[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CERT Summary CS-2000-01 Tuesday, February 29, 2000 Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT Summary to draw attention to the types of attacks reported to our incident response team, as well as other noteworthy incident and vulnerability information. The summary includes pointers to sources of information for dealing with the problems. Past CERT summaries are available from http://www.cert.org/summaries/ ______________________________________________________________________ Recent Activity Since the last regularly scheduled CERT summary, issued November 1999 (CS-99-04), we have published information on distributed denial-of-service tools and developments. We also continue to receive reports of intruders compromising machines by exploiting vulnerabilities in BIND, Vixie Cron, WU-FTPD, and RPC services. Additionally, we have published information on malicious HTML tags embedded in client web requests. 1. Distributed Denial-of-Service Developments We continue to receive reports of intruders compromising machines in order to install software used for launching packet flooding denial-of-service attacks. For more information, please see CERT Incident Note IN-2000-01 Windows Based DDOS Agents http://www.cert.org/incident_notes/IN-2000-01.html CERT Advisory CA-2000-01 Denial-of-Service Developments http://www.cert.org/advisories/CA-2000-01.html CERT Advisory CA-99-17 Denial-of-Service Tools http://www.cert.org/advisories/CA-99-17-denial-of-service-too ls.html CERT Incident Note IN-99-07 Distributed Denial of Service Tools http://www.cert.org/incident_notes/IN-99-07.html Results of the Distributed-Systems Intruder Tools Workshop http://www.cert.org/reports/dsit_workshop-final.html 2. BIND Vulnerabilities We continue to receive reports of intruders compromising machines by exploiting vulnerabilities in BIND. For more information, please see CERT Advisory CA-99-14 Multiple Vulnerabilities in BIND http://www.cert.org/advisories/CA-99-14-bind.html 3. Multiple Vulnerabilities in Vixie Cron Compromises involving the exploitation of several vulnerabilities in the Vixie Cron program have recently been reported to the CERT/CC. These vulnerabilities, including two that were first discussed publicly in August 1999, allow local users to gain root access. More information about these vulnerabilities, including pointers to patch information, is available in our recently published Vulnerability Note VN-2000-01: CERT Vulnerability Note VN-2000-01 Multiple Vulnerabilities in Vixie Cron http://www.cert.org/vul_notes/VN-2000-01.html 4. Root Compromises We continue to see root compromises as a result of vulnerabilities in WU-FTPD, AMD, and various RPC-related services. For more information, please see CERT Advisory CA-99-13 Multiple Vulnerabilities in WU-FTPD http://www.cert.org/advisories/CA-99-13-wuftpd.html CERT Advisory CA-99-12 Buffer Overflow in amd http://www.cert.org/advisories/CA-99-12-amd.html CERT Incident Note 99-04 Similar Attacks Using Various RPC Services http://www.cert.org/incident_notes/IN-99-04.html 5. Malicious HTML Tags Embedded in Client Web Requests The CERT/CC has published information regarding web sites that may inadvertently include malicious HTML tags or script in a dynamically generated page based on unvalidated input from untrustworthy sources. For more information, please see CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests http://www.cert.org/advisories/CA-2000-02.html ______________________________________________________________________ "CERT/CC Current Activity" Web Page The CERT/CC Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents and vulnerabilities currently being reported to the CERT/CC. It is available from http://www.cert.org/current/current_activity.html The information on the Current Activity page is reviewed and updated as reporting trends change. ______________________________________________________________________ Year 2000 (Y2K) Information We continue to regularly update reports on our web site to inform the community of activity being reported to us by other response teams and sites. We will continue to update these reports through February 29, "leap day." For more information, please see CERT/CC and FedCIRC Year 2000 (Y2K) Status Reports http://www.cert.org/y2k-info/y2k-status.html Potential Computer Behavior on February 29, 2000 http://www.cert.org/y2k-info/leapyear_est.html ______________________________________________________________________ What's New and Updated Since the last CERT summary, we have developed new and updated * Advisories * CERT statistics * Incident notes * Tech tips/FAQs * Y2K information * Announcements of Training Courses * CERT/CC annual report * Copies of Congressional testimony by our staff There are descriptions of these documents and links to them on our "What's New" web page at http://www.cert.org/nav/whatsnew.html ______________________________________________________________________ This document is available from: http://www.cert.org/summaries/CS-2000-01.html ______________________________________________________________________ CERT/CC Contact Information Email:This email address is being protected from spambots. You need JavaScript enabled to view it. Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A. CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends. Using encryption We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key If you prefer to use DES, please call the CERT hotline for more information. Getting security information CERT publications and other security information are available from our web site http://www.cert.org/ To be added to our mailing list for advisories and bulletins, send email toThis email address is being protected from spambots. You need JavaScript enabled to view it. and include SUBSCRIBE your-email-address in the subject of your message. Copyright 1999 Carnegie Mellon University. Conditions for use, disclaimers, and sponsorship information can be found in http://www.cert.org/legal_stuff.html * "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office. ______________________________________________________________________ NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQA/AwUBOLv04lr9kb5qlZHQEQIC6QCg1z6/e4atrIi82ill/wYIpv6r8eMAn1P/ yIJPWRHMwiXVJlSyvBmeWV3N =nSN5 -----END PGP SIGNATURE-----
Powered by: | MHonArc |