OCIPEP DAILY BRIEF Number: DOB02-087 Date: 21 June 2002 http://www.ocipep.gc.ca/DOB/DOB02-087_e.html
NEWS Microsoft Issues Cumulative Patches Microsoft Corp. issued a set of cumulative patches on 19 June that applies to all previously released fixes for Excel for Windows and Word for Windows. The patches also eliminate four newly discovered vulnerabilities, all of which could enable an attacker to run Macro code on a user's machine. The new vulnerabilities include two Excel macro execution vulnerabilities, an HTML script execution vulnerability and a new variant of the "Word Mail Merge" vulnerability first addressed in a previous Microsoft bulletin (MS00-071). (Source: Microsoft Corp., 19 June 2002) Comment: The Microsoft Security Bulletin concerning these cumulative patches can be viewed at http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-031.asp Apache HTTP Server Exploit Released A functional remote Apache HTTP Server exploit may have been in existence for some time prior to being reported, according to Internet Security Systems X-Force. As reported in the June 19 Daily Brief, OCIPEP issued an advisory concerning a chunk handling vulnerability in Apache Web Server that could be used by remote attackers to compromise the web servers. Comment: An updated version of the ApacheChunkedEncodingBo check to detect all vulnerable installations of Apache HTTP Server will be available at: http://www.iss.net/download eEye has created a free tool that IT administrators can use to scan their networks for vulnerable Apache servers. The tool also provides a link to information on how to correctly patch vulnerable servers. To learn more about the free scanning tool visit: http://www.eeye.com/html/Research/Tools/apachechunked.html The OCIPEP advisory can be viewed at http://www.ocipep.gc.ca/emergencies/advisories/AV02-032_e.html. The ISS X-Force alert is available at http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20524 Government to Streamline Counter-Terrorism Effort Canadian government agencies involved in the fight against terrorism, according to a media report, are working on multi-million-dollar plans to determine how to better coordinate the response in the event of an attack,. The RCMP has set up a new agency called the Integrated National Security Enforcement Teams (INSETs), which will bridge intelligence gaps between the approximately 40 agencies involved in counter-terrorism activities. In addition to information integration, Solicitor General Canada's Counter-Terrorism Division is working on a plan to prepare the country for a chemical, biological or nuclear attack. (Source: CBC News, 20 June 2002) Click here for the source article Comment: CBC News provides a collection of articles regarding the government's response to terrorism at http://www.cbc.ca/news/indepth/targetterrorism/canadahomefront/ Calgary Protest Targets Identified on Anarchist Web Site An anarchist web site has identified seventeen Calgary businesses as targets during next week's G8 Summit protests. The list includes several government offices and corporations that are deemed as having unethical business practices. Several companies have apparently told their employees to stay home for the two days of the Summit. The unidentified authors of the list claim to be part of an anti-capitalist, anarchist collective. (Source: CBC News, 21 June 2002) Click here for the source article IN BRIEF B.C. Flood Update The Fraser River has receded and there are now hopes that the threat of severe flooding in the Fraser Valley has passed. By Thursday the level had dropped 13 centimetres in Prince George, however, there was still a possibility of minor flooding in some areas. (Source: CBC News, 20 June 2002) Click here for the source article Manitoba Flood Victims to Receive Compensation Residents of southeastern Manitoba who suffered flood damage during the June 10 rains will soon receive compensation cheques from the provincial government. The compensation package includes $1 million for private citizens, and $6 million to repair infrastructure such as roads and bridges. (Source: CBC News, 20 June 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Symantec reports on W32.Kwbot.Worm, which is a worm with Trojan horse capabilities that disguises itself as popular movie, game, or software files. It propagates via KaZaA file-sharing networks by tricking users into downloading and opening it. http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.worm.html Symantec reports on Backdoor.NetControle, which is a Trojan horse written in Visual Basic. http://securityresponse.symantec.com/avcenter/venc/data/backdoor.netcontrole.html Trend Micro reports on VBS_CHU.A, which is a worm that infects VBS and MS Word doc files. It arrives with the subject line "Upgrade MS Exchange" and the attachment "MSXchange.vbs". http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_CHU.A Vulnerabilities SecurityFocus reports on a vulnerability in the phpShare 'phpshare.php' script that could allow a remote attacker to include arbitrary files located on remote servers. View the "Solution" tab for upgrade information. http://online.securityfocus.com/bid/5049/discussion/ SecurityFocus reports on a vulnerability in Webscripts WebBBS that could allow a remote attacker to execute arbitrary commands on the underlying shell of the host system and possibly gain local, interactive access to the host with the privileges of the webserver process. No known patch is available at this time. http://online.securityfocus.com/bid/5048/discussion/ SecurityFocus reports on a vulnerability in Mandrake 8.2 Msec that could allow a local attacker to view the contents of home directories and reset their permissions. View the "Solution" tab for workaround information. http://online.securityfocus.com/bid/5050/discussion/ SecurityFocus reports on a vulnerability in DeepMetrix LiveStats that could allow a remote attacker to cause arbitrary script code to be included in HTML reports generated by LiveStats. No known patch is available at this time. http://online.securityfocus.com/bid/5047/discussion/ SecurityFocus reports on buffer overflow vulnerabilities in the Borland Interbase gds_lock_mgr and gds_drop programs for Unix and Linux that could allow a local attacker to overwrite stack memory and potentially execute arbitrary code as root. No known patch is available at this time. http://online.securityfocus.com/bid/5046/discussion/ http://online.securityfocus.com/bid/5044/discussion/ SecurityFocus reports on a buffer overflow vulnerability in 4D WebServer for Windows and MacOS that could allow a remote attacker to cause a denial-of-service or execute attacker-supplied instructions. No known patch is available at this time. http://online.securityfocus.com/bid/5045/discussion/ SecurityFocus reports on a vulnerability in MetaLinks MetaCart2.sql that could allow a remote attacker to obtain the contents of the user database being used by MetaCart2.sql. No known patch is available at this time. http://online.securityfocus.com/bid/5042/discussion/ SecurityFocus reports on a vulnerability in MPE/iX for HP e3000 class servers that could allow a remote attacker to exploit the SNMP protocol implementation. View the "Solution" tab for patch information. http://online.securityfocus.com/bid/5043/discussion/ SecurityFocus provides a report on a buffer overflow vulnerability in Cisco VPN Client for Linux, Solaris and Mac OS X that could allow a local attacker to gain admin privileges on the client system. Follow the link for details. http://online.securityfocus.com/advisories/4214 SecurityFocus reports on aTOS Bit vulnerability in Cisco ONS15454 IP. Follow the link for details. http://online.securityfocus.com/advisories/4216 Tools Wellenreiter is a wireless network sniffer with an ESSID-bruteforcing feature. http://www.securiteam.com/tools/5BP0J2A7FW.html Systrace enforces system call policies for applications by constraining the application's access to the system. http://www.securiteam.com/tools/5FP0D2K7FA.html Touch2 is a utility that modifies the ctime. http://www.securiteam.com/tools/5JP0H2K7FE.html CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
