home *** CD-ROM | disk | FTP | other *** search
-
- -----BEGIN PGP SIGNED MESSAGE-----
-
- CA-90:11
- CERT Advisory
- December 10, 1990
- Security probes from Italy
- - -------------------------------------------------------------------------------
-
- Many sites on the Internet received messages from
- "miners@ghost.unimi.it" (131.175.10.64) on Sunday, December 9. The
- messages stated that "miners" is a group of researchers and students
- in the computer science department at the state university of Milano
- in Italy; a group testing for a "common bug" in network hosts. In
- addition to the messages, a number of sites detected probes
- from the unimi.it domain. Later today, a number of individuals
- received a follow up message from "postmaster@ghost.unimi.it"
- explaining the activities.
-
- We have received reports that this activity has now stopped, and an
- unofficial explanation has been provided by several administrators at
- the University of Milano. The rest of this message describes the
- sequence of events and the security holes that were probed.
-
- Following the original messages from miners@ghost and
- postmaster@ghost, another message was sent on the afternoon of December
- 10th from several administrators at the University of Milano. They
- stated that the authorities at the University had been informed and
- that the attempts had stopped. They also noted that they had not been
- informed of the tests in advance.
-
- The administrators at the University of Milano have sent us a copy of
- the scripts that were used to probe the Internet sites. These scripts
- checked for the existence of the sendmail WIZ and DEBUG commands,
- and attempted to get /etc/motd and/or /etc/passwd via TFTP and
- by exploiting an old vulnerability in anonymous FTP. The scripts
- also attempted to rsh to a site and try to cat /etc/passwd. Finally,
- the scripts mailed to root at each site they tested with the message
- from "miners@ghost.unimi.it".
-
- The administrators at the University of Milano state that the group
- that did this was doing this to discover which (if any) sites might
- have had these security flaws, and then to let the sites know about
- these vulnerabilities. They have stated that they still intend to
- inform sites that have these vulnerabilities.
-
- To our knowledge, no site was actually broken into (as of December 10,
- 1990). Nonetheless, the CERT does not condone this type of activity.
-
- Most of the information in this advisory is based on information given
- to us via e-mail from individuals at the University of Milano. We
- have not yet been able to check this information with any officials at
- the University; if we learn of any other significant information, we will
- update this advisory.
-
- - ------------------------------------------------------------------------------
-
- Computer Emergency Response Team (CERT)
- Software Engineering Institute
- Carnegie Mellon University
- Pittsburgh, PA 15213-3890
-
- Internet E-mail: cert@cert.org
- Telephone: 412-268-7090 24-hour hotline:
- CERT personnel answer 7:30a.m.-6:00p.m. EST, on call for
- emergencies during other hours.
-
- Past advisories and other information are available for anonymous ftp
- from cert.org (192.88.209.5).
-
-
- -----BEGIN PGP SIGNATURE-----
- Version: 2.6.2
-
- iQCVAwUBMaMwk3VP+x0t4w7BAQHJJAP+OhkbgluzrajAOkP+5K/2p5oYAdDQI7cM
- fMqCxkzg/8kEKmUe9uor1qGYsb3YQTioQQ6vAOPs0UR+oWoJyrC4ugC52eBNgl49
- 0jsL6HLp04zL5P8GcFkILzeWQuaUPt2KR6iezooN/ArDS7rizNLECLpRg8HyVFUX
- B3cR4rqw2iY=
- =VRmH
- -----END PGP SIGNATURE-----
-
-
