http://www.theregister.co.uk/content/55/21438.html By John Leyden Posted: 03/09/2001 at 15:56 GMT A worm called x.c, which takes advantage of a buffer overflow vulnerability in the telnet daemon program commonly used on Unix boxes, has being discovered, and security experts fear it is a harbinger of worse to come. Many of these organisations, such as the FBI's National Infrastructure Protection Centre, overplayed the destructive nature of the Code Red worm but that's not to say there isn't a problem here. The security loophole might allow an attacker to take control of a victim's system, and it is suspected as the root cause behind a number of recent hacks, so it's well worth reviewing the vulnerability. The flaw, which was first reported last month, primarily affects BSD-derived Telnet daemons, which are used on Solaris, AIX, HP-UX and several versions of Linux-based servers, for example. More information on affected systems, possible workarounds and how to obtain fixes has been published by CERT and is available here. -=- http://www.nipc.gov/warnings/assessments/2001/01-019.htm ASSESSMENT 01-019 "Buffer Overflow Vulnerability in Telnet Daemon" August 30, 2001 Synopsis: Recently, the cyber security community received numerous reports of intruders using the buffer overflow vulnerability in the telnet daemon program. Security organizations, such as CERT/Coordination Center, cited this vulnerability in a July advisory (http://www.cert.org/advisories/CA-2001-21.html) outlining the vulnerability and solutions to address this problem. Due to the increase of these reports and with the activity of a new worm that has targeted this vulnerability, the NIPC urges the consumers to contact their vendors to obtain the appropriate fix. This vulnerability has the potential to impact the victim by allowing an intruder to copy, delete, or execute any program on the victim's system. A new worm called "x.c", designed to exploit this vulnerability, has been discovered. Although that specific worm has been disabled, other malicious code variants could take advantage of the same vulnerability. Vendor patches are available and NIPC urges consumers to contact their vendor to obtain the appropriate fix for their operating system. This vulnerability affects primarily FreeBSD-derived telnet daemons (including Solaris, AIX, and several versions of Linux), but some information suggests other vendors= telnet daemons may also be subject to attack using the same method. A list of vulnerable systems, along with links to vendor patches, can be obtained at http://www.securityfocus.com/bid/3064. It is recommended that users of these operating systems check with their vendor for applicable patches, or disable the telnet daemon entirely. Further information on the vulnerability can be found at: http://www.cert.org/advisories/CA-2001-21.html http://www.net-security.org/text/bugs/996661549,7633,.shtml Any information regarding the above worm or any other exploitation of the buffer overflow vulnerability should be reported to the NIPC or other authorities. Incidents may be reported online at http://www.nipc.gov/incident/cirr.htm, directly to the NIPC Watch and Warning Unit at (202) 323-3204/3205/3206 or nipc.watch@ fbi.gov. Government agencies should report incidents to FedCIRC at http://www.fedcirc.gov, fedcircat_private, or 1-888-282-0870. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Sep 04 2001 - 05:58:41 PDT