CA-2001-09: Statistical Weaknesses in TCP/IP Initial Sequence Numbers A new vulnerability has been identified which is present when using random increments to constantly increase TCP ISN values over time. Systems are vulnerable if they have not incorporated RFC1948 or equivalent improvements or do not use cryptographically secure network protocols like IPsec.
CA-2001-10: Buffer Overflow Vulnerability in Microsoft IIS 5.0 A vulnerability exists in Microsoft IIS 5.0 running on Windows 2000 that allows a remote intruder to run arbitrary code on the victim machine, allowing them to gain complete administrative control of the machine.
CA-2001-11: sadmind/IIS Worm The CERT/CC has received reports of a new piece of self-propagating malicious code (referred to here as the sadmind/IIS worm). The worm uses two well-known vulnerabilities to compromise systems and deface web pages.
CA-2001-12: Superfluous Decoding Vulnerability in IIS A serious vulnerability in Microsoft IIS may allow remote intruders to execute commands on an IIS web server. This vulnerability closely resembles a previous vulnerability in IIS that was widely exploited. The CERT/CC urges IIS administrators to take action to correct this vulnerability.
CA-99-02 Trojan Horses Over the past few weeks, we have received an increase in the number of incident reports related to Trojan horses. This advisory includes descriptions of some of those incidents, some general information about Trojan horses, and advice for system and network administrators, end users, software developers, and distributors.
CA-99-03 FTP Buffer Overflows In text from Netect, Inc., this advisory presents information about remote buffer overflows that lead to potential root compromises in various FTP servers.
CA-99-09 Array Services default configuration The default configuration of SGI Array Services disables authentication and allows remote and local users to execute arbitrary commands as root.
