-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Tuesday, January 08, 2002 7:32 AM To: Daily Distribution Subject: NIPC Daily Report 8 Jan 2002 NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI. The NIPC Daily Report Prepared by WWU 8 January 02 General - A security vulnerability in Cisco's UBR900 Series routers allows read?write access to the MIB (which leads to access to the router configuration) using any community name whatsoever. This behavior in SNMP access is due to DOCSIS 1.0 standards that specify there be no restrictions on SNMP access to the devise. Cisco has to comply with DOCSIS standards in order to produce a CableLabs certified product. CableLabs standards provides a mechanism (via a DOCSIS configuration file) to automatically configure the SNMP access list as the device attaches to the network. CableLabs has assumed that security isn't critical since the device gets its configuration (via the DOCSIS configuration file) before intruders can do any harm. Possible workarounds to the vulnerability would be to create a specific RW community name and make it accessible only from a machine on the internal network; to stop using SNMPv1; or to stop using SNMP altogether. (SecuriTeam.com, 4 January) Red Hat, Inc. has issued Red Hat Security Advisory RHSA-2002:002-10 regarding updates to Stunnel SSL wrapper applications for Red Hat Linux 7.2. The updates close a format-string vulnerability present in earlier versions of Stunnel. Currently, it is possible to abuse the format string bugs to run arbitrary code as the owner of the Stunnel process. RHSA-2002:002-10 offers Stunnel version 3.22, which is not vulnerable to the bug. (Red Hat Security, 7 January) Items of International Interest - South Korea's National Police Agency anti-cyber terrorism squad detained seven people and charged them with violating information protection laws as they attempted to cash in cyber money they allegedly garnered by hacking into a domestic portal site in Seoul. Police said the accused created 120 million won (US $91,320) worth of cyber money on the Internet by hacking into a domestic Internet portal, and then sold the manufactured currency to users for 80 million won ($60,880) in real money. (Seoul Yonhap, 7 January) Transportation - President Bush installed former Secret Service director John Magaw as head of the new Transportation Security Administration. Principle tasks for the agency include developing and deploying new security equipment at airports. The Transportation Security Administration is scheduled to take control of aircraft security by 19 February. (Associated Press, 7 January)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:38:17 PDT