The Computer Incident Advisory

NO RESTRICTIONS _____________________________________________________ The Computer Incident Advisory Capability ___ __ __ _ ___ / | / \ / \___ __|__ /___\ \___ _____________________________________________________ Information Bulletin Michelangelo Virus on MS DOS Computers February 6, 1992, 1400 PDT Number C-15 _________________________________________________________________________ Name: Michelangelo virus Platform: MS-DOS computers Damage: On March 6 will destroy all files on infected disks and diskettes that are accessed. Symptoms: CHKDSK reports "total bytes memory" 2048 bytes less than expected Detection: DDI Data P...

_____________________________________________________ The Computer Incident Advisory Capability ___ __ __ _ ___ / | / \ / \___ __|__ /___\ \___ _____________________________________________________ Information Bulletin Dir II Virus on MS DOS Computers October 18, 1991, 15:30 PDT Number C-2 Critical Dir II Virus Facts Name: Dir II virus Aliases: Dir-2, MG series II, Creeping Death, DRIVER-1024, Cluster Virus Type: Directory infector with stealth characteristics Variants: Unsubstantiated reports exist for two variants Platform: MS-DOS computers Damage: May destroy all .EXE and .COM files and backup diskettes, crash some loo...

_____________________________________________________ The Computer Incident Advisory Capability ___ __ __ _ ___ / | / \ / \___ __|__ /___\ \___ _____________________________________________________ Information Bulletin May 16, 1991, 1330 PST Number B-26 Inconsistent Directory and File Permissions in SunOS 4.1 and 4.1.1 ________________________________________________________________________ PROBLEM: SunOS versions 4.1 and 4.1.1 have several inconsistent file and directory permissions. PLATFORM: Sun computer architectures sun3, sun3x, sun4, and sun4c that run SunOS 4.1 or SunOS 4.1.1. DAMAGE: May allow unauthorized or unin...

_____________________________________________________ The Computer Incident Advisory Capability ___ __ __ _ ___ / | / \ / \___ __|__ /___\ \___ _____________________________________________________ Information Bulletin May 1, 1991, 1200 PDT Number B-23 Ultrix V4.0 and V4.1 Vulnerability ________________________________________________________________________ PROBLEM: /usr/bin/chroot is installed with the setuid bit set. PLATFORM: DEC Ultrix V4.0 and V4.1, all architectures. DAMAGE: Allows authorized users to gain unauthorized privileges. SOLUTIONS: Fixed in Ultrix V4.2. Manually change file mode of /usr...

_____________________________________________________ The Computer Incident Advisory Capability ___ __ __ _ ___ / | / \ / \___ __|__ /___\ \___ _____________________________________________________ Information Bulletin Vulnerability in UNIX System V on 386/486 Platforms Critical UNIX System V on 386/486 Vulnerability Information -------------------------------------------------------------------------- PROBLEM: UNIX System V security problem on 386/486 platforms (UAREA bug). PLATFORM: UNIX System V for the Intel 80386/80486 based computers. DAMAGE: Allows privileged access to files by non-privileged users....

_____________________________________________________ The Computer Incident Advisory Capability ___ __ __ _ ___ / | / \ / \___ __|__ /___\ \___ _____________________________________________________ Information Bulletin March 11, 1991, 1330 PST Number B-18 MVS Security Problem with TSO Reconnect Facility ________________________________________________________________________ PROBLEM: MVS security problem with TSO Reconnect Facility PLATFORM: IBM MVS systems running TSO DAMAGE: Allows unintended reconnect to TSO address space from a different term inal without appropriate terminal check or address space modification SOLUTI...

_____________________________________________________ The Computer Incident Advisory Capability ___ __ __ _ ___ / | / \ / \___ __|__ /___\ \___ _____________________________________________________ Information Bulletin Increasing Security on Your UNICOS System March 5, 1100 PST Number B-17 Critical UNICOS Information ________________________________________________________________________ PROBLEM: Some UNICOS systems have not installed all patches that may have security implications PLATFORM: Many versions of the Cray UNICOS operating system DAMAGE: Possibility that some UNICOS systems are not operating as securely as pos...

The Computer Incident Advisory Capability ___ __ __ _ ___ / | / \ / \___ __|__ /___\ \___ _____________________________________________________ Information Bulletin Network Intrusions through TCP/IP and DECnet Gateways February 28, 1991, 1600 PST Number B-15 ________________________________________________________________________ PROBLEM: The use of multiple network protocol computers (gateways) can allow an intruder to gain unauthorized access to critical system files. PLATFORM: Multiple platforms, including DEC, VMS, ULTRIX, and Sun computers. Attacks involve X.25 networks as well as networks supporting TCP/IP a...

_____________________________________________________ The Computer Incident Advisory Capability ___ __ __ _ ___ / | / \ / \___ __|__ /___\ \___ _____________________________________________________ Information Bulletin February 22, 1991, 1300 PST Number B-14 Additional Information about UNIX Security Problem with /bin/mail in SunOS Sun Microsystems has released additional information about the security problem with /bin/mail described in CIAC Bulletin B-13. There are significant changes to the patch installation procedure. The new patch installation procedure is: ___________________________________________...

_____________________________________________________ The Computer Incident Advisory Capability ___ __ __ _ ___ / | / \ / \___ __|__ /___\ \___ _____________________________________________________ Information Bulletin GAME2 MODULE "Worm" on BITNET January 18, 1991, 1200 PST Number B-12 Critical GAME2 MODULE Facts PROBLEM: Self-replicating mail message (worm) on external BITNET RSCS systems PLATFORM: IBM VM/CMS DAMAGE: May flood the mail queue of the infected computers IMMUNIZATION: RSCS filter program available from IBM (at no cost) ________________________________________________________________________ CIAC has bee...