home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Nebula 2
/
Nebula Two.iso
/
Documents
/
CERT
/
cert_summaries
/
CS-96.01
< prev
next >
Wrap
Text File
|
1996-02-15
|
5KB
|
163 lines
---------------------------------------------------------------------------
CERT(sm) Summary CS-96.01
January 23, 1996
The CERT Coordination Center periodically issues the CERT Summary to
draw attention to the types of attacks currently being reported to our
strategic incident response staff. The summary includes pointers to
sources of information for dealing with the problems. We also list new
or updated files that are available for anonymous FTP from
ftp://info.cert.org/pub/
Past CERT Summaries are available from
ftp://info.cert.org/pub/cert_summaries/
---------------------------------------------------------------------------
Recent Activity
---------------
In the last two months we have seen the same types of activity that we
described in the CERT advisory CA-95:18 Widespread Attacks on Internet
Sites. If you have not yet taken steps to protect your site against
the activities described below, we urge you to do so as soon as
possible.
Description
Intruders are doing the following:
- using automated tools to scan sites for NFS and NIS vulnerabilities
- exploiting the rpc.ypupdated vulnerability to gain root access
- exploiting the loadmodule vulnerability to gain root access
- installing Trojan horse programs and packet sniffers
- launching IP spoofing attacks
Solution
The CERT staff urges you to immediately take the steps described in
the advisories and README files listed below. Note that it is important
to check README files as they contain updated information we received
after the advisory was published.
a. Using automated tools to scan sites for NFS and NIS vulnerabilities
* CA-94:15.NFS.Vulnerabilities
* CA-94:15.README
* CA-92:13.SunOS.NIS.vulnerability
b. Exploiting the rpc.ypupdated vulnerability to gain root access
* CA-95:17.rpc.ypupdated.vul
* CA-95:17.README
c. Exploiting the loadmodule vulnerability to gain root access
* CA-93:18.SunOS.Solbourne.loadmodule.modload.vulnerability
* CA-95:12.sun.loadmodule.vul
* CA-95:12.README
d. Installing Trojan horse programs and packet sniffers
* CA-94:01.ongoing.network.monitoring.attacks
* CA-94:01.README
e. Launching IP spoofing attacks
* CA-95:01.IP.spoofing
* CA-95:01.README
The CERT advisories and README files are available from
ftp://info.cert.org/pub/cert_advisories
What's New in the CERT FTP Archive
----------------------------------
We have made the following changes since the last CERT Summary (November 28,
1995).
* New Additions
ftp://info.cert.org/pub/
Sysadmin_Tutorial.announcement (This CERT course will be given
four times this year in Pittsburgh,
Pennsylvania, USA.)
ftp://info.cert.org/pub/cert_advisories/
CA-95:16.wu-ftpd.vul
CA-95:17.rpc.ypupdated.vul
CA-95:18.widespread.attacks
ftp://info.cert.org/pub/cert_bulletins/
VB-95:10.elm
VB-95:10a.elm (listed additional FTP sites)
* Updated Files
ftp://info.cert.org/pub/
cert_faq
ftp://info.cert.org/pub/cert_advisories/
CA-95:13.README (syslog - added info from Digital Equipment)
CA-95:15.README (SGI lp - added info)
CA-95:16.README (wu-ftpd - added clarification and Solaris 2.4 info)
CA-95:17.README (rpc.ypupdated - added vendor info for Digital & HP)
ftp://info.cert.org/pub/tech_tips/
AUSCERT_checklist1.1 (replaced AUSCERT checklist version 1.0)
---------------------------------------------------------------------------
How to Contact the CERT Coordination Center
Email cert@cert.org
Phone +1 412-268-7090 (24-hour hotline)
CERT personnel answer 8:30-5:00 p.m. EST
(GMT-5)/EDT(GMT-4), and are on call for
emergencies during other hours.
Fax +1 412-268-6989
Postal address
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
USA
To be added to our mailing list for CERT advisories and bulletins, send your
email address to
cert-advisory-request@cert.org
CERT advisories and bulletins are posted on the USENET news group
comp.security.announce
If you wish to send sensitive incident or vulnerability information to CERT
staff by electronic mail, we strongly advise you to encrypt your message.
We can support a shared DES key or PGP. Contact the CERT staff for more
information.
Location of CERT PGP key
ftp://info.cert.org/pub/CERT_PGP.key
---------------------------------------------------------------------------
Copyright 1996 Carnegie Mellon University
This material may be reproduced and distributed without permission provided
it is used for noncommercial purposes and credit is given to the CERT
Coordination Center.
CERT is a service mark of Carnegie Mellon University.