-----Original Message----- From: NIPC Watch [mailto:nipcwatch@private] Sent: Monday, October 28, 2002 7:14 AM To: Cyber Threats Subject: [Cyber_threats] Daily News 10/28/02 October 25, CERT/CC Advisory CA-2002-29: Buffer Overflow in Kerberos Administration. Multiple Kerberos distributions contain a remotely exploitable buffer overflow in the Kerberos administration daemon. A remote attacker could exploit this vulnerability to gain root privileges on a vulnerable system. The CERT/CC has received reports that indicate that this vulnerability is being exploited. In addition, MIT advisory MITKRB5-SA-2002-002 notes that an exploit is circulating. CERT strongly encourages sites that use vulnerable Kerberos distributions to verify the integrity of their systems and apply patches or upgrade as appropriate. Source: http://www.cert.org/advisories/CA-2002-29.html October 20, CERT/CC Vulnerability Note VU#328867: Multiple vendors' firewalls do not adequately keep state of FTP traffic. CERT reports that firewalls and other systems that inspect FTP application layer traffic may not adequately maintain the state of FTP commands and responses. A remote attacker may be able to access TCP ports on an FTP server or client that is behind a vulnerable firewall system, which could expose other network services to attack. CERT advises that affect users apply the appropriate patch or upgrade as specified by their vendor, and as appropriate, disable FTP inspection, restrict access, disable active FTP, secure FTP servers, and keep exposed FTP servers up-to-date with the latest patches and disable all unnecessary services. Source: http://www.kb.cert.org/vuls/id/328867 October 24, Panda Software Virus Lab Opaserv.F and Opaserv.G worms detected. Panda Software's Virus Laboratory has detected the appearance of two new variants of the Opaserv worm. These new variants, Opaserv.F and Opaserv.G., are very similar to their predecessors, including Opaserv.E, about which the international software developer has published information over the last few days. Panda Software's tech support services have had reports of various incidents caused by these worms and the company anticipates that the number of infections could increase. Source: http://www.net-security.org/virus_news.php?id=106 Virus: #1 Virus in USA: WORM_KLEZ.H Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137(netbios-ns); 80(http); 1433(ms-sql-s); 139(netbios-ssn); 21(ftp); 25(smtp); 135; 445(microsoft-ds); 1080(socks); 4665 Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Cyber_Threats mailing list Cyber_Threats@listserv http://listserv.infragard.org/mailman/listinfo/cyber_threats
This archive was generated by hypermail 2b30 : Mon Oct 28 2002 - 11:44:16 PST