Copy Link
Add to Bookmark
Report

CERT Advisory 018

eZine's profile picture
Published in 
CERT Advisory
 · 4 years ago

  


-----BEGIN PGP SIGNED MESSAGE-----

CA-90:11
CERT Advisory
December 10, 1990
Security probes from Italy
- -------------------------------------------------------------------------------

Many sites on the Internet received messages from
"miners@ghost.unimi.it" (131.175.10.64) on Sunday, December 9. The
messages stated that "miners" is a group of researchers and students
in the computer science department at the state university of Milano
in Italy; a group testing for a "common bug" in network hosts. In
addition to the messages, a number of sites detected probes
from the unimi.it domain. Later today, a number of individuals
received a follow up message from "postmaster@ghost.unimi.it"
explaining the activities.

We have received reports that this activity has now stopped, and an
unofficial explanation has been provided by several administrators at
the University of Milano. The rest of this message describes the
sequence of events and the security holes that were probed.

Following the original messages from miners@ghost and
postmaster@ghost, another message was sent on the afternoon of December
10th from several administrators at the University of Milano. They
stated that the authorities at the University had been informed and
that the attempts had stopped. They also noted that they had not been
informed of the tests in advance.

The administrators at the University of Milano have sent us a copy of
the scripts that were used to probe the Internet sites. These scripts
checked for the existence of the sendmail WIZ and DEBUG commands,
and attempted to get /etc/motd and/or /etc/passwd via TFTP and
by exploiting an old vulnerability in anonymous FTP. The scripts
also attempted to rsh to a site and try to cat /etc/passwd. Finally,
the scripts mailed to root at each site they tested with the message
from "miners@ghost.unimi.it".

The administrators at the University of Milano state that the group
that did this was doing this to discover which (if any) sites might
have had these security flaws, and then to let the sites know about
these vulnerabilities. They have stated that they still intend to
inform sites that have these vulnerabilities.

To our knowledge, no site was actually broken into (as of December 10,
1990). Nonetheless, the CERT does not condone this type of activity.

Most of the information in this advisory is based on information given
to us via e-mail from individuals at the University of Milano. We
have not yet been able to check this information with any officials at
the University; if we learn of any other significant information, we will
update this advisory.

- ------------------------------------------------------------------------------

Computer Emergency Response Team (CERT)
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890

Internet E-mail: cert@cert.org
Telephone: 412-268-7090 24-hour hotline:
CERT personnel answer 7:30a.m.-6:00p.m. EST, on call for
emergencies during other hours.

Past advisories and other information are available for anonymous ftp
from cert.org (192.88.209.5).


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaMwk3VP+x0t4w7BAQHJJAP+OhkbgluzrajAOkP+5K/2p5oYAdDQI7cM
fMqCxkzg/8kEKmUe9uor1qGYsb3YQTioQQ6vAOPs0UR+oWoJyrC4ugC52eBNgl49
0jsL6HLp04zL5P8GcFkILzeWQuaUPt2KR6iezooN/ArDS7rizNLECLpRg8HyVFUX
B3cR4rqw2iY=
=VRmH
-----END PGP SIGNATURE-----

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT