lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 24 Nov 2003 15:28:13 -0500
From: CERT Advisory <>
Subject: CERT Summary CS-2003-04


CERT Summary CS-2003-04

   November 24, 2003

   Each  quarter, the CERT Coordination Center (CERT/CC) issues the CERT
   Summary  to  draw  attention  to  the types of attacks reported to our
   incident  response  team,  as  well  as  other noteworthy incident and
   vulnerability information. The summary includes pointers to sources of
   information for dealing with the problems.

   Past CERT summaries are available from:

          CERT Summaries


Recent Activity

   Since  the  last regularly scheduled CERT summary, issued in September
   2003 (CS-2003-03), we have documented vulnerabilities in the Microsoft
   Windows Workstation Service, RPCSS Service, and Exchange. We have also
   documented  vulnerabilities  in  various  SSL/TLS  implementations,  a
   buffer overflow in Sendmail, and a buffer management error in OpenSSH.
   We  have  received  reports  of  W32/Swen.A,  W32/Mimail variants, and
   exploitation  of an Internet Explorer vulnerability reported in August
   of 2003.

   For  more  current  information  on  activity  being  reported  to the
   CERT/CC,  please  visit the CERT/CC Current Activity page. The Current
   Activity  page  is  a  regularly updated summary of the most frequent,
   high-impact  types  of  security  incidents  and vulnerabilities being
   reported  to the CERT/CC. The information on the Current Activity page
   is reviewed and updated as reporting trends change.

          CERT/CC Current Activity

    1. W32/Mimail Variants

       The  CERT/CC  has  received reports of several new variants of the
       'Mimail'  worm. The most recent variant of the worm (W32/Mimail.J)
       arrives  as  an  email  message  alleging  to  be  from the Paypal
       financial   service.  The  message  requests  that  the  recipient
       'verify'  their  account  information to prevent the suspension of
       their  Paypal account. Attached to the email is an executable file
       which  captures  this  information (if entered), and sends it to a
       number of email addresses.

                Current Activity - November 19, 2003

    2. Buffer Overflow in Windows Workstation Service

       A  buffer  overflow  vulnerability  exists  in Microsoft's Windows
       Workstation  Service  (WKSSVC.DLL) allowing an attacker to execute
       arbitrary code or cause a denial-of-service condition.

                CERT Advisory CA-2003-28
		Buffer Overflow in Windows Workstation Service

                Vulnerability Note VU#567620
		Microsoft Windows Workstation service vulnerable to 
		buffer overflow when sent specially crafted network

    3. Multiple Vulnerabilities in Microsoft Windows and Exchange

       Multiple  vulnerabilities exist in Microsoft Windows and Microsoft
       Exchange,  the  most serious of which could allow remote attackers
       to execute arbitrary code.

                CERT Advisory CA-2003-27
		Multiple Vulnerabilities in Microsoft Windows and 

                Vulnerability Note VU#575892
		Buffer overflow in Microsoft Windows Messenger Service

                Vulnerability Note VU#422156
		Microsoft Exchange Server fails to properly handle
		specially crafted SMTP extended verb requests

                Vulnerability Note VU#467036
		Microsoft Windows Help and support Center contains buffer
		overflow in code used to handle HCP protocol

                Vulnerability Note VU#989932
		Microsoft Windows contains buffer overflow in Local 
		Troubleshooter ActiveX control (Tshoot.ocx)

                Vulnerability Note VU#838572
		Microsoft Windows Authenticode mechanism installs ActiveX
		controls without prompting user

                Vulnerability Note VU#435444
		Microsoft Outlook Web Access (OWA) contains cross-site
		scripting vulnerability in the "Compose New Message" form

                Vulnerability Note VU#967668
		Microsoft Windows ListBox and ComboBox controls vulnerable
		to buffer overflow when supplied crafted Windows message

    4. Multiple Vulnerabilities in SSL/TLS Implementations

       Multiple  vulnerabilities  exist in the Secure Sockets Layer (SSL)
       and  Transport Layer Security (TLS) protocols allowing an attacker
       to execute arbitrary code or cause a denial-of-service condition.

                CERT Advisory CA-2003-26
		Multiple  Vulnerabilities in SSL/TLS Implementations

                Vulnerability Note VU#935264
		OpenSSL ASN.1 parser insecure memory deallocation

                Vulnerability Note VU#255484
		OpenSSL contains integer overflow handling ASN.1 tags (1)

                Vulnerability Note VU#380864
		OpenSSL contains integer overflow handling ASN.1 tags (2)

                Vulnerability Note VU#686224
		OpenSSL does not securely handle invalid public key when
		configured to ignore errors

                Vulnerability Note VU#732952
		OpenSSL accepts unsolicited client certificate messages

                Vulnerability Note VU#104280
		Multiple vulnerabilities in SSL/TLS implementations

                Vulnerability Note VU#412478
		OpenSSL 0.9.6k does not properly handle ASN.1 sequences

    5. Exploitation of Internet Explorer Vulnerability

       The CERT/CC received a number of reports indicating that attackers
       were   actively   exploiting   the   Microsoft  Internet  Explorer
       vulnerability  described  in  VU#865940. These attacks include the
       installation  of tools for launching distributed denial-of-service
       (DDoS)   attacks,   providing   generic  proxy  services,  reading
       sensitive  information  from  the  Windows  registry,  and using a
       victim   system's  modem  to  dial  pay-per-minute  services.  The
       vulnerability  described in VU#865940 exists due to an interaction
       between  IE's  MIME  type  processing  and the way it handles HTML
       application (HTA) files embedded in OBJECT tags.

                CERT Advisory IN-2003-04
		Exploitation of Internet Explorer Vulnerability

                Vulnerability Note VU#865940
		Microsoft Internet Explorer does not properly evaluate
		"application/hta" MIME type referenced by DATA attribute
		of OBJECT element

    6. W32/Swen.A Worm

       On  September  19,  the  CERT/CC began receiving a large volume of
       reports  of  a  mass  mailing  worm,  referred  to  as W32/Swen.A,
       spreading on the Internet. Similar to W32/Gibe.B in function, this
       worm  arrives as an attachment claiming to be a Microsoft Internet
       Explorer  Update  or  a  delivery  failure  notice from qmail. The
       W32/Swen.A  worm  requires a user to execute the attachment either
       manually or by using an email client that will open the attachment
       automatically.  Upon  opening the attachment, the worm attempts to
       mail  itself  to  all  email addresses it finds on the system. The
       CERT/CC  updated  the  current  activity  page  to contain further
       information on this worm.

                Current Activity - September 19, 2003

    7. Buffer Overflow in Sendmail

       Sendmail,  a widely deployed mail transfer agent (MTA), contains a
       vulnerability  that  could  allow an attacker to execute arbitrary
       code with the privileges of the sendmail daemon, typically root.

                CERT Advisory CA-2003-25
		Buffer Overflow in Sendmail

                Vulnerability Note VU#784980
		Sendmail prescan() buffer overflow vulnerability

    8. Buffer Management Vulnerability in OpenSSH

       A remotely exploitable vulnerability exists in a buffer management
       function in versions of OpenSSH prior to 3.7.1. This vulnerability
       could enable an attacker to cause a denial-of-service condition.

                CERT Advisory CA-2003-24
		Buffer Management Vulnerability in OpenSSH

                Vulnerability Note VU#333628
		OpenSSH contains buffer management errors

    9. RPCSS Vulnerabilities in Microsoft Windows

       On  September  10,  the  CERT/CC reported on three vulnerabilities
       that  affect  numerous versions of Microsoft Windows, two of which
       are  remotely  exploitable  buffer  overflows that may an allow an
       attacker to execute code with system privileges.

                CERT Advisory CA-2003-23
		RPCSS Vulnerabilities in Microsoft Windows

                Vulnerability Note VU#483492
		Microsoft Windows RPCSS Service contains heap overflow in
		DCOM activation routines

                Vulnerability Note VU#254236
		Microsoft Windows RPCSS Service contains heap overflow in
		DCOM request filename handling

                Vulnerability Note VU#326746
		Microsoft Windows RPC service vulnerable to 
		denial of service

New CERT Coordination Center (CERT/CC) PGP Key

   On  October 15, the CERT/CC issued a new PGP key, which should be used
   when sending sensitive information to the CERT/CC.

          CERT/CC PGP Public Key

          Sending Sensitive Information to the CERT/CC


What's New and Updated

   Since the last CERT Summary, we have published new and updated
     * Advisories
     * Vulnerability Notes
     * CERT/CC Statistics
     * Congressional Testimony
     * Training Schedule
     * CSIRT Development

   This document is available from:

CERT/CC Contact Information

          Phone: +1 412-268-7090 (24-hour hotline)
          Fax: +1 412-268-6989
          Postal address:
          CERT Coordination Center
          Software Engineering Institute
          Carnegie Mellon University
          Pittsburgh PA 15213-3890

   CERT/CC   personnel   answer  the  hotline  08:00-17:00  EST(GMT-5)  /
   EDT(GMT-4)  Monday  through  Friday;  they are on call for emergencies
   during other hours, on U.S. holidays, and on weekends.

Using encryption

   We  strongly  urge you to encrypt sensitive information sent by email.
   Our public PGP key is available from

   If  you  prefer  to  use  DES,  please  call the CERT hotline for more

Getting security information

   CERT  publications  and  other security information are available from
   our web site

   To  subscribe  to  the CERT mailing list for advisories and bulletins,
   send  email  to Please include in the body of your

   subscribe cert-advisory

   *  "CERT"  and  "CERT  Coordination Center" are registered in the U.S.
   Patent and Trademark Office.

   Any  material furnished by Carnegie Mellon University and the Software
   Engineering  Institute  is  furnished  on  an  "as is" basis. Carnegie
   Mellon University makes no warranties of any kind, either expressed or
   implied  as  to  any matter including, but not limited to, warranty of
   fitness  for  a  particular purpose or merchantability, exclusivity or
   results  obtained from use of the material. Carnegie Mellon University
   does  not  make  any warranty of any kind with respect to freedom from
   patent, trademark, or copyright infringement.

   Conditions for use, disclaimers, and sponsorship information

   Copyright 2003 Carnegie Mellon University.

Version: PGP 6.5.8


Powered by blists - more mailing lists