Section: .. / advisories / cert /
|
See the CERT website for more information.
|
| /// File Name: |
CA-96.07.java_bytecode_verifier |
Description:
|
This advisory describes a vulnerability in the Java bytecode verifier portion of Sun Microsystems' Java Development Kit (JDK) 1.0 and 1.0.1. Workarounds are provided for this product and Netscape Navigator 2.0 and 2.01, which have the JDK built in.
| | File Size: | 9300 | | Last Modified: | Sep 14 07:48:47 1999 |
| MD5 Checksum: | 605c3f42617f758bbfadf017b380aa54 |
|
| /// File Name: |
CA-96.06.cgi_example_code |
Description:
|
This advisory describes a problem with example CGI code, as found in
| | File Size: | 13572 | | Last Modified: | Sep 14 07:48:46 1999 |
| MD5 Checksum: | 958b610082eec2ac8a1f42656fa7df54 |
|
| /// File Name: |
CA-96.05.java_applet_security_mgr |
Description:
|
This advisory describes a vulnerability in the Netscape Navigator 2.0 Java implementation and in Release 1.0 of the Java Developer's Kit from Sun Microsystems, Inc. Workarounds and pointers to a patch are included.
| | File Size: | 7565 | | Last Modified: | Sep 14 07:48:45 1999 |
| MD5 Checksum: | 7e68bb2199001dbc6939c982b95d9253 |
|
| /// File Name: |
CA-96.04.corrupt_info_from_servers |
Description:
|
This advisory describes a vulnerability in network servers that can lead to corrupt information. The advisory includes information on subroutines for validating host names and IP addresses, patches for sendmail, and the status of vendor activity relating to the problem.
| | File Size: | 21012 | | Last Modified: | Sep 14 07:48:44 1999 |
| MD5 Checksum: | a48de544f6e0dd0dd81a0351bb9f1aea |
|
| /// File Name: |
CA-96.03.kerberos_4_key_server |
Description:
|
This advisory describes a problem with the Kerberos 4 key server, points to patches, and provides vendor information.
| | File Size: | 10840 | | Last Modified: | Sep 14 07:48:43 1999 |
| MD5 Checksum: | 2d2b8d87bd0cf809d613af6612b08bad |
|
| /// File Name: |
CA-96.01.UDP_service_denial |
Description:
|
This advisory describes UDP port denial-of-service attacks, for which an exploitation script has been publicly posted. The advisory includes a workaround.
| | File Size: | 8660 | | Last Modified: | Sep 14 07:48:42 1999 |
| MD5 Checksum: | 84d727d432dec2f3eea22b7cd940b707 |
|
| /// File Name: |
CA-95:18.widespread.attacks |
Description:
|
This advisory warns readers of attacks on hundreds of Internet sites in which intruders exploit known vulnerabilities, all of which have been addressed in previous CERT advisories. These advisories are listed.
| | File Size: | 19834 | | Last Modified: | Sep 14 07:48:41 1999 |
| MD5 Checksum: | 5137a730a6a4957f38a847de0e2c1efa |
|
| /// File Name: |
CA-95:17.rpc.ypupdated.vul |
Description:
|
This advisory describes a vulnerability in the rpc.ypupdated program, for which an exploitation program has been posted to several newsgroups. The advisory includes vendor information and a workaround.
| | File Size: | 13439 | | Last Modified: | Sep 14 07:48:40 1999 |
| MD5 Checksum: | 5aa3b22aefdb2606fbc498669eed6b6a |
|
| /// File Name: |
CA-95:16.wu-ftpd.vul |
Description:
|
This advisory describes a vulnerability in the wu-fptd SITE EXEC command and provides solutions for both Linux users and others.
| | File Size: | 13838 | | Last Modified: | Sep 14 07:48:39 1999 |
| MD5 Checksum: | 75e31876631fbf4054469904a5686ed3 |
|
| /// File Name: |
CA-95:15.SGI.lp.vul |
Description:
|
This advisory points out accounts that are distributed without passwords and urges SGI customers to create passwords for those accounts.
| | File Size: | 10923 | | Last Modified: | Sep 14 07:48:38 1999 |
| MD5 Checksum: | d71b2dbd6f3758ceb50ca382bd593960 |
|
| /// File Name: |
CA-95:14.Telnetd_Environment_Vulner..> |
Description:
|
This advisory describes a vulnerability with some telnet daemons and includes patch information from vendors, along with a workaround.
| | File Size: | 26674 | | Last Modified: | Sep 14 07:48:37 1999 |
| MD5 Checksum: | 06ab579e8768524b339184aca88c75eb |
|
| /// File Name: |
CA-95:13.syslog.vul |
Description:
|
This advisory describes a general problem with syslog, lists vendor information about patches, and provides a workaround for solving the syslog problem in sendmail in particular.
| | File Size: | 22867 | | Last Modified: | Sep 14 07:48:36 1999 |
| MD5 Checksum: | e39dfff9daefd95c7120a4e998abb18f |
|
| /// File Name: |
CA-95:12.sun.loadmodule.vul |
Description:
|
The advisory describes a problem with the loadmodule(8) program in Sun OS 4.1.X and provides patch information.
| | File Size: | 7355 | | Last Modified: | Sep 14 07:48:35 1999 |
| MD5 Checksum: | 79afb161722955323b933949d7614a4c |
|
| /// File Name: |
CA-95:10.ghostscript |
Description:
|
This advisory describes a vulnerability involving the -dSAFER option in ghostscript versions 2.6 through 3.22 beta. The advisory includes instructions for fixing the problem and pointers to version 3.33 of ghostscript.
| | File Size: | 15940 | | Last Modified: | Sep 14 07:48:34 1999 |
| MD5 Checksum: | fd4023068d8fe25142b6ca2995ddba00 |
|
| /// File Name: |
CA-95:09.Solaris.ps.vul |
Description:
|
This advisory describes a vulnerability in Solaris that can be exploited if the permissions on the /tmp and /var/tmp directories are set incorrectly.
| | File Size: | 13835 | | Last Modified: | Sep 14 07:48:28 1999 |
| MD5 Checksum: | 65b36a02be742c26067752c254b2f4ba |
|
| /// File Name: |
CA-95:08.sendmail.v.5.vulnerability |
Description:
|
This advisory describes a vulnerability in sendmail v.5, which is still in use and which includes IDA sendmail. Many vendors have previously fixed the problem, others recently developed patches.
| | File Size: | 22747 | | Last Modified: | Sep 14 07:48:27 1999 |
| MD5 Checksum: | eee46950dd25557fa0dcd27fa9da33da |
|
| /// File Name: |
CA-95:07a.REVISED.satan.vul |
Description:
|
** This advisory replaces CA-95:07.** It is a revision that provides new information the problem described in CA-95:07, and includes precautions to take when running SATAN. A tutorial by the SATAN authors, "SATAN Password Disclosure" is appended to the advisory.
| | File Size: | 14979 | | Last Modified: | Sep 14 07:48:13 1999 |
| MD5 Checksum: | c3b643701b8842ae4102585860474562 |
|
| /// File Name: |
CA-95:06.satan |
Description:
|
An overview of the Security Administrator Tool for Analyzing Networks (SATAN) based on the CERT staff's review of beta version 0.51. Includes list of vulnerabilities probed and advice on securing systems.
| | File Size: | 16156 | | Last Modified: | Sep 14 07:48:12 1999 |
| MD5 Checksum: | 1bb58a38e81fa46cce5931a7388bfd6f |
|
| /// File Name: |
CA-95:04.NCSA.http.daemon.for.unix...> |
Description:
|
This advisory provides a patch for a vulnerability in the NCSA HTTP daemon version 1.3 for UNIX.
| | File Size: | 9115 | | Last Modified: | Sep 14 07:48:11 1999 |
| MD5 Checksum: | 6cd59d212c56dc98952a95b2ac8c8836 |
|
| /// File Name: |
CA-95:03a.telnet.encryption.vulnera..> |
Description:
|
** This advisory supersedes CA-95:03. ** Description and patch information for a security problem in the Berkeley Telnet clients that support encryption and Kerberos V4 authentication. It provides additional information.
| | File Size: | 14466 | | Last Modified: | Sep 14 07:48:09 1999 |
| MD5 Checksum: | ac934c64565e33ccc82a2d351435ebbf |
|
| /// File Name: |
CA-95:02.binmail.vulnerabilities |
Description:
|
** This advisory supersedes CA-91:01a and CA-91:13. ** It addresses vulnerabilities in some versions of /bin/mail based on BSD 4.3 UNIX. It includes a list of vendor patches and source code for mail.local.c, an alternative to /bin/mail.
| | File Size: | 10040 | | Last Modified: | Sep 14 07:48:08 1999 |
| MD5 Checksum: | 43436de334513164d7545cf804ca6a7d |
|
| /// File Name: |
CA-95:01.IP.spoofing.attacks.and.hi..> |
Description:
|
The IP spoofing portion of this advisory has been superseded by CA-96.21. The description of the intruder activity of hijacking terminals is still current.
| | File Size: | 26137 | | Last Modified: | Sep 14 07:48:07 1999 |
| MD5 Checksum: | 3a95cb7ae1968a12be491dad55d5ed35 |
|
| /// File Name: |
CA-94:15.NFS.Vulnerabilities |
Description:
|
This advisory describes security measures to guard against several vulnerabilities in the Network File System (NFS). The advisory was prompted by an increase in root compromises by intruders using tools to exploit the vulnerabilities.
| | File Size: | 7193 | | Last Modified: | Sep 14 07:48:03 1999 |
| MD5 Checksum: | 33d07304d57dcf3bc7c2dca5ee4cc7d3 |
|
| /// File Name: |
CA-94:14.trojan.horse.in.IRC.client..> |
Description:
|
This advisory discusses a Trojan horse that was found in version 2.2.9 or ircII, the source code for the Internet Relay Chat (IRC) client for UNIX systems. For reasons described in the advisory, the CERT staff urges everyone to install ircII version 2.6.
| | File Size: | 7438 | | Last Modified: | Sep 14 07:48:00 1999 |
| MD5 Checksum: | 3ad62e3a6874eb3be1be2d0befdd860e |
|
| /// File Name: |
CA-94:13.SGI.IRIX.Help.Vulnerabilit..> |
Description:
|
This advisory addresses a vulnerability in the Silicon Graphics, Inc. IRIX 5.x Help system. SGI recommends installing the patch, but has provided a workaround to disable the Help system if this is not possible.
| | File Size: | 8291 | | Last Modified: | Sep 14 07:47:59 1999 |
| MD5 Checksum: | 75bcdf7781e63e31396705ab8db1b2cc |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
