-----Original Message----- From: NIPC Watch [mailto:nipcwatch@private] Sent: Tuesday, December 17, 2002 8:06 AM To: Cyber Threats Subject: [Cyber_threats] Daily News 12/17/02 December 16, CERT/CC Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations. Multiple vendors' implementations of the secure shell (SSH) transport layer protocol contain vulnerabilities that could allow a remote attacker to execute arbitrary code with the privileges of the SSH process or cause a denial of service. The vulnerabilities affect SSH clients and servers, and they occur before user authentication takes place. Rapid7 has developed a suite (SSHredder) of test cases that examine the connection initialization, key exchange, and negotiation phase (KEX, KEXINIT) of the SSH transport layer protocol. The test suite has demonstrated a number of vulnerabilities in different vendors' SSH products. These vulnerabilities include buffer overflows, and they occur before any user authentication takes place. SSHredder was primarily designed to test key exchange and other processes that are specific to version 2 of the SSH protocol; however, certain classes of tests are also applicable to version 1. The impact will vary for different vulnerabilities and products, but in severe cases, remote attackers could execute arbitrary code with the privileges of the SSH process. Both SSH servers and clients are affected, since both implement the SSH transport layer protocol. Affected users should apply the appropriate patch or upgrade as specified by your vendor. Source: http://www.cert.org/advisories/CA-2002-36.html December 16, The Register Home user insecurity spurs email virus growth in 2002. The ratio of viruses to legitimate emails has increased over the course of this year. According to a review of 2002 by managed services firm MessageLabs, the ratio of viruses to clean emails is now one in 202, compared to one every 380 emails last year. According to MessageLabs' report (compiled for the year to December 14), the top five most active viruses in 2002 were Klez.H (with 4,918,018 copies), Yaha.E (1,096,683), Bugbear.A (842,333), Klez.E (380,937) and last year's worst SirCam.A with 309,832. According to MessageLabs, viruses have become less of a problem for businesses this year as administrators are becoming more aware of the steps they need to take to prevent virus outbreaks. For home users the picture is different. Many consumers still do not have any protection in place and so easily become infected with viruses like Klez, which are harder to spot and trace. As a result, a higher percentage of viral messages can be traced back to home users. Industry sectors which deal with consumers, such as the retail, leisure and entertainment industries, are also becoming more at risk from infection. During the year, MessageLabs has also noticed a marked increase in crackers emailing Trojans in direct attacks against users. Although these attacks are numerically relatively small, they do represent a disturbing trend in the war against malware. Source: http://www.theregister.co.uk/content/56/28585.html _______________________________________________ Cyber_Threats mailing list Cyber_Threats@listserv http://listserv.infragard.org/mailman/listinfo/cyber_threats
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 12:24:06 PST