www.dragonsoft.com  
DragonSoft  

Observe Security Trend in 2003

 The first observation:
According to the data, Computer Emergency Response Team (CERT), the vulnerabilities in the first season and the second season in 2003 are not more than 2002. However, security attacks almost increase double times from 2003 to 2002. There were 82,094 security attacks in 2002; there were 76,404 security attacks in the first season the second season in 2003. (PS: Picture One and Picture Two)

The first analysis:
The report showed American Iraq War led to increase security attacks but also reminded us that we should improve our security structures. This was the reason that why the security attacks would increase from 2002 to 2003.

The first observation:
The second observation: There were 606 vulnerabilities in the first season of 2003; there were 1387 vulnerability were found in the second season of 2003. It meant the vulnerabilities increased from the first season to the second season in 2003. The report showed the vulnerability of the first season included more high risk vulnerabilities than the second season. However, the third season, the beginning of July, the IT managers found much higher risk vulnerabilities than before. Take Microsoft for example, the IT managers found 22 vulnerabilities from January to June in 2003 but they found nine vulnerabilities such as MS03-023-MS03-031 in July in 2003. Besides, some manufacturers that use the services, Database Server, Router and so on of Unix System also announced different vulnerabilities in July, 2003. (PS: Form One and Form Two.)

The second analysis:
Network attacks usually happen in several months that the vulnerability is announced, especially in July and August. The hackers like to use the vulnerabilities that are announced in these two months. If the users don't patch these exposures, the hackers will use these exposures to invade the user's workstation. Hence, the user should pay attention to patch vulnerability to avoid becoming victim.

Date Vulnerability CVE
2003.1 MS SQL - SQL Slammer CAN-2002-0649
2003.3 NetBIOS - WORM_DELODER.A  
2003.3 IIS - Code Red.F  
2003.3 Sun RPC XDR Buffer Overflow CAN-2003-0028
2003.3 Snort RPC Buffer Overflow CAN-2003-0033
2003.3 Sendmail Buffer Overflow CAN-2002-1337
2003.3 IIS - WebDAV Buffer Overflow CAN-2003-0109
(Form One)

Date Vulnerability CVE
2003.7 Cisco IOS Interface Blocked by IPv4 Packet CAN-2003-0567
2003.7 MicroSoft RPC Interface Buffer Overrun(MS03-026) CAN-2003-0352
2003.7 Windows DirectX MIDI Library Buffer Overflow(MS03-030) CAN-2003-0346
2003.7 Microsoft SQL Server vulnerable to buffer overflow CAN-2003-0232
2003.7 Oracle Database Server stack overflow  
2003.8 Wu-FTPd fb_realpath() buffer overflow CAN-2003-0466
2003.8 w32/Mimail Virus (MS02-014, MS02-015)  
(Form Two)
About DragonSoft Security Associates, Inc.
DragonSoft Security Associates is a leading developer in Taiwan for network security software and an active contributor to network security education. Founded in 2002, DragonSoft offers vulnerability management olutions, including vulnerability assessment, System Security Management and intrusion prevention.
Tel. +886-3-5630989 Fax. +886-3-5797758
6F, No. 30, Lane 607, Sec. 1, Guangfu Rd., Hsinchu, Taiwan 300. R.O.C
Copyright © DragonSoft Security Associates, Inc. All Rights Reserved
| About | Unsubscribe | Contact |