Blogs

Possible Abuse due to Misconfigured DNS Servers

Priority: 2
Severity: 2

US-CERT CIIN-09-023-01 (U//FOUO) describes a DNS amplification attack
due to misconfigured DNS Servers. Several attacks have been
orchestrated over the past weeks bringing this issue to light.

A DNS server that is vulnerable to this attack will respond to a root NS
query (".") by returning the list of root servers.

This vulnerable DNS server could then be used in a denial of service
attack against another entity.

US-CERT recommends:

Security Team creates a Rogue CA by targeting MD5 weaknesses

http://www.win.tue.nl/hashclash/rogue-ca/

A group that presented at the the Chaos Communication Congress in Berlin
showed the ability to convert a non-CA certificate into a CA
certificate, breaking the trust of the PKI.

This was done by using a large array of fast computers (200 Playstation
3's) in order to create a CSR that would force a weakly signed
Certificate. This certificate normally would not be allowed to sign
other CSRs.

Security Team creates a Rogue CA by targeting MD5 weaknesses

http://www.win.tue.nl/hashclash/rogue-ca/

A group that presented at the the Chaos Communication Congress in Berlin
showed the ability to convert a non-CA certificate into a CA
certificate, breaking the trust of the PKI.

This was done by using a large array of fast computers (200 Playstation
3's) in order to create a CSR that would force a weakly signed
Certificate. This certificate normally would not be allowed to sign
other CSRs.

Security Team creates a Rogue CA by targeting MD5 weaknesses

http://www.win.tue.nl/hashclash/rogue-ca/

A group that presented at the the Chaos Communication Congress in Berlin
showed the ability to convert a non-CA certificate into a CA
certificate, breaking the trust of the PKI.

This was done by using a large array of fast computers (200 Playstation
3's) in order to create a CSR that would force a weakly signed
Certificate. This certificate normally would not be allowed to sign
other CSRs.

Zero day (2008-12-10) exploit for Internet Explorer (961051)

http://www.microsoft.com/technet/security/advisory/961051.mspx
http://isc.sans.org/diary.html?storyid=5458

This vulnerability affects Internet Explorer in XP SP3, Vista SP0, SP1,
and Server 2008.

This vulnerability was not fixed in MS08-073 which was released
2008-12-09 (patch Tuesday).

Multiple vulnerabilities found in Drupal Core

http://drupal.org/user/124982

This bug affects the update mechanism in Drupal. Via cross site
scripting, a malicious user may be able to cause the superuser to
execute old updates that may damage the database.

Upgrading to 5.13 or 6.7 will mitigate the bug. Alternatively, a patch
is available that will fix this bug, although it will not update other
non-security fixes in the code.

Multiple vulnerabilities found in Drupal Core <5.13 and <6.7

http://drupal.org/user/124982

This bug affects the update mechanism in Drupal. Via cross site
scripting, a malicious user may be able to cause the superuser to
execute old updates that may damage the database.

Upgrading to 5.13 or 6.7 will mitigate the bug. Alternatively, a patch
is available that will fix this bug, although it will not update other
non-security fixes in the code.

Zero day (2008-12-10) exploit for Internet Explorer (961051)

http://www.microsoft.com/technet/security/advisory/961051.mspx
http://isc.sans.org/diary.html?storyid=5458

This vulnerability affects Internet Explorer in XP SP3, Vista SP0, SP1,
and Server 2008.

This vulnerability was not fixed in MS08-073 which was released
2008-12-09 (patch Tuesday).

Multiple vulnerabilities found in Drupal Core <5.13 and <6.7

http://drupal.org/user/124982

This bug affects the update mechanism in Drupal. Via cross site
scripting, a malicious user may be able to cause the superuser to
execute old updates that may damage the database.

Upgrading to 5.13 or 6.7 will mitigate the bug. Alternatively, a patch
is available that will fix this bug, although it will not update other
non-security fixes in the code.

Pages