Posted on 08/11/2003 2:33:46 PM PDT by STFrancis
All,
Here a scoop to Freepers which is just now hitting us security pro's.
There is a first vulnerability that uses the MS Bug that MS addressed with MS 03-026 two weeks ago.
It is calling itself MSBLAST.exe and is spreading in the wild unbelievably fast. http://isc.sans.org/diary.html?date=2003-08-11
A first advisory from McAffee has just been published: http://us.mcafee.com/virusInfo/defa...&virus_k=100547 Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp. The exploit itself is very close to 'dcom.c' and so far appears to use the "universal Win2k" offset only.
In other words we need to make sure port 4444 is blocked inbound AND outbound.
Of course this is in addition to the MS03-026 patch being installed which Microsoft released two weeks ago (more info regarding the patch here: http://www.microsoft.com/technet/tr...n/MS03-026.asp.
Another advisory was JUST posted by Symantec: http://www.symantec.com/avcenter/ve...aster.worm.html
Just thought everyone ought to know.
Thanks...
Local exploit only, and only on x86 versions, not Sparc versions.
OpenBSD http://www.insecure.org/sploits/OpenBSD.lprm.overflow.html
Interesting exploit, but also local only.
I will list here the conditions that must be met for the exploit to work:
You have a remote printer configured in /etc/printcap.
The length of the attacker's username plus the length of the "rp" capability for the remote printer is >= 7.
The hostname of the remote printer (i.e. the "rm" capability) resolves, and neither the canonical name returned for the host nor any of its aliases match the local hostname.
And all of this on a version which was, at the time of the exploit being found, two versions old.
Trusted Solaris - from Sun's own website! http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/199
Not a Trusted Solaris bug. Can affect Trusted Solaris if you install Java, which is not installed by default.
No software is perfect, but none of the exploits you listed would make it possible for a " average-skilled computer consultants trained in simple yet effective hacks" to crack a machine running OpenBSD or Trusted Solaris remotely, that is, across a network connection. That is what you claimed, after all, but have failed to provide evidence of.
It's good that you won't be coming back to troll anymore. Begone and good riddance, Microsoft apologist.
Security Update 2003-08-14 is now available APPLE-SA-2003-08-14 realpath.
It addresses CAN-2003-0466, a potential vulnerability in the fb_realpath() function, used by the FTPServer and Libc projects, which could allow a local or remote user to gain unauthorized root privileges to a system.
Now then, when you do a search, for CAN-2003-0466 on CERT.org, Apple DID NOT RESPOND to this on July 31, 2003. Other manufacturers CAME OUT WITH FIXES 10 days ago. Apple still buried their head in the sand.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.