker to
execute arbitrary code on the system with the privileges of the
current user.

CERT Advisory CA-2002-13:
Buffer Overflow in Microsoft's MSN Chat ActiveX Control
http://www.cert.org/advisories/CA-2002-13.html


3. Format String Vulnerability in ISC DHCPD

The Internet Software Consortium (ISC) provides a Dynamic Host
Configuration Protocol Daemon (DHCPD), which is a server that is
used to allocate network addresses and assign configuration
parameters to hosts. A format string vulnerability may permit a
remote attacker to execute code with the privileges of the DHCPD
(typically root). We have not seen active scanning or exploitation
of this vulnerability.

CERT Advisory CA-2002-12:
Format String Vulnerability in ISC DHCPD
http://www.cert.org/advisories/CA-2002-12.html


4. Heap Overflow in Cachefs Daemon (cachefsd)

Sun's NFS/RPC file system cachefs daemon (cachefsd) is shipped and
installed by default with Sun Solaris 2.5.1, 2.6, 7, and 8 (SPARC
and Intel architectures). A remotely exploitable vulnerability
exists in cachefsd that could permit a remote attacker to execute
arbitrary code with the privileges of the cachefsd, typically
root. The CERT/CC has received credible reports of scanning and
exploitation of Solaris systems running cachefsd.

CERT Advisory CA-2002-11:
Heap Overflow in Cachefs Daemon (cachefsd)
http://www.cert.org/advisories/CA-2002-11.html


5. Multiple Vulnerabilities in Microsoft IIS

A variety of vulnerabilities exist in various versions of
Microsoft IIS. Some of these vulnerabilities may allow an intruder
to execute arbitrary code on vulnerable systems.

CERT Advisory CA-2002-09:
Multiple Vulnerabilities in Microsoft IIS
http://www.cert.org/advisories/CA-2002-09.html


6. Multiple Vulnerabilities in Oracle Servers

Multiple vulnerabilities in Oracle Application Server and Oracle
Database have recently been discovered. These vulnerabilities
include buffer overflows, insecure default settings, failures to
enforce access controls, and failure to validate input. The
impacts of these vulnerabilities include the execution of
arbitrary commands or code, denial of service, and unauthorized
access to sensitive information.

CERT Advisory CA-2002-08:
Multiple Vulnerabilities in Oracle Servers
http://www.cert.org/advisories/CA-2002-08.html


7. Social Engineering Attacks via IRC and Instant Messaging

The CERT/CC has received reports of social engineering attacks on
users of Internet Relay Chat (IRC) and Instant Messaging (IM)
services. Intruders trick unsuspecting users into downloading and
executing malicious software, which allows the intruders to use
the systems as attack platforms for launching distributed
denial-of-service (DDoS) attacks. The reports to the CERT/CC
indicate that tens of thousands of systems have recently been
compromised in this manner.

CERT Incident Note IN-2002-03:
Social Engineering Attacks via IRC and Instant Messaging
http://www.cert.org/incident_notes/IN-2002-03.html
______________________________________________________________________

What's New and Updated

Since the last CERT Summary, we have published new or updated
* Advisories
* Incident Notes
* CERT/CC Statistics
* OCTAVE^SM Method Frequently Asked Questions
* White Papers
+ Foundations for Survivable Systems Engineering
+ Organized Crime and Cyber-Crime: Implications for Business
+ Overview of Attack Trends
+ Using PGP to Verify Digital Signatures
+ Downstream Liability for Attack Relay Amplification
+ Cross-Site Scripting Vulnerabilities
+ Countering Cyber War
______________________________________________________________________

This document is available from:
http://www.cert.org/summaries/CS-2002-02.html
______________________________________________________________________

CERT/CC Contact Information

Email: cert@cert.org
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
Postal address:
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
U.S.A.

CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /
EDT(GMT-4) Monday through Friday; they are on call for emergencies
during other hours, on U.S. holidays, and on weekends.

Using encryption

We strongly urge you to encrypt sensitive information sent by email.
Our public PGP key is available from
http://www.cert.org/CERT_PGP.key

If you prefer to use DES, please call the CERT hotline for more
information.

Getting security information

CERT publications and other security information are available from
our web site
http://www.cert.org/

To subscribe to the CERT mailing list for advisories and bulletins,
send email to majordomo@cert.org. Please include in the body of your
message

subscribe cert-advisory

* "CERT" and "CERT Coordination Center" are registered in the U.S.
Patent and Trademark Office.
______________________________________________________________________

NO WARRANTY
Any material furnished by Carnegie Mellon University and the Software
Engineering Institute is furnished on an "as is" basis. Carnegie
Mellon University makes no warranties of any kind, either expressed or
implied as to any matter including, but not limited to, warranty of
fitness for a particular purpose or merchantability, exclusivity or
results obtained from use of the material. Carnegie Mellon University
does not make any warranty of any kind with respect to freedom from
patent, trademark, or copyright infringement.
_________________________________________________________________

Conditions for use, disclaimers, and sponsorship information

Copyright ©2002 Carnegie Mellon University.



-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBPPPOk6CVPMXQI2HJAQHHeAQAxlNggZhs00dAQBX4Wvm1xIeBMyK6NYLn
HQyiHIhHFoeshf+FsF1aBbwV1m07nkv9OnEWm4I2fqOPtPRNQJAAhud7XrfEpeOm
EqEkHQD9LaoQux/HVe23Gmp/Lv5RkLbUu72tL18KdI7YVnteRKvtxIWvCgFfvjRM
2YTPonaOjlQ=
=XKwE
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close