CRIME FW: [Cyber_threats] Daily News 11/26/02

From: George Heuston (GeorgeH@private)
Date: Tue Nov 26 2002 - 06:56:51 PST

  • Next message: Lyle Leavitt: "CRIME [Fwd: [Homeland_security] Daily News 11/26/02]"

    -----Original Message-----
    From: NIPC Watch [mailto:nipcwatch@private] 
    Sent: Tuesday, November 26, 2002 6:38 AM
    To: Cyber Threats
    Subject: [Cyber_threats] Daily News 11/26/02
    
    November 25, CERT/CC
    Vulnerability Note VU#740619: SSH Secure Shell for Servers fails to remove
    child process from master process group. A locally exploitable privilege
    escalation vulnerability exists in SSH Secure Shell versions 2.0.13 - 3.2.1.
    Secure Shell for Servers, developed by SSH Communications Security, does not
    properly remove the child process from the master process group after
    non-interactive command execution. Quoting from the SSH Communications
    Security Advisory: when used in non-interactive connections, a defect in
    process grouping of SSH Secure Shell processes may allow malicious activity.
    If executing a command without a pty (including running commands and
    subsystems) the child process remains in the process group of the master
    process. On platforms relying on getlogin() (mainly the different BSD
    variants) malicious users can at least send misleading messages to syslog
    and others applications (getlogin() call will return "root"). Source:
    http://www.kb.cert.org/vuls/id/740619
    
    Virus: #1 Virus in USA:: WORM_KLEZ.H
    Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus
    Tracking Center [Infected Computers, North America, Past 24 hours, #1 in
    United States]
    
    Top 10 Target Ports
    137(netbios-ns); 80(http); 21(ftp); 1433(ms-sql-s); 139(netbios-ssn); 4662;
    25(smtp); 445(microsoft-ds); 53(domain); 8080(webcache)
    Source: http://isc.incidents.org/top10.html; Internet Storm Center
    
    
    _______________________________________________
    Cyber_Threats mailing list
    Cyber_Threats@listserv
    http://listserv.infragard.org/mailman/listinfo/cyber_threats
    



    This archive was generated by hypermail 2b30 : Tue Nov 26 2002 - 07:39:49 PST