NIPC CyberNotes #2002-12 Page 5 of 33 06/17/2002
Vendor
Operating
System
Software
Name
Vulnerability/
Impact
Patches/Workarounds/
Alerts
Common
Name
Risk*
Attacks/
Scripts
Dug Song
19
Multiple Dsniff 2.3;
Fragroute
1.2;
Fragrouter
1.6
A vulnerability exists because
the source code of Fragroute,
Fragrouter, and Dsniff were
altered to include a backdoor,
which allows a remote
malicious user from the IP
address 216.80.99.202 to
remotely execute arbitrary
commands on the host that it
was installed on. The source
code is reported to have been
corrupted on May 17, 2002.
Downloads of the source from
monkey.org during this time
likely contain the Trojan code.
A confirmed MD5 sum of a
contaminated archive is:
65edbfc51f8070517f14ceeb8f
721075
If a fragroute install was
based on an archive with this
MD5 sum, it is likely that the
backdoor code was executed.
The author has stated that
clean versions are
available. The MD5
sums are:
● MD5 (dsniff-
2.3.tar.gz) =
183e336a45e38013f3a
f840bddec44b4
● MD5 (fragroute-
1.2.tar.gz) =
7e4de763fae35a50e87
1bdcd1ac8e23a
● MD5 (fragrouter-
1.6.tar.gz) =
73fdc73f8da0b41b995
420ded00533cc
Note: Users are advised
to install with caution.
Fragroute/
Dsniff/
Fragrouter
Configure
Script Trojan
Horse
High
Bug discussed
in newsgroups
and websites.
Vulnerability
has appeared in
the press and
other public
media.
eDonkey
2000
20
Windows Client
35.16.59
Windows,
35.16.60
Windows
A buffer overflow
vulnerability exists in the
URL handler when parsing
maliciously constructed
URLs, which could let a
malicious user execute
arbitrary code.
Upgrade available at:
http://www.edonkey2000.co
m/files/eDonkey61.exe
eDonkey 2000
Buffer
Overflow
High
Bug discussed
in newsgroups
and websites.
Ehud
Gavron
21
Unix TrACES
route 6.0,
6.1, 6.1.1
A format string vulnerability
exists in the terminator (-T)
function due to improper use
of the fprint function, which
could let a malicious user
obtain root privileges.
No workaround or patch
available at time of
publishing.
TrACESroute
Terminator
Function
Format String
High
Bug discussed
in newsgroups
and websites.
Eryq
22
Unix MIME::
Tools
5.4.11
Several vulnerabilities exist: a
vulnerability exists because
RFC 2231 encoding is not
supported: a method of
encoding MIME parameters is
not supported, and the
implementation used for
encoding words where US-
ASCII is not the default
character set, which may
result in a security
vulnerability in software
packages dependent on the
module for security sensitive
tasks such as e-mail content
scanning.
No workaround or patch
available at time of
publishing.
MIME::Tools
RFC Parameter
Value
Continuation
Medium Bug discussed
in newsgroups
and websites.
19
Bugtraq, May 31, 2002.
20
Securiteam, June 11, 2002.
21
DownBload Security Research Lab Advisory, June 6, 2002.
22
Securiteam, June 5, 2002.
(51 páginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentários a estes Manuais