FW: NIPC Assessment 01-019

From: George Heuston (georgeh@private)
Date: Thu Aug 30 2001 - 17:51:07 PDT

Next message: George Heuston: "FW: NIPC Watch Daily Report 31 August 2001"

Previous message: George Heuston: "FW: NIPC Watch 30 August 2001"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----Original Message-----
From: NIPC Watch
To: daily@private
Sent: 8/30/01 9:14 AM
Subject: NIPC Assessment 01-019

ASSESSMENT 01-019

"Buffer Overflow Vulnerability in Telnet Daemon" August 30, 2001

Synopsis:  Recently, the cyber security community received numerous
reports of intruders using the buffer overflow vulnerability in the
telnet daemon program.  Security organizations, such as
CERT/Coordination Center, cited this vulnerability in a July advisory
(http://www.cert.org/advisories/ca-2001-21.html) outlining the
vulnerability and solutions to address this problem. Due to the increase
of these reports and with the activity of a new worm that has targeted
this vulnerability, the NIPC urges the consumers to contact their
vendors to obtain the appropriate fix.  This vulnerability has the
potential to impact the victim by allowing an intruder to copy, delete,
or execute any program on the victim's system.

A new worm called "x.c", designed to exploit this vulnerability, has
been discovered.  Although that specific worm has been disabled, other
malicious code variants could take advantage of the same vulnerability.
Vendor patches are available and NIPC urges consumers to contact their
vendor to obtain the appropriate fix for their operating system.

This vulnerability affects primarily FreeBSD-derived telnet daemons
(including Solaris, AIX, and several versions of Linux), but some
information suggests other vendors' telnet daemons may also be subject
to attack using the same method.

A list of vulnerable systems, along with links to vendor patches, can be
obtained at http://www.securityfocus.com/bid/3064. It is recommended
that users of these operating systems check with their vendor for
applicable patches, or disable the telnet daemon entirely.

Further information on the vulnerability can be found at:
http://www.cert.org/advisories/ca-2001-21.html
http://www.net-security.org/text/bugs/996661549,7633,.shtml

Any information regarding the above worm or any other exploitation of
the buffer overflow vulnerability should be reported to the NIPC or
other authorities.  Incidents may be reported online at
http://www.nipc.gov/incident/cirr.htm, directly to the NIPC Watch and
Warning Unit at (202) 323-3204/3205/3206 or nipc.watch@ fbi.gov.
Government agencies should report incidents to FedCIRC online at
http://www.fedcirc.gov,  by e-mail at fedcirc@private, or by phone
at 1-888-282-0870.

Next message: George Heuston: "FW: NIPC Watch Daily Report 31 August 2001"
Previous message: George Heuston: "FW: NIPC Watch 30 August 2001"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:24:34 PDT