This file: cert.sei.cmu.edu:/pub/cert_advisories This directory contains an archive of all the advisories the CERT has put out since December 1988. It also contains several files with general information about the CERT/CC. Last updated: 11/19/90 A listing and short description of each advisory follows: CA-88:01.ftpd.hole 12/88 Warning about BSD sendmail 5.59 debug command; general warning about getting latest version of ftpd; other general warnings. CA-89:01.passwd.hole 1/89 Report from Keith Bostic of BSD patch for passwd(1) program. CA-89:02.sun.restore.hole 7/26/89 Vulnerability in SunOS 4.0.* restore(8) command. CA-89:03.telnet.breakin.warning 8/16/89 Warning about a series of break-ins in which an intruder replaced the telnet(1) program with a Trojan horse that captured passwords. Contains some general hints about securing systems. CA-89:04.decnet.wank.worm 10/17/89 Warning about the "WANK" worm which attacked DECnet hosts. CA-89:05.ultrix3.0.hole 10/17/89 Warning about attacks on DEC/Ultrix 3.0 machines. Advises users to check for Trojan horses, insecure tftp, simple passwords. CA-89:06.ultrix3.0.update 10/18/89 A repost of the 10/17 Ultrix advisory with checksums for several Ultrix system programs. CA-89:07.sun.rcp.vulnerability 10/26/89 Vulnerability in SunOS 4.0.x rcp command. CA-90:01.sun.sendmail.vulnerability 1/29/90 Vulnerability in SunOS 3.* and 4.0.* sendmail. CA-90:02.intruder.warning 3/19/90 Warning about a series of attacks on Internet systems. Includes a list of 14 points to check on Unix and VMS systems. The points cover possible signs of a break-in as well as possible system configuration vulnerabilities. CA-90:03.unisys.warning 5/7/90 Warning about Unisys U5000 systems. Some of the logins supplied when the system was shipped did not have passwords, and intruders were taking advantage of this vulnerability. CA-90:04.apollosuid.vulnerability 7/27/90 Vulnerability in Hewlett Packard/Apollo Domain/OS version sr10.2 and some beta versions of sr10.3. File /etc/suid_exec contained a security flaw. CA-90:05.sunselection.vulnerability 8/14/90 Vulnerability in SunOS 3.*, 4.0.3, and 4.1 SunView selection_svc facility. CA-90:06a.NeXT.vulnerability 10/3/90 Describes several vulnerabilities in NeXT system software. The advisory was originally issued as 90:06; 90:06a includes several corrections. CA-90:07.VMS.ANALYZE.vulnerability 10/25/90 Vulnerability in DEC VMS versions 4.0 through 5.4. Problem with ANALYZE/PROCESS_DUMP routine. CA-90:08.irix.mail 10/31/90 Vulnerability in Silicon Graphics IRIX 3.3 and 3.3.1 systems. /usr/sbin/Mail has a security flaw. CA-90:09.vms.breakins.warning 11/9/90 Warning about techniques intruders were using to get access to VMS systems. No new vulnerablities described; intruders were using weak password attacks. CA-90:10.attack.rumour.warning 11/16/90 Message about alleged attacks on telephone systems. No evidence that rumours were sustantiated. OTHER FILES cert-article An article about CERT from the March 1990 issue of Bridge, a magazine published by the Software Engineering Institute (SEI). cert.press.release.dec88 The DARPA press release issued on December 6, 1988 announcing the formation of the CERT.