-----Original Message----- From: NIPC Watch [mailto:nipcwatch@private] Sent: Wednesday, November 27, 2002 7:31 AM To: Cyber Threats Subject: [Cyber_threats] Daily News 11/27/02 November 25, CERT/CC Advisory CA-2002-34: buffer overflow in Solaris X window font service. The Solaris X Window Font Service (XFS) daemon (fs.auto) contains a remotely exploitable buffer overflow vulnerability that could allow an attacker to execute arbitrary code or cause a denial of service. Exploitation of this vulnerability can lead to arbitrary code execution on a vulnerable Solaris system. This vulnerability was discovered by ISS X-Force. A remote attacker can execute arbitrary code with the privileges of the fs.auto daemon (typically nobody) or cause a denial of service by crashing the service. Source. http://www.cert.org/advisories/CA-2002-34.html November 25, ZDNet News Attack targets .info domain system - UltraDNS. An Internet attack flooded domain name manager UltraDNS with a deluge of data late last week, causing administrators to scramble to keep up and running the servers that host .info and other domains. The assault sent nearly 2 million requests per second to each device connecting the network to the Internet--many times greater than normal--during the four hours of peak activity that hit the company early Thursday morning, said Ben Petro, CEO of UltraDNS. "This is the largest attack that we've seen," Petro said. He stressed that it didn't affect the company's core domain name system (DNS) services, but administrators had to work fast to get the attack blocked by the backbone Internet companies from which UltraDNS gets its connectivity. The attack came almost exactly a month after a similar attack targeted the DNS root servers, the databases that hold the critical information computers need to maintain top-level domains. Such domains act as the white pages of the Internet, matching domain names - such as www.cnet.com - with numerical Internet addresses. Source. http://zdnet.com.com/2100-1105-971178.html Virus: #1 Virus in USA:: WORM_KLEZ.H Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137(netbios-ns); 80(http); 21(ftp); 1433(ms-sql-s); 139(netbios-ssn); 4662; 25(smtp); 445(microsoft-ds); 53(domain); 8080(webcache) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Cyber_Threats mailing list Cyber_Threats@listserv http://listserv.infragard.org/mailman/listinfo/cyber_threats
This archive was generated by hypermail 2b30 : Sat Nov 30 2002 - 05:01:41 PST