 |
 |
|
|
|
 |
 |
Home | What's New | FAQ | Site Contents | Contact Us |
|
|
Alerts | Improving Security | Training | Reports | Survivability Research | About Us | FTP Archives | Other Resources |
|
|
|
|
|
|
CERT* Advisory CA-96.13Original issue date: July 4, 1996Last Revised: September 24, 1997 Updated copyright statement A complete revision history is at the end of this file.
Topic: The Independence Day VirusThe CERT Coordination Center has received reports of weaknesses in Alien/OS that can allow species with primitive information sciences technology to initiate denial-of-service attacks against MotherShip™ hosts. One report of exploitation of this bug has been received. When attempting takeover of planets inhabited by such races, a trojan horse attack is possible that permits local access to the MotherShip host, enabling the implantation of executable code with full root access to mission-critical security features of the operating system. The vulnerability exists in versions of EvilAliens' Alien/OS 34762.12.1 or later, and all versions of Microsoft's Windows/95. The CERT Coordination Center advises against initiating further planet takeover actions until patches are available from these vendors. If planet takeover is absolutely necessary, CERT advises that affected sites apply the workarounds as specified below. We will update this advisory as we receive additional information. Please check advisory files regularly for updates that relate to your site.
I. DescriptionAlien/OS contains a security vulnerability, which strangely enough can be exploited by a primitive race running Windows/95. Although Alien/OS has been extensively field tested over millions of years by EvilAliens, Inc., the bug was only recently discovered during a routine invasion of a backwater planet. EvilAliens notes that the operating system had never before been tested against a race with "such a kick-ass president."The vulnerability allows the insertion of executable code with root access to key security features of the operating system. In particular, such code can disable the NiftyGreenShield™ subsystem, allowing child processes to be terminated by unauthorized users. Additionally, Alien/OS networking protocols can provide a low-bandwidth covert timing channel to a determined attacker. II. ImpactNon-privileged primitive users can cause the total destruction of your entire invasion fleet and gain unauthorized access to files.III. SolutionEvilAliens has supplied a workaround and a patch, as follows:A. WorkaroundTo prevent unauthorized insertion of executables, install a firewall to selectively vaporize incoming packets that do not contain valid aliens. Also, disable the "Java" option in Netscape.B. PatchAs root, install the "evil" package from the distribution tape.(Optionally) save a copy of the existing /usr/bin/sendmail and modify its permission to prevent misuse.
The CERT Coordination Center staff thanks Jeff Goldblum and Fjkxdtssss for providing information for this advisory.
If you believe that your system has been compromised, contact the CERT Coordination Center or your representative in the Forum of Incident Response and Security Teams (see http://www.first.org/team-info/) CERT/CC Contact InformationEmail cert@cert.org Phone +1 412-268-7090 (24-hour hotline) CERT personnel answer 8:30-5:00 p.m. EST(GMT-5) / EDT(GMT-4) and are on call for emergencies during other hours. Fax +1 412-268-6989 Postal address: CERT Coordination Center Using encryption We strongly urge you to encrypt sensitive information sent by email. We can support a shared DES key or PGP. Contact the CERT/CC for more information. Location of CERT PGP key ftp://ftp.cert.org/pub/CERT_PGP.key Getting security information CERT publications and other security information are available from http://www.cert.org/ CERT advisories and bulletins are also posted on the USENET newsgroup
comp.security.announce cert-advisory-request@cert.org In the subject line, type SUBSCRIBE your-email-address Copyright 1996 Carnegie Mellon University. Conditions for use, disclaimers, and sponsorhsip information can be found in http://www.cert.org/legal_stuff/legal_stuff.html and ftp://ftp.cert.org/pub/legal_stuff. If you do not have FTP or web access, send mail to cert@cert.org with "copyright" in the subject line. CERT is registered in the U.S. Patent and Trademark Office.
Revision history Sep. 24, 1997 Updated copyright statement Jul. 30, 1996 Removed references to CA-96.13.README. |