CERT^® Summaries

For regular updates of information about the most frequent, high-impact types of security incidents and vulnerabilities currently being reported to the CERT/CC, see the CERT/CC Current Activity web page.

CS-2001-02

Topics in this regularly scheduled CERT Summary include a significant increase in reconnaissance activity, a number of self-propagating worms, and active exploitation of vulnerabilities in snmpxdmid, BIND and IIS by intruders

CS-2001-01

Topics in this regularly scheduled CERT Summary include multiple vulnerabilities in BIND, compromises via "ramen" toolkit, input validation problems in LPRng, and VBS/OnTheFly (Anna Kournikova) malicious code. There is also mention of the new Vulnerability Notes Database.

CS-2000-04

Topics in this regularly scheduled CERT Summary include continued compromises via rpc.statd and FTPd, a vulnerability in the IRIX telnet daemon, and notable virus activity, specifically the Loveletter.as worm and the QAZ worm.

CS-2000-03

Topics in this regularly scheduled CERT Summary include a vulnerability in rpc.statd on Linux systems, several ActiveX controls, vulnerabilities in Outlook and Outlook Express, security considerations for using chat software, hidden file extensions, and vulnerabilities in many FTP daemons.

CS-2000-02

Topics in this regularly scheduled CERT Summary include buffer overflows in Kerberos authenticated services, improper validation of SSL sessions in Netscape Navigator, the Love Letter Worm, denial-of-service attacks using nameservers, the exploitation of unprotected Windows shares, and continued reports of machines compromised by exploiting vulnerabilities in BIND.

CS-2000-01

Topics in this regularly scheduled CERT Summary include distributed denial-of-service tools and developments, continued reports of inturders exploiting vulnerabilities in BIND, Vixie Cron, WU-FTPD, and RPC services, and malicious HTML tags embedded in client web requests.

CS-99-05

Topics in this special edition of the CERT Summary include the Year 2000 and distributed-system intruder tools.

CS-99-04

Topics in this regularly scheduled CERT Summary include distributed intruder tools and vulnerabilities related to CDE, BIND, WU-FTP, AMD, and RPC.

CS-99-03

Topics in this regularly scheduled CERT Summary include RPC vulnerabilities, virus and Trojan horse activity, and continued widespread scans, as well as information about the new CERT PGP key.

CS-99-02

Topics in this regularly scheduled CERT Summary include virus activity (Melissa, CIH/Chernobyl, Happy99), SYN attacks, widespread scans, and web server attacks.

CS-99-01

Topics in this regularly scheduled CERT Summary include widespread scans for multiple vulnerabilities, Back Orifice and NetBus, Trojan horse programs, and FTP buffer overflows.

CS-98-08

Topics in this regularly scheduled CERT Summary include a vulnerability in mountd, Windows-based Trojan horse programs, widespread scans for vulnerabilities, scripted exploitation tools, and stealth scanning techniques.

CS-98.07

Topics in this regularly scheduled CERT Summary include new tools used for widespread scans, buffer overflows in some POP servers, multiple vulnerabilities in BIND, and an Internet Explorer version 4 vulnerability.

CS-98.06

Topics in this regularly scheduled CERT Summary include attacks that exploit vulnerabilities in BIND, scans to Port 1/tcpmux and unpassworded SGI accounts, and root compromises.

CS-98.05 - Special Edition

The CERT Coordination Center has received reports of new kinds of intruder activity indicating that intruders are targeting machines running vulnerable versions of "named" (domain name server software that is part of BIND). Thousands of sites running unpatched, vulnerable versions of "named" are known to have been compromised through exploit methods discussed here and in CS-98.04.

CS-98.04 - Special Edition

The CERT Coordination Center has received reports of increasing intruder activity indicating that intruders are targeting machines running vulnerable versions of "named" (domain name server software that is part of BIND). Many sites running unpatched, vulnerable versions of "named" have been compromised.

CS-98.03

Topics in this regularly scheduled CERT Summary include Root Compromises and Network Sniffers, Large-Scale Scanning and Attacks, and Denial-of-Service Attacks.

CS-98.02 - Special Edition

This special edition of the CERT Summary reports denial of service attacks targeting a vulnerability in the Microsoft TCP/IP stack.

CS-98.01 - Special Edition

This special edition of the CERT Summary highlights increasing attacks involving a vulnerability in rpc.statd, also known as statd on some systems.

CS-97.06

Topics in this regularly scheduled CERT Summary include Continuing IMAP Exploits, Root Compromises, CGI Scripts, and Relaying of Spam Email Through Victim Sites.

CS-97.05

Topics in this regularly scheduled CERT Summary include Continuing IMAP Exploits, Increased Denial-of-Service Attacks, Increased Use of IRC in Root Compromises, Increased Exploitation of IRIX Buffer Overflows, and Continuing INND Exploits.

CS-97.04 - Special Edition

This special edition of the CERT Summary highlights large-scale attacks involving a vulnerability in certain implementations of IMAP.

CS-97.03

Topics in this regularly scheduled CERT Summary include Continuing cgi-bin Exploits, INND Exploits, Chargen and Echo Services, and Spoofed CERT Summary.

CS-97.02 - Special Edition

This special edition of the CERT Summary highlights widespread, large-scale attacks that are occurring against news servers.

CS-97.01

Topics in this regularly scheduled CERT Summary include Continuing cgi-bin Exploits, Continuing Linux Exploits, and Naughty Robot Email Messages.

CS-96.06

Topics in this regularly scheduled CERT Summary include cgi-bin/phf Exploits and Continuing Linux Exploits.

CS-96.05

Topics in this regularly scheduled CERT Summary include Clarification to CS-96.04, Denial of Service Attacks, Continuing Linux Exploitations, PHF Exploits, and Software Piracy.

CS-96.04

Topics in this regularly scheduled CERT Summary include Increasing Sophistication of Intruder Community Expertise, Operating System Concerns, Forged Advisories, Linux Root Compromises, Telnetd in Linux Systems, Password Cracking, Sendmail Attacks, cgi-bin Vulnerabilities, and Mail Spamming/Spoofing Attacks.

CS-96.03

Topics in this regularly scheduled CERT Summary include Password Files and Cracking, Linux Machines, Machines Being Probed to Find Known Vulnerabilities, and Mail Spoofing and Mail Bombing.

CS-96.02

Topics in this regularly scheduled CERT Summary include Root compromise on systems that are unpatched or running old OS versions, Compromised user-level accounts that are leveraged to gain further access, Packet sniffers and Trojan horse programs, IP spoofing attacks, Software piracy, Sendmail attacks, and NFS and NIS attacks, and automated tools to scan for vulnerabilities.

CS-96.01

Topics in this regularly scheduled CERT Summary include Intruders Using Automated Tools to Scan Sites for NFS and NIS Vulnerabilities, Exploiting the rpc.ypupdated Vulnerability to Gain Root Access, Exploiting the Loadmodule Vulnerability to Gain Root Access, Installing Trojan Horse Programs and Packet Sniffers, and IP Spoofing Attacks.

CS-95.03

Topics in this regularly scheduled CERT Summary include Packet Sniffers, Exploitation of SGI lp Vulnerability, Network Scanning, and Sendmail Attacks.

CS-95.02

Topics in this regularly scheduled CERT Summary include Sendmail Attacks, Network Scanning, Exploitation of rlogin and rsh, and Packet Sniffers.

CS-95.01

Last updated May 29, 2001

CERT and CERT Coordination Center are registered in the U.S. Patent and Trademark Office