CERT Summary Released

    Date01 Mar 2000
    6112
    Posted ByAnthony Pell
    CERT Summary CS-2000-01 Tuesday, February 29, 2000 Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT Summary to draw attention to the types of attacks . . . CERT Summary CS-2000-01

    Tuesday, February 29, 2000

    Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT
    Summary to draw attention to the types of attacks reported to our
    incident response team, as well as other noteworthy incident and
    vulnerability information. The summary includes pointers to sources of
    information for dealing with the problems.

    Past CERT summaries are available from
    http://www.cert.org/summaries/
    ______________________________________________________________________

    Recent Activity

    Since the last regularly scheduled CERT summary, issued November 1999
    (CS-99-04), we have published information on distributed
    denial-of-service tools and developments. We also continue to receive
    reports of intruders compromising machines by exploiting
    vulnerabilities in BIND, Vixie Cron, WU-FTPD, and RPC services.
    Additionally, we have published information on malicious HTML tags
    embedded in client web requests.

    1. Distributed Denial-of-Service Developments
    We continue to receive reports of intruders compromising machines
    in order to install software used for launching packet flooding
    denial-of-service attacks. For more information, please see
    CERT Incident Note IN-2000-01 Windows Based DDOS Agents
    http://www.cert.org/incident_notes/IN-2000-01.html
    CERT Advisory CA-2000-01 Denial-of-Service Developments
    http://www.cert.org/advisories/CA-2000-01.html
    CERT Advisory CA-99-17 Denial-of-Service Tools
    http://www.cert.org/advisories/CA-99-17-denial-of-service-too
    ls.html
    CERT Incident Note IN-99-07 Distributed Denial of Service
    Tools
    http://www.cert.org/incident_notes/IN-99-07.html
    Results of the Distributed-Systems Intruder Tools Workshop
    http://www.cert.org/reports/dsit_workshop-final.html
    2. BIND Vulnerabilities
    We continue to receive reports of intruders compromising machines
    by exploiting vulnerabilities in BIND. For more information,
    please see
    CERT Advisory CA-99-14 Multiple Vulnerabilities in BIND
    http://www.cert.org/advisories/CA-99-14-bind.html
    3. Multiple Vulnerabilities in Vixie Cron
    Compromises involving the exploitation of several vulnerabilities
    in the Vixie Cron program have recently been reported to the
    CERT/CC. These vulnerabilities, including two that were first
    discussed publicly in August 1999, allow local users to gain root
    access. More information about these vulnerabilities, including
    pointers to patch information, is available in our recently
    published Vulnerability Note VN-2000-01:

    CERT Vulnerability Note VN-2000-01 Multiple Vulnerabilities in
    Vixie Cron
    http://www.cert.org/vul_notes/VN-2000-01.html


    4. Root Compromises
    We continue to see root compromises as a result of vulnerabilities
    in WU-FTPD, AMD, and various RPC-related services. For more
    information, please see
    CERT Advisory CA-99-13 Multiple Vulnerabilities in WU-FTPD
    http://www.cert.org/advisories/CA-99-13-wuftpd.html
    CERT Advisory CA-99-12 Buffer Overflow in amd
    http://www.cert.org/advisories/CA-99-12-amd.html
    CERT Incident Note 99-04 Similar Attacks Using Various RPC
    Services
    http://www.cert.org/incident_notes/IN-99-04.html
    5. Malicious HTML Tags Embedded in Client Web Requests
    The CERT/CC has published information regarding web sites that may
    inadvertently include malicious HTML tags or script in a
    dynamically generated page based on unvalidated input from
    untrustworthy sources. For more information, please see
    CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client
    Web Requests
    http://www.cert.org/advisories/CA-2000-02.html
    ______________________________________________________________________

    "CERT/CC Current Activity" Web Page

    The CERT/CC Current Activity web page is a regularly updated summary
    of the most frequent, high-impact types of security incidents and
    vulnerabilities currently being reported to the CERT/CC. It is
    available from

    http://www.cert.org/current/current_activity.html

    The information on the Current Activity page is reviewed and updated
    as reporting trends change.
    ______________________________________________________________________

    Year 2000 (Y2K) Information

    We continue to regularly update reports on our web site to inform the
    community of activity being reported to us by other response teams and
    sites. We will continue to update these reports through February 29,
    "leap day." For more information, please see

    CERT/CC and FedCIRC Year 2000 (Y2K) Status Reports
    http://www.cert.org/y2k-info/y2k-status.html
    Potential Computer Behavior on February 29, 2000
    http://www.cert.org/y2k-info/leapyear_est.html
    ______________________________________________________________________

    What's New and Updated

    Since the last CERT summary, we have developed new and updated
    * Advisories
    * CERT statistics
    * Incident notes
    * Tech tips/FAQs
    * Y2K information
    * Announcements of Training Courses
    * CERT/CC annual report
    * Copies of Congressional testimony by our staff

    There are descriptions of these documents and links to them on our
    "What's New" web page at
    http://www.cert.org/nav/whatsnew.html
    ______________________________________________________________________

    This document is available from:
    http://www.cert.org/summaries/CS-2000-01.html
    ______________________________________________________________________

    CERT/CC Contact Information

    Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Phone: +1 412-268-7090 (24-hour hotline)
    Fax: +1 412-268-6989
    Postal address:
    CERT Coordination Center
    Software Engineering Institute
    Carnegie Mellon University
    Pittsburgh PA 15213-3890
    U.S.A.

    CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4)
    Monday through Friday; they are on call for emergencies during other
    hours, on U.S. holidays, and on weekends.

    Using encryption

    We strongly urge you to encrypt sensitive information sent by email.
    Our public PGP key is available from

    http://www.cert.org/CERT_PGP.key

    If you prefer to use DES, please call the CERT hotline for more
    information.

    Getting security information

    CERT publications and other security information are available from
    our web site

    http://www.cert.org/

    To be added to our mailing list for advisories and bulletins, send
    email to This email address is being protected from spambots. You need JavaScript enabled to view it. and include SUBSCRIBE
    your-email-address in the subject of your message.

    Copyright 1999 Carnegie Mellon University.
    Conditions for use, disclaimers, and sponsorship information can be
    found in

    http://www.cert.org/legal_stuff.html

    * "CERT" and "CERT Coordination Center" are registered in the U.S.
    Patent and Trademark Office.
    ______________________________________________________________________

    NO WARRANTY
    Any material furnished by Carnegie Mellon University and the Software
    Engineering Institute is furnished on an "as is" basis. Carnegie
    Mellon University makes no warranties of any kind, either expressed or
    implied as to any matter including, but not limited to, warranty of
    fitness for a particular purpose or merchantability, exclusivity or
    results obtained from use of the material. Carnegie Mellon University
    does not make any warranty of any kind with respect to freedom from
    patent, trademark, or copyright infringement.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP for Personal Privacy 5.0
    Charset: noconv

    iQA/AwUBOLv04lr9kb5qlZHQEQIC6QCg1z6/e4atrIi82ill/wYIpv6r8eMAn1P/
    yIJPWRHMwiXVJlSyvBmeWV3N
    =nSN5
    -----END PGP SIGNATURE-----
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.