Results 1 to 3 of 3

Thread: CERT Quarterly Summary

  1. #1
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Washington D.C. area

    CERT Quarterly Summary

    Each quarter I get a summary of CERT activity. I thought that some of you may want a look at it.

    Here ya go....


    CERT Summary CS-2003-02

    June 3, 2003

    Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT
    Summary to draw attention to the types of attacks reported to our
    incident response team, as well as other noteworthy incident and
    vulnerability information. The summary includes pointers to sources of
    information for dealing with the problems.

    Past CERT summaries are available from:

    CERT Summaries

    Recent Activity

    Since the last regularly scheduled CERT summary, issued in March 2003
    (CS-2003-01), we have seen an integer overflow vulnerability within
    Sun's XDR Library, multiple vulnerabilities in Lotus Notes and Domino
    Server, a buffer overflow vulnerability in Sendmail, and multiple
    vulnerabilities within Snort's preprocessors.

    For more current information on activity being reported to the
    CERT/CC, please visit the CERT/CC Current Activity page. The Current
    Activity page is a regularly updated summary of the most frequent,
    high-impact types of security incidents and vulnerabilities being
    reported to the CERT/CC. The information on the Current Activity page
    is reviewed and updated as reporting trends change.

    CERT/CC Current Activity

    1. Integer overflow in Sun RPC XDR library routines

    An integer overflow vulnerability exists in the xdrmem_getbytes()
    function distributed as part of the Sun Microsystems XDR library.
    This overflow may allow a remote attacker to execute arbitrary
    code on the victim machine.

    CERT Advisory CA-2003-10: Integer overflow in Sun RPC XDR
    library routines

    Vulnerability Note VU#516825: Integer overflow in Sun RPC
    XDR library routines

    2. Multiple Vulnerabilities in Lotus Notes and Domino

    Multiple vulnerabilities had been reported to affect Lotus Notes
    clients and Domino servers. Due to the confusion surrounding these
    vulnerabilities we released an advisory to clairfy the details of
    the vulnerabilities, the versions affected, and the patches that
    resolve these issues.

    CERT Advisory CA-2003-11: Multiple Vulnerabilities in
    Lotus Notes and Domino

    Vulnerability Note VU#206361: Lotus iNotes vulnerable to
    buffer overflow via PresetFields FolderName field

    Vulnerability Note VU#355169: Lotus Domino Web Server
    vulnerable to denial of service via incomplete POST

    Vulnerability Note VU#542873: Lotus iNotes vulnerable to
    buffer overflow via PresetFields s_ViewName field

    Vulnerability Note VU#772817: Lotus Domino Web Server
    vulnerable to buffer overflow via non-existent
    "h_SetReturnURL" parameter with an overly long "Host
    Header" field

    Vulnerability Note VU#571297: Lotus Notes and Domino COM
    Object Control Handler contains buffer overflow

    Vulnerability Note VU#433489: Lotus Domino Server
    susceptible to a pre-authentication buffer overflow
    during Notes

    Vulnerability Note VU#411489: Lotus Domino Web Retriever
    contains a buffer overflow vulnerability

    Vulnerability Note VU#583184: Lotus Domino R5 Server
    Family contains multiple vulnerabilities in LDAP handling

    3. Buffer Overflow in Sendmail

    There is a remotely exploitable vulnerability in sendmail that
    could allow an attacker to gain control of a vulnerable sendmail

    Due to a variable type conversion problem, sendmail may not
    adequately check the length of email address tokens. A specially
    crafted email message could trigger a stack overflow.

    CERT Advisory CA-2003-12: Buffer Overflow in Sendmail

    Vulnerability Note VU#897604: Sendmail address parsing
    buffer overflow

    4. Multiple Vulnerabilities in Snort Preprocessors

    There are two vulnerabilities in the Snort Intrusion Detection
    System, each in a separate preprocessor module. Both
    vulnerabilities allow remote attackers to execute arbitrary code
    with the privileges of the user running Snort, typically root

    CERT Advisory CA-2003-13: Multiple Vulnerabilities in
    Snort Preprocessors

    Vulnerability Note VU#139129: Heap overflow in Snort
    "stream4" preprocessor

    Vulnerability Note VU#916785: Buffer overflow in Snort
    RPC preprocessor

    What's New and Updated

    Since the last CERT Summary, we have published new and updated
    * Advisories
    * Vulnerability Notes
    * CERT/CC Statistics
    * Training Schedule

    This document is available from:

    CERT/CC Contact Information

    Email: cert@cert.org
    Phone: +1 412-268-7090 (24-hour hotline)
    Fax: +1 412-268-6989
    Postal address:
    CERT Coordination Center
    Software Engineering Institute
    Carnegie Mellon University
    Pittsburgh PA 15213-3890

    CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /
    EDT(GMT-4) Monday through Friday; they are on call for emergencies
    during other hours, on U.S. holidays, and on weekends.

    Using encryption

    We strongly urge you to encrypt sensitive information sent by email.
    Our public PGP key is available from

    If you prefer to use DES, please call the CERT hotline for more

    Getting security information

    CERT publications and other security information are available from
    our web site

    To subscribe to the CERT mailing list for advisories and bulletins,
    send email to majordomo@cert.org. Please include in the body of your

    subscribe cert-advisory

    * "CERT" and "CERT Coordination Center" are registered in the U.S.
    Patent and Trademark Office.

    Any material furnished by Carnegie Mellon University and the Software
    Engineering Institute is furnished on an "as is" basis. Carnegie
    Mellon University makes no warranties of any kind, either expressed or
    implied as to any matter including, but not limited to, warranty of
    fitness for a particular purpose or merchantability, exclusivity or
    results obtained from use of the material. Carnegie Mellon University
    does not make any warranty of any kind with respect to freedom from
    patent, trademark, or copyright infringement.

    Conditions for use, disclaimers, and sponsorship information

    Copyright ©2003 Carnegie Mellon University.

    Version: PGP 6.5.8

    -----END PGP SIGNATURE-----
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Heh! Funny you should post that... I just got done reading it.

    Sometimes its hard to keep track of all the stuff that flies around on those mailing lists... the summary can be much nicer... though not as entertaining as some of the msgs that come through...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Senior Member
    Join Date
    May 2003
    i also get reports from NIPC and SANS, it's amazing the amount of information outlet we have.

    thanks for the post. i think people in the field should really subscribe to these things, although they messed up on bind vulenerability last year.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts