CERT Summary CS-2002-02

From: CERT Advisory (cert-advisory@cert.org)
Date: 05/28/02 

Date: Tue, 28 May 2002 14:46:28 -0400 (EDT)
From: CERT Advisory <cert-advisory@cert.org>
To: cert-advisory@cert.org

-----BEGIN PGP SIGNED MESSAGE-----

CERT Summary CS-2002-02

   May 28, 2002

   Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT
   summary to draw attention to the types of attacks reported to our
   incident response team, as well as other noteworthy incident and
   vulnerability information. The summary includes pointers to sources of
   information for dealing with the problems.

   Past CERT summaries are available at http://www.cert.org/summaries/.
   ______________________________________________________________________

Recent Activity

   Since the last regularly scheduled CERT summary, issued in February
   2002 (CS-2002-01), we have released several advisories addressing
   vulnerabilties in Microsoft's IIS server, Oracle Database and
   Application Servers, Sun Solaris cachefsd, and MSN Instant Messenger.
   In addition, we have published statistics for the first quarter of
   2002, numerous white papers, and a collection of frequently asked
   questions about the OCTAVE Method.

   For more current information on activity being reported to the
   CERT/CC, please visit the CERT/CC Current Activity page. The Current
   Activity page is a regularly updated summary of the most frequent,
   high-impact types of security incidents and vulnerabilities being
   reported to the CERT/CC. The information on the Current Activity page
   is reviewed and updated as reporting trends change.

    1. Exploitation of Vulnerabilities in Microsoft SQL Server

       The CERT/CC has received reports of systems being compromised
       through the automated exploitation of null or weak default sa
       passwords in Microsoft SQL Server and Microsoft Data Engine. This
       activity is accompanied by high volumes of scanning, and appears
       to be related to recently discovered self-propagating malicious
       code, referred to by various sources as Spida, SQLsnake, and
       Digispid.

       CERT Incident Note IN-2002-04:
       Exploitation of Vulnerabilities in Microsoft SQL Server
       http://www.cert.org/incident_notes/IN-2002-04.html

    2. Buffer Overflow in Microsoft's MSN Chat ActiveX Control

       Microsoft's MSN Chat is an ActiveX control for Microsoft
       Messenger, an instant messaging client. A buffer overflow exists
       in the ActiveX control that may permit a remote attacker to
       execute arbitrary code on the system with the privileges of the
       current user.

       CERT Advisory CA-2002-13:
       Buffer Overflow in Microsoft's MSN Chat ActiveX Control
       http://www.cert.org/advisories/CA-2002-13.html

    3. Format String Vulnerability in ISC DHCPD

       The Internet Software Consortium (ISC) provides a Dynamic Host
       Configuration Protocol Daemon (DHCPD), which is a server that is
       used to allocate network addresses and assign configuration
       parameters to hosts. A format string vulnerability may permit a
       remote attacker to execute code with the privileges of the DHCPD
       (typically root). We have not seen active scanning or exploitation
       of this vulnerability.

       CERT Advisory CA-2002-12:
       Format String Vulnerability in ISC DHCPD
       http://www.cert.org/advisories/CA-2002-12.html

    4. Heap Overflow in Cachefs Daemon (cachefsd)

       Sun's NFS/RPC file system cachefs daemon (cachefsd) is shipped and
       installed by default with Sun Solaris 2.5.1, 2.6, 7, and 8 (SPARC
       and Intel architectures). A remotely exploitable vulnerability
       exists in cachefsd that could permit a remote attacker to execute
       arbitrary code with the privileges of the cachefsd, typically
       root. The CERT/CC has received credible reports of scanning and
       exploitation of Solaris systems running cachefsd.

       CERT Advisory CA-2002-11:
       Heap Overflow in Cachefs Daemon (cachefsd)
       http://www.cert.org/advisories/CA-2002-11.html

    5. Multiple Vulnerabilities in Microsoft IIS

       A variety of vulnerabilities exist in various versions of
       Microsoft IIS. Some of these vulnerabilities may allow an intruder
       to execute arbitrary code on vulnerable systems.

       CERT Advisory CA-2002-09:
       Multiple Vulnerabilities in Microsoft IIS
       http://www.cert.org/advisories/CA-2002-09.html

    6. Multiple Vulnerabilities in Oracle Servers

       Multiple vulnerabilities in Oracle Application Server and Oracle
       Database have recently been discovered. These vulnerabilities
       include buffer overflows, insecure default settings, failures to
       enforce access controls, and failure to validate input. The
       impacts of these vulnerabilities include the execution of
       arbitrary commands or code, denial of service, and unauthorized
       access to sensitive information.

       CERT Advisory CA-2002-08:
       Multiple Vulnerabilities in Oracle Servers
       http://www.cert.org/advisories/CA-2002-08.html

    7. Social Engineering Attacks via IRC and Instant Messaging

       The CERT/CC has received reports of social engineering attacks on
       users of Internet Relay Chat (IRC) and Instant Messaging (IM)
       services. Intruders trick unsuspecting users into downloading and
       executing malicious software, which allows the intruders to use
       the systems as attack platforms for launching distributed
       denial-of-service (DDoS) attacks. The reports to the CERT/CC
       indicate that tens of thousands of systems have recently been
       compromised in this manner.

       CERT Incident Note IN-2002-03:
       Social Engineering Attacks via IRC and Instant Messaging
       http://www.cert.org/incident_notes/IN-2002-03.html
   ______________________________________________________________________

What's New and Updated

   Since the last CERT Summary, we have published new or updated
     * Advisories
     * Incident Notes
     * CERT/CC Statistics
     * OCTAVE^SM Method Frequently Asked Questions
     * White Papers
          + Foundations for Survivable Systems Engineering
          + Organized Crime and Cyber-Crime: Implications for Business
          + Overview of Attack Trends
          + Using PGP to Verify Digital Signatures
          + Downstream Liability for Attack Relay Amplification
          + Cross-Site Scripting Vulnerabilities
          + Countering Cyber War
   ______________________________________________________________________

   This document is available from:
   http://www.cert.org/summaries/CS-2002-02.html
   ______________________________________________________________________

CERT/CC Contact Information

   Email: cert@cert.org
          Phone: +1 412-268-7090 (24-hour hotline)
          Fax: +1 412-268-6989
          Postal address:
          CERT Coordination Center
          Software Engineering Institute
          Carnegie Mellon University
          Pittsburgh PA 15213-3890
          U.S.A.

   CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /
   EDT(GMT-4) Monday through Friday; they are on call for emergencies
   during other hours, on U.S. holidays, and on weekends.

Using encryption

   We strongly urge you to encrypt sensitive information sent by email.
   Our public PGP key is available from
   http://www.cert.org/CERT_PGP.key

   If you prefer to use DES, please call the CERT hotline for more
   information.

Getting security information

   CERT publications and other security information are available from
   our web site
   http://www.cert.org/

   To subscribe to the CERT mailing list for advisories and bulletins,
   send email to majordomo@cert.org. Please include in the body of your
   message

   subscribe cert-advisory

   * "CERT" and "CERT Coordination Center" are registered in the U.S.
   Patent and Trademark Office.
   ______________________________________________________________________

   NO WARRANTY
   Any material furnished by Carnegie Mellon University and the Software
   Engineering Institute is furnished on an "as is" basis. Carnegie
   Mellon University makes no warranties of any kind, either expressed or
   implied as to any matter including, but not limited to, warranty of
   fitness for a particular purpose or merchantability, exclusivity or
   results obtained from use of the material. Carnegie Mellon University
   does not make any warranty of any kind with respect to freedom from
   patent, trademark, or copyright infringement.
     _________________________________________________________________

   Conditions for use, disclaimers, and sponsorship information

   Copyright ©2002 Carnegie Mellon University.

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBPPPOk6CVPMXQI2HJAQHHeAQAxlNggZhs00dAQBX4Wvm1xIeBMyK6NYLn
HQyiHIhHFoeshf+FsF1aBbwV1m07nkv9OnEWm4I2fqOPtPRNQJAAhud7XrfEpeOm
EqEkHQD9LaoQux/HVe23Gmp/Lv5RkLbUu72tL18KdI7YVnteRKvtxIWvCgFfvjRM
2YTPonaOjlQ=
=XKwE
-----END PGP SIGNATURE-----

Relevant Pages

  • CERT Summary CS-2002-03
    ... incident response team, as well as other noteworthy incident and ... Past CERT summaries are available at http://www.cert.org/summaries/. ... is reviewed and updated as reporting trends change. ... Any material furnished by Carnegie Mellon University and the Software ...
    (Cert)
  • CERT Summary CS-2003-02
    ... incident response team, as well as other noteworthy incident and ... we have seen an integer overflow vulnerability within ... is reviewed and updated as reporting trends change. ... Any material furnished by Carnegie Mellon University and the Software ...
    (Cert)