Section: .. / advisories / cert /
|
See the CERT website for more information.
|
| /// File Name: |
CA-94:11.majordomo.vulnerabilities |
Description:
|
This advisory addresses two vulnerabilities in Majordomo versions prior to 1.92. CERT staff recommends installing version 1.92, but provides workarounds if this is not possible.
| | File Size: | 6086 | | Last Modified: | Sep 14 07:47:58 1999 |
| MD5 Checksum: | 268f9bdf8ec9232f8693bfe21e53693d |
|
| /// File Name: |
CA-94:10.IBM.AIX.bsh.vulnerability |
Description:
|
This advisory addresses a vulnerability in the batch queue (bsh) of IBM AIX systems running versions prior to and including AIX 3.2. CERT staff recommends a workaround to disable the bsh feature. IBM provides a patch for systems requiring this functionality.
| | File Size: | 5794 | | Last Modified: | Sep 14 07:47:57 1999 |
| MD5 Checksum: | b6ff572418b9c56de1265d4ff5e6a99c |
|
| /// File Name: |
CA-94:09.bin.login.vulnerability |
Description:
|
This advisory addresses a vulnerability in /bin/login of all IBM AIX 3 systems, and Linux systems. A workaround and patch information are included in this advisory.
| | File Size: | 12011 | | Last Modified: | Sep 14 07:47:56 1999 |
| MD5 Checksum: | 929e2c044c9fb32eb0e6296e9cc9716c |
|
| /// File Name: |
CA-94:08.ftpd.vulnerabilities |
Description:
|
This advisory addresses two vulnerabilities with some releases of fptd and announces new versions and patches to correct these problems. ftpd versions affected are wuarchive ftpd 2.0-2.3, DECWRL ftpd versions prior to 5.93, and BSDI ftpd version 1.1 prior to patch level 5. The vulnerabilities addressed are the SITE EXEC and race condition vulnerabilities.
| | File Size: | 7149 | | Last Modified: | Sep 14 07:47:55 1999 |
| MD5 Checksum: | 33810eadf967db905b4754684b618c37 |
|
| /// File Name: |
CA-94:07.wuarchive.ftpd.trojan.hors..> |
Description:
|
Warning about intruder-modified source for wuarchive ftpd, which introduced a Trojan horse in versions 2.2, 2.1f, and possibly earlier versions. Recommended solution is to upgrade to version 2.3.
| | File Size: | 6474 | | Last Modified: | Sep 14 07:47:54 1999 |
| MD5 Checksum: | cf5082e1f02dfc21bc0e460cec46b71f |
|
| /// File Name: |
CA-94:06.utmp.vulnerability |
Description:
|
This advisory addresses a vulnerability with /etc/utmp ins SunOS 4.1.X and Solaris 1.1.1 operating systems. Solbourne Computer, Inc. and other Sparc products using SunOS 4.1.X or Solaris 1.1.1 are also affected. Solaris 2.x is not affected by this problem.
| | File Size: | 7029 | | Last Modified: | Sep 14 07:47:53 1999 |
| MD5 Checksum: | 74063161402f72e8645cf34aa177c4c7 |
|
| /// File Name: |
CA-94:05.MD5.checksums |
Description:
|
This advisory gives the MD5 checksums for a number of SunOS files, along with a tool for checking them.
| | File Size: | 31053 | | Last Modified: | Sep 14 07:47:52 1999 |
| MD5 Checksum: | e08dc59003396e03c0fe06967fb23ce4 |
|
| /// File Name: |
CA-94:03.AIX.performance.tools |
Description:
|
Vulnerabilities are present in the bosext1.extcmds.obj performance tools in AIX 3.2.5 and in those AIX 3.2.4 systems with Program Temporary Fixes (PTFs) U420020 or U422510 installed. These problems do not exist in earlier versions of AIX.
| | File Size: | 4211 | | Last Modified: | Sep 14 07:47:49 1999 |
| MD5 Checksum: | 7f60181a7324819de628de8c56a850ab |
|
| /// File Name: |
CA-94:02.REVISED.SunOS.rpc.mountd.v..> |
Description:
|
** This advisory supersedes CA-91:09 and CA-92:12.** A vulnerability is present in SunOS 4.1, 4.1.1, 4.1.2, and 4.1.3 /usr/etc/rpc.mountd. Unauthorized remote hosts will be able to mount the file system. The advisory describes how to obtain a patch for the problem from Sun.
| | File Size: | 4438 | | Last Modified: | Sep 14 07:47:48 1999 |
| MD5 Checksum: | 862a2fbfd61c0d93ab1bd4bbe2e714d7 |
|
| /// File Name: |
CA-94:01.ongoing.network.monitoring..> |
Description:
|
This advisory describes ongoing network monitoring attacks. All systems that offer remote access through rlogin, telnet, and ftp are at risk. The advisory includes a description of the activity and suggested approaches for addressing the problem.
| | File Size: | 27549 | | Last Modified: | Sep 14 07:47:46 1999 |
| MD5 Checksum: | 9cc5fcb2a1cf7e700a3b19bb1d2d0116 |
|
| /// File Name: |
CA-93:19.Solaris.Startup.vulnerabil..> |
Description:
|
Information about a vulnerability in the system startup scripts on Solaris 2.x and Solaris x86 systems.
| | File Size: | 3637 | | Last Modified: | Sep 14 07:47:39 1999 |
| MD5 Checksum: | 981b2e945dac996d775ce8c2bd61066f |
|
| /// File Name: |
CA-93:18.SunOS.Solbourne.loadmodule..> |
Description:
|
** This advisory supersedes CA-91:22. ** The advisory addresses a vulnerability in /usr/etc/modload and $OPENWINHOME/bin/loadmodule in in Sun Microsystems, Inc. SunOS 4.1.1, 4.1.2, 4.1.3, and 4.1.3c and OpenWindows 3.0 on all sun4 and Solbourne Computer, Inc. architectures.
| | File Size: | 4269 | | Last Modified: | Sep 14 07:47:38 1999 |
| MD5 Checksum: | 9cfc9a67ab1ba34854fadc4f6c52bef1 |
|
| /// File Name: |
CA-93:17.xterm.logging.vulnerabilit..> |
Description:
|
This advisory addresses a vulnerability in the logging function of many versions of xterm. It provides information about several solutions.
| | File Size: | 9694 | | Last Modified: | Sep 14 07:47:38 1999 |
| MD5 Checksum: | 226def934ddb93ece550cb6d23c80cde |
|
| /// File Name: |
CA-93:15.SunOS.and.Solaris.vulnerab..> |
Description:
|
This advisory describes several vulnerabilities in Sun operating systems: /usr/lib/sendmail (SunOS 4.1.x, Solaris 2.x), /bin/tar (Solaris 2.x), and dev/audio (SunOS 4.1.x, Solaris 2.x). The advisory includes patch and workaround information for these problems. * The sendmail portion of this advisory is superseded by CA-96.20, CA-96.24, and CA-96.25. *
| | File Size: | 8990 | | Last Modified: | Sep 14 07:47:37 1999 |
| MD5 Checksum: | 6667c72dc7c76eaaa77efd3bc25a45cb |
|
| /// File Name: |
CA-93:14.Internet.Security.Scanner |
Description:
|
This advisory alerts Internet sites to a new software tool that is widely available. The advisory describes vulnerabilities probed by the Internet Security Scanner (ISS) software.
| | File Size: | 16137 | | Last Modified: | Sep 14 07:47:36 1999 |
| MD5 Checksum: | 93adaffbce00482e7dcdc9c555938107 |
|
| /// File Name: |
CA-93:13.SCO.Home.Directory.Vulnera..> |
Description:
|
A vulnerability relating to the "dos" and "asg" accounts exists in numerous SCO Operating Systems releases. This advisory provides instructions for repairing the vulnerability.
| | File Size: | 6365 | | Last Modified: | Sep 14 07:47:35 1999 |
| MD5 Checksum: | 030689f3cf2839ebd9977cb3030957a2 |
|
| /// File Name: |
CA-93:12.Novell.LOGIN.EXE.vulnerabi..> |
Description:
|
A vulnerability exists in Novell's NetWare 4.x login program (LOGIN.EXE). This advisory provides details on the availability of a security-enhance version of the Novell Netware 4.x login program.
| | File Size: | 5228 | | Last Modified: | Sep 14 07:47:34 1999 |
| MD5 Checksum: | 329a3141bf0cb2f33a796442f923dc2e |
|
| /// File Name: |
CA-93:11.UMN.UNIX.gopher.vulnerabil..> |
Description:
|
Vulnerabilities exist in versions of the UMN UNIX gopher and gopher+ server and client available before August 6, 1993. These vulnerabilities are present in UMN UNIX gopher and gopher+ versions which were available from boombox.micro.umn.edu and many other anonymous FTP sites. This advisory provides details on the severity of the vulnerabilities and the availability of new versions of UMN UNIX gopher and gopher+.
| | File Size: | 4968 | | Last Modified: | Sep 14 07:47:32 1999 |
| MD5 Checksum: | de837c5e744243377d2284cd6037edf4 |
|
| /// File Name: |
CA-93:10.anonymous.FTP.activity |
Description:
|
This advisory provides an updated version of the anonymous FTP configuration guidelines that is available from the CERT Coordination Center.
| | File Size: | 12841 | | Last Modified: | Sep 14 07:47:31 1999 |
| MD5 Checksum: | 85dbc64f1d9066e3a74b14338e0460dc |
|
| /// File Name: |
CA-93:08.SCO.passwd.vulnerability |
Description:
|
A vulnerability exists in several releases of SCO's Operating Systems. This vulnerability has the potential to deny legitimate users the ability to log onto the system. This advisory details information about releases available to correct this problem.
| | File Size: | 11301 | | Last Modified: | Sep 14 07:47:27 1999 |
| MD5 Checksum: | b8632fa408d40ffd51ccb32ca25fe724 |
|
| /// File Name: |
CA-93:07.Cisco.Router.Packet.Handli..> |
Description:
|
A vulnerability exists in Cisco routers such that a router which is configured to suppress source routed packets with the following command: "no ip source-route" may allow traffic which should be suppressed. This vulnerability applies to all models of Cisco routers, and occurs with the following releases of software: 8.2, 8.3, 9.0, 9.1, and 9.17. This advisory details information about releases available to correct this problem.
| | File Size: | 4430 | | Last Modified: | Sep 14 07:47:22 1999 |
| MD5 Checksum: | 34adfbfb33336421040cfc0ed0b2b814 |
|
| /// File Name: |
CA-93:06.wuarchive.ftpd.vulnerabili..> |
Description:
|
A vulnerability is present in versions of wuarchive ftpd available before April 8, 1993. This vulnerability is present in wuarchive ftpd versions which were available from wuarchive.wustl.edu and many other anonymous FTP sites. This advisory provides details on the severity of the vulnerability and (1) the availability of a new version of wuarchive ftpd and (2) availability of a patch for the problem.
| | File Size: | 4430 | | Last Modified: | Sep 14 07:47:21 1999 |
| MD5 Checksum: | 037496a1ac713b392c527e78787846e7 |
|
| /// File Name: |
CA-93:05.OpenVMS.AXP.vulnerability |
Description:
|
A vulnerability is present with Digital Equipment Corporation's OpenVMS and OpenVMS AXP. This vulnerability is present in OpenVMS V5.0 through V5.5-2 and OpenVMS AXP V1.0 but has been corrected in OpenVMS V6.0 and OpenVMS AXP V1.5. This advisory provides details from Digital on the severity of the vulnerability and patch availability for the problem.
| | File Size: | 6919 | | Last Modified: | Sep 14 07:47:21 1999 |
| MD5 Checksum: | aeff2469420c9db0f51a688439203c81 |
|
| /// File Name: |
CA-93:04a.Amiga.finger.vulnerabilit..> |
Description:
|
A vulnerability is present in the "finger" program of Commodore Business Machine's Amiga UNIX product and affects Commodore Amiga UNIX versions 1.1, 2.03, 2.1, 2.1p1, 2.1p2, and 2.1p2a. This advisory details the availability of a patch for the problem and provides a suggested workaround.
| | File Size: | 4243 | | Last Modified: | Sep 14 07:47:20 1999 |
| MD5 Checksum: | 92996075b41c4871012662f59512a237 |
|
| /// File Name: |
CA-93:03.SunOS.Permissions.vulnerab..> |
Description:
|
This advisory describes a patch that is available to correct the ownerships and permissions for a number of system files in SunOS 4.1, 4.1.1, 4.1.2, and 4.1.3. These have been fixed in SunOS 5.0. CERT staff has seen an increasing number of attackers exploit these problems on systems and we encourage sites to consider installing this patch.
| | File Size: | 6118 | | Last Modified: | Sep 14 07:47:19 1999 |
| MD5 Checksum: | 6292c19f3aa42c4bccf5f57f7add2059 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
