Archive of CERT general posting, CERT Summary CS-2001-01

01/03/01, CERT Summary CS-2001-01
From: CERT Advisory <cert-advisory@cert.org>

Generated by MHonArc

CSIM Logo WelcomeCourses
Faculty, Student, Staff
Projects and reports
Conferences, workshop and seminars
Laboratories and reasearch facilities
Information related to CSIM
Information non-related to CSIM
Address, map, phone, etc.
Search

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


To: cert-advisory@cert.org
Subject: CERT Summary CS-2001-01
From: CERT Advisory <cert-advisory@cert.org>
Date: Wed, 28 Feb 2001 15:17:02 -0500 (EST)
Organization: CERT(R) Coordination Center - +1 412-268-7090


-----BEGIN PGP SIGNED MESSAGE-----

CERT Summary CS-2001-01

   February 28, 2001

   Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT
   Summary to draw attention to the types of attacks reported to our
   incident response team, as well as other noteworthy incident and
   vulnerability information. The summary includes pointers to sources of
   information for dealing with the problems.

   Past CERT summaries are available from:

          CERT Summaries
          http://www.cert.org/summaries/
   ______________________________________________________________________

Recent Activity

   Since the last regularly scheduled CERT summary, issued in November
   2000 (CS-2000-04), we have seen continued compromises via well-known
   vulnerabilities in rpc.statd and FTPD, as well as exploitations of
   recently discovered vulnerabilities in BIND and LPRng. Notable virus
   activity includes W32/Hybris and VBS/OnTheFly (Anna Kournakova).

   For more current information on activity being reported to the
   CERT/CC, please visit the CERT/CC Current Activity page. The Current
   Activity page is a regularly updated summary of the most frequent,
   high-impact types of security incidents and vulnerabilities being
   reported to the CERT/CC. The information on the Current Activity page
   is reviewed and updated as reporting trends change.

          CERT/CC Current Activity
          http://www.cert.org/current/current_activity.html


    1. Multiple Vulnerabilities in BIND
       The CERT/CC has learned of four vulnerabilities spanning multiple
       versions of the Internet Software Consortium's (ISC) Berkeley
       Internet Name Domain (BIND) server. BIND is an implementation of
       the Domain Name System (DNS) that is maintained by the ISC.
       Because the majority of name servers in operation today run BIND,
       these vulnerabilities present a serious threat to the Internet
       infrastructure. The CERT/CC has begun receiving reports of these
       vulnerabilities being successfully exploited. Sites are encouraged
       to follow the advice in CA-2001-02 to protect systems.

                CERT Advisory CA-2001-01 Multiple Vulnerabilities in BIND
                http://www.cert.org/advisories/CA-2001-02.html


    2. Compromises Via Ramen Toolkit
       The CERT/CC has received reports from sites that have recovered an
       intruder toolkit called 'ramen' from compromised hosts. Ramen has
       been discussed in several public forums and the toolkit is
       publicly available. Ramen exploits known vulnerabilities in FTPD,
       rpc.statd, and LPRng; and it contains a mechanism to
       self-propagate. Over the past several months we have received
       multiple daily reports of sites being root compromised by the
       Ramen toolkit. Sites, especially those running Linux, are
       encouraged to review the following document:

                CERT Incident Note IN-2001-01, Widespread Compromises via
                "ramen" Toolkit
                http://www.cert.org/incident_notes/IN-2001-01.html


    3. Input Validation Problems in LPRng
       A popular replacement software package to the BSD lpd printing
       service called LPRng contains at least one software defect, known
       as a "format string vulnerability," which may allow remote users
       to execute arbitrary code on vulnerable systems. Sites are
       encouraged to follow the advice in CA-2000-22 to protect systems.

                CERT Advisory CA-2000-22 Input Validation Problems in
                LPRng
                http://www.cert.org/advisories/CA-2000-22.html


    4. VBS/OnTheFly (Anna Kournikova) Malicious Code
       The "VBS/OnTheFly" malicious code is a VBScript program that, when
       executed, sends a copy of itself as an email file attachment.
       On February 12, the CERT Coordination Center received a large
       number of reports from sites infected with VBS/OnTheFly. Several
       of the sites reported suffering network degradation as a result of
       mail traffic generated by VBS/OnTheFly. The CERT/CC has received
       few reports since the initial outbreak.
       For information on how to prevent or recover from a VBS/OnTheFly
       infection, please see:

                CERT Advisory CA-2001-03 VBS/OnTheFly (Anna Kournikova)
                Malicious Code
                http://www.cert.org/advisories/CA-2001-03.html
   ______________________________________________________________________

New Vulnerability Notes Database

   On December 15, 2000, the CERT/CC began publishing vulnerability notes
   in a new format, and at a new location. Vulnerability notes are very
   similar to advisories, but they may have less complete information and
   solutions may not be available for all the vulnerabilities described
   in vulnerability notes. There are currently more than 70 vulnerability
   notes available in the database. We will continue publishing
   vulnerability notes in accordance with our vulnerability disclosure
   policy. Vulnerability notes can be found at:

          The CERT Coordination Center Vulnerability Notes Database
          http://www.kb.cert.org/vuls/
   ______________________________________________________________________

What's New and Updated

   Since the last CERT summary, we have published new and updated
     * Advisories
       http://www.cert.org/advisories/
     * Incident notes
       http://www.cert.org/incident_notes/
     * CERT/CC statistics
       http://www.cert.org/stats/cert_stats.html
     * Security improvement modules
       http://www.cert.org/security-improvement/

   Descriptions of these documents and links to them can be found on our
   "What's New" page:

          What's New
          http://www.cert.org/nav/whatsnew.html
   ______________________________________________________________________

   This document is available from:
   http://www.cert.org/summaries/CS-2001-01.html
   ______________________________________________________________________

CERT/CC Contact Information

   Email: cert@cert.org
          Phone: +1 412-268-7090 (24-hour hotline)
          Fax: +1 412-268-6989
          Postal address:
          CERT Coordination Center
          Software Engineering Institute
          Carnegie Mellon University
          Pittsburgh PA 15213-3890
          U.S.A.

   CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4)
   Monday through Friday; they are on call for emergencies during other
   hours, on U.S. holidays, and on weekends.

Using encryption

   We strongly urge you to encrypt sensitive information sent by email.
   Our public PGP key is available from

   http://www.cert.org/CERT_PGP.key

   If you prefer to use DES, please call the CERT hotline for more
   information.

Getting security information

   CERT publications and other security information are available from
   our web site

   http://www.cert.org/

   To subscribe to the CERT mailing list for advisories and bulletins,
   send email to majordomo@cert.org. Please include in the body of your
   message

   subscribe cert-advisory

   * "CERT" and "CERT Coordination Center" are registered in the U.S.
   Patent and Trademark Office.
   ______________________________________________________________________

   NO WARRANTY
   Any material furnished by Carnegie Mellon University and the Software
   Engineering Institute is furnished on an "as is" basis. Carnegie
   Mellon University makes no warranties of any kind, either expressed or
   implied as to any matter including, but not limited to, warranty of
   fitness for a particular purpose or merchantability, exclusivity or
   results obtained from use of the material. Carnegie Mellon University
   does not make any warranty of any kind with respect to freedom from
   patent, trademark, or copyright infringement.
     _________________________________________________________________

   Conditions for use, disclaimers, and sponsorship information

   Copyright (C) 2001 Carnegie Mellon University.


-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBOp1bcQYcfu8gsZJZAQFIMQP9G2X9YFe3JOfExLMiu4sRGjCIlLwqhlnq
DdIXAAkAoaEZ9aVn6xKlSWLezmxlf8vftx+m+6kNRmHUf26VIKfARBUYXIG2bIjP
EkydQwuteDHX4ZmDLZZbm8Yg1beCSBkFrVcrn9PAOMSFn1Qs5YqESDYaBDxEGQo6
5EJRBR1nEIw=
=r/mx
-----END PGP SIGNATURE-----


Next message sorted by date: CERT Advisory CA-2001-10
Next message by thread: CERT Advisory CA-2001-10
Main Index
Thread Index

CSIM home pageWMailAccount managementCSIM LibraryNetwork test toolsSearch CSIM directories
Contact us: Olivier Nicole CSIM    SET    AIT Last update: May 2001