Tech Alert Briefing for 2/13/2002
UPDATE ON SNMP VULNERABILITY:
A research network vulnerability testing tool project, orginally developed at the University of Oulu of Linnanmaa, Finland may have fallen into the hands of subversive elements of the computer underground, according to an ISS X-Force Security Alert.The PROTOS SNMP (Simple Network ManagementProtocol) attack tool, originally intended to aid in assessing network security vulnerabilities,is astress-testing tool that is capable of flooding SNMP systems in an attempt to discover exploitable vulnerabilities.The tool has the immediate ability to crash SNMP daemons and hardware devices running SNMP. The circulation of this tool may lead to the widespread use of new exploits to crash or compromise vulnerable systems. SNMP is so widely used throughout the Internet, that CERTand other security authorities are recommending that network administrators take immediate action to access their SNMP system vulnerabilities. Nearly every operating system, router, switch, cable or DSL modem, and firewall is shipped with an SNMP service.
Additional News Stories:
SNMP vulnerability poses major threat
CERT warns of web meltdown
Widespread SNMP (Simple Network Management Protocol) Vulnerability Reported
CERT and the SANS Institute are reporting widespread vulnerabilitiesin SNMP (Simple Network Management Protocol) have been detected.Exploits of the vulnerability cause systems to fail or to be taken over.The vulnerability can be found in hundreds of different OEMsystems and is very widespread - millions of routers and other systemsare involved.
The SANS Institute is recommending that you turn off SNMP. If you absolutelymust run SNMP, get the patch from your hardware or software vendor.
Two final notes.
Note 1:Turning off SNMP was one of the strong recommendations in the Top 20 Internet Security Vulnerabilities that the FBI's NIPC and SANS and the Federal CIO Council issued on October 1, 2001.
Note 2:If you have Cisco routers you are going to have to patch them to fix this problem. SANS recommends that you review all other fixes that will protect your Cisco routers from an increasingly common set of increasingly bad attacks.
For more information, read the complete advisory at:
CERT? Advisory CA-2002-03 Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP)
Varient of Klez.e worm Makes the Top 10 Virus Threat List
Several virus companies have placed a new varient of the Klez.e worm on their Top 10 Virus Threat list, despite the fact that the number of reported occurrences is relatively low.The problem, according to these companies, is that the virus payload can be extremely damaging if the computer becomes infected.The worm also attempts to circumvent some components of antivirus programs and delete some anti-virus related files.
The Klez.e worm is distributed via email with either a random subject line or one chosen from among the following subject headings:
How are you
Let's be friendsDarling
Don't drink too much
Please try again
Welcome to my hometown
the Garden of Eden
introduction on ADSL
japanese girl VS playboy
Look,my beautiful girl friend
Eager to see you
Spice girls' vocal concert
Japanese lass' sexy pictures
Software Patch to Prevent Klez.e Worm Vulnerability
Because the Klez.e worm attempts to exploit a MIME vulnerability in some versions of Microsoft Outlook, Microsoft Outlook Express, and Internet Explorer to allow the executable file to run automatically without the user double-clicking on the attachment, users are urged to apply the latest security patches from Microsoft which secures against this vulnerability.The patch can be downloaded at:
(This patch fixes a number of vulnerabilities in Microsoft's software, including the one exploited by this worm.)
Additional Resources from:
Vulnerabilities in Oracle 9 Application Server brought to light
NGSSoftware Insight Security Research has recently released a series ofadvisories regarding vulnerabilities in Oracle 9 database server.Network Adminstrators employing Oracle 9 databases will want to be sure to read an important paper highlighting potential vulnerabilities, entitled, Hackproofing Oracle Application Server: a Guide to Securing Oracle 9
Oracle Response to Vulnerabilities and Security Alerts
Previous Tech Alerts:
02/07/02 Bloodhound Mass Mailing Worm and Managing Risks in Wireless Networks
02/04/02 Microsoft Issues Collection of Security Fixes for Windows 2000
01/31/02 Copycat Virus Unleashed
01/30/02 Netscape Browser Vulnerable to Cookie Theft
01/28/02 "My Party" Mass Mailing Worm
01/18/02 IT Contingency Planning Guide, Information Security Checklist and Solaris Vulnerability
01/15/02 Trojan.StartPage Alters Web Browsers
01/12/02 New Internet Worm Gigger Masquerades as Microsoft Outlook Upgrade
01/08/02 Microsoft Universal Plug and Play Vulnerability
12/20/01 Holiday Themed Computer Virus Unleashed
First published on 02/12/2002