CRIME FW: [Cyber_threats] Daily News 11/21/02

• Previous message: Lyle Leavitt: "CRIME [Fwd: [Homeland_security] Daily News 11/21/02]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----Original Message-----
From: NIPC Watch [mailto:nipcwatch@private] 
Sent: Thursday, November 21, 2002 7:37 AM
To: Cyber Threats
Subject: [Cyber_threats] Daily News 11/21/02

November 20, CERT/CC - Vulnerability Note VU#181721
Alcatel OmniSwitch 7700/7800 does not require a password for accessing the
telnet server. The OmniSwitch 7700/7800 running Alcatel Operating System
(AOS) version 5.1.1 has TCP port 6778 listening as a telnet server. This
gives anyone access to the OmniSwitch's Vx-Works operating system without
requiring a password. During an NMAP audit of the AOS 5.1.1 code that runs
on the Alcatel OmniSwitch 7700/7800 LAN switches, it was determined a telnet
server was listening on TCP port number 6778. This was used during
development to access the Wind River Vx-Works operating system. Due to an
oversight, this access was not removed prior to product release. Anyone
running NMAP on AOS 5.1.1 will see port 6778 listening. The attacker is able
to telnet to the port and access the OmniSwitch operating system without a
password. This backdoor comprises the entire system. Source.
http://www.kb.cert.org/vuls/id/181721

November 20, Microsoft
Microsoft Security Bulletin MS02-065: Buffer Overrun in Microsoft Data
Access Components Could Lead to Code Execution (Critical). MDAC provides the
underlying functionality for a number of database operations, such as
connecting to remote databases and returning data to a client. One of the
MDAC components is known as Remote Data Services (RDS). A security
vulnerability is present in the RDS implementation, specifically in a
function called the RDS Data Stub, whose purpose it is to parse incoming
HTTP requests and generate RDS commands. The vulnerability results because
of an unchecked buffer in the Data Stub. By sending a specially malformed
HTTP request to the Data Stub, an attacker could cause data of his or her
choice to overrun onto the heap. Although heap overruns are typically more
difficult to exploit than the more-common stack overrun, Microsoft has
confirmed that in this case it would be possible to exploit the
vulnerability to run code of the attacker's choice on the user's system.
Microsoft recommends that a patch be installed immediately. Source:
http://www.microsoft.com/technet/security/bulletin/MS02-065.asp

Virus: #1 Virus in USA:: WORM_BUGBEAR.A
Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus
Tracking Center [Infected Computers, North America, Past 24 hours, #1 in
United States]

Top 10 Target Ports
137(netbios-ns); 80(http); 1433(ms-sql-s); 25(smtp); 21(ftp);
139(netbios-ssn); 53(domain); 443(https); 445(microsoft-ds); 8080(webcache);
Source: http://isc.incidents.org/top10.html; Internet Storm Center


_______________________________________________
Cyber_Threats mailing list
Cyber_Threats@listserv
http://listserv.infragard.org/mailman/listinfo/cyber_threats

• Next message: Soren.J.Winslow@private: "CRIME The classic I'm-from-Nigera-and-have-a-ton-of-money-but-need-your-help-to-get-it-to-the-U.S. scam"
• Previous message: Lyle Leavitt: "CRIME [Fwd: [Homeland_security] Daily News 11/21/02]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Nov 21 2002 - 19:49:31 PST