May 01, 2006 - Current Activity

US-CERT is aware of publicly available exploit code for a race condition vulnerability in Sendmail. US-CERT does not believe that this exploit code works at this time.

More information about the reported vulnerability can be found in the following:

• Technical Cyber Security Alert: TA06-081A - Sendmail Race Condition Vulnerability

• US-CERT Vulnerability Note: VU#834865 - Sendmail contains a race condition

• Sendmail MTA Security Vulnerability Advisory

US-CERT recommends the following actions to mitigate the security risks:

• Upgrade to the latest version: Sendmail 8.13.6.
• Review the Sendmail MTA Security Vulnerability Advisory for steps to reduce the impact of this vulnerability.

We will continue to update current activity as more information becomes available.

US-CERT is aware of an active exploitation of a cross-site scripting vulnerability in the eBay website. Successful exploitation may allow an attacker to take various actions, including the following:

• Obtain sensitive data from stored cookies
• Redirect auction viewers to phishing sites where further disclosure of login credentials or personal information can occur
• Create auctions that use script to place login areas on the eBay website, where credentials may be sent to a remote server with malicious intent

More information about the reported vulnerability can be found in the following:

• CERT Advisory: CA-2000-02 - Malicious HTML Tags Embedded in Client Web Requests
• US-CERT Vulnerability Note: VU#808921 - eBay contains a cross-site scripting vulnerability

Until a practical solution or more information becomes available, US-CERT recommends the following:

• Disable Scripting as specified in the Securing Your Web Browser document and the Malicious Web Scripts FAQ.
• Add "ebay.com" to the Restricted Sites zone in Internet Explorer.
• Validate web site addresses as described in the eBay Spoof Email Tutorial and US-CERT Cyber Security Tip ST04-014.
• Validate web site certificates as described in US-CERT Cyber Security Tip ST05-010.

We will continue to update current activity as more information becomes available.

US-CERT is aware of an active exploitation of a vulnerability in the way Microsoft Internet Explorer handles certain DHTML methods. By persuading a user to access a specially crafted webpage, a remote, unauthenticated attacker may be able to execute arbitrary code on that user's system, or cause Internet Explorer to stop functioning.

More information about the reported vulnerability can be found in the following US-CERT Vulnerability Note:

• VU#876678 - Microsoft Internet Explorer createTextRange() vulnerability

Known attack vectors for this vulnerability require that Active Scripting is enabled in Internet Explorer. Disabling Active Scripting will reduce the chances of exploitation.

US-CERT recommends the following:

• Apply the appropriate updates, patches, or fixes as prescribed in the Microsoft Security Bulletin MS06-013.
• Disable Active Scripting as specified in the Securing Your Web Browser document.
• Read and send email in plaintext format.
• Do not follow unsolicited links.
• Review the additional workarounds in the Microsoft Security Advisory 917077.
• Review Microsoft’s recommendations to improve the safety of browsing and email activity.