Copyright 2022 - CSIM - Asian Institute of Technology

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Hash: SHA1

CERT Summary CS-2000-03

   Aug 25, 2000
   Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT
   Summary to draw attention to the types of attacks reported to our
   incident response team, as well as other noteworthy incident and
   vulnerability information. The summary includes pointers to sources of
   information for dealing with the problems.
   Past CERT summaries are available from
Recent Activity

   Since the last regularly scheduled CERT summary, issued in May
   (CS-2000-02), we have published information on a vulnerability in
   rpc.statd on Linux systems, several ActiveX controls, vulnerabilities
   in Outlook and Outlook Express, security considerations for using chat
   software, hidden file extensions, and vulnerabilities in many FTP
    1. Input Validation Vulnerability in rpc.statd

       We have begun receiving multiple daily reports of sites being
       root compromised via a recently discovered vulnerability in
       rpc.statd. These issues are described in CERT Advisory
        CERT Advisory CA-2000-17, Input Validation Problem in rpc.statd
       We have received a number of reports that indicate that intruders
       are performing widespread scanning for this vulnerability and
       using toolkits to automate the compromise of vulnerable machines.

    2. Multiple Vulnerabilities in FTP daemons

       The CERT/CC continues to receive regular reports of intruders
       probing for and exploiting vulnerabilities in many FTP server
       implementations. Sites are strongly encouraged to follow the
       advice contained in CA-2000-13 to protect systems running FTP
        CERT Advisory CA-2000-13, Two Input Validation Problems In FTPD
       Additionally, we receive daily reports from sites indicating that
       intruders are scanning large network blocks for vulnerable FTP

    3. ActiveX Control Vulnerabilities

       Exploitations of a vulnerability in the Scriptlet.Typelib
       ActiveX control are discussed in CERT Incident Note
       IN-2000-06. This vulnerability allows local files to be created
       or modified, and is used in viruses such as Bubbleboy and kak.
        CERT Incident Note IN-2000-06, Exploitation of
        "Scriptlet.Typelib" ActiveX Control
       Additionally, information about a serious vulnerability in the
       HHCtrl ActiveX control was published in CERT Advisory CA-2000-12.
       This vulnerability could allow remote intruders to execute
       arbitrary code.
        CERT Advisory CA-2000-12, HHCtrl ActiveX Control Allows Local
        Files to be Executed
    4. Exploitation of Hidden File extensions

       Attackers have used a number of malicious programs to exploit
       the default behavior of Windows operating systems to hide file
       extensions from the user.  This behavior can be used to trick
       users into executing malicious code by making a file appear to
       be something it is not.
        CERT Incident Note IN-2000-07, Exploitation of Hidden File
    5. Outlook and Outlook Express Cache Bypass Vulnerability

       A vulnerability in Microsoft Outlook and Outlook Express that
       can allow a remote attacker to read certain types of files on
       the user's machine is detailed in CERT Advisory CA-2000-14.
        CERT Advisory CA-2000-14, Microsoft Outlook and Outlook
        Express Cache Bypass Vulnerability
    6. Chat Clients and Network Security

       CERT Incident Note IN-2000-08 outlines the security issues
       inherent in the use of chat client software. We have published
       this information in response to inquiries about the risks this
       type of software poses to an organization.
        CERT Incident Note IN-2000-08, Chat Clients and Network

Expiration of CERT PGP keys

   On September 30, 2000, the operational CERT PGP keys will expire.
   Sites using these keys should be prepared to update their keyrings.
   More information about the CERT PGP keys can be found at:
   The new PGP keys will also be available at this location when they are
"CERT/CC Channel"

   The CERT Coordination Center publishes an XML RSS 0.91 format file
   containing headlines about recently published CERT Advisories,
   Incident Notes, Vulnerability Notes, and Summaries. Using this RSS
   channel, Internet sites can automate creation of web site pointers to
   the latest computer security information from the CERT/CC.
   More information about the CERT/CC RSS channel can be found at
"CERT/CC Current Activity" Web Page

   The CERT/CC Current Activity web page is a regularly updated summary
   of the most frequent, high-impact types of security incidents and
   vulnerabilities currently being reported to the CERT/CC. It is
   available from
   The information on the Current Activity page is reviewed and updated
   as reporting trends change.
What's New and Updated

   Since the last CERT summary, we have published new and updated
     * Advisories
     * Incident notes
     * Vulnerability notes
     * Tech tips/FAQs, including one on how the FBI investigates computer
     * CERT/CC statistics
     * Infosec Outlook newsletter
     * Security improvement modules
     * Security improvement implementations
   There are descriptions of these documents and links to them on our
   "What's New" web page at
   This document is available from:
CERT/CC Contact Information

   Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
          Phone: +1 412-268-7090 (24-hour hotline)
          Fax: +1 412-268-6989
          Postal address:
          CERT Coordination Center
          Software Engineering Institute
          Carnegie Mellon University
          Pittsburgh PA 15213-3890
   CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4)
   Monday through Friday; they are on call for emergencies during other
   hours, on U.S. holidays, and on weekends.
Using encryption

   We strongly urge you to encrypt sensitive information sent by email.
   Our public PGP key is available from
   If you prefer to use DES, please call the CERT hotline for more
Getting security information

   CERT publications and other security information are available from
   our web site
   To be added to our mailing list for advisories and bulletins, send
   email to This email address is being protected from spambots. You need JavaScript enabled to view it. and include SUBSCRIBE
   your-email-address in the subject of your message.
   * "CERT" and "CERT Coordination Center" are registered in the U.S.
   Patent and Trademark Office.
   Any material furnished by Carnegie Mellon University and the Software
   Engineering Institute is furnished on an "as is" basis. Carnegie
   Mellon University makes no warranties of any kind, either expressed or
   implied as to any matter including, but not limited to, warranty of
   fitness for a particular purpose or merchantability, exclusivity or
   results obtained from use of the material. Carnegie Mellon University
   does not make any warranty of any kind with respect to freedom from
   patent, trademark, or copyright infringement.
   Conditions for use, disclaimers, and sponsorship information
   Copyright 2000 Carnegie Mellon University.

Version: PGP for Personal Privacy 5.0
Charset: noconv


Powered by: MHonArc

Login Form


School of Engineering and technologies     Asian Institute of Technology