Computer Security Update Bob Cowles, SLAC stanford.edu Presented to HEPiX at Fermilab 23 Oct 2002 Work supported by U. S. Department of Energy contract DE-AC03-76SF00515
23 October 2002HEPiX – Bob Cowles – SLAC2 Areas Solaris Cisco Linux IIS Internet Explorer Windows Misc Virus & Worm Conclusions News
23 October 2002HEPiX – Bob Cowles – SLAC3 Solaris /bin/login ssh & OpenSSH in.talkd cachefsd xdr_array bo (affects OpenAFS too) ttdbserver TTYPROMPT
23 October 2002HEPiX – Bob Cowles – SLAC4 Cisco ssh Aironet wireless APs (telnet) ntp daemon httpd default passwords
23 October 2002HEPiX – Bob Cowles – SLAC5 Linux ssh wu-ftp glibc OpenSSH glibc (reboot required) Bugzilla OpenSSL
23 October 2002HEPiX – Bob Cowles – SLAC6 Apache Transfer chunking mod_ssl off-by-one shared memory scoreboard - scripting
23 October 2002HEPiX – Bob Cowles – SLAC7 IIS Cookie handling error (cross domains).htr heap overflow Office Web components SmartHTML interpreter.htr transfer chunking
23 October 2002HEPiX – Bob Cowles – SLAC8 Internet Explorer file name spoofing VBScript read local files jpeg scripting Gopher protocol error SSL cert checking error (Outlook, too) Cached objects
23 October 2002HEPiX – Bob Cowles – SLAC9 Windows MS SQL Server & Media Player UPNP XMLHTTP JVM Debugger MS Office document grabbing Network Connection Manager Windows XP SP1
23 October 2002HEPiX – Bob Cowles – SLAC10 Misc OpenVMS DECwindows Motif Server Add’l files indexed by Google AOL AIM & Yahoo Messenger snmp PGP buffer overflow libbind resolver buffer overflow MIME send by reference (RFC 2046) TCP/IP ambiguity
23 October 2002HEPiX – Bob Cowles – SLAC11 Virus & Worm Magistr badtrans Goner Myparty: Frethem (your password) Klez Bugbear
23 October 2002HEPiX – Bob Cowles – SLAC12 Conclusions (almost the same) Poor administration is still a major problem Firewalls cannot substitute for patches Multiple levels of virus/worm protection are necessary Clue is more important than source
23 October 2002HEPiX – Bob Cowles – SLAC13 News OpenSSH trojaned 20 things to make your system safe and secure (really!) New versions of PGP.. incl. version 8.0 beta for Windows SMTP trojaned Flash and Warhol worms Attack on root DNS servers