NIPC E-Commerce Vulnerabilities Advisory

[InfoSec News <isn () C4I ORG>]

http://www.nipc.gov/warnings/advisories/2000/00-060.htm

ADVISORY 00-060

E-Commerce Vulnerabilities
December 1, 2000

Based on FBI investigations and other information, the NIPC has
observed that there has recently been an increase in hacker activity
specifically targeting U.S. systems associated with e-commerce and
other internet-hosted sites. The majority of the intrusions have
occurred on Microsoft Windows NT systems, although Unix based
operating systems have been victimized as well. The hackers are
exploiting at least three known system vulnerabilities to gain
unauthorized access and download propriety information. Although these
vulnerabilities are not new, this recent activity warrants additional
attention by system administrators. In most cases, the hacker activity
had been ongoing for several months before the victim became aware of
the intrusion. The NIPC strongly recommends that all computer network
systems administrators check relevant systems and apply updated
patches as necessary. Specific emphasis should be placed on systems
related to e-commerce or e-banking/financial business. The following
types of exploits have been observed:

Unauthorized Access to IIS Servers through Open Database Connectivity
(ODBC) Data Access with Remote Data Service (RDS):

Systems Affected: Windows NT running IIS with RDS enabled.
Details: Microsoft Security Bulletin MS99-025, NIPC CyberNotes 99-22

http://www.microsoft.com/technet/security/bulletin/ms99-025.asp, or
http://www.nipc.gov/warnings/advisories/1999/99-027.htm
http://www.nipc.gov/cybernotes/cybernotes.htm

Summary: This vulnerability allows a malicious remote user to use a
web browser to force a Windows NT server to return information from
Structured Query Language (SQL) databases or to run system commands.

SQL Query Abuse Vulnerability

Affected Software Versions: Microsoft SQL Server Version 7.0 and
Microsoft Data Engine (MSDE) 1.0
Details: Microsoft Security Bulletin MS00-14, NIPC CyberNotes 20-05

http://www.nipc.gov/cybernotes/cybernotes.htm
http://www.microsoft.com/technet/security/bulletin/ms00-014.asp

Summary: This vulnerability could allow the remote author of a
malicious SQL query to take unauthorized actions on a SQL Server or
MSDE database.

Registry Permissions Vulnerability

Systems Affected: Windows NT 4.0 Workstation, Windows NT 4.0 Server
Details: Microsoft Security Bulletin MS00-008, NIPC CyberNotes 20-08
and 20-22

http://www.microsoft.com/technet/security/bulletin/ms00-008.asp
http://www.nipc.gov/cybernotes/cybernotes.htm

Summary: Users can modify certain registry keys such that:

 a malicious user could specify code to launch a systems crash
 a malicious user could specify code to launch at next login
 an unprivileged user could disable security measures

The NIPC is conducting further analysis of this hacker activity and
will provide additional information as it becomes available.

Please report any illegal or malicious activities to your local FBI
office or the NIPC, and to your military or civilian computer incident
response group, as appropriate. Incidents may be reported online at
www.nipc.gov/incident/cirr.htm

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".