CERT
 
Publications Catalog Historical Documents Authorized Users of "CERT" US-CERT Vulnerability Notes Database CERT Statistics Vulnerability Disclosure Policy CERT Knowledgebase Courses Link to US-CERT cylab
 

CERT/CC Advisories

CERT advisories have become a core component of US-CERT's Technical Cyber Security Alerts.

2003 | 2002 | 2001 | 2000 | 1999 | 1998 | 1997 | 1996 | 1995 | 1994 | 1993 | 1992 | 1991 | 1990 | 1989 | 1988


2004

CA-2004-02: Email-borne Viruses

January 27, 2004

In recent weeks there have been several mass-mailing viruses released on the Internet. It is important for users to understand the risks posed by these pieces of malicious code and the steps necessary to protect their systems from virus infection.

CA-2004-01: Multiple H.323 Message Vulnerabilities

January 13, 2004

A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocol H.323. Voice over Internet Protocol (VoIP) and video conferencing equipment and software can use these protocols to communicate over a variety of computer networks.

2003

CA-2003-28: Buffer Overflow in Windows Workstation Service

November 11, 2003

A buffer overflow vulnerability exists in Microsoft's Windows Workstation Service (WKSSVC.DLL).

A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service.

CA-2003-27: Multiple Vulnerabilities in Microsoft Windows and Exchange

October 16, 2003

There are multiple vulnerabilities in Microsoft Windows and Microsoft Exchange, the most serious of which could allow remote attackers to execute arbitrary code.

CA-2003-26: Multiple Vulnerabilities in SSL/TLS Implementations

October 2, 2003

There are multiple vulnerabilities in different implementations of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. These vulnerabilities occur primarily in Abstract Syntax Notation One (ASN.1) parsing code. The most serious vulnerabilities may allow a remote attacker to execute arbitrary code. The common impact is denial of service.

CA-2003-25: Buffer Overflow in Sendmail

September 18, 2003

A vulnerability in sendmail could allow a remote attacker to execute arbitrary code with the privileges of the sendmail daemon, typically root.

CA-2003-24: Buffer Management Vulnerability in OpenSSH

September 16, 2003

There is a remotely exploitable vulnerability in a general buffer management function in versions of OpenSSH prior to 3.7. This may allow a remote attacker to corrupt heap memory which could cause a denial-of-service condition. It may also be possible for an attacker to execute arbitrary code.

CA-2003-23: RPCSS Vulnerabilities in Microsoft Windows

September 10, 2003

Microsoft has published a bulletin describing three vulnerabilities that affect numerous versions of Microsoft Windows. Two of these vulnerabilities are remotely exploitable buffer overflows that may allow an attacker to execute arbitrary code with system privileges. The third vulnerability may allow a remote attacker to cause a denial of service.

CA-2003-22: Multiple Vulnerabilities in Microsoft Internet Explorer

August 26, 2003

Microsoft Internet Explorer (IE) contains multiple vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code with the privileges of the user running IE.

CA-2003-21: GNU Project FTP Server Compromise

August 13, 2003

The CERT/CC has received a report that the system housing the primary FTP servers for the GNU software project was compromised.

CA-2003-20: W32/Blaster worm

August 11, 2003

The CERT/CC is receiving reports of widespread activity related to a new piece of malicious code known as W32/Blaster. This worm appears to exploit known vulnerabilities in the Microsoft Remote Procedure Call (RPC) Interface.

CA-2003-19: Exploitation of Vulnerabilities in Microsoft RPC Interface

July 31, 2003

The CERT/CC is receiving reports of widespread scanning and exploitation of two recently discovered vulnerabilities in Microsoft Remote Procedure Call (RPC) Interface.

CA-2003-18: Integer Overflows in Microsoft Windows DirectX MIDI Library

July 25, 2003

A set of integer overflows exists in a DirectX library included in Microsoft Windows. An attacker could exploit this vulnerability to execute arbitrary code or to cause a denial of service.

CA-2003-17: Exploit Available for the Cisco IOS Interface Blocked Vulnerabilities

July 18, 2003

An exploit has been posted publicly for the vulnerability described in VU#411332, which was announced in

http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml

CA-2003-16: Buffer Overflow in Microsoft RPC

July 17, 2003

A buffer overflow vulnerability exists in Microsoft's Remote Procedure Call (RPC) implementation. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service.

CA-2003-15 :Cisco IOS Interface Blocked by IPv4 Packet

July 16, 2003

A vulnerability in many versions of Cisco IOS could allow an intruder to execute a denial-of-service attack against a vulnerable device.

CA-2003-14: Buffer Overflow in Microsoft Windows HTML Conversion Library

July 14, 2003

A buffer overflow vulnerability exists in a shared HTML conversion library included in Microsoft Windows. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service.

CA-2003-13: Multiple Vulnerabilities in Snort Preprocessors

April 17, 2003

There are two vulnerabilities in the Snort Intrusion Detection System, each in a separate preprocessor module. Both vulnerabilities allow remote attackers to execute arbitrary code with the privileges of the user running Snort, typically root.

CA-2003-12: Buffer Overflow in Sendmail

March 29, 2003

There is a vulnerability in sendmail that may allow remote attackers to gain the privileges of the sendmail daemon, typically root.

CA-2003-11: Multiple Vulnerabilities in Lotus Notes and Domino

March 26, 2003

Multiple vulnerabilities have been reported to affect Lotus Notes clients and Domino servers. Multiple reporters, the close timing, and some ambiguity caused confusion about what releases are vulnerable. We are issuing this advisory to help clarify the details of the vulnerabilities, the versions affected, and the patches that resolve these issues.

CA-2003-10: Integer overflow in Sun RPC XDR library routines

March 19, 2003

There is an integer overflow in the xdrmem_getbytes() function distributed as part of the Sun Microsystems XDR library. This overflow can cause remotely exploitable buffer overflows in multiple applications, leading to the execution of arbitrary code. Although the library was originally distributed by Sun Microsystems, multiple vendors have included the vulnerable code in their own implementations.

CA-2003-09: Buffer Overflow in Core Microsoft Windows DLL

Updated March 19, 2003
Released March 17, 2003

A buffer overflow vulnerability exists in the Win32 API libraries shipped with all versions of Microsoft Windows 2000. This vulnerability, which is being actively exploited on WebDAV-enabled IIS 5.0 servers, will allow a remote attacker to execute arbitrary code on unpatched systems. Sites running Microsoft Windows 2000 should apply a patch or disable WebDAV services as soon as possible.

CA-2003-08: Increased Activity Targeting Windows Shares

March 11, 2003

In recent weeks, the CERT/CC has observed an increase in the number of reports of systems running Windows 2000 and XP compromised due to poorly protected file shares.

CA-2003-07: Remote Buffer Overflow in Sendmail

March 3, 2003

There is a vulnerability in sendmail that may allow remote attackers to gain the privileges of the sendmail daemon, typically root.

CA-2003-06: Multiple vulnerabilities in implementations of the Session Initiation Protocol (SIP)

February 21, 2003

Numerous vulnerabilities have been reported in multiple vendors' implementations of the Session Initiation Protocol. These vulnerabilities may allow an attacker to gain unauthorized privileged access, cause denial-of-service attacks, or cause unstable system behavior.

CA-2003-05: Multiple Vulnerabilities in Oracle Servers

February 19, 2003

Multiple vulnerabilities exist in Oracle software that may lead to execution of arbitrary code; the ability to read, modify, or delete information stored in underlying Oracle databases; or denial of service. All of these vulnerabilites were discovered by Next Generation Security Software Ltd.

CA-2003-04: MS-SQL Server Worm

January 25, 2003

The CERT/CC has received reports of self-propagating malicious code that exploits multiple vulnerabilities in the Resolution Service of Microsoft SQL Server 2000. The propagation of this worm has caused varied levels of network degradation across the Internet, in addition to the compromise of vulnerable machines.

CA-2003-03: Buffer Overflow in Windows Locator Service

January 23, 2003

A buffer overflow vulnerability in the Microsoft Windows Locator service could allow a remote attacker to execute arbitrary code or cause the Windows Locator service to fail. This service is enabled and running by default on Windows 2000 domain controllers and Windows NT 4.0 domain controllers.

CA-2003-02: Double-Free Bug in CVS Server

January 22, 2003

A "double-free" vulnerability in the Concurrent Versions System (CVS) server could allow an unauthenticated, remote attacker with read-only access to execute arbitrary code, alter program operation, read sensitive information, or cause a denial of service.

CA-2003-01: Buffer Overflows in ISC DHCPD Minires Library

January 15, 2003

The Internet Software Consortium (ISC) has discovered several buffer overflow vulnerabilities in their implementation of DHCP (ISC DHCPD). These vulnerabilities may allow remote attackers to execute arbitrary code on affected systems. At this time, we are not aware of any exploits.

2002

CA-2002-37: Buffer Overflow in Microsoft Windows Shell

December 19, 2002

A buffer overflow vulnerability exists in the Microsoft Windows Shell. An attacker can exploit this vulnerability by enticing a victim to read a malicious email message, visit a malicious web page, or browse to a folder containing a malicious .MP3 or .WMA file. The attacker can then execute arbitrary code with the privileges of the victim.

CA-2002-36: Multiple Vulnerabilities in SSH Implementations

December 16, 2002

Multiple vendors' implementations of the secure shell (SSH) transport layer protocol contain vulnerabilities that could allow a remote attacker to execute arbitrary code with the privileges of the SSH process or cause a denial of service. The vulnerabilities affect SSH clients and servers, and they occur before user authentication takes place.

CA-2002-35: Vulnerability in RaQ Server Appliances

December 11, 2002

A remotely exploitable vulnerability has been discovered in Sun Cobalt RaQ 4 Server Appliances running Sun's Security Hardening Package (SHP). Exploitation of this vulnerability may allow remote attackers to execute arbitrary code with superuser privileges.

CA-2002-34: Buffer Overflow in Solaris X Window Font Service

November 25, 2002

The Solaris X Window Font Service (XFS) daemon (fs.auto) contains a remotely exploitable buffer overflow vulnerability that could allow an attacker to execute arbitrary code or cause a denial of service.

CA-2002-33: Heap Overflow Vulnerability in Microsoft Data Access Components (MDAC)

November 21, 2002

A vulnerability in the Microsoft Data Access Components (MDAC) could lead to remote execution of code with the privileges of the current process or user.

CA-2002-32: Backdoor in Alcatel OmniSwitch AOS

November 21, 2002

Alcatel has recently discovered a serious vulnerability in AOS version 5.1.1. Exploitation of this vulnerability can lead to full administrative control of the device running AOS.

CA-2002-31: Multiple Vulnerabilities in BIND

November 14, 2002

Multiple vulnerabilities with varying impacts have been found in BIND, the popular domain name server and client library software package from the Internet Software Consortium (ISC).

CA-2002-30: Trojan Horse tcpdump and libpcap Distributions

November 13, 2002

The CERT/CC has received reports that several of the released source code distributions of the libpcap and tcpdump packages were modified by an intruder and contain a Trojan horse. We strongly encourage sites that use, redistribute, or mirror the libpcap or tcpdump packages to immediately verify the integrity of their distribution.

CA-2002-29: Buffer Overflow in Kerberos Administration Daemon

October 25, 2002

Multiple Kerberos distributions contain a remotely exploitable buffer overflow in the Kerberos administration daemon. A remote attacker could exploit this vulnerability to gain root privileges on a vulnerable system.

CA-2002-28: Trojan Horse Sendmail Distribution

October 8, 2002

The CERT/CC has received confirmation that some copies of the source code for the Sendmail package were modified by an intruder to contain a Trojan horse. Sites that employ, redistribute, or mirror the Sendmail package should immediately verify the integrity of their distribution.

CA-2002-27: Apache/mod_ssl Worm

September 14,2002

The CERT/CC has received reports of self-propagating malicious code which exploits a vulnerability (VU#102795) in OpenSSL. This malicious code has been referred to as Apache/mod_ssl worm, linux.slapper.worm and bugtraq.c worm.

CA-2002-26: Buffer Overflow in CDE ToolTalk

August 12, 2002

The Common Desktop Environment (CDE) ToolTalk RPC database server contains a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code or cause a denial of service.

CA-2002-25: Integer Overflow In XDR Library

August 5, 2002

There is an integer overflow present in the xdr_array() function distributed as part of the Sun Microsystems XDR library. This overflow has been shown to lead to remotely exploitable buffer overflows in multiple applications, leading to the execution of arbitrary code. Although the library was originally distributed by Sun Microsystems, multiple vendors have included the vulnerable code in their own implementations.

CA-2002-24: Trojan Horse OpenSSH Distribution

August 1, 2002

The CERT/CC has received confirmation that some copies of the source code for the OpenSSH package were modified by an intruder and contain a Trojan horse. We strongly encourage sites which employ, redistribute, or mirror the OpenSSH package to immediately verify the integrity of their distribution.

CA-2002-23: Multiple Vulnerabilities in OpenSSL

July 30, 2002

There are four remotely exploitable buffer overflows in OpenSSL. There are also encoding problems in the ASN.1 library used by OpenSSL. Several of these vulnerabilities could be used by a remote attacker to execute arbitrary code on the target system. All could be used to create denial of service.

CA-2002-22: Multiple Vulnerabilities in Microsoft SQL Server

July 29, 2002

The Microsoft SQL Server contains several serious vulnerabilities that allow remote attackers to obtain sensitive information, alter database contents, compromise SQL servers, and, in some configurations, compromise server hosts.

CA-2002-21: Vulnerability in PHP

July 22, 2002

A vulnerability has been discovered in PHP. This vulnerability could be used by a remote attacker to execute arbitrary code or crash PHP and/or the web server.

CA-2002-20: Multiple Vulnerabilities in CDE ToolTalk

July 10, 2002

Two vulnerabilities have been discovered in the Common Desktop Environment (CDE) ToolTalk RPC database server. The first vulnerability could be used by a remote attacker to delete arbitrary files, cause a denial of service, or possibly execute arbitrary code or commands. The second vulnerability could allow a local attacker to overwrite arbitrary files with contents of the attacker's choice.

CA-2002-19: Buffer Overflows in Multiple DNS Resolver Libraries

June 28, 2002

Buffer overflow vulnerabilities exist in multiple implementations of DNS resolver libraries. Operating systems and applications that utilize vulnerable DNS resolver libraries may be affected.

CA-2002-18: OpenSSH Vulnerabilities in Challenge Response Handling

June 26, 2002

There are two related vulnerabilities in the challenge response handling code in OpenSSH versions 2.3.1p1 through 3.3. They may allow a remote intruder to execute arbitrary code as the user running sshd (often root). The first vulnerability affects OpenSSH versions 2.9.9 through 3.3, that have the challenge response option enabled, and use SKEY or BSD_AUTH authentication. The second vulnerability affects PAM modules using interactive keyboard authentication in OpenSSH versions 2.3.1p1 through 3.3, regardless of the challenge response option setting.

CA-2002-17: Apache Web Server Chunk Handling Vulnerability

June 17, 2002

There is a remotely exploitable vulnerability in the handling of large chunks of data in web servers that are based on Apache source code. This vulnerability is present by default in configurations of Apache web servers versions 1.3 through 1.3.24 and versions 2.0 through 2.0.36. The impact of this vulnerability is dependent upon the software version and the hardware platform the server is running on.

CA-2002-16: Multiple Vulnerabilities in Yahoo! Messenger

June 5, 2002

There are multiple vulnerabilities in Yahoo! Messenger. Attackers that are able to exploit these vulnerabilities may be able to execute arbitrary code with the privileges of the victim user.

CA-2002-15: Denial-of-Service Vulnerability in ISC BIND 9

June 4, 2002

A denial-of-service vulnerability exists in version 9 of the Internet Software Consortium's (ISC) Berkeley Internet Name Domain (BIND) server. ISC BIND versions 8 and 4 are not affected. Exploiting this vulnerability will cause the BIND server to shut down.

CA-2002-14: Buffer Overflow in Macromedia JRun

May 29, 2002

A remotely exploitable buffer overflow exists in Macromedia's JRun 3.0 and 3.1.

CA-2002-13: Buffer Overflow in Microsoft's MSN Chat ActiveX Control

May 10, 2002

Microsoft's MSN Chat is an ActiveX control for Microsoft Messenger, an instant messaging client. A buffer overflow exists in the ActiveX control that may permit a remote attacker to execute arbitrary code on the system with the privileges of the current user.

CA-2002-12: Format String Vulnerability in ISC DHCPD

May 8, 2002

The Internet Software Consortium (ISC) provides a Dynamic Host Configuration Protocol Daemon (DHCPD), which is a server that is used to allocate network addresses and assign configuration parameters to hosts. A format string vulnerability may permit a remote attacker to execute code with the privileges of the DHCPD (typically root).

CA-2002-11: Heap Overflow in Cachefs Daemon (cachefsd)

May 6, 2002

Sun's NFS/RPC file system cachefs daemon (cachefsd) is shipped and installed by default with Sun Solaris 2.5.1, 2.6, 7, and 8 (SPARC and Intel architectures). A remotely exploitable vulnerability exists in cachefsd that could permit a remote attacker to execute arbitrary code with the privileges of the cachefsd, typically root.

CA-2002-10: Format String Vulnerability in rpc.rwalld

May 1, 2002

The rwall daemon (rpc.rwalld) is a utility that is used to listen for wall requests on the network. When a request is received, it calls wall, which sends the message to all terminals of a time-sharing system. A format string vulnerability may permit an intruder to execute code with the privileges of the rwall daemon.

CA-2002-09: Multiple Vulnerabilities in Microsoft IIS

April 11, 2002

A variety of vulnerabilities exist in various versions of Microsoft IIS. Some of these vulnerabilities may allow an intruder to execute arbitrary code on vulnerable systems.

CA-2002-08: Multiple Vulnerabilities in Oracle Servers

March 14, 2002

Multiple vulnerabilities in Oracle Application Server have recently been discovered. These vulnerabilities include buffer overflows, insecure default settings, failures to enforce access controls, and failure to validate input. The impacts of these vulnerabilities include the execution of arbitrary commands or code, denial of service, and unauthorized access to sensitive information.

CA-2002-07: Double Free Bug in zlib Compression Library

March 12, 2002

There is a bug in the zlib compression library that may manifest itself as a vulnerability in programs that are linked with zlib. This may allow an attacker to conduct a denial-of-service attack, gather information, or execute arbitrary code.

CA-2002-06: Vulnerabilities in Various Implementations of the RADIUS Protocol

March 4, 2002

Remote Authentication Dial In User Service (RADIUS) servers are used for authentication, authorization and accounting for terminals that speak the RADIUS protocol. Multiple vulnerabilities have been discovered in several implementations of the RADIUS protocol.

CA-2002-05: Multiple Vulnerabilities in PHP fileupload

February 27, 2002

Multiple vulnerabilities exist in the PHP scripting language. These vulnerabilities could allow a remote attacker to execute arbitrary code with the privileges of the PHP process.

CA-2002-04: Buffer Overflow in Microsoft Internet Explorer

February 25, 2002

Microsoft Internet Explorer contains a buffer overflow vulnerability in its handling of embedded objects in HTML documents. This vulnerability could allow an attacker to execute arbitrary code on the victim's system when the victim visits a web page or views an HTML email message.

CA-2002-03: Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP)

February 12, 2002

Numerous vulnerabilities have been reported in multiple vendor SNMP implementations. These vulnerabilities may allow unauthorized privileged access, denial-of-service attacks, or unstable behavior. If your site uses SNMP in any capacity, the CERT/CC encourages you to read this advisory and follow the advice provided in the solution section.

CA-2002-02: Buffer Overflow in AOL ICQ

January 24, 2002

There is a remotely exploitable buffer overflow in ICQ. Attackers that are able to exploit the vulnerability may be able to execute arbitrary code with the privileges of the victim user. Full details are discussed in VU#570167. An exploit is known to exist, but we do not believe it has been distributed in the wild. We have not seen active scanning for this vulnerability, nor have we received any reports of this vulnerability being exploited.

CA-2002-01: Exploitation of Vulnerability in CDE Subprocess Control Service

January 14, 2002

The CERT/CC has received credible reports of scanning and exploitation of Solaris systems running the CDE Subprocess Control Service buffer overflow vulnerability identified in CA-2001-31 and discussed in VU#172583.

2001

CA-2001-37: Buffer Overflow in UPnP Service on Microsoft Windows

December 20, 2001

Vulnerabilities in software included by default on Microsoft Windows XP, and optionally on Windows ME and Windows 98, may allow an intruder to execute arbitrary code on vulnerable systems, to launch denial-of-service attacks against vulnerable systems, or to use vulnerable systems to launch denial-of-service attacks against third-party systems.

CA-2001-36: Microsoft Internet Explorer Does Not Respect Content-Disposition and Content-Type MIME Headers

December 19, 2001

Microsoft Internet Explorer contains a vulnerability in its handling of certain MIME headers in web pages and HTML email messages. This vulnerability may allow an attacker to execute arbitrary code on the victim's system when the victim visits a web page or views an HTML email message.

CA-2001-35: Recent Activity Against Secure Shell Daemons

December 13, 2001

There are multiple vulnerabilities in several implementations of the Secure Shell (SSH) protocol. The SSH protocol enables a secure communications channel from a client to a server. We are seeing a high amount of scanning for SSH daemons, and we are receiving reports of exploitation.

CA-2001-34: Buffer Overflow in System V Derived Login

December 12, 2001

Several applications use login for authentication to the system. A remotely exploitable buffer overflow exists in login derived from System V. Attackers can exploit this vulnerability to gain root access to the server.

CA-2001-33: Multiple Vulnerabilities in WU-FTPD

November 29, 2001

WU-FTPD is a widely deployed software package used to provide File Transport Protocol (FTP) services on UNIX and Linux systems. There are two vulnerabilities in WU-FTPD that expose a system to potential remote root compromise by anyone with access to the FTP service.

CA-2001-32: HP-UX Line Printer Daemon Vulnerable to Directory Traversal

November 21, 2001

The HP-UX line printer daemon (rlpdaemon) enables various clients to share printers over a network. A remotely exploitable buffer overflow vulnerability exists in the rlpdaemon.

CA-2001-31: Buffer Overflow in CDE Subprocess Control Service

November 12, 2001

There is a remotely exploitable buffer overflow vulnerability in a library function used by the CDE Subprocess Control Service. This vulnerability could be used to crash the service or to execute arbitrary code with root privileges.

CA-2001-30: Multiple Vulnerabilities in lpd

November 5, 2001

There are multiple vulnerabilities in several implementations of the line printer daemon (lpd). The line printer daemon enables various clients to share printers over a network.

CA-2001-29: Oracle9iAS Web Cache vulnerable to buffer overflow

October 25, 2001

A remotely exploitable buffer overflow in the Oracle9iAS Web Cache allows intruders to execute arbitrary code or disrupt the normal operation of Web Cache.

CA-2001-28: Automatic Execution of Macros

October 8, 2001

An intruder can include a specially crafted macro in a Microsoft Excel or PowerPoint document that can avoid detection and run automatically regardless of the security settings specified by the user.

CA-2001-27: Format String Vulnerability in CDE ToolTalk

October 5, 2001

There is a remotely exploitable format string vulnerability in the CDE ToolTalk RPC database service. This vulnerability could be used to crash the service or execute arbitrary code, potentially allowing an intruder to gain root access.

CA-2001-26: Nimda Worm

September 18, 2001

The CERT/CC has received reports of new malicious code known as the "W32/Nimda worm" or the "Concept Virus (CV) v.5." This new worm appears to spread by multiple mechanisms.

CA-2001-25: Buffer Overflow in Gauntlet Firewall allows intruders to execute arbitrary code

September 6, 2001

A vulnerability for a remotely exploitable buffer overflow exists in Gauntlet Firewall by PGP Security.

CA-2001-24: Vulnerability in OpenView and NetView

August 15, 2001

ovactiond is a component of OpenView by Hewlett-Packard Company (HP) and NetView by Tivoli, an IBM Company (Tivoli). These products are used to manage large systems and networks. There is a serious vulnerability in ovactiond that allows intruders to execute arbitrary commands with elevated privileges. This may subsequently lead to an intruder gaining administrative control of a vulnerable machine.

CA-2001-23: Continued Threat of the "Code Red" Worm

July 26, 2001

Since around July 13, 2001, at least two variants of the self-propagating malicious code "Code Red" have been attacking hosts on the Internet (see CA-2001-19 "Code Red" Worm Exploiting Buffer Overflow In IIS Indexing Service DLL. Different organizations who have analyzed "Code Red" have reached different conclusions about the behavior of infected machines when their system clocks roll over to the next month. This advisory has been translated into Polish by CERT POLSKA.

CA-2001-22: W32/Sircam Malicious Code

July 25, 2001

"W32/Sircam" is malicious code that spreads through email and potentially through unprotected network shares. Once the malicious code has been executed on a system, it may reveal or delete sensitive information.

CA-2001-21: Buffer Overflow in telnetd

July 24, 2001

The telnetd program is a server for the Telnet remote virtual terminal protocol. There is a remotely exploitable buffer overflow in Telnet daemons derived from BSD source code. This vulnerability can crash the server or be leveraged to gain root access.

CA-2001-20: Continuing Threats to Home Users

July 20, 2001

This year, we have seen a significant increase in activity resulting in compromises of home user machines. In many cases, these machines are then used by intruders to launch attacks against other organizations. Home users have generally been the least prepared to defend against attacks. Many home users do not keep their machines up to date with security patches and workarounds, do not run current anti-virus software, and do not exercise caution when handling email attachments. Intruders know this, and we have seen a marked increase in intruders specifically targeting home users who have cable modem and DSL connections.

CA-2001-19: "Code Red" Worm Exploiting Buffer Overflow in IIS Indexing Service DLL

July 19, 2001

The CERT/CC has received reports of new self-propagating malicious code that exploits certain configurations of Microsoft Windows susceptible to the vulnerability described in CERT advisory CA-2001-13 Buffer Overflow In IIS Indexing Service DLL. These reports indicate that the "Code Red" worm may have already affected as many as 225,000 hosts, and continues to spread rapidly. This advisory has been translated into Polish by CERT POLSKA.

CA-2001-18: Multiple Vulnerabilities in Several Implementations of the Lightweight Directory Access Protocol (LDAP)

July 16, 2001

Several implementations of the Lightweight Directory Access Protocol (LDAP) protocol contain vulnerabilities that may allow denial-of-service attacks, unauthorized privileged access, or both.

CA-2001-17: Check Point RDP Bypass Vulnerability

July 9, 2001

A vulnerability in Check Point FireWall-1 and VPN-1 may allow an intruder to pass traffic through the firewall on port 259/UDP.

CA-2001-16: Oracle 8i contains buffer overflow in TNS listener

July 3, 2001

A vulnerability in Oracle 8i allows remote intruders to assume control of database servers running on victim machines. If the Oracle server is running on a Windows system, an intruder may also be able to gain control of the underlying operating system.

CA-2001-15: Buffer Overflow in Sun Solaris in.lpd Print Daemon

June 29, 2001

A buffer overflow exists in the Solaris BSD-style line printer daemon, in.lpd, that may allow a remote intruder to execute arbitrary code with the privileges of the running daemon.

CA-2001-14: Cisco IOS HTTP Server Authentication Vulnerability

June 28, 2001

A problem with HTTP server component of Cisco IOS system software allows an intruder to execute privileged commands on Cisco routers if local authentication databases are used.

CA-2001-13: Buffer Overflow In IIS Indexing Service DLL

June 19, 2001

A vulnerability exists in the Indexing Services used by Microsoft IIS 4.0 and IIS 5.0 running on Windows NT, Windows 2000, and beta versions of Windows XP. This vulnerability allows a remote intruder to run arbitrary code on the victim machine. This advisory has been translated into Polish by CERT POLSKA.

CA-2001-12: Superfluous Decoding Vulnerability in IIS

May 15, 2001

A serious vulnerability in Microsoft IIS may allow remote intruders to execute commands on an IIS web server. This vulnerability closely resembles a previous vulnerability in IIS that was widely exploited. The CERT/CC urges IIS administrators to take action to correct this vulnerability.

CA-2001-11: sadmind/IIS Worm

May 8, 2001

The CERT/CC has received reports of a new piece of self-propagating malicious code (referred to here as the sadmind/IIS worm). The worm uses two well-known vulnerabilities to compromise systems and deface web pages.

CA-2001-10: Buffer Overflow Vulnerability in Microsoft IIS 5.0

May 2, 2001

A vulnerability exists in Microsoft IIS 5.0 running on Windows 2000 that allows a remote intruder to run arbitrary code on the victim machine, allowing them to gain complete administrative control of the machine.

CA-2001-09: Statistical Weaknesses in TCP/IP Initial Sequence Numbers

May 1, 2001

A new vulnerability has been identified which is present when using random increments to constantly increase TCP ISN values over time. Systems are vulnerable if they have not incorporated RFC1948 or equivalent improvements or do not use cryptographically secure network protocols like IPsec.

CA-2001-08: Multiple Vulnerabilities in Alcatel ADSL Modems

April 10, 2001

The San Diego Supercomputer Center (SDSC) has recently discovered several vulnerabilities in the Alcatel Speed Touch Asymmetric Digital Subscriber Line (ADSL) modem.

CA-2001-07: File Globbing Vulnerabilities in Various FTP Servers

April 10, 2001

Several File Transfer Protocol (FTP) servers incorrectly manage buffers in a way that can lead to remote intruders executing arbitrary code on the FTP server.

CA-2001-06: Automatic Execution of Embedded MIME Types

April 3, 2001

Microsoft Internet Explorer has a vulnerability triggered when parsing MIME parts in a document that allows a malicious agent to execute arbitrary code.

CA-2001-05: Exploitation of snmpXdmid

March 30, 2001

The CERT/CC has received numerous reports indicating that a vulnerability in snmpXdmid is being actively exploited. Exploitation of this vulnerability allows an intruder to gain privileged (root) access to the system.

CA-2001-04: Unauthentic "Microsoft corporation" Certificates

March 22, 2001

On January 29 and 30, 2001, VeriSign, Inc. issues two certificates to an individual fraudulently claiming to be an employee of Microsoft Corporation. Any code signed by these certificates will appear to be legitimately signed by Microsoft when, in fact, it is not. Once accepted, these certificates may allow an attacker to execute malicious code on the user's system.

CA-2001-03: VBS/OnTheFly (Anna Kournikova) Malicious Code

February 12, 2001

"VBS/OnTheFly" is a VBScript program that spreads via email. This malicious code can infect a system if the enclosed attachment is run.

CA-2001-02: Multiple Vulnerabilities in BIND

Last revised: February 2, 2001—added Appendix B, which answers frequently asked questions
Original release: January 29, 2001

Domain Name System (DNS) Servers running various versions of ISC BIND (including both 4.9.x prior to 4.9.8 and 8.2.x prior to 8.2.3; 9.x is not affected) and derivatives. Because the normal operation of most services on the Internet depends on the proper operation of DNS servers, other services could be impacted if these vulnerabilities are exploited.

CA-2001-01: Interbase Server Contains Compiled-in Back Door Account

January 10, 2001

Interbase is an open source database package that had previously been distributed in a closed source fashion by Borland/Inprise. Both the open and closed source versions of the Interbase server contain a compiled-in back door account with a known password.


2000

CA-2000-22: Input Validation Problems in LPRng

December 12, 2000

A popular replacement software package to the BSD lpd printing service called LPRng contains at least one software defect, known as a "format string vulnerability," which may allow remote users to execute arbitrary code on vulnerable systems.

CA-2000-21: Denial-of-Service Vulnerabilities in TCP/IP Stacks

November 30, 2000

A variety of denial-of-service vulnerabilities has been explored and documented by BindView's RAZOR Security Team. These vulnerabilities allow attackers to consume limited resources on victim machines.

CA-2000-20: Multiple Denial-of-Service Problems in ISC BIND

November 13, 2000

The CERT Coordination Center has recently learned of two serious denial-of-service vulnerabilities in the Internet Software Consortium's (ISC) BIND software.

CA-2000-19: Revocation of Sun Microsystems Browser Certificates

October 25, 2000

To aid in the wide distribution of essential security information, the CERT Coordination Center is forwarding the following information from Sun Microsystems. Users who accept these certificates into their browser may inadvertently run malicious code signed by the compromised certificates.

CA-2000-18: PGP May Encrypt Data With Unauthorized ADKs

August 24, 2000

Additional Decryption Keys (ADKs) is a feature of PGP (Pretty Good Privacy) that allows authorized extra decryption keys to be added to a user's public key certificate. However, an implementation flaw in PGP allows unsigned ADKs which have been maliciously added to a certificate to be used for encryption.

CA-2000-17: Input Validation Problem In rpc.statd

August 18, 2000
Last updated August 23, 2000

The CERT/CC has begun receiving reports of an input validation vulnerability in the rpc.statd program being exploited. This program is included, and often installed by default, in several popular Linux distributions.

CA-2000-16: Microsoft "IE Script"/Access/OBJECT Tag Vulnerability

August 11, 2000

Under certain conditions, Internet Explorer can open Microsoft Access database or project files containing malicious code and execute the code without giving a user prior warning. Access files that are referenced by OBJECT tags in HTML documents can allow attackers to execute arbitrary commands using Visual Basic for Applications or macros.

CA-2000-15: Netscape Allows Java Applets to Read Protected Resources

August 10, 2000

Netscape Communicator and Navigator ship with Java classes that allow an unsigned Java applet to access local and remote resources in violation of the security policies for applets.

CA-2000-14: Microsoft Outlook and Outlook Express Cache Bypass Vulnerability

July 26, 2000

Microsoft recently released Microsoft Security Bulletin MS00-046, in which they announced a patch for the "Cache Bypass" vulnerability. By exploiting this vulnerability, an attacker can use an HTML-formatted message to read certain types of files on the victim's machine.

CA-2000-13: Two Input Validation Problems In FTPD

July 7, 2000

A vulnerability involving an input validation error in the "site exec" command has recently been identified in the Washington University ftpd (wu-ftpd) software package. A similar but distinct vulnerability has also been identified that involves a missing format string in several setproctitle() calls. It affects a broader number of ftp daemons.

CA-2000-12: HHCtrl ActiveX Control Allows Local Files to be Executed

June 19, 2000

The HHCtrl ActiveX control has a serious vulnerability that allows remote intruders to execute arbitrary code, if the intruder can cause a compiled help file (CHM) to be stored "locally."

CA-2000-11: MIT Kerberos Vulnerable to Denial-of-Service Attacks

June 9, 2000

There are several potential buffer overflow vulnerabilities in the Kerberos authentication software. The most severe vulnerability allows remote intruders to disrupt normal operations of the Key Distribution Center (KDC) if an attacker is able to send malformed requests to a realm's key server. The vulnerabilities discussed in this advisory are different than the ones discussed in advisory CA-2000-06.

CA-2000-10: Inconsistent Warning Messages in Internet Explorer

June 6, 2000

Several flaws exist in Microsoft Internet Explorer that could allow an attacker to masquerade as a legitimate web site if the attacker can compromise the validity of certain DNS information. These problems are different from the problems reported in CERT advisories CA-2000-05 and CA-2000-08, but they have a similar impact.

CA-2000-09: Flaw in PGP 5.0 Key Generation

May 30, 2000

Under certain circumstances, PGP 5.0 generates keys that are not sufficiently random, which may allow an attacher to predict keys and, hence, recover information encrypted with that key.

CA-2000-08: Inconsistent Warning Messages in Netscape Navigator

May 26, 2000

A flaw exists in Netscape Navigator that could allow an attacker to masquerade as a legitimate web site if the attacker can compromise the validity of certain DNS information. Attackers can trick users into disclosing information intended for a legitimate web site if the user has previously accepted a certificate in which the name recorded in the certificate does not match the DNS name of the web site to which the user is connecting.

CA-2000-07: Microsoft Office 2000 UA ActiveX Control Incorrectly Marked "Safe for Scripting"

May 24, 2000

The Microsoft Office 2000 UA ActiveX control is incorrectly marked as "safe for scripting". This vulnerability may allow for an intruder to disable macro warnings in Office products and, subsequently, execute arbitrary code. This vulnerability may be exploited by viewing an HTML document via a web page, newsgroup posting, or email message.

CA-2000-06: Multiple Buffer Overflows in Kerberos Authenticated Services

May 17, 2000

There are several buffer overflow vulnerabilities in the Kerberos authentication software. The most severe vulnerability allows remote intruders to gain root privileges on systems running services using Kerberos authentication. If vulnerable services are enabled on the Key Distribution Center (KDC) system, the entire Kerberos domain may be compromised.

CA-2000-05: Netscape Navigator Improperly Validates SSL Sessions

May 12, 2000

A flaw has been discovered in the way some web browsers validate SSL sessions. By exploiting this vulnerability, intruders may be able to deceive people into disclosing sensitive information (e.g. credit card numbers and other sensitive data) intended for a legitimate web site.

CA-2000-04: Love Letter Worm

May 4, 2000
Last updated May 5, 2000

The Love Letter Worm is a malicious VBScript program that spreads in a variety of ways. Users can be infected by various means, including email, Windows file sharing, IRC, USENET news, and possibly via web pages.

CA-2000-03: Continuing Compromises of DNS servers

April 26, 2000

There are continuing compromises of machines running the DNS software that is part of BIND (named). A significant number of delegated DNS servers in the in-addr.apra tree are running outdated versions of DNS software.

CA-2000-02: Malicious HTML Tags Embedded in Client Requests

February 2, 2000

A web site may inadvertently include malicious HTML tags or script in a dynamically generated page based on unvalidated input from untrustworthy sources.

CA-2000-01: Denial-of-Service Developments

January 3, 2000

In addition to continued reports of denial-of-service problems, a denial-of-service tool called "stacheldraht" has been discovered.


1999

CA-1999-17: Denial-of-Service Tools

December 28, 1999

A new denial-of-service tool known as Tribe FloodNet 2K was released; a weakness in certain versions of MacOS allows intruders to use MacOS 9 as a "traffic amplifier."

CA-1999-16: Buffer Overflow in Sun Solstice AdminSuite Daemon sadmind

December 14, 1999

All versions of sadmind, part of Sun Microsystems' Solstice AdminSuite package, are vulnerable to a buffer overflow that can allow a remote user to execute arbitrary code with root privileges.

CA-1999-15: Buffer Overflows in SSH daemon and RSAREF2 Library

December 13, 1999

Some versions of sshd are vulnerable to a buffer overflow that can allow an intruder to influence certain variables internal to the program. This vulnerability alone does not allow an intruder to execute code. However, a vulnerability in RSAREF2 can be used in conjunction to allow remote intruder to execute arbitrary code.

CA-1999-14: Multiple Vulnerabilities in BIND

November 10, 1999

Six vulnerabilities have been found in BIND, the popular domain name server from the Internet Software Consortium (ISC). One of these vulnerabilities may allow remote intruders to gain privileged access to name servers.

CA-1999-13: Multiple Vulnerabilities in WU-FTPD

October 19, 1999
Last updated November 9, 1999

Three vulnerabilities have been identified in WU-FTPD and other ftp daemons based on the WU-FTPD source code. WU-FTPD is a common package used to provide File Transfer Protocol (FTP) services.

CA-1999-12: Buffer Overflow in amd

September 16, 1999

There is a buffer overflow vulnerability in the logging facility of the amd daemon. By exploiting this vulnerability, remote intruders can execute arbitrary code as the user running the amd daemon (usually root).

CA-1999-11: Four Vulnerabilities in the Common Desktop Environment

September 13, 1999

Multiple vulnerabilities have been identified in some distributions of the Common Desktop Environment (CDE). These vulnerabilities are different from those discussed in CA-1998-02.

CA-1999-10: Insecure Default Configuration on RaQ2 Servers

July 30, 1999

A vulnerability has been discovered in the default configuration of Cobalt Networks RaQ2 servers that allows remote users to install arbitrary software packages to the system. This access can then be used to gain root privileges on the system.

CA-1999-09: Array Services default configuration

July 19, 1999

The default configuration of SGI Array Services disables authentication and allows remote and local users to execute arbitrary commands as root.

CA-1999-08: Buffer overflow vulnerability in rpc.cmsd

July 16, 1999

There is a buffer overflow vulnerability in the Calendar Manager Service Daemon, rpc.cmsd. This vulnerability allows remote and local users to execute arbitrary code with the privileges of cmsd, typically root. A tool to exploit this vulnerability has been publicly released.

CA-1999-07: IIS Buffer Overflow

June 16, 1999

There is a buffer overflow vulnerability in Microsoft Internet Information Server (IIS) 4.0. A tool to exploit this vulnerability has been publicly released.

CA-1999-06: ExploreZip Trojan Horse Program

June 10, 1999

This advisory reports on the "ExploreZip" Trojan horse, which is propagated by email and which destroys files.

CA-1999-05: Vulnerability in statd exposes vulnerability in automountd

June 9, 1999
Last updated November 9, 1999

This advisory describes two vulnerabilities, one in statd and one in automountd, that are being used together by intruders to gain access to vulnerable systems. By combining attacks exploiting these two vulnerabilities, a remote intruder is able to execute arbitrary commands with the privileges of the automountd service. Note that the rpc.statd vulnerability described in this advisory is distinct from the vulnerabilities described in CERT Advisories CA-1996-09 and CA-1997-26.

CA-1999-04: Melissa Macro Virus

March 27, 1999

At approximately 2:00 PM GMT-5 on Friday March 26 1999 we began receiving reports of a Microsoft Word 97 and Word 2000 macro virus which is propagating via email attachments. The number and variety of reports we have received indicate that this is a widespread attack affecting a variety of sites.

CA-1999-03: FTP Buffer Overflows

February 11, 1999

In text from Netect, Inc., this advisory presents information about remote buffer overflows that lead to potential root compromises in various FTP servers.

CA-1999-02: Trojan Horses

February 5, 1999

Over the past few weeks, we have received an increase in the number of incident reports related to Trojan horses. This advisory includes descriptions of some of those incidents, some general information about Trojan horses, and advice for system and network administrators, end users, software developers, and distributors.

CA-1999-01: Trojan TCP Wrappers

January 21, 1999

The CERT Coordination Center has received confirmation that some copies of the source code for the TCP Wrappers tool (tcpd) were modified by an intruder and contain a Trojan horse. An intruder can gain unauthorized root access to any host running this Trojan horse version of TCP Wrappers.


1998

CA-1998-13: Vulnerability in Certain TCP/IP Implementations

December 21, 1998

A vulnerability in certain implementations of TCP/IP allows intruders to disrupt service or crash systems with vulnerable TCP/IP stacks. No special access is required, and intruders can use source-address spoofing to conceal their true location.

CA-1998-12: Remotely Exploitable Buffer Overflow Vulnerability in mountd

October 12, 1998

There is a vulnerability in some implementations of the software that NFS servers use to log requests to use file systems. Intruders who exploit the vulnerability are able to gain administrative access to the vulnerable NFS file server. That is, they can do anything the system administrator can do. This vulnerability can be exploited remotely and does not require an account on the target machine.

CA-1998-11: Vulnerability in Tooltalk RPC Service

September 3, 1998

An implementation fault in the ToolTalk object database server allows a remote attacker to run arbitrary code as the superuser on hosts supporting the ToolTalk service. The affected program runs on many popular UNIX operating systems supporting CDE and some Open Windows installs. This vulnerability is being actively exploited by attackers on the Internet.

CA-1998-10: Buffer Overflow in MIME-aware Mail and News Clients

August 11, 1998

A vulnerability in some MIME-aware mail and news clients could allow an intruder to execute arbitrary code, crash the system, or gain administrative rights on vulnerable systems. The vulnerability affects a number of mail and news clients in addition to the ones which have been the subjects of reports published by Microsoft, Netscape, AUSCERT, CIAC, NTBugTraq, and others.

CA-1998-09: Buffer Overflow in Some Implementations of IMAP Servers

July 20, 1998

The CERT Coordination Center has received reports regarding a buffer overflow in some implementations of IMAP servers. This vulnerability allows remote intruders to execute arbitrary commands under the privileges of the process running the vulnerable IMAP server. If the vulnerable IMAP server is running as root, remote intruders can gain root access. This vulnerability is different from the one discussed in CERT Advisory CA-1997-09.

CA-1998-08: Buffer Overflows in Some POP Servers

July 14, 1998

This advisory discusses reports of buffer overflows in some Post Office Protocol (POP) servers. The vulnerability allows remote users to gain privileged (root) access to systems running vulnerable versions of POP servers.

CA-1998-07: Vulnerability in Some Usages of PKCS#1

June 26, 1998

This advisory reports vulnerability in some implementations of products utilizing RSA Laboratories' Public-Key Cryptography Standard #1 (PKCS#1). Under some situations, a sophisticated intruder may be able to use the vulnerability in PKCS#1 to recover information from SSL-encrypted sessions.

CA-1998-06: Buffer Overflow in NIS+

June 9, 1998
Last updated November 9, 1999

This advisory reports a buffer overflow vulnerability that exists in some implementations of NIS+.

CA-1998-05: Multiple Vulnerabilities in BIND

April 8, 1998

This advisory describes three distinct problems in BIND. Topic 1 describes a vulnerability that may allow a remote intruder to gain root access on your name server or to disrupt normal operation of your name server. Topics 2 and 3 deal with vulnerabilities that can allow an intruder to disrupt your name server.

CA-1998-04: Microsoft Windows-based Web Servers access via long file names

February 6, 1998

This advisory reports an exploitation involving long file names on Microsoft Windows-based web servers.

CA-1998-03: Vulnerability in ssh-agent

January 22, 1998

This advisory details a vulnerability in the SSH cryptographic login program.

CA-1998-02: Vulnerabilities in CDE

January 21, 1998

This advisory reports several vulnerabilities in some implementations of the Common Desktop Environment (CDE).

CA-1998-01: Smurf IP Denial-of-Service Attacks

January 5, 1998

This advisory describes the "smurf" IP Denial-of-Service attacks. The attack described in this advisory is different from the denial-of-service attacks described in CERT advisory CA-97.28.


1997

CA-1997-28: IP Denial-of-Service Attacks

December 16, 1997

This advisory reports on two IP denial-of-service attacks.

CA-1997-27: FTP Bounce

December 10, 1997

This advisory discusses the use of the PORT command in the FTP protocol.

CA-1997-26: Buffer Overrun Vulnerability in statd(1M) Program

December 5, 1997

This advisory reports a vulnerability that exists in the statd(1M) program, available on a variety of Unix platforms.

CA-1997-25: Sanitizing User-Supplied Data in CGI Scripts

November 10, 1997

This advisory reports a vulnerability in some CGI scripts. This problem allows an attacker to execute arbitrary commands on a WWW server under the effective user-id of the server process.

CA-1997-24: Buffer Overrun Vulnerability in Count.cgi cgi-bin Program

November 5, 1997

This advisory describes a buffer overrun vulnerability which exists in the Count.cgi cgi-bin program that allows intruders to force Count.cgi to execute arbitrary commands.

CA-1997-23: Buffer Overflow Problem in rdist

September 16, 1997

This advisory discusses a buffer overflow problem in rdist. It is a different vulnerability from the one described in CA-1996-14.

CA-1997-22: BIND - the Berkeley Internet Name Daemon

August 13, 1997

This advisory supersedes CA-1996-02

It describes a vulnerability in all versions of BIND before release 4.9.6, suggests several solutions, and provides pointers to the current version of bind.

CA-1997-21: SGI Buffer Overflow Vulnerabilities

July 16, 1997

In this advisory, we describe 6 buffer overflow problems in SGI IRIX systems. Problems affect the df, pset, eject, login/scheme, ordist, and xlock programs. Workarounds and a pointer to a wrapper are provided.

CA-1997-20: JavaScript Vulnerability

July 8, 1997
Last updated November 9, 1999

This advisory reports a vulnerability in JavaScript that enables remote attackers to monitor a user's Web activities.

CA-1997-19: lpr Buffer Overrun Vulnerability

June 25, 1997

This advisory describes a vulnerability in BSD-based lpr printing software. Vendor information and a pointer to a wrapper are included.

CA-1997-18: Vulnerability in the at(1) program

June 12, 1997

This advisory addresses a buffer overflow condition in some versions of the at(1) program. Patch information and a workaround are provided.

CA-1997-17: Vulnerability in suidperl(sperl)

May 29, 1997

This advisory addresses a buffer overflow condition in suidperl (sperl) built from Perl 4.n and Perl 5.n distributions on UNIX systems. It suggests several solutions and includes vendor information and a patch for Perl version 5.003.

CA-1997-16: ftpd Signal Handling Vulnerability

May 29, 1997

This advisory describes a vulnerability in some versions of ftpd distributed and installed under various Unix platforms. Includes vendor information.

CA-1997-15: Vulnerability in SGI login LOCKOUT

May 28, 1997

This advisory describes a vulnerability in the SGI login program when the LOCKOUT parameter is set to a number greater than zero. The vulnerability is present in IRIX 5.3 and 6.2, and perhaps other versions.

CA-1997-14: Vulnerability in metamail

May 21, 1997

This advisory reports a vulnerability in metamail, a package that implements MIME. All versions of metamail through 2.7 are vulnerable.

CA-1997-13: Vulnerability in xlock

May 7, 1997

This advisory reports a buffer overflow problem in some versions of xlock. This problem makes it possible for local users to execute arbitrary programs as a privileged user. Patch information and a workaround are included.

CA-1997-12: Vulnerability in webdist.cgi

May 6, 1997

This advisory reports a vulnerability in the webdist.cgi-bin program, part of the IRIX Mindshare Out Box package, available with IRIX 5.x and 6.x. By exploiting this vulnerability, both local and remote users may be able to execute arbitrary commands with the privileges of the httpd daemon. A workaround is included.

CA-1997-11: Vulnerability in libXt

May 1, 1997

This advisory reports a buffer overflow vulnerability in the Xt library of the X Windowing System. Vendor vulnerability and patch information are included.

CA-1997-10: Vulnerability in Natural Language Service

April 24, 1997

This advisory reports a buffer overflow condition that affects some libraries using the Natural Language Service (NLS). Vendor vulnerability and patch information are included.

CA-1997-09: Vulnerability in IMAP and POP

April 7, 1997

This advisory reports a vulnerability in some versions of the Internet Message Access Protocol (IMAP) and Post Office Protocol (POP) implementations (imapd, ipop2d, and ipop3d). Vendor and upgrade information are included.

CA-1997-08: Vulnerabilities in INND

Originally issued February 20, 1997
Topic 2 issued April 3, 1997

This advisory describes two vulnerabilities in INN (the InterNetNews server). One affects versions 1.5 and earlier; the other affects 1.5.1 and earlier. The advisory includes pointers to version 1.5.1 and earlier. Updated information on the second vulnerability was added as "Topic 2." Pointers to all relevant patches are included, along with information from vendors.

CA-1997-07: Vulnerability in the httpd nph-test-cgi script

February 18, 1997

This advisory points out a vulnerability in the nph-test-cgi script included with some http daemons. Readers are urged to disable the script. Vendor information is included.

CA-1997-06: Vulnerability in rlogin/term

February 6, 1997

This advisory reports a vulnerability in many implementations of the rlogin program, including eklogin and klogin. Vendor information and a workaround are included.

CA-1997-05: MIME Conversion Buffer Overflow in Sendmail Versions 8.8.3 and 8.8.4

January 28, 1997

This advisory addresses a MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. The advisory includes vendor information, pointers to the latest version of sendmail, a workaround, and general precautions to take when using sendmail.

CA-1997-04: talkd Vulnerability

January 27, 1997

A vulnerability in talkd(8) program used by talk(1) makes it possible to provide corrupt DNS information to a host and to remotely execute arbitrary commands with root privileges. The advisory includes information on how to solve the general problem as well as the specific one.

CA-1997-03: Vulnerability in IRIX csetup

January 8, 1997

A vulnerability in the csetup program under IRIX versions 5.x, 6.0, 6.0.1, 6.1, and 6.2 allows local users to create or overwrite arbitrary files on the system and ultimately gain root privileges. A workaround is provided.

CA-1997-02: HP-UX newgrp Buffer Overrun Vulnerability

January 7, 1997

This advisory describes a vulnerability in the newgrp(1) program under HP-UX 9.x and 10.x that may allow users to gain root privileges. A workaround is provided.

CA-1997-01: Multi-platform Unix FLEXIm Vulnerabilities

January 6, 1997

This advisory describes multi-platform UNIX FLEXlm vulnerabilities. These problems may allow local users to create arbitrary files on the system and execute arbitrary programs using the privileges of the user running the FLEXlm daemons.


1996

CA-1996-27: Vulnerability in HP Software Installation Programs

December 19, 1996

This advisory describes a vulnerability in Hewlett-Packard SD-UX that may allow local users to gain root privileges. A workaround is included.

CA-1996-26: Denial-of-Service Attack via ping

December 18, 1996

This advisory describes a denial-of-service attack using large ICMP datagrams issued via the ping command. Vendor information is included.

CA-1996-25: Sendmail Group Permissions Vulnerability

December 10, 1996

The advisory describes a security problem affecting sendmail version 8 relating to group-writable files. Vendor patches and a workaround are included.

CA-1996-24: Sendmail Daemon Mode Vulnerability

November 21, 1996

It describes a security problem relating to the daemon mode in sendmail 8.7 through 8.8.2. The advisory also includes a note about two vulnerabilities in versions 8.8.0 and 8.8.1; these have been fixed as well.

CA-1996-23: Vulnerability in Workman

October 28, 1996

This advisory describes a vulnerability in the WorkMan compact disc-playing program that affects UNIX System V Release 4.0 and derivatives and Linux systems.

CA-1996-22: Vulnerabilities in bash

October 08, 1996

This advisory addresses two problems with the GNU Project's Bourne Again SHell (bash): one in yy_string_get() and one in yy_readline_get().

CA-1996-21: TCP SYN Flooding and IP Spoofing Attacks

September 19, 1996

** This advisory supersedes the IP spoofing portion of CA-1995-01. **

It describes denial-of-service attacks through TCP SYN flooding and IP spoofing. Advice about filtering is included.

CA-1996-20: Sendmail Vulnerabilities

September 18, 1996

This advisory describes a vulnerability in all versions of sendmail prior to 8.7.6, and includes a workaround and patch information.

CA-1996-19: Vulnerability in expreserve

August 15, 1996

** This advisory supersedes CA-1993-09 and CA-1993-09a. **

It provides information about a vulnerability in the expreserve utility. A workaround and vendor information are included.

CA-1996-18: Vulnerability in fm_fls

August 14, 1996

This advisory reports a configuration problem in the floating license server for Adobe FrameMaker (fm_fls). A workaround is provided.

CA-1996-17: Vulnerability in Solaris vold

August 06, 1996

This advisory describes a vulnerability in the Solaris volume management daemon (vold) and gives a workaround.

CA-1996-16: Vulnerability in Solaris admintool

August 05, 1996

This advisory describes a vulnerability in the Solaris admintool and gives a workaround.

CA-1996-15: Vulnerability in Solaris 2.5 KCMS programs

July 31, 1996

This advisory describes a vulnerability in the Solaris 2.5 kcms programs and suggests a workaround.

CA-1996-14: Vulnerability in rdist

July 24, 1996

** This advisory supersedes CA-1991-20 and CA-1994-04. **

It describes a vulnerability in the lookup subroutine of rdist, for which an exploitation script is available. Vendor information and a pointer to a new version of rdist are included.

CA-1996-13: Vulnerability in the dip program

July 09, 1996

This advisory describes a vulnerability in the dip program, which is shipped with most Linux systems. Other UNIX systems may also use it. Pointers to dip 3.3.7 are included.

CA-1996-12: Vulnerability in suidperl

June 26, 1996

This advisory describes a vulnerability in systems that contain the suidperl program and that support saved set-user-ID and saved set-group-ID. Patch information is included.

CA-1996-11: Interpreters in CGI bin Directories

May 29, 1996

This advisory warns users not to put interpreters in a Web server's CGI bin directory and to evaluate all programs in that directory.

CA-1996-10: NIS+ Configuration Vulnerability

May 28, 1996

This advisory was originally released as AUSCERT advisory AA-96.02a. It describes a vulnerability and workarounds for versions of NIS+ in which the access rights on the NIS+ passwd table are left in an unsecure state.

CA-1996-09: Vulnerability in rpc.statd

April 24, 1996

This advisory describes a vulnerability in the rpc.statd (or statd) program that allows authorized users to remove or create any file that a root user can. Vendor information is included.

CA-1996-08: Vulnerabilities in PCNFSD

April 18, 1996

This advisory describes a vulnerability in the pcnfsd program (also known as rpc.pcnfsd). A patch is included.

CA-1996-07: Weaknesses in Java Bytecode Verifier

March 29, 1996

This advisory describes a vulnerability in the Java bytecode verifier portion of Sun Microsystems' Java Development Kit (JDK) 1.0 and 1.0.1. Workarounds are provided for this product and Netscape Navigator 2.0 and 2.01, which have the JDK built in.

CA-1996-06: Vulnerability in NCSA/Apache CGI example code

March 20, 1996

This advisory describes a problem with example CGI code, as found in the NCSA 1.5a-export and APACHE 1.0.3 httpd, and possibly previous distributions of both servers. Workarounds are provided.

CA-1996-05: Java Implementations Can Allow Connections to an Arbitrary Host

March 05, 1996

This advisory describes a vulnerability in the Netscape Navigator 2.0 Java implementation and in Release 1.0 of the Java Developer's Kit from Sun Microsystems, Inc. Workarounds and pointers to a patch are included.

CA-1996-04: Corrupt Information from Network Servers

February 22, 1996

This advisory describes a vulnerability in network servers that can lead to corrupt information. The advisory includes information on subroutines for validating host names and IP addresses, patches for sendmail, and the status of vendor activity relating to the problem.

CA-1996-03: Vulnerability in Kerberos 4 Key Server

February 21, 1996

This advisory describes a problem with the Kerberos 4 key server, points to patches, and provides vendor information.

CA-1996-02: BIND

February 15, 1996

** Superseded by CA-1997-22 **

CA-1996-01: UDP Port Denial-of-Service Attack

February 08, 1996

This advisory describes UDP port denial-of-service attacks, for which an exploitation script has been publicly posted. The advisory includes a workaround.


1995

CA-1995-18: Widespread Attacks on Internet Sites

December 12, 1995

This advisory warns readers of attacks on hundreds of Internet sites in which intruders exploit known vulnerabilities, all of which have been addressed in previous CERT advisories. These advisories are listed.

CA-1995-17: rpc.ypupdated Vulnerability

December 12, 1995

This advisory describes a vulnerability in the rpc.ypupdated program, for which an exploitation program has been posted to several newsgroups. The advisory includes vendor information and a workaround.

CA-1995-16: wu-ftpd Misconfiguration Vulnerability

November 30, 1995

This advisory describes a vulnerability in the wu-fptd SITE EXEC command and provides solutions for both Linux users and others.

CA-1995-15: SGI lp Vulnerability

November 8, 1995

This advisory points out accounts that are distributed without passwords and urges SGI customers to create passwords for those accounts.

CA-1995-14: Telnetd Environment Vulnerability

November 1, 1995

This advisory describes a vulnerability with some telnet daemons and includes patch information from vendors, along with a workaround.

CA-1995-13: Syslog Vulnerability - A Workaround for Sendmail

October 19, 1995

This advisory describes a general problem with syslog, lists vendor information about patches, and provides a workaround for solving the syslog problem in sendmail in particular.

CA-1995-12: Sun 4.1.X Loadmodule Vulnerability

October 18, 1995

The advisory describes a problem with the loadmodule(8) program in Sun OS 4.1.X and provides patch information.

CA-1995-11: Sun Sendmail Vulnerability

September 19, 1995

** Superseded by CA-1996-20, CA-1996-24, and CA-1996-25. **

CA-1995-10: Ghostscript Vulnerability

August 31, 1995

This advisory describes a vulnerability involving the -dSAFER option in ghostscript versions 2.6 through 3.22 beta. The advisory includes instructions for fixing the problem and pointers to version 3.33 of ghostscript.

CA-1995-09: Solaris ps Vulnerability

August 29, 1995

This advisory describes a vulnerability in Solaris that can be exploited if the permissions on the /tmp and /var/tmp directories are set incorrectly.

CA-1995-08: Sendmail v.5 Vulnerability

August 17, 1995

This advisory describes a vulnerability in sendmail v.5, which is still in use and which includes IDA sendmail. Many vendors have previously fixed the problem, others recently developed patches.

CA-1995-07a: SATAN Vulnerability: Password Disclosure

April 21, 1995

** This advisory replaces CA-1995-07.**

It is a revision that provides new information the problem described in CA-1995-07, and includes precautions to take when running SATAN. A tutorial by the SATAN authors, "SATAN Password Disclosure" is appended to the advisory.

CA-1995-07: Vulnerability in SATAN

April 10, 1995

** Superseded by CA-1995-07a. **

CA-1995-06: Security Administrator Tool for Analyzing Networks (SATAN)

April 3, 1995

An overview of the Security Administrator Tool for Analyzing Networks (SATAN) based on the CERT staff's review of beta version 0.51. Includes list of vulnerabilities probed and advice on securing systems.

CA-1995-05: Sendmail Vulnerabilities

February 22, 1995

** Superseded by CA-1996-20, CA-1996-24, and CA-1996-25. **

CA-1995-04: NCSA HTTP Daemon for UNIX Vulnerability

February 17, 1995

This advisory provides a patch for a vulnerability in the NCSA HTTP daemon version 1.3 for UNIX.

CA-1995-03a: Telnet Encryption Vulnerability

March 3, 1995

** This advisory supersedes CA-1995-03. **

Description and patch information for a security problem in the Berkeley Telnet clients that support encryption and Kerberos V4 authentication. It provides additional information.

CA-1995-03: Telnet Encryption Vulnerability

February 16, 1995

** Superseded by CA-1995-03a. **

CA-1995-02: Vulnerabilities in /bin/mail

January 26, 1995

** This advisory supersedes CA-1991-01a and CA-1991-13. **

It addresses vulnerabilities in some versions of /bin/mail based on BSD 4.3 UNIX. It includes a list of vendor patches and source code for mail.local.c, an alternative to /bin/mail.

CA-1995-01: IP Spoofing Attacks and Hijacked Terminal Connections

January 23, 1995

The IP spoofing portion of this advisory has been superseded by CA-1996-21. The description of the intruder activity of hijacking terminals is still current.


1994

CA-1994-15: NFS Vulnerabilities

December 19, 1994

This advisory describes security measures to guard against several vulnerabilities in the Network File System (NFS). The advisory was prompted by an increase in root compromises by intruders using tools to exploit the vulnerabilities.

CA-1994-14: Trojan Horse in IRC Client for UNIX

October 19, 1994

This advisory discusses a Trojan horse that was found in version 2.2.9 or ircII, the source code for the Internet Relay Chat (IRC) client for UNIX systems. For reasons described in the advisory, the CERT staff urges everyone to install ircII version 2.6.

CA-1994-13: SGI IRIX Help Vulnerability

August 11, 1994

This advisory addresses a vulnerability in the Silicon Graphics, Inc. IRIX 5.x Help system. SGI recommends installing the patch, but has provided a workaround to disable the Help system if this is not possible.

CA-1994-12: Sendmail Vulnerabilities

July 14, 1994

** Superseded by CA-1996-20, CA-1996-24, and CA-1996-25. **

CA-1994-11: Majordomo Vulnerabilities

June 9, 1994

This advisory addresses two vulnerabilities in Majordomo versions prior to 1.92. CERT staff recommends installing version 1.92, but provides workarounds if this is not possible.

CA-1994-10: IBM AIX bsh Vulnerability

June 3, 1994

This advisory addresses a vulnerability in the batch queue (bsh) of IBM AIX systems running versions prior to and including AIX 3.2. CERT staff recommends a workaround to disable the bsh feature. IBM provides a patch for systems requiring this functionality.

CA-1994-09: /bin/login Vulnerability

May 23, 1994

This advisory addresses a vulnerability in /bin/login of all IBM AIX 3 systems, and Linux systems. A workaround and patch information are included in this advisory.

CA-1994-08: ftpd Vulnerabilities

April 14, 1994

This advisory addresses two vulnerabilities with some releases of fptd and announces new versions and patches to correct these problems. ftpd versions affected are wuarchive ftpd 2.0-2.3, DECWRL ftpd versions prior to 5.93, and BSDI ftpd version 1.1 prior to patch level 5. The vulnerabilities addressed are the SITE EXEC and race condition vulnerabilities.

CA-1994-07: wuarchive ftpd Trojan Horse

April 06, 1994

Warning about intruder-modified source for wuarchive ftpd, which introduced a Trojan horse in versions 2.2, 2.1f, and possibly earlier versions. Recommended solution is to upgrade to version 2.3.

CA-1994-06: Writable /etc/utmp Vulnerability

March 21, 1994

This advisory addresses a vulnerability with /etc/utmp ins SunOS 4.1.X and Solaris 1.1.1 operating systems. Solbourne Computer, Inc. and other Sparc products using SunOS 4.1.X or Solaris 1.1.1 are also affected. Solaris 2.x is not affected by this problem.

CA-1994-05: MD5 Checksums

March 18, 1994

This advisory gives the MD5 checksums for a number of SunOS files, along with a tool for checking them.

CA-1994-04: SunOS rdist Vulnerability

March 17, 1994

** Superseded by CA-1996-14. **

CA-1994-03: IBM AIX Performance Tools Vulnerabilities

February 24, 1994

Vulnerabilities are present in the bosext1.extcmds.obj performance tools in AIX 3.2.5 and in those AIX 3.2.4 systems with Program Temporary Fixes (PTFs) U420020 or U422510 installed. These problems do not exist in earlier versions of AIX.

CA-1994-02: Revised Patch for SunOS /usr/etc/rpc.mountd Vulnerability

February 14, 1994

** This advisory supersedes CA-1991-09 and CA-1992-12.**

A vulnerability is present in SunOS 4.1, 4.1.1, 4.1.2, and 4.1.3 /usr/etc/rpc.mountd. Unauthorized remote hosts will be able to mount the file system. The advisory describes how to obtain a patch for the problem from Sun.

CA-1994-01: Ongoing Network Monitoring Attacks

February 03, 1994

This advisory describes ongoing network monitoring attacks. All systems that offer remote access through rlogin, telnet, and ftp are at risk. The advisory includes a description of the activity and suggested approaches for addressing the problem.


1993

CA-1993-19: Solaris System Startup Vulnerability

December 16, 1993

Information about a vulnerability in the system startup scripts on Solaris 2.x and Solaris x86 systems.

CA-1993-18: SunOS/Solbourne loadmodule and modload Vulnerability

December 15, 1993

** This advisory supersedes CA-1991-22. **

The advisory addresses a vulnerability in /usr/etc/modload and $OPENWINHOME/bin/loadmodule in in Sun Microsystems, Inc. SunOS 4.1.1, 4.1.2, 4.1.3, and 4.1.3c and OpenWindows 3.0 on all sun4 and Solbourne Computer, Inc. architectures.

CA-1993-17: xterm Logging Vulnerability

November 11, 1993

This advisory addresses a vulnerability in the logging function of many versions of xterm. It provides information about several solutions.

CA-1993-16a: Sendmail Vulnerability Supplement

January 07, 1994

** Superseded by CA-1996-20, CA-1996-24, and CA-1996-25. **

CA-1993-16: Sendmail Vulnerability

November 04, 1993

** Superseded by CA-1996-20, CA-1996-24, and CA-1996-25. **

CA-1993-15: /usr/lib/sendmail, /bin/tar, and /dev/audio Vulnerabilities

October 21, 1993

This advisory describes several vulnerabilities in Sun operating systems: /usr/lib/sendmail (SunOS 4.1.x, Solaris 2.x), /bin/tar (Solaris 2.x), and dev/audio (SunOS 4.1.x, Solaris 2.x). The advisory includes patch and workaround information for these problems.

* The sendmail portion of this advisory is superseded by CA-1996-20, CA-1996-24, and CA-1996-25. **

CA-1993-14: Internet Security Scanner (ISS)

September 30, 1993

This advisory alerts Internet sites to a new software tool that is widely available. The advisory describes vulnerabilities probed by the Internet Security Scanner (ISS) software.

CA-1993-13: SCO Home Directory Vulnerability

September 17, 1993

A vulnerability relating to the "dos" and "asg" accounts exists in numerous SCO Operating Systems releases. This advisory provides instructions for repairing the vulnerability.

CA-1993-12: Novell LOGIN.EXE Vulnerability

September 16, 1993

A vulnerability exists in Novell's NetWare 4.x login program (LOGIN.EXE). This advisory provides details on the availability of a security-enhance version of the Novell Netware 4.x login program.

CA-1993-11: UMN UNIX gopher and gopher+ Vulnerabilities

August 09, 1993

Vulnerabilities exist in versions of the UMN UNIX gopher and gopher+ server and client available before August 6, 1993. These vulnerabilities are present in UMN UNIX gopher and gopher+ versions which were available from boombox.micro.umn.edu and many other anonymous FTP sites. This advisory provides details on the severity of the vulnerabilities and the availability of new versions of UMN UNIX gopher and gopher+.

CA-1993-10: Anonymous FTP Activity

July 14, 1993

This advisory provides an updated version of the anonymous FTP configuration guidelines that is available from the CERT Coordination Center.

CA-1993-09a: SunOS Expreserve Vulnerability

July 01, 1993

** Superseded by CA-1996-19. **

CA-1993-09: SunOS Expreserve Vulnerability

June 11, 1993

** Superseded by CA-1996-19. **

CA-1993-08: SCO /bin/passwd Vulnerability

May 24, 1993

A vulnerability exists in several releases of SCO's Operating Systems. This vulnerability has the potential to deny legitimate users the ability to log onto the system. This advisory details information about releases available to correct this problem.

CA-1993-07: Cisco Router Packet Handling Vulnerability

April 22, 1993

A vulnerability exists in Cisco routers such that a router which is configured to suppress source routed packets with the following command: "no ip source-route" may allow traffic which should be suppressed. This vulnerability applies to all models of Cisco routers, and occurs with the following releases of software: 8.2, 8.3, 9.0, 9.1, and 9.17. This advisory details information about releases available to correct this problem.

CA-1993-06: wuarchive ftpd Vulnerability

April 09, 1993

A vulnerability is present in versions of wuarchive ftpd available before April 8, 1993. This vulnerability is present in wuarchive ftpd versions which were available from wuarchive.wustl.edu and many other anonymous FTP sites. This advisory provides details on the severity of the vulnerability and (1) the availability of a new version of wuarchive ftpd and (2) availability of a patch for the problem.

CA-1993-05: OpenVMS and OpenVMS AXP Vulnerability

February 24, 1993

A vulnerability is present with Digital Equipment Corporation's OpenVMS and OpenVMS AXP. This vulnerability is present in OpenVMS V5.0 through V5.5-2 and OpenVMS AXP V1.0 but has been corrected in OpenVMS V6.0 and OpenVMS AXP V1.5. This advisory provides details from Digital on the severity of the vulnerability and patch availability for the problem.

CA-1993-04: Commodore Amiga UNIX finger Vulnerability

February 18, 1993

A vulnerability is present in the "finger" program of Commodore Business Machine's Amiga UNIX product and affects Commodore Amiga UNIX versions 1.1, 2.03, 2.1, 2.1p1, 2.1p2, and 2.1p2a. This advisory details the availability of a patch for the problem and provides a suggested workaround.

CA-1993-03: SunOS File/Directory Permissions

February 03, 1993

This advisory describes a patch that is available to correct the ownerships and permissions for a number of system files in SunOS 4.1, 4.1.1, 4.1.2, and 4.1.3. These have been fixed in SunOS 5.0. CERT staff has seen an increasing number of attackers exploit these problems on systems and we encourage sites to consider installing this patch.

CA-1993-02: New Patch for NeXT NetInfo_writers Vulnerabilities

January 21, 1993

This advisory provides information concerning vulnerabilities in the distributed printing facility ("_writers" properties) of NeXT computers running all releases of NeXTSTEP software through NeXTSTEP Release 3.0. The advisory details the availability of a patch for the problems and provides suggested workarounds.

CA-1993-01: Revised Hewlett-Packard NIS ypbind Vulnerability

January 13, 1993

** This advisory supersedes CA-1992-17. **

A vulnerability is present in Hewlett-Packard's HP/UX Operating System for series 300, 700, and 800 computers, which allows remote NIS servers unauthorized access to local NIS hosts. Patches from HP are available for all of the HP/UX level 8 releases (8.0, 8.02, 8.06, and 8.07). The problem is fixed in HP/UX 9.0.


1992

CA-1992-21: Convex CSM: migmgr patch

December 16, 1992

This advisory provides information concerning several vulnerabilities in ConvexOS/Secure, CONVEX CXbatch, CONVEX Storage Manager (CSM), and ConvexOS EMACS. These vulnerabilities can affect ConvexOS versions V6.2 - V10.2 and ConvexOS/Secure versions V9.5 and V10.0 on all supported architectures. The advisory describes a workaround for one of the vulnerabilities and provides information on how to obtain a patches for the other problems from CONVEX Computer Corporation.

CA-1992-20: Cisco Access List Vulnerability

December 10, 1992

This advisory provides information concerning a vulnerability in Cisco router access lists when the "established" keyword is used. This vulnerability is present in Cisco software releases 8.2, 8.3, 9.0 and 9.1. The advisory describes workarounds and provides information on how to obtain a patch for the problem from Cisco.

CA-1992-19: Keystroke Logging Banner

December 07, 1992

This advisory provides information from the United States Department of Justice, General Litigation and Legal Advice Section, Criminal Division, regarding keystroke monitoring by computer systems administrators, as a method of protecting computer systems from unauthorized access. The CERT staff strongly suggests adding a notice banner such as the one included in the advisory to all systems. Sites not covered by U.S. law should consult their legal counsel.

CA-1992-18: Revised VMS Monitor Vulnerability

November 17, 1992

** This advisory supersedes CA-1992-16. **

It provides additional information concerning availability of remedial image kits to correct a vulnerability present in the Monitor utility in VMS V5.0 through V5.4-2. The vulnerability has been corrected in V5.4-3 through V5.5-1.

CA-1992-17: HP NIS ypbind Vulnerability

October 05, 1992

** Superseded by CA-1993-01. **

CA-1992-16: VMS Monitor Vulnerability

September 22, 1992

** Superseded by CA-1992-18. **

CA-1992-15: Multiple SunOS Vulnerabilities Patched

July 21, 1992

** This advisory supersedes CA-1991-16. **

The advisory describes how to obtain various patches for SunOS 4.1, 4.1.1, and 4.1.2 for all Sun architectures. As the application of these patches involves rebuilding your system kernel, it is recommended that you apply all patches simultaneously.

CA-1992-14: Altered System Binaries Incident

June 22, 1992

Warning about a significant intrusion incident on the Internet. Urges all system administrators to check their systems for the signs of intrusion detailed in the advisory.

CA-1992-13: SunOS NIS Vulnerability

June 04, 1992

Vulnerabilities are present in NIS under SunOS 4.1, 4.1.1, and 4.1.2, and may or may not exist in earlier versions of NIS. The advisory describes how to obtain a patch for SunOS 4.1, 4.1.1, and 4.1.2 for the problem from Sun.

CA-1992-12: Revised SunOS rpc mountd Vulnerability

May 28, 1992

** Superseded by CA-1994-02. **

CA-1992-11: SunOS Environment Variables and setuid/setgid Vulnerability

May 27, 1992

A vulnerability involving environment variables and setuid/setgid programs exists on all Sun architectures running SunOS 4.0 and higher. The advisory details how to obtain patches for SunOS programs which are known to be impacted by the vulnerability. The advisory contains a workaround to protect vulnerable binaries for which patches are unavailable for your SunOS version, or for local or third party software which may be vulnerable.

CA-1992-10: AIX crontab Vulnerability

May 26, 1992

A vulnerability is present in crontab(1) in version 3.2 of AIX. This advisory describes how to implement a workaround for the problem until you obtain the patch for the problem from IBM.

CA-1992-09: AIX Anonymous FTP Vulnerability

April 27, 1992

A vulnerability is present in the anonymous FTP configuration in all versions of AIX. The advisory describes how to obtain a patch for the problem from IBM.

CA-1992-08: Silicon Graphics Computer Systems IRIX lp Vulnerability

April 10, 1992

A vulnerability is present in the default configuration of the lp software in Silicon Graphics Computer Systems (SGI) IRIX operating systems. This vulnerability is present in all versions of IRIX, prior to IRIX 4.0.5. The advisory describes how to reconfigure the lp software in order to eliminate this vulnerability.

CA-1992-07: AIX /bin/passwd Vulnerability

March 31, 1992

A vulnerability is present in the passwd command in AIX 3.2 and the 2007 update of AIX 3.1. The advisory describes how to disable the /bin/passwd until you obtain and install the patch for the problem from IBM.

CA-1992-06: AIX uucp Vulnerability

March 19, 1992

A vulnerability is present in the UUCP software in versions of AIX up to 2007. The advisory describes how to disable UUCP and details how to obtain a patch for the problem from IBM.

CA-1992-05: AIX REXD Daemon Vulnerability

March 05, 1992

The rexd daemon may be enabled by default in versions 3.1 and 3.2 of AIX for IBM RS/6000 machines. The advisory describes a fix for the problem and details how to obtain a patch for the problem from IBM.

CA-1992-04: AT&T /usr/etc/rexecd Vulnerability

February 25, 1992

A vulnerability is present in AT&T TCP/IP Release 4.0 running on SVR4 systems for both the 386/486 and 3B2 RISC platforms. The problem is in the remote execution server /usr/etc/rexecd and a new version of rexecd is available from AT&T.

CA-1992-03: Internet Intruder Activity

February 17, 1992

Warning about a significant intrusion incident on the Internet. Urges all system administrators to check their systems for the signs of intrusion detailed in the advisory.

CA-1992-02: Michelangelo PC Virus Warning

February 06, 1992

This advisory warns users of a PC virus called Michelangelo. The virus affects IBM PCs and compatibles, and has a trigger date of March 6 (any year).

CA-1992-01: NeXTstep Configuration Vulnerability

January 20, 1992

A vulnerability is present in the default configuration in release 2 of NeXTstep's NetInfo. The advisory indicates where a description of how to configure NetInfo correctly can be obtained.


1991

CA-1991-23: Hewlett Packard/Apollo Domain/OS crp Vulnerability

December 18, 1991

A vulnerability is present in the crp system in Hewlett Packard/Apollo Domain/OS in all SR10 versions. A workaround is available and patches for SR10.3 and SR10.4 will be available from Apollo at a future date.

CA-1991-22: SunOS OpenWindows Vulnerability

December 16, 1991

** Superseded by CA-1993-18. **

CA-1991-21: NFS Jumbo Patch, SunOS 4.1

December 06, 1991

Vulnerabilities concerning Sun Microsystems, Inc. (Sun) Network File System (NFS) and the fsirand program. These vulnerabilities affect SunOS versions 4.1.1, 4.1, and 4.0.3 on all architectures. Patches are available for SunOS 4.1.1. An initial patch for SunOS 4.1 NFS is also available. Sun will be providing complete patches for SunOS 4.1 and SunOS 4.0.3 at a later date.

CA-1991-20: rdist Vulnerability

October 22, 1991

** Superseded by CA-1996-14. **

CA-1991-19: AIX TFTP Daemon Vulnerability

October 17, 1991

Vulnerability in the TFTP daemon in all versions of AIX for IBM RS/6000 machines. Patch available from IBM for all AIX releases from "GOLD" to the current release.

CA-1991-18: Active Internet tftp Attacks

September 27, 1991

Warning about automated tftp probes for /etc/passwd to Internet sites throughout the world. Urges all sites to carefully check their system configurations concerning tftp usage. Indicates how sites can secure their tftp configurations.

CA-1991-17: DECnet-Internet Gateway Vulnerability

September 26, 1991

Vulnerability in Ultrix DECnet to Internet gateway software. This advisory details a workaround. The vulnerability affects Ultrix versions 4.0, 4.1, and 4.2.

CA-1991-16: SunOS SPARC Integer_Division Vulnerability

September 18, 1991

** The patch cited in this advisory has been made obsolete by patches described in CA-1992-15. **

CA-1991-15: Mac/PC NCSA Telnet Vulnerability

September 10, 1991

Vulnerability in PC and Mac telnet program by NCSA. This advisory details a workaround.

CA-1991-14: SGI IRIX /usr/sbin/fmt Vulnerability

August 26, 1991

Vulnerability regarding the handling of mail messages on all Silicon Graphics IRIX Systems prior to version 4.0. The problem is fixed in version 4.0. Solution involves changing permissions and ownership of a system command.

CA-1991-13: Ultrix Mail Vulnerability

August 23, 1991

** Superseded by CA-1995-02. **

CA-1991-12: Trusted Hosts Configuration Vulnerability

August 22, 1991

Vulnerability in MANY Unix systems regarding the use of a minus sign ("-") as the first character in any hosts.equiv hosts.lpd, and/or .rhosts files. Workaround is to re-arrange the lines in these files such that the "-" is not the first character in the file.

CA-1991-11: Ultrix LAT/Telnet Gateway Vulnerability

August 14, 1991

Vulnerability in Ultrix LAT/Telnet gateway software on all Ultrix 4.1 and 4.2 systems. Patch available directly from DEC.

CA-1991-10: REVISION NOTICE: New Patch for SunOS /usr/lib/lpd

September 12, 1991

Vulnerability in SunOS 4.0.3, 4.1, and 4.1.1 /usr/lib/lpd. Patched versions are available. Version 10a of this advisory supersedes all prior versions.

CA-1991-09: SunOS rpc mountd Vulnerability

July 15, 1991

** Superseded by CA-1994-02. **

CA-1991-08: AT&T System V Release 4 /bin/login Vulnerability

May 23, 1991

Addresses a vulnerability in all System V Release 4 versions of /bin/login. Patch provided by AT&T.

CA-1991-07: SunOS Source Tape Installation Vulnerability

May 20, 1991

Fixes a security vulnerability on SunOS (4.0.3, 4.1, and 4.1.1) systems which have installed the Sun Source tapes.

CA-1991-06: NeXT rexd, /private/etc, Username me Vulnerabilities

May 14, 1991

Addresses three vulnerabilities in NeXT systems running various versions of NeXTstep. Affected are. rexd(8C), /private/etc, username "me".

CA-1991-05: DEC Ultrix Vulnerability

May 01, 1991

Corrects improper installation of /usr/bin/chroot for Ultrix versions 4.0 and 4.1.

CA-1991-04: Social Engineering

April 18, 1991

This advisory is an addition to CA-1991-03. It addresses more bogus Internet email scams and urges system administrators to warn their users.

CA-1991-03: Unauthorized Password Change Requests Via Mail Messages

April 04, 1991

This advisory addresses recent bogus email messages which have been distributed on the Internet. The messages request that the user change his/her password, and appear to come from the system admin.

CA-1991-02: SunOS in.telnetd Vulnerability

March 26, 1991

This advisory announces a security problem with the in.telnetd program in releases of SunOS 4.1 and 4.1.1.

CA-1991-01: SunOS Mail Vulnerability

February 22, 1991

** Superseded by CA-1995-02. **


1990

CA-1990-12: SunOS TIOCCONS Vulnerability

December 21, 1990

This Advisory was a rebroadcast of a Sun Microsystems, Inc. Security Bulletin announcing the availability of a patch that corrects a problem with TIOCCONS. Problem Description: TIOCCONS can be used to re-direct console output/input away from "console"

CA-1990-11: Security Probes from Italy

December 10, 1990

Many sites on the Internet received messages on Sunday, December 9. The messages stated that a group of researchers and students were testing for a "common bug" in network hosts.

CA-1990-10: Rumor of Alleged Attack

November 16, 1990

Message about alleged attacks on telephone systems. No evidence that rumors were substantiated.

CA-1990-09: VAX/VMS Break-ins

November 09, 1990

Warning about techniques intruders were using to get access to VMS systems. No new vulnerabilities described; intruders were using weak password attacks.

CA-1990-08: IRIX 3.3 and 3.31 /usr/sbin/Mail

October 31, 1990

Vulnerability in Silicon Graphics IRIX 3.3 and 3.3.1 systems. /usr/sbin/Mail has a security flaw.

CA-1990-07: VMS ANALYZE/PROCESS_DUMP

October 25, 1990

Vulnerability in DEC VMS versions 4.0 through 5.4. Problem with ANALYZE/PROCESS_DUMP routine.

CA-1990-06: NeXT's System Software

October 03, 1990

Describes several vulnerabilities in NeXT system software. The advisory was originally issued as 90-06; 90-06a includes several corrections.

CA-1990-05: SunView selection_svc Vulnerability

August 14, 1990

Vulnerability in SunOS 3.*, 4.0.3, and 4.1 SunView selection_svc facility.

CA-1990-04: Apollo Domain/OS suid_exec Problem

July 27, 1990

Vulnerability in Hewlett Packard/Apollo Domain/OS version sr10.2 and some beta versions of sr10.3. File /etc/suid_exec contained a security flaw.

CA-1990-03: Unisys U5000 /etc/passwd Problem

May 07, 1990

Warning about Unisys U5000 systems. Some of the logins supplied when the system was shipped did not have passwords, and intruders were taking advantage of this vulnerability.

CA-1990-02: Internet Intruder Warning

March 19, 1990

Warning about a series of attacks on Internet systems. Includes a list of 14 points to check on Unix and VMS systems. The points cover possible signs of a break-in as well as possible system configuration vulnerabilities.

CA-1990-01: Sun Sendmail Vulnerability

January 29, 1990

Vulnerability in SunOS 3.* and 4.0.* sendmail.

** Superseded by CA-1996-20, CA-1996-24, and CA-1996-25. **


1989

CA-1989-07: Sun RCP Vulnerability

October 26, 1989

Vulnerability in SunOS 4.0.x rcp command.

CA-1989-06: DEC/Ultrix 3.0 Systems

October 18, 1989

A repost of the 10/17 Ultrix advisory with checksums for several Ultrix system programs.

CA-1989-05: DEC/Ultrix 3.0 Systems

Warning about attacks on DEC/Ultrix 3.0 machines. Advises users to check for Trojan horses, insecure tftp, simple passwords.

CA-1989-04: WANK Worm On SPAN Network

October 17, 1989

Warning about the "WANK" worm which attacked DECnet hosts.

CA-1989-03: Telnet Break-in Warning

August 16, 1989

Warning about a series of break-ins in which an intruder replaced the telnet(1) program with a Trojan horse that captured passwords. Contains some general hints about securing systems.

CA-1989-02: Sun Restore Hole

July 26, 1989

Vulnerability in SunOS 4.0.* restore(8) command.

CA-1989-01: Passwd hole

January 1989

Report from Keith Bostic of BSD patch for passwd(1) program.


1988

CA-1988-01: ftpd Vulnerability

December 1988

Warning about BSD sendmail 5.59 debug command; general warning about getting latest version of ftpd; other general warnings.

The sendmail portion of this advisory is superseded by CA-1996-20, CA-1996-24, and CA-1996-25.

2003 | 2002 | 2001 | 2000 | 1999 | 1998 | 1997 | 1996 | 1995 | 1994 | 1993 | 1992 | 1991 | 1990 | 1989 | 1988


Last updated January 30, 2007

CERT and CERT Coordination Center are registered U.S. Patent and Trademark Office

Disclaimers and copyright information