-----BEGIN PGP SIGNED MESSAGE-----

CERT Summary CS-2002-02

   May 28, 2002

   Each  quarter, the CERT Coordination Center (CERT/CC) issues the CERT
   summary  to  draw  attention  to  the types of attacks reported to our
   incident  response  team,  as  well  as  other noteworthy incident and
   vulnerability information. The summary includes pointers to sources of
   information for dealing with the problems.

   Past CERT summaries are available at http://www.cert.org/summaries/.
   ______________________________________________________________________

Recent Activity

   Since  the  last  regularly scheduled CERT summary, issued in February
   2002  (CS-2002-01),  we  have  released  several advisories addressing
   vulnerabilties   in   Microsoft's  IIS  server,  Oracle  Database  and
   Application  Servers, Sun Solaris cachefsd, and MSN Instant Messenger.
   In  addition,  we  have  published statistics for the first quarter of
   2002,  numerous  white  papers,  and  a collection of frequently asked
   questions about the OCTAVE Method.

   For  more  current  information  on  activity  being  reported  to the
   CERT/CC,  please  visit the CERT/CC Current Activity page. The Current
   Activity  page  is  a  regularly updated summary of the most frequent,
   high-impact  types  of  security  incidents  and vulnerabilities being
   reported  to the CERT/CC. The information on the Current Activity page
   is reviewed and updated as reporting trends change.

    1. Exploitation of Vulnerabilities in Microsoft SQL Server

       The  CERT/CC  has  received  reports  of systems being compromised
       through  the  automated  exploitation  of  null or weak default sa
       passwords  in Microsoft SQL Server and Microsoft Data Engine. This
       activity  is  accompanied by high volumes of scanning, and appears
       to  be  related  to recently discovered self-propagating malicious
       code,  referred  to  by  various  sources  as Spida, SQLsnake, and
       Digispid.

       CERT Incident Note IN-2002-04:
       Exploitation of Vulnerabilities in Microsoft SQL Server
       http://www.cert.org/incident_notes/IN-2002-04.html


    2. Buffer Overflow in Microsoft's MSN Chat ActiveX Control

       Microsoft's   MSN   Chat  is  an  ActiveX  control  for  Microsoft
       Messenger,  an  instant messaging client. A buffer overflow exists
       in  the  ActiveX  control  that  may  permit  a remote attacker to
       execute  arbitrary  code  on the system with the privileges of the
       current user.

       CERT Advisory CA-2002-13:
       Buffer Overflow in Microsoft's MSN Chat ActiveX Control
       http://www.cert.org/advisories/CA-2002-13.html


    3. Format String Vulnerability in ISC DHCPD

       The  Internet  Software  Consortium  (ISC) provides a Dynamic Host
       Configuration  Protocol  Daemon (DHCPD), which is a server that is
       used  to  allocate  network  addresses  and  assign  configuration
       parameters  to  hosts.  A format string vulnerability may permit a
       remote  attacker  to execute code with the privileges of the DHCPD
       (typically root). We have not seen active scanning or exploitation
       of this vulnerability.

       CERT  Advisory CA-2002-12:
       Format String Vulnerability in ISC DHCPD
       http://www.cert.org/advisories/CA-2002-12.html


    4. Heap Overflow in Cachefs Daemon (cachefsd)

       Sun's NFS/RPC file system cachefs daemon (cachefsd) is shipped and
       installed  by default with Sun Solaris 2.5.1, 2.6, 7, and 8 (SPARC
       and  Intel  architectures).  A  remotely exploitable vulnerability
       exists  in cachefsd that could permit a remote attacker to execute
       arbitrary  code  with  the  privileges  of the cachefsd, typically
       root.  The  CERT/CC  has received credible reports of scanning and
       exploitation of Solaris systems running cachefsd.

       CERT Advisory CA-2002-11:
       Heap Overflow in Cachefs Daemon (cachefsd)
       http://www.cert.org/advisories/CA-2002-11.html


    5. Multiple Vulnerabilities in Microsoft IIS

       A   variety  of  vulnerabilities  exist  in  various  versions  of
       Microsoft IIS. Some of these vulnerabilities may allow an intruder
       to execute arbitrary code on vulnerable systems.

       CERT Advisory CA-2002-09:
       Multiple Vulnerabilities in Microsoft IIS
       http://www.cert.org/advisories/CA-2002-09.html


    6. Multiple Vulnerabilities in Oracle Servers

       Multiple  vulnerabilities  in Oracle Application Server and Oracle
       Database  have  recently  been  discovered.  These vulnerabilities
       include  buffer  overflows, insecure default settings, failures to
       enforce  access  controls,  and  failure  to  validate  input. The
       impacts   of   these  vulnerabilities  include  the  execution  of
       arbitrary  commands  or  code, denial of service, and unauthorized
       access to sensitive information.

       CERT Advisory CA-2002-08:
       Multiple Vulnerabilities in Oracle Servers
       http://www.cert.org/advisories/CA-2002-08.html


    7. Social Engineering Attacks via IRC and Instant Messaging

       The  CERT/CC has received reports of social engineering attacks on
       users  of  Internet  Relay  Chat  (IRC) and Instant Messaging (IM)
       services.  Intruders trick unsuspecting users into downloading and
       executing  malicious  software,  which allows the intruders to use
       the   systems   as  attack  platforms  for  launching  distributed
       denial-of-service  (DDoS)  attacks.  The  reports  to  the CERT/CC
       indicate  that  tens  of  thousands  of systems have recently been
       compromised in this manner.

       CERT Incident Note IN-2002-03:
       Social Engineering Attacks via IRC and Instant Messaging
       http://www.cert.org/incident_notes/IN-2002-03.html
   ______________________________________________________________________

What's New and Updated

   Since the last CERT Summary, we have published new or updated
     * Advisories
     * Incident Notes
     * CERT/CC Statistics
     * OCTAVE^SM Method Frequently Asked Questions
     * White Papers
          + Foundations for Survivable Systems Engineering
          + Organized Crime and Cyber-Crime: Implications for Business
          + Overview of Attack Trends
          + Using PGP to Verify Digital Signatures
          + Downstream Liability for Attack Relay Amplification
          + Cross-Site Scripting Vulnerabilities
          + Countering Cyber War
   ______________________________________________________________________

   This document is available from:
   http://www.cert.org/summaries/CS-2002-02.html
   ______________________________________________________________________

CERT/CC Contact Information

   Email: cert@cert.org
          Phone: +1 412-268-7090 (24-hour hotline)
          Fax: +1 412-268-6989
          Postal address:
          CERT Coordination Center
          Software Engineering Institute
          Carnegie Mellon University
          Pittsburgh PA 15213-3890
          U.S.A.

   CERT/CC   personnel   answer  the  hotline  08:00-17:00  EST(GMT-5)  /
   EDT(GMT-4)  Monday  through  Friday;  they are on call for emergencies
   during other hours, on U.S. holidays, and on weekends.

Using encryption

   We  strongly  urge you to encrypt sensitive information sent by email.
   Our public PGP key is available from
   http://www.cert.org/CERT_PGP.key

   If  you  prefer  to  use  DES,  please  call the CERT hotline for more
   information.

Getting security information

   CERT  publications  and  other security information are available from
   our web site
   http://www.cert.org/

   To  subscribe  to  the CERT mailing list for advisories and bulletins,
   send  email  to majordomo@cert.org. Please include in the body of your
   message

   subscribe cert-advisory

   *  "CERT"  and  "CERT  Coordination Center" are registered in the U.S.
   Patent and Trademark Office.
   ______________________________________________________________________

   NO WARRANTY
   Any  material furnished by Carnegie Mellon University and the Software
   Engineering  Institute  is  furnished  on  an  "as is" basis. Carnegie
   Mellon University makes no warranties of any kind, either expressed or
   implied  as  to  any matter including, but not limited to, warranty of
   fitness  for  a  particular purpose or merchantability, exclusivity or
   results  obtained from use of the material. Carnegie Mellon University
   does  not  make  any warranty of any kind with respect to freedom from
   patent, trademark, or copyright infringement.
     _________________________________________________________________

   Conditions for use, disclaimers, and sponsorship information

   Copyright ©2002 Carnegie Mellon University.



-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBPPPOk6CVPMXQI2HJAQHHeAQAxlNggZhs00dAQBX4Wvm1xIeBMyK6NYLn
HQyiHIhHFoeshf+FsF1aBbwV1m07nkv9OnEWm4I2fqOPtPRNQJAAhud7XrfEpeOm
EqEkHQD9LaoQux/HVe23Gmp/Lv5RkLbUu72tL18KdI7YVnteRKvtxIWvCgFfvjRM
2YTPonaOjlQ=
=XKwE
-----END PGP SIGNATURE-----