This file: ftp.cert.org:/pub/cert_advisories/01-README
*******************************************************************
* *
* This file contains a list of the CERT(sm) advisories. *
* Advisories are updated as new information is received. *
* See the revision history at the end of each file. *
* *
* See also ftp://ftp.cert.org/pub/latest_sw_versions/ to keep *
* informed about new releases of software that contain fixes *
* for security problems. *
* *
* Note: We do not attempt to keep all URLs and MD5 checksums up *
* to date. If you cannot reach a URL, please notify the *
* administrator of the site. For checksums, you should *
* check with your vendor for current values. *
* *
* CERT(sm) advisories may be reproduced and distributed without *
* permission provided it is for noncommercial purposes and the *
* statement "Copyright Carnegie Mellon University" is included. *
* *
*******************************************************************
CA-88:01.ftpd.hole 12/88
Warning about BSD sendmail 5.59 debug command; general warning
about getting latest version of ftpd; other general warnings.
** The sendmail portion of this advisory is superseded by CA-96.20,
CA-96.24, and CA-96.25. **
CA-89:01.passwd.hole 01/89
Report from Keith Bostic of BSD patch for passwd(1) program.
CA-89:02.sun.restore.hole 07/26/89
Vulnerability in SunOS 4.0.* restore(8) command.
CA-89:03.telnet.breakin.warning 08/16/89
Warning about a series of break-ins in which an intruder replaced
the telnet(1) program with a Trojan horse that captured
passwords. Contains some general hints about securing systems.
CA-89:04.decnet.wank.worm 10/17/89
Warning about the "WANK" worm which attacked DECnet hosts.
CA-89:05.ultrix3.0.hole 10/17/89
Warning about attacks on DEC/Ultrix 3.0 machines. Advises users
to check for Trojan horses, insecure tftp, simple passwords.
CA-89:06.ultrix3.0.update 10/18/89
A repost of the 10/17 Ultrix advisory with checksums for several
Ultrix system programs.
CA-89:07.sun.rcp.vulnerability 10/26/89
Vulnerability in SunOS 4.0.x rcp command.
CA-90:01.sun.sendmail.vulnerability 01/29/90
Vulnerability in SunOS 3.* and 4.0.* sendmail.
**Superseded by CA-96.20, CA-96.24, and CA-96.25.
CA-90:02.intruder.warning 03/19/90
Warning about a series of attacks on Internet systems. Includes
a list of 14 points to check on Unix and VMS systems. The points
cover possible signs of a break-in as well as possible system
configuration vulnerabilities.
CA-90:03.unisys.warning 05/07/90
Warning about Unisys U5000 systems. Some of the logins supplied
when the system was shipped did not have passwords, and intruders
were taking advantage of this vulnerability.
CA-90:04.apollosuid.vulnerability 07/27/90
Vulnerability in Hewlett Packard/Apollo Domain/OS version sr10.2
and some beta versions of sr10.3. File /etc/suid_exec contained
a security flaw.
CA-90:05.sunselection.vulnerability 08/14/90
Vulnerability in SunOS 3.*, 4.0.3, and 4.1 SunView selection_svc
facility.
CA-90:06a.NeXT.vulnerability 10/03/90
Describes several vulnerabilities in NeXT system software. The
advisory was originally issued as 90:06; 90:06a includes several
corrections.
CA-90:07.VMS.ANALYZE.vulnerability 10/25/90
Vulnerability in DEC VMS versions 4.0 through 5.4. Problem with
ANALYZE/PROCESS_DUMP routine.
CA-90:08.irix.mail 10/31/90
Vulnerability in Silicon Graphics IRIX 3.3 and 3.3.1 systems.
/usr/sbin/Mail has a security flaw.
CA-90:09.vms.breakins.warning 11/09/90
Warning about techniques intruders were using to get access to
VMS systems. No new vulnerabilities described; intruders were
using weak password attacks.
CA-90:10.attack.rumour.warning 11/16/90
Message about alleged attacks on telephone systems. No evidence
that rumors were substantiated.
CA-90:11.Security.Probes 12/10/90
Many sites on the Internet received messages on Sunday, December 9. The
messages stated that a group of researchers and students were testing
for a "common bug" in network hosts.
CA-90:12.SunOS.TIOCCONS.vulnerability 12/21/90
This Advisory was a rebroadcast of a Sun Microsystems, Inc. Security
Bulletin announcing the availability of a patch that corrects a problem
with TIOCCONS. Problem Description: TIOCCONS can be used to re-direct
console output/input away from "console"
CA-91:01a.SunOS.mail.vulnerability 02/22/91
** Superseded by CA-95:02. **
CA-91:02a.SunOS.telnetd.vulnerability 03/26/91
This advisory announces a security problem with the in.telnetd program
in releases of SunOS 4.1 and 4.1.1.
CA-91:03.unauthorized.password.change.request 04/04/91
This advisory addresses recent bogus email messages which have been
distributed on the Internet. The messages request that the user
change his/her password, and appear to come from the system admin.
CA-91:04.social.engineering 04/18/91
This advisory is an addition to CA-91:03. It addresses more bogus
Internet email scams and urges system administrators to warn their
users.
CA-91:05.Ultrix.chroot.vulnerability 05/01/91
Corrects improper installation of /usr/bin/chroot for Ultrix
versions 4.0 and 4.1.
CA-91:06.NeXTstep.vulnerability 05/14/91
Addresses three vulnerabilities in NeXT systems running various
versions of NeXTstep. Affected are: rexd(8C), /private/etc,
username "me".
CA-91:07.SunOS.source.tape.vulnerability 05/20/91
Fixes a security vulnerability on SunOS (4.0.3, 4.1, and 4.1.1)
systems which have installed the Sun Source tapes.
CA-91:08.systemV.login.vulnerability 05/23/91
Addresses a vulnerability in all System V Release 4 versions of
/bin/login. Patch provided by AT&T.
CA-91:09.SunOS.rpc.mountd.vulnerability 07/15/91
** Superseded by CA-94:02. **
CA-91:10a.SunOS.lpd.vulnerability 09/12/91
Vulnerability in SunOS 4.0.3, 4.1, and 4.1.1 /usr/lib/lpd.
Patched versions are available. Version 10a of this advisory
supersedes all prior versions.
CA-91:11.Ultrix.LAT-Telnet.gateway.vulnerability 08/14/91
Vulnerability in Ultrix LAT/Telnet gateway software on
all Ultrix 4.1 and 4.2 systems. Patch available directly from
DEC.
CA-91:12.Trusted.Hosts.Configuration.vulnerability 08/22/91
Vulnerability in MANY Unix systems regarding the use of
a minus sign ("-") as the first character in any hosts.equiv
hosts.lpd, and/or .rhosts files. Workaround is to re-arrange
the lines in these files such that the "-" is not the
first character in the file.
CA-91:13.Ultrix.mail.vulnerability 08/23/91
** Superseded by CA-95:02. **
CA-91:14.IRIX.mail.vulnerability 08/26/91
Vulnerability regarding the handling of mail messages on
all Silicon Graphics IRIX Systems prior to version 4.0.
The problem is fixed in version 4.0. Solution involves
changing permissions and ownership of a system command.
CA-91:15.NCSA.Telnet.vulnerability 09/10/91
Vulnerability in PC and Mac telnet program by NCSA. This
advisory details a workaround.
CA-91:16.SunOS.SPARC.Integer_Division.vulnerability 09/18/91
** The patch cited in this advisory has been obsoleted by
patches described in CA-92:15. **
CA-91:17.DECnet-Internet.Gateway.vulnerability 09/26/91
Vulnerability in Ultrix DECnet to Internet gateway software.
This advisory details a workaround. The vulnerability affects
Ultrix versions 4.0, 4.1, and 4.2.
CA-91:18.Active.Internet.tftp.Attacks 09/27/91
Warning about automated tftp probes for /etc/passwd to Internet
sites throughout the world. Urges all sites to carefully check
their system configurations concerning tftp usage. Indicates
how sites can secure their tftp configurations.
CA-91:19.AIX.TFTP.Daemon.vulnerability 10/17/91
Vulnerability in the TFTP daemon in all versions of AIX for
IBM RS/6000 machines. Patch available from IBM for all AIX
releases from "GOLD" to the current release.
CA-91:20.rdist.vulnerability 10/22/91
** Superseded by CA-96.14. **
CA-91:21.SunOS.NFS.Jumbo.and.fsirand 12/06/91
Vulnerabilities concerning Sun Microsystems, Inc. (Sun) Network
File System (NFS) and the fsirand program. These vulnerabilities
affect SunOS versions 4.1.1, 4.1, and 4.0.3 on all architectures.
Patches are available for SunOS 4.1.1. An initial patch for SunOS
4.1 NFS is also available. Sun will be providing complete patches
for SunOS 4.1 and SunOS 4.0.3 at a later date.
CA-91:22.SunOS.OpenWindows.vulnerability 12/16/91
** Superseded by CA-93:18. **
CA-91:23.Apollo.crp.vulnerability 12/18/91
A vulnerability is present in the crp system in Hewlett Packard/Apollo
Domain/OS in all SR10 versions. A workaround is available and
patches for SR10.3 and SR10.4 will be available from Apollo
at a future date.
CA-92:01.NeXTstep.configuration.vulnerability 01/20/92
A vulnerability is present in the default configuration in
release 2 of NeXTstep's NetInfo. The advisory indicates where
a description of how to configure NetInfo correctly can be obtained.
CA-92:02.Michelangelo.PC.virus.warning 02/06/92
This advisory warns users of a PC virus called Michelangelo.
The virus affects IBM PCs and compatibles, and has a trigger
date of March 6 (any year).
CA-92:03.Internet.Intruder.Activity 02/17/92
Warning about a significant intrusion incident on the Internet.
Urges all system administrators to check their systems for the
signs of intrusion detailed in the advisory.
CA-92:04.ATT.rexecd.vulnerability 02/25/92
A vulnerability is present in AT&T TCP/IP Release 4.0 running
on SVR4 systems for both the 386/486 and 3B2 RISC platforms.
The problem is in the remote execution server /usr/etc/rexecd
and a new version of rexecd is available from AT&T.
CA-92:05.AIX.REXD.Daemon.vulnerability 03/05/92
The rexd daemon may be enabled by default in versions 3.1 and 3.2
of AIX for IBM RS/6000 machines. The advisory describes a fix for
the problem and details how to obtain a patch for the problem from
IBM.
CA-92:06.AIX.uucp.vulnerability 03/19/92
A vulnerability is present in the UUCP software in versions of
AIX up to 2007. The advisory describes how to disable UUCP and
details how to obtain a patch for the problem from IBM.
CA-92:07.AIX.passwd.vulnerability 03/31/92
A vulnerability is present in the passwd command in AIX 3.2 and
the 2007 update of AIX 3.1. The advisory describes how to disable
the /bin/passwd until you obtain and install the patch for the
problem from IBM.
CA-92:08.SGI.lp.vulnerability 04/10/92
A vulnerability is present in the default configuration of the lp
software in Silicon Graphics Computer Systems (SGI) IRIX operating
systems. This vulnerability is present in all versions of IRIX,
prior to IRIX 4.0.5. The advisory describes how to reconfigure the
lp software in order to eliminate this vulnerability.
CA-92:09.AIX.anonymous.ftp.vulnerability 04/27/92
A vulnerability is present in the anonymous FTP configuration in all
versions of AIX. The advisory describes how to obtain a patch for
the problem from IBM.
CA-92:10.AIX.crontab.vulnerability 05/26/92
A vulnerability is present in crontab(1) in version 3.2 of AIX.
This advisory describes how to implement a workaround for the
problem until you obtain the patch for the problem from IBM.
CA-92:11:SunOS.Environment.vulnerability 05/27/92
A vulnerability involving environment variables and setuid/setgid
programs exists on all Sun architectures running SunOS 4.0 and
higher. The advisory details how to obtain patches for SunOS
programs which are known to be impacted by the vulnerability.
The advisory contains a workaround to protect vulnerable binaries
for which patches are unavailable for your SunOS version, or for
local or third party software which may be vulnerable.
CA-92:12.REVISED.SunOS.rpc.mountd.vulnerability 05/28/92
** Superseded by CA-94:02. **
CA-92:13.SunOS.NIS.vulnerability 06/04/92
Vulnerabilities are present in NIS under SunOS 4.1, 4.1.1, and
4.1.2, and may or may not exist in earlier versions of NIS. The
advisory describes how to obtain a patch for SunOS 4.1, 4.1.1, and
4.1.2 for the problem from Sun.
CA-92:14.Altered.System.Binaries.Incident 06/22/92
Warning about a significant intrusion incident on the Internet.
Urges all system administrators to check their systems for the
signs of intrusion detailed in the advisory.
CA-92:15.Multiple.SunOS.vulnerabilities.patched 07/21/92
** This advisory supersedes CA-91:16. **
The advisory describes how to obtain various patches for SunOS 4.1,
4.1.1, and 4.1.2 for all Sun architectures. As the application of
these patches involves rebuilding your system kernel, it is
recommended that you apply all patches simultaneously.
CA-92:16.VMS.Monitor.vulnerability 09/22/92
** Superseded by CA-92:18. **
CA-92:17.HP.NIS.ypbind.vulnerability 10/05/92
** Superseded by CA-93:01. **
CA-92:18.VMS.Monitor.vulnerability.update 11/17/92
** This advisory supersedes CA-92:16. **
It provides additional information concerning availability of remedial
image kits to correct a vulnerability present in the Monitor utility in
VMS V5.0 through V5.4-2. The vulnerability has been corrected in V5.4-3
through V5.5-1.
CA-92:19.Keystroke.Logging.Banner.Notice 12/07/92
This advisory provides information from the United States Department of
Justice, General Litigation and Legal Advice Section, Criminal Division,
regarding keystroke monitoring by computer systems administrators, as a
method of protecting computer systems from unauthorized access. The CERT
staff strongly suggests adding a notice banner such as the one included
in the advisory to all systems. Sites not covered by U.S. law should
consult their legal counsel.
CA-92:20.Cisco.Access.List.vulnerability 12/10/92
This advisory provides information concerning a vulnerability in Cisco
router access lists when the "established" keyword is used.
This vulnerability is present in Cisco software releases 8.2, 8.3, 9.0
and 9.1. The advisory describes workarounds and provides information on
how to obtain a patch for the problem from Cisco.
CA-92:21.ConvexOS.vulnerabilities 12/16/92
This advisory provides information concerning several vulnerabilities in
ConvexOS/Secure, CONVEX CXbatch, CONVEX Storage Manager (CSM), and
ConvexOS EMACS. These vulnerabilities can affect ConvexOS versions
V6.2 - V10.2 and ConvexOS/Secure versions V9.5 and V10.0 on all supported
architectures. The advisory describes a workaround for one of the
vulnerabilities and provides information on how to obtain a patches for
the other problems from CONVEX Computer Corporation.
CA-93:01.REVISED.HP.NIS.ypbind.vulnerability 01/13/93
** This advisory supersedes CA-92:17. **
A vulnerability is present in Hewlett-Packard's HP/UX Operating
System for series 300, 700, and 800 computers, which allows
remote NIS servers unauthorized access to local NIS hosts.
Patches from HP are available for all of the HP/UX level 8 releases
(8.0, 8.02, 8.06, and 8.07). The problem is fixed in HP/UX 9.0.
CA-93:02a.NeXT.NetInfo._writers.vulnerabilities 01/21/93
This advisory provides information concerning vulnerabilities in the
distributed printing facility ("_writers" properties) of NeXT
computers running all releases of NeXTSTEP software through NeXTSTEP
Release 3.0. The advisory details the availability of a patch for the
problems and provides suggested workarounds.
CA-93:03.SunOS.Permissions.vulnerability 02/03/93
This advisory describes a patch that is available to correct
the ownerships and permissions for a number of system files in
SunOS 4.1, 4.1.1, 4.1.2, and 4.1.3. These have been fixed in
SunOS 5.0. CERT staff has seen an increasing number of attackers
exploit these problems on systems and we encourage sites to
consider installing this patch.
CA-93:04a.Amiga.finger.vulnerability 02/18/93
A vulnerability is present in the "finger" program of Commodore
Business Machine's Amiga UNIX product and affects Commodore
Amiga UNIX versions 1.1, 2.03, 2.1, 2.1p1, 2.1p2, and 2.1p2a.
This advisory details the availability of a patch for the problem
and provides a suggested workaround.
CA-93:05.OpenVMS.AXP.vulnerability 02/24/93
A vulnerability is present with Digital Equipment Corporation's
OpenVMS and OpenVMS AXP. This vulnerability is present in OpenVMS
V5.0 through V5.5-2 and OpenVMS AXP V1.0 but has been corrected
in OpenVMS V6.0 and OpenVMS AXP V1.5. This advisory provides
details from Digital on the severity of the vulnerability and
patch availability for the problem.
CA-93:06.wuarchive.ftpd.vulnerability 04/09/93
A vulnerability is present in versions of wuarchive ftpd available
before April 8, 1993. This vulnerability is present in wuarchive ftpd
versions which were available from wuarchive.wustl.edu and many other
anonymous FTP sites. This advisory provides details on the severity
of the vulnerability and (1) the availability of a new version of
wuarchive ftpd and (2) availability of a patch for the problem.
CA-93:07.Cisco.Router.Packet.Handling.vulnerability 04/22/93
A vulnerability exists in Cisco routers such that a router which
is configured to suppress source routed packets with the following
command: "no ip source-route" may allow traffic which should be
suppressed. This vulnerability applies to all models of Cisco routers,
and occurs with the following releases of software: 8.2, 8.3, 9.0,
9.1, and 9.17. This advisory details information about releases
available to correct this problem.
CA-93:08.SCO.passwd.vulnerability 05/24/93
A vulnerability exists in several releases of SCO's Operating Systems.
This vulnerability has the potential to deny legitimate users the
ability to log onto the system. This advisory details information
about releases available to correct this problem.
CA-93:09.SunOS.expreserve.vulnerability 06/11/93
** Superseded by CA-96.19. **
CA-93:09a.SunOS.expreserve.vulnerability 07/01/93
** Superseded by CA-96.19. **
CA-93:10.anonymous.FTP.activity 07/14/93
This advisory provides an updated version of the anonymous FTP
configuration guidelines that is available from the CERT
Coordination Center.
CA-93:11.UMN.UNIX.gopher.vulnerability 08/09/93
Vulnerabilities exist in versions of the UMN UNIX gopher and gopher+
server and client available before August 6, 1993. These vulnerabilities
are present in UMN UNIX gopher and gopher+ versions which were available
from boombox.micro.umn.edu and many other anonymous FTP sites. This
advisory provides details on the severity of the vulnerabilities and
the availability of new versions of UMN UNIX gopher and gopher+.
CA-93:12.Novell.LOGIN.EXE.vulnerability 09/16/93
A vulnerability exists in Novell's NetWare 4.x login program (LOGIN.EXE).
This advisory provides details on the availability of a security-enhance
version of the Novell Netware 4.x login program.
CA-93:13.SCO.Home.Directory.Vulnerability 09/17/93
A vulnerability relating to the "dos" and "asg" accounts exists in
numerous SCO Operating Systems releases. This advisory provides
instructions for repairing the vulnerability.
CA-93:14.Internet.Security.Scanner 09/30/93
This advisory alerts Internet sites to a new software tool that
is widely available. The advisory describes vulnerabilities
probed by the Internet Security Scanner (ISS) software.
CA-93:15.SunOS.and.Solaris.vulnerabilities 10/21/93
This advisory describes several vulnerabilities in Sun operating
systems: /usr/lib/sendmail (SunOS 4.1.x, Solaris 2.x), /bin/tar
(Solaris 2.x), and dev/audio (SunOS 4.1.x, Solaris 2.x). The
advisory includes patch and workaround information for these
problems.
* The sendmail portion of this advisory is superseded by CA-96.20,
CA-96.24, and CA-96.25. *
CA-93:16.sendmail.vulnerability 11/04/93
** Superseded by CA-96.20, CA-96.24, and CA-96.25. **
CA-93:16a.sendmail.vulnerability.supplement 01/07/94
** Superseded by CA-96.20, CA-96.24, and CA-96.25. **
CA-93:17.xterm.logging.vulnerability 11/11/93
This advisory addresses a vulnerability in the logging function of
many versions of xterm. It provides information about several
solutions.
CA-93:18.SunOS.Solbourne.loadmodule.modload.vulnerability 12/15/93
** This advisory supersedes CA-91:22. **
The advisory addresses a vulnerability in /usr/etc/modload
and $OPENWINHOME/bin/loadmodule in in Sun Microsystems, Inc.
SunOS 4.1.1, 4.1.2, 4.1.3, and 4.1.3c and OpenWindows 3.0
on all sun4 and Solbourne Computer, Inc. architectures.
CA-93:19.Solaris.Startup.vulnerability 12/16/93
Information about a vulnerability in the system startup
scripts on Solaris 2.x and Solaris x86 systems.
CA-94:01.ongoing.network.monitoring.attacks 02/03/94
This advisory describes ongoing network monitoring attacks. All
systems that offer remote access through rlogin, telnet, and ftp
are at risk. The advisory includes a description of the activity and
suggested approaches for addressing the problem.
CA-94:02.REVISED.SunOS.rpc.mountd.vulnerability 02/14/94
** This advisory supersedes CA-91:09 and CA-92:12.**
A vulnerability is present in SunOS 4.1, 4.1.1, 4.1.2, and 4.1.3
/usr/etc/rpc.mountd. Unauthorized remote hosts will be able to mount
the file system. The advisory describes how to obtain a patch for
the problem from Sun.
CA-94:03.AIX.performance.tools 02/24/94
Vulnerabilities are present in the bosext1.extcmds.obj
performance tools in AIX 3.2.5 and in those AIX 3.2.4 systems
with Program Temporary Fixes (PTFs) U420020 or U422510 installed.
These problems do not exist in earlier versions of AIX.
CA-94:04.SunOS.rdist.vulnerability 03/17/94
** Superseded by CA-96.14. **
CA-94:05.MD5.checksums 03/18/94
This advisory gives the MD5 checksums for a number of SunOS
files, along with a tool for checking them.
CA-94:06.utmp.vulnerability 03/21/94
This advisory addresses a vulnerability with /etc/utmp ins
SunOS 4.1.X and Solaris 1.1.1 operating systems. Solbourne
Computer, Inc. and other Sparc products using SunOS 4.1.X or
Solaris 1.1.1 are also affected. Solaris 2.x is not affected
by this problem.
CA-94:07.wuarchive.ftpd.trojan.horse 04/06/94
Warning about intruder-modified source for wuarchive ftpd,
which introduced a Trojan horse in versions 2.2, 2.1f, and
possibly earlier versions. Recommended solution is to
upgrade to version 2.3.
CA-94:08.ftpd.vulnerabilities 04/14/94
This advisory addresses two vulnerabilities with some releases of
fptd and announces new versions and patches to correct these
problems. ftpd versions affected are wuarchive ftpd 2.0-2.3,
DECWRL ftpd versions prior to 5.93, and BSDI ftpd version 1.1
prior to patch level 5. The vulnerabilities addressed are the
SITE EXEC and race condition vulnerabilities.
CA-94:09.bin.login.vulnerability 05/23/94
This advisory addresses a vulnerability in /bin/login of all
IBM AIX 3 systems, and Linux systems. A workaround and patch
information are included in this advisory.
CA-94:10.IBM.AIX.bsh.vulnerability 06/3/94
This advisory addresses a vulnerability in the batch queue (bsh)
of IBM AIX systems running versions prior to and including AIX
3.2. CERT staff recommends a workaround to disable the bsh feature.
IBM provides a patch for systems requiring this functionality.
CA-94:11.majordomo.vulnerabilities 06/9/94
This advisory addresses two vulnerabilities in Majordomo
versions prior to 1.92. CERT staff recommends installing version
1.92, but provides workarounds if this is not possible.
CA-94:12.sendmail.vulnerabilities 07/14/94
** Superseded by CA-96.20, CA-96.24, and CA-96.25. **
CA-94:13.SGI.IRIX.Help.Vulnerability 08/11/94
This advisory addresses a vulnerability in the Silicon Graphics, Inc.
IRIX 5.x Help system. SGI recommends installing the patch, but has
provided a workaround to disable the Help system if this is not
possible.
CA-94:14.trojan.horse.in.IRC.client.for.UNIX 10/19/94
This advisory discusses a Trojan horse that was found in version 2.2.9
or ircII, the source code for the Internet Relay Chat (IRC) client for
UNIX systems. For reasons described in the advisory, the CERT staff
urges everyone to install ircII version 2.6.
CA-94:15.NFS.Vulnerabilities 12/19/94
This advisory describes security measures to guard against several
vulnerabilities in the Network File System (NFS). The advisory was
prompted by an increase in root compromises by intruders using tools
to exploit the vulnerabilities.
CA-95:01.IP.spoofing.attacks.and.hijacked.terminal.connections 1/23/95
The IP spoofing portion of this advisory has been
superseded by CA-96.21. The description of the intruder
activity of hijacking terminals is still current.
CA-95:02.binmail.vulnerabilities 1/26/95
** This advisory supersedes CA-91:01a and CA-91:13. **
It addresses vulnerabilities in some versions of /bin/mail
based on BSD 4.3 UNIX. It includes a list of vendor patches
and source code for mail.local.c, an alternative to /bin/mail.
CA-95:03.telnet.encryption.vulnerability 2/16/95
** Superseded by CA-95:03a. **
CA-95:03a.telnet.encryption.vulnerability 3/3/95
** This advisory supersedes CA-95:03. **
Description and patch information for a security problem in the
Berkeley Telnet clients that support encryption and Kerberos V4
authentication. It provides additional information.
CA-95:04.NCSA.http.daemon.for.unix.vulnerability 2/17/95
This advisory provides a patch for a vulnerability in the NCSA
HTTP daemon version 1.3 for UNIX.
CA-95:05.sendmail.vulnerabilities 2/22/95
** Superseded by CA-96.20, CA-96.24, and CA-96.25. **
CA-95:06.satan 4/3/95
An overview of the Security Administrator Tool for Analyzing Networks
(SATAN) based on the CERT staff's review of beta version 0.51.
Includes list of vulnerabilities probed and advice on securing
systems.
CA-95:07.vulnerability.in.satan. 4/10/95
** Superseded by CA-95:07a. **
CA-95:07a.REVISED.satan.vul 4/21/95
** This advisory replaces CA-95:07.**
It is a revision that provides new information the problem described
in CA-95:07, and includes precautions to take when running SATAN.
A tutorial by the SATAN authors, "SATAN Password Disclosure" is
appended to the advisory.
CA-95:08.sendmail.v.5.vulnerability 8/17/95
This advisory describes a vulnerability in sendmail v.5, which is
still in use and which includes IDA sendmail. Many vendors have
previously fixed the problem, others recently developed patches.
CA-95:09.Solaris.ps.vul 8/29/95
This advisory describes a vulnerability in Solaris that can be
exploited if the permissions on the /tmp and /var/tmp directories
are set incorrectly.
CA-95:10.ghostscript 8/31/95
This advisory describes a vulnerability involving the -dSAFER option
in ghostscript versions 2.6 through 3.22 beta. The advisory includes
instructions for fixing the problem and pointers to version 3.33 of
ghostscript.
CA-95:11.sun.sendmail-oR.vul 9/19/95
** Superseded by CA-96.20, CA-96.24, and CA-96.25. **
CA-95:12.sun.loadmodule.vul 10/18/95
The advisory describes a problem with the loadmodule(8) program
in Sun OS 4.1.X and provides patch information.
CA-95:13.syslog.vul 10/19/95
This advisory describes a general problem with syslog, lists
vendor information about patches, and provides a workaround
for solving the syslog problem in sendmail in particular.
CA-95:14.Telnetd_Environment_Vulnerability 11/1/95
This advisory describes a vulnerability with some telnet daemons and
includes patch information from vendors, along with a workaround.
CA-95:15.SGI.lp.vul 11/8/95
This advisory points out accounts that are distributed without
passwords and urges SGI customers to create passwords for those
accounts.
CA-95:16.wu-ftpd.vul 11/30/95
This advisory describes a vulnerability in the wu-fptd SITE EXEC
command and provides solutions for both Linux users and others.
CA-95:17.rpc.ypupdated.vul 12/12/95
This advisory describes a vulnerability in the rpc.ypupdated program,
for which an exploitation program has been posted to several
newsgroups. The advisory includes vendor information and a
workaround.
CA-95:18.widespread.attacks 12/18/95
This advisory warns readers of attacks on hundreds of Internet
sites in which intruders exploit known vulnerabilities, all of
which have been addressed in previous CERT advisories. These
advisories are listed.
CA-96.01.UDP_service_denial 02/08/96
This advisory describes UDP port denial-of-service attacks,
for which an exploitation script has been publicly posted. The
advisory includes a workaround.
CA-96.02.bind 02/15/96
** Superseded by CA-97.22. **
CA-96.03.kerberos_4_key_server 02/21/96
This advisory describes a problem with the Kerberos 4 key server,
points to patches, and provides vendor information.
CA-96.04.corrupt_info_from_servers 02/22/96
This advisory describes a vulnerability in network servers that
can lead to corrupt information. The advisory includes information
on subroutines for validating host names and IP addresses, patches
for sendmail, and the status of vendor activity relating to the
problem.
CA-96.05.java_applet_security_mgr 03/05/96
This advisory describes a vulnerability in the Netscape Navigator 2.0
Java implementation and in Release 1.0 of the Java Developer's Kit
from Sun Microsystems, Inc. Workarounds and pointers to a patch are
included.
CA-96.06.cgi_example_code 03/20/96
This advisory describes a problem with example CGI code, as found in
the NCSA 1.5a-export and APACHE 1.0.3 httpd, and possibly previous
distributions of both servers. Workarounds are provided.
CA-96.07.java_bytecode_verifier 03/29/96
This advisory describes a vulnerability in the Java bytecode verifier
portion of Sun Microsystems' Java Development Kit (JDK) 1.0 and
1.0.1. Workarounds are provided for this product and Netscape
Navigator 2.0 and 2.01, which have the JDK built in.
CA-96.08.pcnfsd 04/18/96
This advisory describes a vulnerability in the pcnfsd program (also
known as rpc.pcnfsd). A patch is included.
CA-96.09.rpc.statd 04/24/96
This advisory describes a vulnerability in the rpc.statd (or statd)
program that allows authorized users to remove or create any file
that a root user can. Vendor information is included.
CA-96.10.nis+_configuration 05/28/96
This advisory was originally released as AUSCERT advisory AA-96.02a.
It describes a vulnerability and workarounds for versions of NIS+ in
which the access rights on the NIS+ passwd table are left in an
unsecure state.
CA-96.11.interpreters_in_cgi_bin_dir 05/29/96
This advisory warns users not to put interpreters in a Web server's
CGI bin directory and to evaluate all programs in that directory.
CA-96.12.suidperl_vul 06/26/96
This advisory describes a vulnerability in systems that contain
the suidperl program and that support saved set-user-ID and
saved set-group-ID. Patch information is included.
CA-96.13.dip_vul 07/09/96
This advisory describes a vulnerability in the dip program, which is
shipped with most Linux systems. Other UNIX systems may also use it.
Pointers to dip 3.3.7 are included.
CA-96.14.rdist_vul 07/24/96
** This advisory supersedes CA-91:20 and CA-94:04. **
It describes a vulnerability in the lookup subroutine of rdist, for
which an exploitation script is available. Vendor information and
a pointer to a new version of rdist are included.
CA-96.15.Solaris_KCMS_vul 07/31/96
This advisory describes a vulnerability in the Solaris 2.5 kcms
programs and suggests a workaround.
CA-96.16.Solaris_admintool_vul 08/05/96
This advisory describes a vulnerability in the Solaris admintool and
gives a workaround.
CA-96.17.Solaris_vold_vul 08/06/96
This advisory describes a vulnerability in the Solaris volume
management daemon (vold) and gives a workaround.
CA-96.18.fm_fls 08/14/96
This advisory reports a configuration problem in the
floating license server for Adobe FrameMaker (fm_fls).
A workaround is provided.
CA-96.19.expreserve 08/15/96
** This advisory supersedes CA-93:09 and CA-93:09a. **
It provides information about a vulnerability in the expreserve
utility. A workaround and vendor information are included.
CA-96.20.sendmail_vul 09/18/96
This advisory describes a vulnerability in all versions of sendmail prior
to 8.7.6, and includes a workaround and patch information.
CA-96.21.tcp_syn_flooding 09/19/96
** This advisory supersedes the IP spoofing portion of CA-95:01. **
It describes denial-of-service attacks through TCP SYN flooding and
IP spoofing. Advice about filtering is included.
CA-96.22.bash_vuls 10/08/96
This advisory addresses two problems with the GNU Project's
Bourne Again SHell (bash): one in yy_string_get() and one in
yy_readline_get().
CA-96.23.workman_vul 10/28/96
This advisory describes a vulnerability in the WorkMan compact
disc-playing program that affects UNIX System V Release 4.0 and
derivatives and Linux systems.
CA-96.24.sendmail.daemon.mode 11/21/96
It describes a security problem relating to the daemon mode in
sendmail 8.7 through 8.8.2. The advisory also includes a note about
two vulnerabilities in versions 8.8.0 and 8.8.1; these have been
fixed as well.
CA-96.25.sendmail_groups 12/10/96
The advisory describes a security problem affecting sendmail
version 8 relating to group-writable files. Vendor patches and
a workaround are included.
CA-96.26.ping 12/18/96
This advisory describes a denial-of-service attack using large ICMP
datagrams issued via the ping command. Vendor information is included.
CA-96.27.hp_sw_install 12/19/96
This advisory describes a vulnerability in Hewlett-Packard SD-UX that
may allow local users to gain root privileges. A workaround is included.
CA-97.01.flex_lm 01/06/97
This advisory describes multi-platform UNIX FLEXlm
vulnerabilities. These problems may allow local users to create
arbitrary files on the system and execute arbitrary programs using the
privileges of the user running the FLEXlm daemons.
CA-97.02.hp_newgrp 01/07/97
This advisory describes a vulnerability in the newgrp(1) program under
HP-UX 9.x and 10.x that may allow users to gain root privileges. A
workaround is provided.
CA-97.03.csetup 01/08/97
A vulnerability in the csetup program under IRIX versions 5.x, 6.0,
6.0.1, 6.1, and 6.2 allows local users to create or overwrite arbitrary
files on the system and ultimately gain root privileges. A workaround
is provided.
CA-97.04.talkd 01/27/97
A vulnerability in talkd(8) program used by talk(1) makes it
possible to provide corrupt DNS information to a host and
to remotely execute arbitrary commands with root privileges.
The advisory includes information on how to solve the general
problem as well as the specific one.
CA-97.05.sendmail 01/28/97
This advisory addresses a MIME conversion buffer overflow in
sendmail versions 8.8.3 and 8.8.4. The advisory includes vendor
information, pointers to the latest version of sendmail, a workaround,
and general precautions to take when using sendmail.
CA-97.06.rlogin-term 02/06/97
This advisory reports a vulnerability in many implementations of the
rlogin program, including eklogin and klogin. Vendor information and a
workaround are included.
CA-97.07.nph-test-cgi_script 02/18/97
This advisory points out a vulnerability in the nph-test-cgi script
included with some http daemons. Readers are urged to disable the
script. Vendor information is included.
CA-97.08.innd Originally issued 02/20/97
Topic 2 issued 04/03/97
This advisory describes two vulnerabilities in INN (the InterNetNews
server). One affects versions 1.5 and earlier; the other affects
1.5.1 and earlier. The advisory includes pointers to version 1.5.1
and earlier. Updated information on the second vulnerability was
added as "Topic 2." Pointers to all relevant patches are included,
along with information from vendors.
CA-97.09.imap_pop 04/07/97
This advisory reports a vulnerability in some versions of the Internet
Message Access Protocol (IMAP) and Post Office Protocol (POP)
implementations (imapd, ipop2d, and ipop3d). Vendor and upgrade
information are included.
CA-97.10.nls 04/24/97
This advisory reports a buffer overflow condition that affects
some libraries using the Natural Language Service (NLS). Vendor
vulnerability and patch information are included.
CA-97.11.libXt 05/01/97
This advisory reports a buffer overflow vulnerability in the Xt library
of the X Windowing System. Vendor vulnerability and patch information
are included.
CA-97.12.webdist 05/06/97
This advisory reports a vulnerability in the webdist.cgi-bin program,
part of the IRIX Mindshare Out Box package, available with IRIX 5.x and
6.x. By exploiting this vulnerability, both local and remote users may
be able to execute arbitrary commands with the privileges of the httpd
daemon. A workaround is included.
CA-97.13.xlock 05/07/97
This advisory reports a buffer overflow problem in some versions of
xlock. This problem makes it possible for local users to execute
arbitrary programs as a privileged user. Patch information and a
workaround are included.
CA-97.14.metamail 05/21/97
This advisory reports a vulnerability in metamail,
a package that implements MIME. All versions of metamail
through 2.7 are vulnerable.
CA-97.15.sgi_login 05/28/97
This advisory describes a vulnerability in the SGI login program
when the LOCKOUT parameter is set to a number greater than zero.
The vulnerability is present in IRIX 5.3 and 6.2, and perhaps other
versions.
CA-97.16.ftpd 05/29/97
This advisory describes a vulnerability in some versions of ftpd
distributed and installed under various Unix platforms. Includes
vendor information.
CA-97.17.sperl 05/29/97
This advisory addresses a buffer overflow condition in suidperl
(sperl) built from Perl 4.n and Perl 5.n distributions on UNIX
systems. It suggests several solutions and includes vendor information
and a patch for Perl version 5.003.
CA-97.18.at 06/12/97
This advisory addresses a buffer overflow condition in some versions
of the at(1) program. Patch information and a workaround are provided.
CA-97.19.bsdlp 06/25/97
This advisory describes a vulnerability in BSD-based lpr
printing software. Vendor information and a pointer to a wrapper
are included.
CA-97.20.javascript 07/08/97
This advisory reports a vulnerability in JavaScript that
enables remote attackers to monitor a user's Web activities.
CA-97.21.sgi_buffer_overflow 07/16/97
In this advisory, we describe 6 buffer overflow problems in SGI IRIX
systems. Problems affect the df, pset, eject, login/scheme, ordist,
and xlock programs. Workarounds and a pointer to a wrapper are
provided.
CA-97.22.bind 08/13/97
** This advisory supersedes CA-96.02 **
It describes a vulnerability in all versions of BIND before
release 4.9.6, suggests several solutions, and provides pointers
to the current version of bind.
CA-97.23.rdist 09/16/97
This advisory discusses a buffer overflow problem in rdist.
It is a different vulnerability from the one described in
CA-96.14.
CA-97.24.Count_cgi 11/05/97
This advisory describes a buffer overrun vulnerability which
exists in the Count.cgi cgi-bin program that allows intruders
to force Count.cgi to execute arbitrary commands.
CA-97.25.CGI_metachar 11/10/97
This advisory reports a vulnerability that some CGI scripts
have a problem that allows an attacker to execute arbitrary
commands on a WWW server under the effective user-id of the
server process.
CA-97.26.statd 12/05/97
This advisory reports a vulnerability that exists in the
statd(1M) program, available on a variety of Unix platforms.
CA-97.27.FTP_bounce 12/10/97
This advisory discusses the use of the PORT command in the
FTP protocol.
CA-97.28.Teardrop_Land 12/16/97
This advisory reports on two IP Denial-of-Service attacks.
CA-98.01.smurf 01/05/98
This advisory describes the "smurf" IP Denial-of-Service
attacks.
CA-98.02.CDE 01/21/98
This advisory reports several vulnerabilities in some
implementations of the Common Desktop Environment (CDE).
CA-98.03.ssh-agent 01/22/98
This advisory details a vulnerability in the SSH cryptographic
login program.
CA-98.04.Win32.WebServers 02/06/98
This advisory reports an exploitation involving long file
names on Microsoft Windows-based web servers.
OTHER FILES in ftp://ftp.cert.org/pub/cert_advisories/
01-README
This file.
cert-article
An article about CERT from the March 1990 issue of Bridge, a
magazine published by the Software Engineering Institute (SEI).
cert.press.release.dec88
The DARPA press release issued on December 6, 1988 announcing the
formation of the original team, which evolved into the CERT Coordination
Center.
xterm-patch-status
A status file containing vendor information relating to the
xterm vulnerability described in the CA-93:17.xterm.logging.vulnerability
advisory.
For more information on the CERT(sm) Coordination Center and on computer and
information security, see
ftp://ftp.cert.org/pub/
http://www.cert.org