-----Original Message----- From: NIPC Watch [mailto:nipcwatch@private] Sent: Tuesday, November 26, 2002 6:38 AM To: Cyber Threats Subject: [Cyber_threats] Daily News 11/26/02 November 25, CERT/CC Vulnerability Note VU#740619: SSH Secure Shell for Servers fails to remove child process from master process group. A locally exploitable privilege escalation vulnerability exists in SSH Secure Shell versions 2.0.13 - 3.2.1. Secure Shell for Servers, developed by SSH Communications Security, does not properly remove the child process from the master process group after non-interactive command execution. Quoting from the SSH Communications Security Advisory: when used in non-interactive connections, a defect in process grouping of SSH Secure Shell processes may allow malicious activity. If executing a command without a pty (including running commands and subsystems) the child process remains in the process group of the master process. On platforms relying on getlogin() (mainly the different BSD variants) malicious users can at least send misleading messages to syslog and others applications (getlogin() call will return "root"). Source: http://www.kb.cert.org/vuls/id/740619 Virus: #1 Virus in USA:: WORM_KLEZ.H Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137(netbios-ns); 80(http); 21(ftp); 1433(ms-sql-s); 139(netbios-ssn); 4662; 25(smtp); 445(microsoft-ds); 53(domain); 8080(webcache) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Cyber_Threats mailing list Cyber_Threats@listserv http://listserv.infragard.org/mailman/listinfo/cyber_threats
This archive was generated by hypermail 2b30 : Tue Nov 26 2002 - 07:39:49 PST