[4eyes] FW: [Fwd: [COMS #29172] [UCSB-OIT #200325] Vulnerabilities Found on 128.111.28.92]

Matthew Turk mturk at cs.ucsb.edu
Thu Dec 17 14:02:37 PST 2009 

ILab folks,

Someone has a machine on the lab's network that is a vulnerability and needs to be patched. Everyone who connects in the lab or via VPN please take a look at the email below and make sure your machine(s) is(are) safe and updated.

Also, Majuro is no longer hidden behind the VPN, so the whole world can see it - including the firewall password (even though the firewall is not up). We need to fix this. Tobias, let's discuss offline the right strategy for getting things back to properly working order.

Again, please check all your machines and laptops!

Thanks,
	Matthew

-----Original Message-----
From: Jeff Oakes [mailto:joakes at engineering.ucsb.edu] 
Sent: Thursday, December 17, 2009 11:29 AM
To: Tobias Hollerer
Cc: Matthew Turk; joakes >> Jeff Oakes
Subject: [Fwd: [COMS #29172] [UCSB-OIT #200325] Vulnerabilities Found on 128.111.28.92]

Tobias and Matthew,

could you please get in touch with the user on ilab-92.cs.ucsb.edu and 
have them patch this vulnerability? Also, you may want to address the 
fact that your wiki:

http://majuro.cs.ucsb.edu/wiki/index.php/Systems_Info

is world readable and contains information that you may not want the 
world to have access to (such as passwords!).

Thanks,

Jeff


-------- Original Message --------
Subject: [COMS #29172] [UCSB-OIT #200325] Vulnerabilities Found on 
128.111.28.92
Date: Wed, 16 Dec 2009 11:11:08 -0800
From: vsc at oit.ucsb.edu via CS Support <support at cs.ucsb.edu>
Reply-To: support at cs.ucsb.edu
References: <RT-Ticket-29172 at cs.ucsb.edu> 
<RT-Ticket-200325 at oit.ucsb.edu> 
<rt-3.8.1-9170-1260990658-57.200325-6-0 at oit.ucsb.edu>


Wed Dec 16 11:11:08 2009: Request 29172 was acted upon.
Transaction: Ticket created by vsc at oit.ucsb.edu
        Queue: General
      Subject: [UCSB-OIT #200325] Vulnerabilities Found on 128.111.28.92
        Owner: Nobody
   Requestors: vsc at oit.ucsb.edu
       Status: new
  Ticket <URL: https://rt.cs.ucsb.edu/Ticket/Display.html?id=29172 >


Greetings:

Our vulnerability scanner has found vulnerable hosts on your network.
I highly recommend taking the recommended actions mentioned in this
report in order to reduce the chances of this host becoming compromised.
If you believe any part of this report to be false, please let me know
so that we can work to improve our reporting accuracy.

Here are the relevant parts of the report:
----------------------------------------
IP Address: 128.111.28.92
Scanned on Dec 12, 2009 at 02:08
----------------------------------------
Nessus Plugin ID: 35362
Port Info: microsoft-ds (445/tcp)
Synopsis :

It is possible to crash the remote host due to a flaw in SMB.

Description :

The remote host is vulnerable to memory corruption vulnerability in
SMB which may allow an attacker to execute arbitrary code or perform a
denial of service against the remote host.

Solution :

Microsoft has released a set of patches for Windows 2000, XP, 2003,
Vista and 2008 :

http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE : CVE-2008-4834, CVE-2008-4835, CVE-2008-4114
BID : 31179, 33121, 33122
Other references : OSVDB:48153, OSVDB:52691, OSVDB:52692

----------------------------------------
Nessus Plugin ID: 34477
Port Info: general/tcp

Synopsis :

Arbitrary code can be executed on the remote host due to a flaw in the
'Server' service.

Description :

The remote host is vulnerable to a buffer overrun in the 'Server'
service that may allow an attacker to execute arbitrary code on the
remote host with the 'System' privileges.

Solution :

Microsoft has released a set of patches for Windows 2000, XP, 2003,
Vista and 2008 :

http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE : CVE-2008-4250
BID : 31874
Other references : OSVDB:49243


-- 
E. Todd Atkins
Network Security Coordinator
Office of Information Technology
University of California, Santa Barbara

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
     I encourage you to use our Nessus scanner to periodically
     scan your hosts. You can schedule scans at
     http://vsc.oit.ucsb.edu
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

More information about the Ilab-users mailing list