BugTraq Mode:
(Page 1714 of 1748)  < Prev  1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 1719  Next >
SQL Sapphire Worm Analysis 2003-01-25
Marc Maiffret (marc eeye com)
SQL Sapphire Worm Analysis

Release Date:
1/25/03

Severity:
High

Systems Affected:
Microsoft SQL Server 2000 pre SP 2

Description:
Late Friday, January 24, 2003 we became aware of a new SQL worm spreading
quickly across various networks around the world.

The worm is spreading using a buffer over

[ more ]  [ reply ]
Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! 2003-01-25
George William Herbert (gherbert retro com)

This is also being widely reported on the NANOG
and inetproviders lists. Check traffic outbound
from your MS SQL hosts if any. Firewall 1434/UDP
inbound and outbound if you don't already.

Tier 1 backbones are reporting a bad night: routing
instabilities, one major dropped most of its peering
fo

[ more ]  [ reply ]
Blackboard 5.x & patched 5.x systems Password Retrieval 2003-01-24
Cory Michal (cmichal exceedsecurity com)
Exceed Security Systems
-------------------------------------
www.exceedsecurity.com

Although blackboard has issues a patch that fixes the vulnerability
described on January 21st by Pedram Amini (pedram (at) redhive (dot) com [email concealed]) on the
bugtraq list it is still possible to use a similar technique to extract
user

[ more ]  [ reply ]
Cisco Security Advisory: MS SQL "Sapphire" Worm Mitigation Recommendations 2003-01-25
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: MS SQL "Sapphire" Worm Mitigation Recommendations
========================================================================
======

Revision 1.0

For Public Release 2003 January 25 14:00:00 UTC

- ---------------------------------

[ more ]  [ reply ]
Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! 2003-01-25
H D Moore (sflist digitaloffense net)
A worm which exploits a (new?) vulnerability in SQL Server is bringing
the core routers to a grinding halt. The speed of the propagation can be
attributed to the attack method and simplicity of the code. The worm
sends a 376-byte UDP packet to port 1434 of each random target, each
vulnerable sys

[ more ]  [ reply ]
RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! 2003-01-25
Jeff Mills (Jeff Mills pocold com au)

> I'm getting massive packet loss to various points on the globe.
> I am seeing a lot of these in my tcpdump output on each
> host.
>
> 02:06:31.017088 150.140.142.17.3047 > 24.193.37.212.ms-sql-m: udp 376
> 02:06:31.017244 24.193.37.212 > 150.140.142.17: icmp:
> 24.193.37.212 udp port ms-sql-m

[ more ]  [ reply ]
Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! 2003-01-25
Byron Morton (byron port1500 org)
In-Reply-To: <20030125021141.A23211 (at) romulus.netgraft (dot) com [email concealed]>

This is indeed happening widely tonight. Some of the

client machines here have been hit as their boxes were

not patched up properly. We have firewalled access and

have brought our core switches online again after a

brief interruption whe

[ more ]  [ reply ]
Fw: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! 2003-01-25
Jeremy Kister (securityfocus-bugtraq jeremykister com)
Some News: http://news.zdnet.co.uk/story/0,,t269-s2099780,00.html
Advisory: http://www.nextgenss.com/advisories/mssql-udp.txt
Microsoft Fix:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/
bulletin/MS02-039.asp

MS SQL listens on port 1434/udp so that clients can figure

[ more ]  [ reply ]
Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! 2003-01-25
Mike Tindor (mtindor 1st net)
In-Reply-To: <20030125021141.A23211 (at) romulus.netgraft (dot) com [email concealed]>

Michael,

I feel your pain. I've seen the same thing starting at 12:46 AM EST 01-25-

2003 at one of our colocation facilities.

I haven't had time to analyze things as of yet - I discovered three

machines, all with activity that star

[ more ]  [ reply ]
Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! 2003-01-25
Umit Tiric (umitt softcom biz) (1 replies)
In-Reply-To: <20030125021141.A23211 (at) romulus.netgraft (dot) com [email concealed]>

We can confirm it here in Toronto, Canada. Even though the effect was

minimal to us, we saw many major networks dissappear on the Internet.

The effect is like a LAN denial of service attack. The requests are

distributed over port 1434

[ more ]  [ reply ]
Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! 2003-01-25
Jay D. Dyson (jdyson treachery net)
Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! 2003-01-25
Carlos Eduardo Vianna (cvianna stech net br)
In-Reply-To: <20030125021141.A23211 (at) romulus.netgraft (dot) com [email concealed]>

Michael,

You're correct. We started to get flooded at 03:00 AM

(now its 09:20 am down here), and found the solution

about 30 min after: shutting down all W2K SQLs. Now we

have all 1434 and 1433 blocked. 1433 seems to be

important too.

[ more ]  [ reply ]
ftls.org Guestbook 1.1 Script Injection 2003-01-25
BrainRawt . (brainrawt hotmail com)

ftls.org Guestbook 1.1 Script Injection Vulnerabilities
Discovered By BrainRawt (brainrawt (at) hotmail (dot) com [email concealed])

About MyGuestbook:
------------------
Your basic guestbook that can be downloaded at
http://www.ftls.org/en/examples/cgi/Guestbook.shtml#s1.

Vulnerable (tested) Versions:
--------------------

[ more ]  [ reply ]
MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! 2003-01-25
Michael Bacarella (mbac netgraft com) (4 replies)
I'm getting massive packet loss to various points on the globe.
I am seeing a lot of these in my tcpdump output on each
host.

02:06:31.017088 150.140.142.17.3047 > 24.193.37.212.ms-sql-m: udp 376
02:06:31.017244 24.193.37.212 > 150.140.142.17: icmp: 24.193.37.212 udp port ms-sql-m unreachable [tos

[ more ]  [ reply ]
Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! 2003-01-25
Geoff Shively (gshively pivx com)
Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! 2003-01-25
Tom Kyle (tom eos umsl edu)
Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! 2003-01-25
cstone (cstone pobox com)
Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! 2003-01-25
Ed Blanchfield (Ed E-Things Org)
List Site Pro v2 user account Hijacking vulnerablity 2003-01-24
StatiX Statix (mail_statix linuxmail org)
List Site Pro v2 user account Hijacking vulnerablity
Severity:Low
homepage:http://www.listsitepro.com

It is possible to take over another user account by signing up and using | in one of the required feilds.
List Site Pro uses '|' to delimit the database but the form input is not checked and strip

[ more ]  [ reply ]
RE: Mailman: cross-site scripting bug 2003-01-24
Leif Sawyer (lsawyer gci com)
Hmm...

https://workserver//mailman/options/ak3barons?language=<SCRIPT>ale

rt('Can%20Cross%20Site%20Attack')</SCRIPT>

returns:

<h2>Error</h2><strong>Invalid options to CGI script.</strong>

2.0.11 doesn't seem to be vulnerable to this.

(although it's got some other issues, but nothing

[ more ]  [ reply ]
Eudora Message Deletion Weakness 2003-01-24
Blud Clot (bludclot hellokitty com)
Description: Messages thought to be deleted are still stored on the user's harddrive.

Versions Affected: This was tested on the latest version, version 5.2.0.9. It is likely that many or all previous versions are also affected.

Details: When a message is deleted from the trash folder in Eudora a u

[ more ]  [ reply ]
[SECURITY] [DSA 241-1] New kdeutils packages fix several vulnerabilities 2003-01-24
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 241-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
January 24th, 2003

[ more ]  [ reply ]
SpamAssassin / spamc+BSMTP remote buffer overflow 2003-01-23
Timo Sirainen (tss iki fi)
Well, I was going to wait until 2.50 release, but it seems to be taking and
this likely affects only few installations. Besides, it's been in their
public bugzilla for over a month. So:

Attacker may be able to execute arbitrary code by sending a specially
crafted e-mail to a system using SpamAssass

[ more ]  [ reply ]
[USG- SA- 2003.001] USG Security Advisory (slocate) 2003-01-24
inkubus hushmail com (1 replies)

-----BEGIN PGP SIGNED MESSAGE-----

__________________________________________________

USG Security Advisory
http://www.usg.org.uk/advisories/2003.001.txt
inkubus (at) hushmail (dot) com [email concealed]
USG- SA- 2003.001 24- Jan- 2003
__________________________________________________

Package: slocate
Vulnerability: local

[ more ]  [ reply ]
Re: [USG- SA- 2003.001] USG Security Advisory (slocate) 2003-01-25
Kevin Lindsay (klindsay mkintraweb com)
RE: DoS attack on Windows 2000 Terminal Server 2003-01-24
Diogo Fernandes (dfernandes realmedia com)
Hi, all

> Tested on Windows 2000 Server (IE55, SP2) and Windows 2000 Server
(IE55, SP3). I do not have easy access to other
> platforms at the moment.

Tested on Windows Xp Professional, w/o SP. The problem exists.

> Workaround
> - Remove all permissions from MSGINA.DLL for "Power Users", "Users

[ more ]  [ reply ]
(Page 1714 of 1748)  < Prev  1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 1719  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus