[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CERT Summary CS-2000-02

   May 31, 2000
   
   Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT
   Summary to draw attention to the types of attacks reported to our
   incident response team, as well as other noteworthy incident and
   vulnerability information. The summary includes pointers to sources of
   information for dealing with the problems.
   
   Past CERT summaries are available from
   http://www.cert.org/summaries/
   ______________________________________________________________________
   
Recent Activity

   Since the last regularly scheduled CERT summary, issued in February
   (CS-2000-01), we have published information on buffer overflows in
   Kerberos authenticated services, improper validation of SSL sessions
   in Netscape Navigator, the Love Letter Worm, denial-of-service attacks
   using nameservers, and the exploitation of unprotected Windows shares.
   We also continue to receive a large number of reports of machines
   compromised by exploiting vulnerabilities in BIND.
   
    1. Multiple Vulnerabilities in BIND

       We continue to receive daily reports of systems being root
       compromised via one of the vulnerabilities in BIND. The "NXT bug"
       described in advisory CA-99-14 is being exploited to gain root
       access to systems running vulnerable versions of BIND. This
       activity has been ongoing and constant since late last year. Sites
       are strongly encouraged to follow the advice contained in CA-99-14
       and CA-2000-03 to protect systems running BIND nameservers.

        CERT Advisory CA-2000-03
	Continuing Compromises of DNS servers
	http://www.cert.org/advisories/CA-2000-03.html
        
	CERT Advisory CA-99-14
	Multiple Vulnerabilities in BIND
	http://www.cert.org/advisories/CA-99-14-bind.html

    2. Multiple Buffer Overflows in Kerberos Authenticated Services

       There are several buffer overflow vulnerabilities in the Kerberos
       authentication software. The most severe vulnerability allows
       remote intruders to gain root privileges on systems running
       services using Kerberos authentication. If vulnerable services are
       enabled on the Key Distribution Center (KDC) system, the entire
       Kerberos domain may be compromised. For more details and vendor
       information, see

        CERT Advisory CA-2000-06 
	Multiple Buffer Overflows in Kerberos Authenticated Services
	http://www.cert.org/advisories/CA-2000-06.html
   
    3. Netscape Navigator Improperly Validates SSL Sessions

       The ACROS Security Team of Slovenia recently discovered a flaw in
       the way Netscape Navigator validates SSL sessions. Attackers can
       trick users into disclosing information intended for a legitimate
       web site, even if that web site uses SSL to authenticate and
       secure transactions.

	CERT Advisory CA-2000-05 
	Netscape Navigator Improperly Validates SSL Sessions
	http://www.cert.org/advisories/CA-2000-05.html
   
    4. Love Letter Worm

       The "Love Letter" worm is a malicious VBScript program which
       spreads in a variety of ways. As of 5:00 pm EDT(GMT-4) on May 8,
       2000, the CERT/CC Coordination Center had received reports from
       more than 650 individual sites indicating more than 500,000
       individual systems were affected. In addition, we had several
       reports of sites suffering considerable network degradation as a
       result of mail, file, and web traffic generated by the "Love
       Letter" worm. Despite several variations being found in the wild,
       reports indicate that activity related to the Love Letter worm has
       subsided. Information about the worm can be found in

	CERT Advisory CA-2000-04 
	Love Letter Worm
	http://www.cert.org/advisories/CA-2000-04.html
   
    5. Denial-of-Service Attacks Using Nameservers

       We have received a number of reports of intruders using
       nameservers to execute packet flooding denial-of-service attacks,
       which are described in a CERT incident note:
        
	CERT Incident Note IN-2000-04 
	Denial of Service Attacks Using Nameservers
	http://www.cert.org/incident_notes/IN-2000-04.html
   
    6. Exploitation of Unprotected Windows Shares

       Intruders are actively exploiting Windows networking shares that
       are made available for remote connections across the Internet.
       This is not a new problem, but the potential impact on the overall
       security of the Internet is increasing. Unprotected Windows shares
       allow worms like network.vbs (IN-2000-02) or the 911 Worm
       (IN-2000-03) to spread. Exploitation may also lead to the
       installation of Windows based DDoS agents (IN-2000-01). Here are
       the URLs for information on these problems.

	CERT Incident Note IN-2000-03 
	911 Worm
	http://www.cert.org/incident_notes/IN-2000-03.html
            
	CERT Incident Note IN-2000-02
	Exploitation of Unprotected Windows Shares
	http://www.cert.org/incident_notes/IN-2000-02.html
          
	CERT Incident Note IN-2000-01 
	Windows Based DDoS Agents
	http://www.cert.org/incident_notes/IN-2000-01.html
   ______________________________________________________________________
   
New Windows Security Tech Tips

   The CERT/CC and AusCERT (Australian Computer Emergency Response Team)
   jointly published the following tech tips addressing security issues
   related to Microsoft Windows-based systems. These documents provide a
   broad range of information about Windows 95, Windows 98, and Windows
   NT security. Some of this information applies to UNIX systems as well.
   
	Windows 95/98 Computer Security Information
	http://www.cert.org/tech_tips/win-95-info.html
       
	Windows NT Configuration Guidelines
	http://www.cert.org/tech_tips/win_configuration_guidelines.html
	
	Windows NT Security and Configuration Resources
	http://www.cert.org/tech_tips/win-resources.html

	Windows NT Intruder Detection Checklist
	http://www.cert.org/tech_tips/win_intruder_detection_checklist.html

	Steps for Recovering from a UNIX or NT System Compromise
	http://www.cert.org/tech_tips/win-UNIX-system_compromise.html
   ______________________________________________________________________
   
"CERT/CC Channel"

   The CERT/CC Current Activity web page is a regularly updated summary
   of the most frequent, high-impact types of security incidents and
   vulnerabilities currently being reported to the CERT/CC. It is
   available from
   
   http://www.cert.org/channels/
   ______________________________________________________________________
   
"CERT/CC Current Activity" Web Page

   The CERT/CC Current Activity web page is a regularly updated summary
   of the most frequent, high-impact types of security incidents and
   vulnerabilities currently being reported to the CERT/CC. It is
   available from
   
   http://www.cert.org/current/current_activity.html
       
   The information on the Current Activity page is reviewed and updated
   as reporting trends change.
   ______________________________________________________________________
   
What's New and Updated

   Since the last CERT summary, we have published new and updated
     * Advisories
     * Incident notes
     * Tech tips/FAQs
     * CERT/CC statistics
     * Infosec Outlook newsletter
     * Announcement of CERT Conference 2000
     * Copies of Congressional testimony by our staff
     * Security improvement implementations
       
   There are descriptions of these documents and links to them on our
   "What's New" web page at http://www.cert.org/nav/whatsnew.html
   ______________________________________________________________________
   
   This document is available from:
   http://www.cert.org/summaries/CS-2000-02.html
   ______________________________________________________________________
   
CERT/CC Contact Information

   Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
          Phone: +1 412-268-7090 (24-hour hotline)
          Fax: +1 412-268-6989
          Postal address:
          CERT Coordination Center
          Software Engineering Institute
          Carnegie Mellon University
          Pittsburgh PA 15213-3890
          U.S.A.
          
   CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4)
   Monday through Friday; they are on call for emergencies during other
   hours, on U.S. holidays, and on weekends.
   
Using encryption

   We strongly urge you to encrypt sensitive information sent by email.
   Our public PGP key is available from
   
   http://www.cert.org/CERT_PGP.key
       
   If you prefer to use DES, please call the CERT hotline for more
   information.
   
Getting security information

   CERT publications and other security information are available from
   our web site
   
   http://www.cert.org/
       
   To be added to our mailing list for advisories and bulletins, send
   email to This email address is being protected from spambots. You need JavaScript enabled to view it. and include SUBSCRIBE
   your-email-address in the subject of your message.
   
   * "CERT" and "CERT Coordination Center" are registered in the U.S.
   Patent and Trademark Office.
   ______________________________________________________________________
   
   NO WARRANTY
   Any material furnished by Carnegie Mellon University and the Software
   Engineering Institute is furnished on an "as is" basis. Carnegie
   Mellon University makes no warranties of any kind, either expressed or
   implied as to any matter including, but not limited to, warranty of
   fitness for a particular purpose or merchantability, exclusivity or
   results obtained from use of the material. Carnegie Mellon University
   does not make any warranty of any kind with respect to freedom from
   patent, trademark, or copyright infringement.
     _________________________________________________________________
   
   Conditions for use, disclaimers, and sponsorship information
   
   Copyright 2000 Carnegie Mellon University.

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBOTV9Wlr9kb5qlZHQEQJqGQCfW/VC8YEk+mjYEJRUmiSrQtWj2uEAoLeF
Wpq42LPCZB05y8ZJNeLDhNrO
=D4z/
-----END PGP SIGNATURE-----


Powered by: MHonArc