Archive of CERT general posting, CERT Summary CS-2002-04

27/11/02, CERT Summary CS-2002-04
From: CERT Advisory <cert-advisory@cert.org>

Generated by MHonArc

CSIM Logo WelcomeCourses
Faculty, Student, Staff
Projects and reports
Conferences, workshop and seminars
Laboratories and reasearch facilities
Information related to CSIM
Information non-related to CSIM
Address, map, phone, etc.
Search

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


To: cert-advisory@cert.org
Subject: CERT Summary CS-2002-04
From: CERT Advisory <cert-advisory@cert.org>
Date: Tue, 26 Nov 2002 14:59:19 -0500
List-archive: <http://www.cert.org/>
List-help: <http://www.cert.org/>, <mailto:Majordomo@cert.org?body=help>
List-owner: <mailto:cert-advisory-owner@cert.org>
List-post: NO (posting not allowed on this list)
List-subscribe: <mailto:Majordomo@cert.org?body=subscribe%20cert-advisory>
List-unsubscribe: <mailto:Majordomo@cert.org?body=unsubscribe%20cert-advisory>
Mail-from: From cert-advisory-owner@cert.org Wed Nov 27 04:36:03 2002
Organization: CERT(R) Coordination Center - +1 412-268-7090


-----BEGIN PGP SIGNED MESSAGE-----

CERT Summary CS-2002-04

   November 26, 2002

   Each  quarter, the CERT Coordination Center (CERT/CC) issues the CERT
   Summary  to  draw  attention  to  the types of attacks reported to our
   incident  response  team,  as  well  as  other noteworthy incident and
   vulnerability information. The summary includes pointers to sources of
   information for dealing with the problems.

   Past CERT summaries are available from:

          CERT Summaries
          http://www.cert.org/summaries/
   ______________________________________________________________________

Recent Activity

   Since the last regularly scheduled CERT summary, issued in August 2002
   (CS-2002-03),   we   have   seen   trojan  horses  for  three  popular
   distributions,  new  self-propagating malicious code (Apache/mod_ssl),
   and  multiple  vulnerabilities  in BIND. In addition, we have issued a
   new PGP Key.

   For  more  current  information  on  activity  being  reported  to the
   CERT/CC,  please  visit the CERT/CC Current Activity page. The Current
   Activity  page  is  a  regularly updated summary of the most frequent,
   high-impact  types  of  security  incidents  and vulnerabilities being
   reported  to the CERT/CC. The information on the Current Activity page
   is reviewed and updated as reporting trends change.

          CERT/CC Current Activity
          http://www.cert.org/current/current_activity.html


    1. Apache/mod_ssl Worm

       Over  the  past  several  months,  we  have  received reports of a
       self-propagating  malicious  code  that  exploits  a vulnerability
       (VU#102795)  in  OpenSSL. Reports received by the CERT/CC indicate
       that  the  Apache/mod_ssl  worm  has already infected thousands of
       systems.  Over  a  month  earlier,  the CERT/CC issued an advisory
       (CA-2002-23) describing four remotely exploitable buffer overflows
       in OpenSSL.

		CERT Advisory CA-2002-27
		Apache/mod_ssl Worm
		http://www.cert.org/advisories/CA-2002-27.html

		CERT Advisory CA-2002-23
		Multiple Vulnerabilities in OpenSSL
		http://www.cert.org/advisories/CA-2002-23.html

		Vulnerability Note #102795
		OpenSSL  servers contain a buffer overflow during the 
		SSL2 handshake process
		http://www.kb.cert.org/vuls/id/102795


    2. Trojan Horse Sendmail Distribution

       The  CERT/CC  has  received  confirmation  that some copies of the
       source  code  for  the  Sendmail  package have been modified by an
       intruder  to  contain a Trojan horse. These copies began to appear
       in  downloads  from  the  FTP server ftp.sendmail.org on or around
       September  28,  2002.  On  October  8, 2002, the CERT/CC issued an
       advisory   (CA-2002-28)   describing  various  methods  to  verify
       software authenticity.

		CERT Advisory CA-2002-28
		Trojan Horse Sendmail Distribution
		http://www.cert.org/advisories/CA-2002-28.html


    3. Trojan Horse tcpdump and libpcap Distributions

       The  CERT/CC  has  received reports that some copies of the source
       code  for  libpcap,  a  packet acquisition library, and tcpdump, a
       network  sniffer,  have been modified by an intruder and contain a
       Trojan  horse.  These  modified  distributions  began to appear in
       downloads  from  the  HTTP server www.tcpdump.org on or around Nov
       11,  2002. The CERT/CC issued an advisory (CA-2002-30) listing MD5
       checksums and official distribution sites for libpcap and tcpdump.

		CERT Advisory CA-2002-30
		Trojan Horse tcpdump and libpcap Distributions
		http://www.cert.org/advisories/CA-2002-30.html


    4. Multiple Vulnerabilities in BIND

       The  CERT/CC  has documented multiple vulnerabilities in BIND, the
       popular  domain  name  server  and client library software package
       from  the  Internet  Software  Consortium  (ISC).  Some  of  these
       vulnerabilities  may  allow a remote intruder to execute arbitrary
       code  with  privileges  of  the  the user running named (typically
       root).  Several  vulnerabilities  are  referenced in the advisory;
       they are listed here individually.

		CERT Advisory CA-2002-31
		Multiple Vulnerabilities in BIND
		http://www.cert.org/advisories/CA-2002-31.html

		Vulnerability Note #852283
		Cached malformed SIG record buffer overflow
		http://www.kb.cert.org/vuls/id/852283

		Vulnerability Note #229595
		Overly large OPT record assertion
		http://www.kb.cert.org/vuls/id/229595

		Vulnerability Note #581682
		ISC Bind 8 fails to properly dereference cache SIG RR 
		elements invalid expiry times from the internal database
		http://www.kb.cert.org/vuls/id/581682

		Vulnerability Note #844360
		Domain Name System (DNS) stub resolver libraries  
		vulnerable to buffer overflows via network name or 
		address lookups
		http://www.kb.cert.org/vuls/id/844360

    5. Heap  Overflow  Vulnerability  in Microsoft Data Access Components
       (MDAC)

       On  November  21, 2002 the CERT/CC issued an advisory (CA-2002-33)
       describing  a  vulnerability  in  MDAC,  a collection of Microsoft
       utilities and routines that process requests between databases and
       network applications.

	       CERT Advisory CA-2002-33
	       Heap Overflow Vulnerability in Microsoft Data Access 
	       Components (MDAC)
	       http://www.cert.org/advisories/CA-2002-33.html
   ______________________________________________________________________

New CERT/CC PGP Key

   On  September  19,  the  CERT/CC issued a new PGP key, which should be
   used when sending sensitive information to the CERT/CC.

          CERT/CC PGP Public Key
          https://www.cert.org/pgp/cert_pgp_key.asc
          Sending Sensitive Information To The CERT/CC

          http://www.cert.org/contact_cert/encryptmail.html
   ______________________________________________________________________

What's New and Updated

   Since the last CERT Summary, we have published new and updated
     * Advisories
       http://www.cert.org/advisories/
     * Congressional Testimony
       http://www.cert.org/congressional_testimony/
     * CERT/CC Statistics
       http://www.cert.org/stats/cert_stats.html
     * Home User Security
       http://www.cert.org/homeusers/HomeComputerSecurity
     * Tech Tips
       http://www.cert.org/tech_tips/
     * Training Schedule
       http:/www.cert.org/training/
   ______________________________________________________________________

   This document is available from:
   http://www.cert.org/summaries/CS-2002-04.html
   ______________________________________________________________________

CERT/CC Contact Information

   Email: cert@cert.org
          Phone: +1 412-268-7090 (24-hour hotline)
          Fax: +1 412-268-6989
          Postal address:
          CERT Coordination Center
          Software Engineering Institute
          Carnegie Mellon University
          Pittsburgh PA 15213-3890
          U.S.A.

   CERT/CC   personnel   answer  the  hotline  08:00-17:00  EST(GMT-5)  /
   EDT(GMT-4)  Monday  through  Friday;  they are on call for emergencies
   during other hours, on U.S. holidays, and on weekends.

    Using encryption

   We  strongly  urge you to encrypt sensitive information sent by email.
   Our public PGP key is available from
   http://www.cert.org/CERT_PGP.key

   If  you  prefer  to  use  DES,  please  call the CERT hotline for more
   information.

    Getting security information

   CERT  publications  and  other security information are available from
   our web site
   http://www.cert.org/

   To  subscribe  to  the CERT mailing list for advisories and bulletins,
   send  email  to majordomo@cert.org. Please include in the body of your
   message

   subscribe cert-advisory

   *  "CERT"  and  "CERT  Coordination Center" are registered in the U.S.
   Patent and Trademark Office.
   ______________________________________________________________________

   NO WARRANTY
   Any  material furnished by Carnegie Mellon University and the Software
   Engineering  Institute  is  furnished  on  an  "as is" basis. Carnegie
   Mellon University makes no warranties of any kind, either expressed or
   implied  as  to  any matter including, but not limited to, warranty of
   fitness  for  a  particular purpose or merchantability, exclusivity or
   results  obtained from use of the material. Carnegie Mellon University
   does  not  make  any warranty of any kind with respect to freedom from
   patent, trademark, or copyright infringement.
     _________________________________________________________________

   Conditions for use, disclaimers, and sponsorship information

   Copyright 2002 Carnegie Mellon University.

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBPePMQWjtSoHZUTs5AQGdxwP9HK4mSF15bMQ9MZ4mMFcLIhvdXykANg8A
6nEIAyB8CJpbuWdP7sPh3qAwaZ9BhRFEGeLakONOpoo7bmjkwAWrJHxF3b1CrgHS
ZuKQsgEhnm9wpPdU6w6SG1cJBkwz70b8d7YK0vcVuKhmaW0JOx9OLGKsAe3SFePD
OiZbNHX+eb8=
=Mnbn
-----END PGP SIGNATURE-----



Previous message sorted by date: CERT Advisory CA-2002-30 Trojan Horse tcpdump and libpcap Distributions
Previous message sorted by thread: CERT Advisory CA-2002-30 Trojan Horse tcpdump and libpcap Distributions
Main Index
Thread Index

CSIM home pageWMailAccount managementCSIM LibraryNetwork test toolsSearch CSIM directories
Contact us: Olivier Nicole CSIM    SET    AIT Last update: Jan 2003