Date: Mon, 26 Jul 1999 23:32:18 -0400 From: Ed Vander Bush <ed@42interactive.com> To: freebsd-questions@FreeBSD.ORG Subject: Re: About the security issue in NY Times Message-ID: <379D2842.D5931705@42interactive.com> References: <Pine.BSF.4.10.9907262243050.2354-100000@dgriffin.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Since you need an account to view the page and I already have one... Here is the article Security Flaw Is Discovered in Several Unix Programs By SARA ROBINSON SAN FRANCISCO -- A leading computer security group is reporting a significant rise in potentially dangerous attacks that exploit security holes in programs shipped with the Unix operating system. Unix is the most common operating system for servers, the powerful computers that control the flow of data over large networks, including the Internet. "We've seen a good number of reports related to thousands of different machines on scores of different sites," said Shawn Hernan, a member of the Computer Emergency Response Team, or CERT, at Carnegie Mellon University in Pittsburgh. "This is not like the Melissa virus, but it's a fairly significant event in Internet security." The Melissa program infected about 19 percent of the nation's large corporations in March. The full extent of the damage might not yet be evident -- and may not be for some time -- because the attacks, when successful, give those cracking into a network what is known as "root access," basically complete control over the server. This enables the crackers, as such intruders are known, not only to wreak immediate havoc with networks but to plant small, hard-to-trace programs that can be set off at a later date. Hernan said a wide range of organizations, from small companies to universities and large corporations, reported being attacked last week. But, citing CERT policy, he declined to name specific companies or organizations. Bob Todd, a network engineer for an Internet security company, said a client he would describe only as a "large state or federal agency" had been attacked multiple times both from within the United States and abroad. He said he had heard that at least half a dozen other government agencies had also been hit. While the attacks did some mischief, like altering Web pages, Todd said he had not seen any serious damage so far. Todd's company, Advanced Research Corp. in Vienna, Va., was apparently the first to report the attacks in a posting on Bugtraq, an Internet security mailing list. Later, explicit instructions for exploiting the newest of the security holes were also posted to Bugtraq; Todd said his company was not responsible for that posting. Internet Entertainment Group in Seattle may also have been hit, according to messages posted on security discussion groups on the Internet. The attacks primarily exploit software that manages an appointment calendar program that is shipped with Unix operating systems from makers of powerful servers, including Sun Microsystems Inc. and Hewlett-Packard Co. Sun has already released a patch for the problem, and Hewlett-Packard plans to do so soon, according to CERT. In addition to the calendar program, the crackers are also exploiting two previously identified Unix bugs. They appear to be using an automated software script that tries to exploit each security hole in turn, Hernan said. He said he based that conclusion on having found similar entries in the log files that servers keep of each transaction on a network and on seeing identical pernicious files on the attacked computers. Though patches for the previously identified bugs have been available for some time, many system administrators have not yet applied them. "System administrators don't apply patches as quickly as we'd like," Hernan said. "They have their own priorities, and sometimes they'll go months without fixing" the problems. Patching the security holes after an attack cannot repair any damage already done. Of special concern with these attacks is that it is very difficult to determine what has been done since these bugs give the intruder complete control over the affected machine, Hernan said. Beyond immediate damage, the crackers can install so-called Trojan horse programs that obscure their activity and can set off malignant processes at a later date. The safest response to such an attack is to erase the hard drive, reinstall the operating system and software and then restore the data from backups that predate the attack -- a very time consuming process. The calendar bug involves what is known as a "buffer overflow" vulnerability, one of the most common types of software security holes. The attacker pretends to make an entry in the calendar, but the "entry" is really a carefully designed chunk of information that is too large to fit the storage space the program allots for the entry. The overflow spilling out into the computer's main memory consists of software code that can do any number of things but usually grants the cracker root access. A university system administrator who asked not to be identified said his network had been attacked, but he said there had been little damage since this particular cracker's clumsy execution caught the attention of system personnel. He said he suspected that the intruder might have been using an attack recipe obtained from someone else. "There's a large cracker community out there, and they talk to each other," he said. "These people waste an enormous amount of resources." Stede Bonnet wrote: > In todays Business section, an article by Sara Robinson discusses a > security problem apparent on UNIX OS's. > > How is that related to FreeBSD? Do I have anything to worry about, and > what should I do if I need to do something? > > Thanks > > Stede > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?379D2842.D5931705>