Results 1 to 3 of 3

Thread: CERT Quarterly Summary

  1. #1
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885

    CERT Quarterly Summary

    Each quarter I get a summary of CERT activity. I thought that some of you may want a look at it.

    Here ya go....

    -----BEGIN PGP SIGNED MESSAGE-----

    CERT Summary CS-2003-02

    June 3, 2003

    Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT
    Summary to draw attention to the types of attacks reported to our
    incident response team, as well as other noteworthy incident and
    vulnerability information. The summary includes pointers to sources of
    information for dealing with the problems.

    Past CERT summaries are available from:

    CERT Summaries
    http://www.cert.org/summaries/
    ______________________________________________________________________

    Recent Activity

    Since the last regularly scheduled CERT summary, issued in March 2003
    (CS-2003-01), we have seen an integer overflow vulnerability within
    Sun's XDR Library, multiple vulnerabilities in Lotus Notes and Domino
    Server, a buffer overflow vulnerability in Sendmail, and multiple
    vulnerabilities within Snort's preprocessors.

    For more current information on activity being reported to the
    CERT/CC, please visit the CERT/CC Current Activity page. The Current
    Activity page is a regularly updated summary of the most frequent,
    high-impact types of security incidents and vulnerabilities being
    reported to the CERT/CC. The information on the Current Activity page
    is reviewed and updated as reporting trends change.

    CERT/CC Current Activity
    http://www.cert.org/current/current_activity.html


    1. Integer overflow in Sun RPC XDR library routines

    An integer overflow vulnerability exists in the xdrmem_getbytes()
    function distributed as part of the Sun Microsystems XDR library.
    This overflow may allow a remote attacker to execute arbitrary
    code on the victim machine.

    CERT Advisory CA-2003-10: Integer overflow in Sun RPC XDR
    library routines
    http://www.cert.org/advisories/CA-2003-10.html

    Vulnerability Note VU#516825: Integer overflow in Sun RPC
    XDR library routines
    http://www.kb.cert.org/vuls/id/516825


    2. Multiple Vulnerabilities in Lotus Notes and Domino

    Multiple vulnerabilities had been reported to affect Lotus Notes
    clients and Domino servers. Due to the confusion surrounding these
    vulnerabilities we released an advisory to clairfy the details of
    the vulnerabilities, the versions affected, and the patches that
    resolve these issues.

    CERT Advisory CA-2003-11: Multiple Vulnerabilities in
    Lotus Notes and Domino
    http://www.cert.org/advisories/CA-2003-11.html

    Vulnerability Note VU#206361: Lotus iNotes vulnerable to
    buffer overflow via PresetFields FolderName field
    http://www.kb.cert.org/vuls/id/206361

    Vulnerability Note VU#355169: Lotus Domino Web Server
    vulnerable to denial of service via incomplete POST
    request
    http://www.kb.cert.org/vuls/id/355169

    Vulnerability Note VU#542873: Lotus iNotes vulnerable to
    buffer overflow via PresetFields s_ViewName field
    http://www.kb.cert.org/vuls/id/542873

    Vulnerability Note VU#772817: Lotus Domino Web Server
    vulnerable to buffer overflow via non-existent
    "h_SetReturnURL" parameter with an overly long "Host
    Header" field
    http://www.kb.cert.org/vuls/id/772817

    Vulnerability Note VU#571297: Lotus Notes and Domino COM
    Object Control Handler contains buffer overflow
    http://www.kb.cert.org/vuls/id/571297

    Vulnerability Note VU#433489: Lotus Domino Server
    susceptible to a pre-authentication buffer overflow
    during Notes
    http://www.kb.cert.org/vuls/id/433489

    Vulnerability Note VU#411489: Lotus Domino Web Retriever
    contains a buffer overflow vulnerability
    http://www.kb.cert.org/vuls/id/411489

    Vulnerability Note VU#583184: Lotus Domino R5 Server
    Family contains multiple vulnerabilities in LDAP handling
    code
    http://www.kb.cert.org/vuls/id/583184


    3. Buffer Overflow in Sendmail

    There is a remotely exploitable vulnerability in sendmail that
    could allow an attacker to gain control of a vulnerable sendmail
    server.

    Due to a variable type conversion problem, sendmail may not
    adequately check the length of email address tokens. A specially
    crafted email message could trigger a stack overflow.

    CERT Advisory CA-2003-12: Buffer Overflow in Sendmail
    http://www.cert.org/advisories/CA-2003-12.html

    Vulnerability Note VU#897604: Sendmail address parsing
    buffer overflow
    http://www.kb.cert.org/vuls/id/897604


    4. Multiple Vulnerabilities in Snort Preprocessors

    There are two vulnerabilities in the Snort Intrusion Detection
    System, each in a separate preprocessor module. Both
    vulnerabilities allow remote attackers to execute arbitrary code
    with the privileges of the user running Snort, typically root

    CERT Advisory CA-2003-13: Multiple Vulnerabilities in
    Snort Preprocessors
    http://www.cert.org/advisories/CA-2003-13.html

    Vulnerability Note VU#139129: Heap overflow in Snort
    "stream4" preprocessor
    http://www.kb.cert.org/vuls/id/139129

    Vulnerability Note VU#916785: Buffer overflow in Snort
    RPC preprocessor
    http://www.kb.cert.org/vuls/id/916785
    ______________________________________________________________________

    What's New and Updated

    Since the last CERT Summary, we have published new and updated
    * Advisories
    http://www.cert.org/advisories/
    * Vulnerability Notes
    http://www.kb.cert.org/vuls
    * CERT/CC Statistics
    http://www.cert.org/stats/cert_stats.html
    * Training Schedule
    http:/www.cert.org/training/
    ______________________________________________________________________

    This document is available from:
    http://www.cert.org/summaries/CS-2003-02.html
    ______________________________________________________________________

    CERT/CC Contact Information

    Email: cert@cert.org
    Phone: +1 412-268-7090 (24-hour hotline)
    Fax: +1 412-268-6989
    Postal address:
    CERT Coordination Center
    Software Engineering Institute
    Carnegie Mellon University
    Pittsburgh PA 15213-3890
    U.S.A.

    CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /
    EDT(GMT-4) Monday through Friday; they are on call for emergencies
    during other hours, on U.S. holidays, and on weekends.

    Using encryption

    We strongly urge you to encrypt sensitive information sent by email.
    Our public PGP key is available from
    http://www.cert.org/CERT_PGP.key

    If you prefer to use DES, please call the CERT hotline for more
    information.

    Getting security information

    CERT publications and other security information are available from
    our web site
    http://www.cert.org/

    To subscribe to the CERT mailing list for advisories and bulletins,
    send email to majordomo@cert.org. Please include in the body of your
    message

    subscribe cert-advisory

    * "CERT" and "CERT Coordination Center" are registered in the U.S.
    Patent and Trademark Office.
    ______________________________________________________________________

    NO WARRANTY
    Any material furnished by Carnegie Mellon University and the Software
    Engineering Institute is furnished on an "as is" basis. Carnegie
    Mellon University makes no warranties of any kind, either expressed or
    implied as to any matter including, but not limited to, warranty of
    fitness for a particular purpose or merchantability, exclusivity or
    results obtained from use of the material. Carnegie Mellon University
    does not make any warranty of any kind with respect to freedom from
    patent, trademark, or copyright infringement.
    _________________________________________________________________

    Conditions for use, disclaimers, and sponsorship information

    Copyright ©2003 Carnegie Mellon University.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 6.5.8

    iQCVAwUBPtz0zmjtSoHZUTs5AQGLYgQAq4zW2wa54HJUPWpho57bLIOlZ2PwwiQ1
    NPU2SgRI1HlIHL2N3c+21VJ5IfA2DNpoZKlp0xFUI/oPaitMm+XgyyrFkAeMG23A
    bXFPchvtsDEQyl9um8C6eSd3gU/XGrNg3tBoBpdvj4WaiRs7/qmkNPPrfo/VB+HP
    nX2s9pdNJOA=
    =PnMK
    -----END PGP SIGNATURE-----
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Heh! Funny you should post that... I just got done reading it.

    Sometimes its hard to keep track of all the stuff that flies around on those mailing lists... the summary can be much nicer... though not as entertaining as some of the msgs that come through...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Senior Member
    Join Date
    May 2003
    Posts
    115
    i also get reports from NIPC and SANS, it's amazing the amount of information outlet we have.

    thanks for the post. i think people in the field should really subscribe to these things, although they messed up on bind vulenerability last year.

    -w0rm3y

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •