Archive of CERT general posting, CERT Summary CS-2002-02

29/05/02, CERT Summary CS-2002-02
From: CERT Advisory <>

Generated by MHonArc

CSIM Logo WelcomeCourses
Faculty, Student, Staff
Projects and reports
Conferences, workshop and seminars
Laboratories and reasearch facilities
Information related to CSIM
Information non-related to CSIM
Address, map, phone, etc.

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Subject: CERT Summary CS-2002-02
From: CERT Advisory <>
Date: Tue, 28 May 2002 14:46:51 -0400 (EDT)
List-archive: <>
List-help: <>, <>
List-owner: <>
List-post: NO (posting not allowed on this list)
List-subscribe: <>
List-unsubscribe: <>
Mail-from: From Wed May 29 07:11:27 2002
Organization: CERT(R) Coordination Center - +1 412-268-7090


CERT Summary CS-2002-02

   May 28, 2002

   Each  quarter, the CERT Coordination Center (CERT/CC) issues the CERT
   summary  to  draw  attention  to  the types of attacks reported to our
   incident  response  team,  as  well  as  other noteworthy incident and
   vulnerability information. The summary includes pointers to sources of
   information for dealing with the problems.

   Past CERT summaries are available at

Recent Activity

   Since  the  last  regularly scheduled CERT summary, issued in February
   2002  (CS-2002-01),  we  have  released  several advisories addressing
   vulnerabilties   in   Microsoft's  IIS  server,  Oracle  Database  and
   Application  Servers, Sun Solaris cachefsd, and MSN Instant Messenger.
   In  addition,  we  have  published statistics for the first quarter of
   2002,  numerous  white  papers,  and  a collection of frequently asked
   questions about the OCTAVE Method.

   For  more  current  information  on  activity  being  reported  to the
   CERT/CC,  please  visit the CERT/CC Current Activity page. The Current
   Activity  page  is  a  regularly updated summary of the most frequent,
   high-impact  types  of  security  incidents  and vulnerabilities being
   reported  to the CERT/CC. The information on the Current Activity page
   is reviewed and updated as reporting trends change.

    1. Exploitation of Vulnerabilities in Microsoft SQL Server

       The  CERT/CC  has  received  reports  of systems being compromised
       through  the  automated  exploitation  of  null or weak default sa
       passwords  in Microsoft SQL Server and Microsoft Data Engine. This
       activity  is  accompanied by high volumes of scanning, and appears
       to  be  related  to recently discovered self-propagating malicious
       code,  referred  to  by  various  sources  as Spida, SQLsnake, and

       CERT Incident Note IN-2002-04:
       Exploitation of Vulnerabilities in Microsoft SQL Server

    2. Buffer Overflow in Microsoft's MSN Chat ActiveX Control

       Microsoft's   MSN   Chat  is  an  ActiveX  control  for  Microsoft
       Messenger,  an  instant messaging client. A buffer overflow exists
       in  the  ActiveX  control  that  may  permit  a remote attacker to
       execute  arbitrary  code  on the system with the privileges of the
       current user.

       CERT Advisory CA-2002-13:
       Buffer Overflow in Microsoft's MSN Chat ActiveX Control

    3. Format String Vulnerability in ISC DHCPD

       The  Internet  Software  Consortium  (ISC) provides a Dynamic Host
       Configuration  Protocol  Daemon (DHCPD), which is a server that is
       used  to  allocate  network  addresses  and  assign  configuration
       parameters  to  hosts.  A format string vulnerability may permit a
       remote  attacker  to execute code with the privileges of the DHCPD
       (typically root). We have not seen active scanning or exploitation
       of this vulnerability.

       CERT  Advisory CA-2002-12:
       Format String Vulnerability in ISC DHCPD

    4. Heap Overflow in Cachefs Daemon (cachefsd)

       Sun's NFS/RPC file system cachefs daemon (cachefsd) is shipped and
       installed  by default with Sun Solaris 2.5.1, 2.6, 7, and 8 (SPARC
       and  Intel  architectures).  A  remotely exploitable vulnerability
       exists  in cachefsd that could permit a remote attacker to execute
       arbitrary  code  with  the  privileges  of the cachefsd, typically
       root.  The  CERT/CC  has received credible reports of scanning and
       exploitation of Solaris systems running cachefsd.

       CERT Advisory CA-2002-11:
       Heap Overflow in Cachefs Daemon (cachefsd)

    5. Multiple Vulnerabilities in Microsoft IIS

       A   variety  of  vulnerabilities  exist  in  various  versions  of
       Microsoft IIS. Some of these vulnerabilities may allow an intruder
       to execute arbitrary code on vulnerable systems.

       CERT Advisory CA-2002-09:
       Multiple Vulnerabilities in Microsoft IIS

    6. Multiple Vulnerabilities in Oracle Servers

       Multiple  vulnerabilities  in Oracle Application Server and Oracle
       Database  have  recently  been  discovered.  These vulnerabilities
       include  buffer  overflows, insecure default settings, failures to
       enforce  access  controls,  and  failure  to  validate  input. The
       impacts   of   these  vulnerabilities  include  the  execution  of
       arbitrary  commands  or  code, denial of service, and unauthorized
       access to sensitive information.

       CERT Advisory CA-2002-08:
       Multiple Vulnerabilities in Oracle Servers

    7. Social Engineering Attacks via IRC and Instant Messaging

       The  CERT/CC has received reports of social engineering attacks on
       users  of  Internet  Relay  Chat  (IRC) and Instant Messaging (IM)
       services.  Intruders trick unsuspecting users into downloading and
       executing  malicious  software,  which allows the intruders to use
       the   systems   as  attack  platforms  for  launching  distributed
       denial-of-service  (DDoS)  attacks.  The  reports  to  the CERT/CC
       indicate  that  tens  of  thousands  of systems have recently been
       compromised in this manner.

       CERT Incident Note IN-2002-03:
       Social Engineering Attacks via IRC and Instant Messaging

What's New and Updated

   Since the last CERT Summary, we have published new or updated
     * Advisories
     * Incident Notes
     * CERT/CC Statistics
     * OCTAVE^SM Method Frequently Asked Questions
     * White Papers
          + Foundations for Survivable Systems Engineering
          + Organized Crime and Cyber-Crime: Implications for Business
          + Overview of Attack Trends
          + Using PGP to Verify Digital Signatures
          + Downstream Liability for Attack Relay Amplification
          + Cross-Site Scripting Vulnerabilities
          + Countering Cyber War

   This document is available from:

CERT/CC Contact Information

          Phone: +1 412-268-7090 (24-hour hotline)
          Fax: +1 412-268-6989
          Postal address:
          CERT Coordination Center
          Software Engineering Institute
          Carnegie Mellon University
          Pittsburgh PA 15213-3890

   CERT/CC   personnel   answer  the  hotline  08:00-17:00  EST(GMT-5)  /
   EDT(GMT-4)  Monday  through  Friday;  they are on call for emergencies
   during other hours, on U.S. holidays, and on weekends.

Using encryption

   We  strongly  urge you to encrypt sensitive information sent by email.
   Our public PGP key is available from

   If  you  prefer  to  use  DES,  please  call the CERT hotline for more

Getting security information

   CERT  publications  and  other security information are available from
   our web site

   To  subscribe  to  the CERT mailing list for advisories and bulletins,
   send  email  to Please include in the body of your

   subscribe cert-advisory

   *  "CERT"  and  "CERT  Coordination Center" are registered in the U.S.
   Patent and Trademark Office.

   Any  material furnished by Carnegie Mellon University and the Software
   Engineering  Institute  is  furnished  on  an  "as is" basis. Carnegie
   Mellon University makes no warranties of any kind, either expressed or
   implied  as  to  any matter including, but not limited to, warranty of
   fitness  for  a  particular purpose or merchantability, exclusivity or
   results  obtained from use of the material. Carnegie Mellon University
   does  not  make  any warranty of any kind with respect to freedom from
   patent, trademark, or copyright infringement.

   Conditions for use, disclaimers, and sponsorship information

   Copyright 2002 Carnegie Mellon University.

Version: PGP 6.5.8


Previous message sorted by date: CERT Summary CS-2002-01
Next message sorted by date: CERT Summary CS-2002-03
Previous message sorted by thread: CERT Summary CS-2002-01
Next message by thread: CERT Summary CS-2002-03
Main Index
Thread Index

CSIM home pageWMailAccount managementCSIM LibraryNetwork test toolsSearch CSIM directories
Contact us: Olivier Nicole CSIM    SET    AIT Last update: Jan 2003