Section: .. / advisories / cert /
|
See the CERT website for more information.
|
| /// File Name: |
CA-91:21.SunOS.NFS.Jumbo.and.fsiran..> |
Description:
|
Vulnerabilities concerning Sun Microsystems, Inc. (Sun) Network File System (NFS) and the fsirand program. These vulnerabilities affect SunOS versions 4.1.1, 4.1, and 4.0.3 on all architectures. Patches are available for SunOS 4.1.1. An initial patch for SunOS 4.1 NFS is also available. Sun will be providing complete patches for SunOS 4.1 and SunOS 4.0.3 at a later date.
| | File Size: | 6484 | | Last Modified: | Sep 14 07:46:58 1999 |
| MD5 Checksum: | f8a94d6d2ba0b73dc3269d4943173128 |
|
| /// File Name: |
CA-94:07.wuarchive.ftpd.trojan.hors..> |
Description:
|
Warning about intruder-modified source for wuarchive ftpd, which introduced a Trojan horse in versions 2.2, 2.1f, and possibly earlier versions. Recommended solution is to upgrade to version 2.3.
| | File Size: | 6474 | | Last Modified: | Sep 14 07:47:54 1999 |
| MD5 Checksum: | cf5082e1f02dfc21bc0e460cec46b71f |
|
| /// File Name: |
CA-91:02a.SunOS.telnetd.vulnerabili..> |
Description:
|
This advisory announces a security problem with the in.telnetd program in releases of SunOS 4.1 and 4.1.1.
| | File Size: | 6455 | | Last Modified: | Sep 14 07:46:45 1999 |
| MD5 Checksum: | 28c2fa8d9803eae92860b2631bd944ed |
|
| /// File Name: |
CA-2001-12.superfluous.iis |
Description:
|
CERT Advisory CA-2001-12 - A serious vulnerability in Microsoft IIS allows remote intruders to execute commands on an IIS web server, as discussed in ms01-026. This vulnerability closely resembles a previous vulnerability in IIS that was widely exploited.
| | Homepage: | http://www.cert.org | | File Size: | 6385 | | Last Modified: | May 17 22:46:22 2001 |
| MD5 Checksum: | 8b7a04fb8cb3aa8ec26645d1f4d7a58b |
|
| /// File Name: |
CA-93:13.SCO.Home.Directory.Vulnera..> |
Description:
|
A vulnerability relating to the "dos" and "asg" accounts exists in numerous SCO Operating Systems releases. This advisory provides instructions for repairing the vulnerability.
| | File Size: | 6365 | | Last Modified: | Sep 14 07:47:35 1999 |
| MD5 Checksum: | 030689f3cf2839ebd9977cb3030957a2 |
|
| /// File Name: |
CA-97.25.CGI_metachar |
Description:
|
This advisory reports a vulnerability that some CGI scripts have a problem that allows an attacker to execute arbitrary commands on a WWW server under the effective user-id of the server process.
| | File Size: | 6304 | | Last Modified: | Sep 14 07:49:47 1999 |
| MD5 Checksum: | b96a7e7a763ec5a4aacce291710b0754 |
|
| /// File Name: |
CA-96.13.dip_vul |
Description:
|
This advisory describes a vulnerability in the dip program, which is shipped with most Linux systems. Other UNIX systems may also use it. Pointers to dip 3.3.7 are included.
| | File Size: | 6250 | | Last Modified: | Sep 14 07:48:56 1999 |
| MD5 Checksum: | 39dc2d085f5af3ec2049671e138e2c37 |
|
| /// File Name: |
CA-93:02a.NeXT.NetInfo._writers.vul..> |
Description:
|
This advisory provides information concerning vulnerabilities in the distributed printing facility ("_writers" properties) of NeXT computers running all releases of NeXTSTEP software through NeXTSTEP Release 3.0. The advisory details the availability of a patch for the problems and provides suggested workarounds.
| | File Size: | 6233 | | Last Modified: | Sep 14 07:47:16 1999 |
| MD5 Checksum: | a972cdc1519587485675a866751363c8 |
|
| /// File Name: |
CA-97.03.csetup |
Description:
|
A vulnerability in the csetup program under IRIX versions 5.x, 6.0, 6.0.1, 6.1, and 6.2 allows local users to create or overwrite arbitrary files on the system and ultimately gain root privileges. A workaround is provided.
| | File Size: | 6232 | | Last Modified: | Sep 14 07:49:16 1999 |
| MD5 Checksum: | 780bde03fc3ec2e10d7b2e3ec70de97a |
|
| /// File Name: |
CA-93:03.SunOS.Permissions.vulnerab..> |
Description:
|
This advisory describes a patch that is available to correct the ownerships and permissions for a number of system files in SunOS 4.1, 4.1.1, 4.1.2, and 4.1.3. These have been fixed in SunOS 5.0. CERT staff has seen an increasing number of attackers exploit these problems on systems and we encourage sites to consider installing this patch.
| | File Size: | 6118 | | Last Modified: | Sep 14 07:47:19 1999 |
| MD5 Checksum: | 6292c19f3aa42c4bccf5f57f7add2059 |
|
| /// File Name: |
CA-2002-37.windows.shell |
Description:
|
CERT Advisory CA-2002-37 - A buffer overflow vulnerability in the Microsoft Windows Shell allows remote attackers to execute arbitrary code via malicious email message, malicious web page, or browsing through a folder containing a malicious .MP3 or .WMA file. More information available here.
| | Homepage: | http://www.cert.org | | File Size: | 6098 | | Related CVE(s): | CAN-2002-1327 | | Last Modified: | Dec 21 11:28:18 2002 |
| MD5 Checksum: | e94145ac24db820aa7d84da855aa5755 |
|
| /// File Name: |
CA-89:01.passwd.hole |
Description:
|
Report from Keith Bostic of BSD patch for passwd(1) program.
| | File Size: | 6097 | | Last Modified: | Sep 14 07:46:20 1999 |
| MD5 Checksum: | cf8384d2ad4bed56cdeb8d0871c39b18 |
|
| /// File Name: |
CA-94:11.majordomo.vulnerabilities |
Description:
|
This advisory addresses two vulnerabilities in Majordomo versions prior to 1.92. CERT staff recommends installing version 1.92, but provides workarounds if this is not possible.
| | File Size: | 6086 | | Last Modified: | Sep 14 07:47:58 1999 |
| MD5 Checksum: | 268f9bdf8ec9232f8693bfe21e53693d |
|
| /// File Name: |
CA-92:19.Keystroke.Logging.Banner.N..> |
Description:
|
This advisory provides information from the United States Department of Justice, General Litigation and Legal Advice Section, Criminal Division, regarding keystroke monitoring by computer systems administrators, as a method of protecting computer systems from unauthorized access. The CERT staff strongly suggests adding a notice banner such as the one included in the advisory to all systems. Sites not covered by U.S. law should consult their legal counsel.
| | File Size: | 6042 | | Last Modified: | Sep 14 07:47:12 1999 |
| MD5 Checksum: | c2dd95072b105375eb41f2a6cec4aafb |
|
| /// File Name: |
cert-article |
Description:
|
An article about CERT from the March 1990 issue of Bridge, a magazine published by the Software Engineering Institute (SEI).
| | File Size: | 6006 | | Last Modified: | Sep 14 07:50:16 1999 |
| MD5 Checksum: | 2eca3bb5589278fc136410026b3ab31e |
|
| /// File Name: |
CA-89:03.telnet.breakin.warning |
Description:
|
Warning about a series of break-ins in which an intruder replaced the telnet(1) program with a Trojan horse that captured passwords. Contains some general hints about securing systems.
| | File Size: | 5963 | | Last Modified: | Sep 14 07:46:21 1999 |
| MD5 Checksum: | 9b933d2cc5364f424a5fceba2ecc77bc |
|
| /// File Name: |
CA-92:21.ConvexOS.vulnerabilities |
Description:
|
This advisory provides information concerning several vulnerabilities in ConvexOS/Secure, CONVEX CXbatch, CONVEX Storage Manager (CSM), and ConvexOS EMACS. These vulnerabilities can affect ConvexOS versions V6.2 - V10.2 and ConvexOS/Secure versions V9.5 and V10.0 on all supported architectures. The advisory describes a workaround for one of the vulnerabilities and provides information on how to obtain a patches for the other problems from CONVEX Computer Corporation.
| | File Size: | 5938 | | Last Modified: | Sep 14 07:47:13 1999 |
| MD5 Checksum: | 3e71d8b4d58199d91749e14bb9b92467 |
|
| /// File Name: |
CA-94:10.IBM.AIX.bsh.vulnerability |
Description:
|
This advisory addresses a vulnerability in the batch queue (bsh) of IBM AIX systems running versions prior to and including AIX 3.2. CERT staff recommends a workaround to disable the bsh feature. IBM provides a patch for systems requiring this functionality.
| | File Size: | 5794 | | Last Modified: | Sep 14 07:47:57 1999 |
| MD5 Checksum: | b6ff572418b9c56de1265d4ff5e6a99c |
|
| /// File Name: |
CA-2000-14.outlookcache |
Description:
|
CERT Advisory CA-2000-14 - Microsoft Outlook and Outlook Express Cache Bypass vulnerability allows an attacker to use an HTML-formatted message to read certain types of files on the victim's machine. In addition, because this vulnerability also allows the attacker to store files on the victim's machine, it can be used in conjunction with existing vulnerabilities to execute arbitrary code on the target system.
| | Homepage: | http://www.cert.org | | File Size: | 5770 | | Last Modified: | Jul 27 02:40:18 2000 |
| MD5 Checksum: | 7ca5506752c407cdefdd08cbc5e7ab29 |
|
| /// File Name: |
CA-93:01.REVISED.HP.NIS.ypbind.vuln..> |
Description:
|
** This advisory supersedes CA-92:17. ** A vulnerability is present in Hewlett-Packard's HP/UX Operating System for series 300, 700, and 800 computers, which allows remote NIS servers unauthorized access to local NIS hosts. Patches from HP are available for all of the HP/UX level 8 releases (8.0, 8.02, 8.06, and 8.07). The problem is fixed in HP/UX 9.0.
| | File Size: | 5744 | | Last Modified: | Sep 14 07:47:14 1999 |
| MD5 Checksum: | 669ba4a4e2a9c619765eb859e29edda0 |
|
| /// File Name: |
CA-92:02.Michelangelo.PC.virus.warn..> |
Description:
|
This advisory warns users of a PC virus called Michelangelo. The virus affects IBM PCs and compatibles, and has a trigger date of March 6 (any year).
| | File Size: | 5719 | | Last Modified: | Sep 14 07:47:00 1999 |
| MD5 Checksum: | 42f14a4d7387164ff33aa4c3334d84a9 |
|
| /// File Name: |
CA-92:13.SunOS.NIS.vulnerability |
Description:
|
Vulnerabilities are present in NIS under SunOS 4.1, 4.1.1, and 4.1.2, and may or may not exist in earlier versions of NIS. The advisory describes how to obtain a patch for SunOS 4.1, 4.1.1, and 4.1.2 for the problem from Sun.
| | File Size: | 5652 | | Last Modified: | Sep 14 07:47:08 1999 |
| MD5 Checksum: | 4a92a643f9e6e8b4a863d606fc75d1fd |
|
| /// File Name: |
CA-92:20.Cisco.Access.List.vulnerab..> |
Description:
|
This advisory provides information concerning a vulnerability in Cisco router access lists when the "established" keyword is used. This vulnerability is present in Cisco software releases 8.2, 8.3, 9.0 and 9.1. The advisory describes workarounds and provides information on how to obtain a patch for the problem from Cisco.
| | File Size: | 5581 | | Last Modified: | Sep 14 07:47:12 1999 |
| MD5 Checksum: | d4f10508dc3b7768d21abbfa6410adfe |
|
| /// File Name: |
CA-2001-10.iis5 |
Description:
|
CERT Advisory CA-2001-10 - Buffer Overflow Vulnerability in Microsoft IIS 5.0. A vulnerability exists in Microsoft IIS 5.0 running on Windows 2000 that allows a remote intruder to run arbitrary code on the victim machine, allowing them to gain complete administrative control of the machine.
| | Homepage: | http://www.cert.org | | File Size: | 5419 | | Last Modified: | May 3 23:11:13 2001 |
| MD5 Checksum: | abdf83b85b5b3db8c344eeb1cc4d0b18 |
|
| /// File Name: |
CA-2002-32.alcatel |
Description:
|
CERT Advisory CA-2002-32 - Backdoor in Alcatel OmniSwitch 7700 and 7800 AOS version 5.1.1. A telnet server listens on TCP port number 6778, a backdoor that was originally used during development to access the Wind River Vx-Works operating system. Due to an oversight, this access was not removed prior to product release.
| | Homepage: | http://www.cert.org | | File Size: | 5298 | | Last Modified: | Nov 24 02:16:00 2002 |
| MD5 Checksum: | bb91a5a0f11171433192ade8fc82b9cc |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
