http://www.ocipep.gc.ca/DOB/DOB02-108_e.html
DAILY BRIEF Number: DOB02-108 Date: 23 July 2002 NEWS OCIPEP Issues Advisory - PHP Vulnerability OCIPEP released Advisory AV02-037 today to bring attention to a vulnerability in versions 4.2.0 or 4.2.1 of PHP. PHP is an HTML-based scripting language commonly used by web servers, databases and many other applications. The vulnerability can allow a remote attacker to cause a denial-of-service and possibly execute arbitrary code on the local system. Canada, U.S. Tighten Border Security Canada and the U.S. announced yesterday that they will put in place five new joint security teams to tighten border security. The announcement came at a cross-border crime forum in Banff, Alberta, where 100 law enforcement officials from both sides of the border were meeting, along with U.S. Attorney General John Ashcroft and Canada's Solicitor General Lawrence MacAulay. The Integrated Border Enforcement Teams (IBETs) will operate in Ontario and Quebec, but MacAulay said that the teams can and will move. The multi-agency IBETs are made up of police, customs and immigration officials and work with local, state and provincial law authorities. Although, IBETs were first created in 1996, their development has taken on new urgency following September 11. The federal government has set aside $135 million over five years for a total of 14 teams. (Source: CBC News, 23 July 2002) Click here for the source article Comment: The IBETs created this week cover the areas of Valleyfield, Champlain and the eastern regions of Quebec, as well as the Thousand Islands area in Ontario. Media sources do not disclose information about the number or location of IBETs that existed before yesterday's announcement. U.S. Energy Infrastructure Security Report The United States Energy Association (USEA), an association of energy industry groups, released a report called the "National Energy Security Post 9/11," which examines the vulnerabilities of U.S. energy supply and infrastructure, and makes recommendations for future policy decisions. The report considers the security of exploration, transmission, production, generation, distribution, and storage facilities for petroleum, natural gas, coal, nuclear energy, and electricity. The report also concluded that a single federal agency should administer U.S. energy infrastructure security. Comment: The report does not suggest which single agency should administer U.S. energy infrastructure security. Copies of the report can be viewed at: http://www.usea.org/USEAReport.pdf. Israel Blocks Palestinian Internet Service Provider Israeli Defense Forces (IDF) troops took over the offices of Palnet, the leading Palestinian Internet service provider, shutting down the firm's operations. The move reduced Internet access to a trickle in the West Bank and Gaza. The strike is part of a larger effort by the Israeli military to disable the Palestinians' communications and media infrastructure. The IDF has recently alluded to the ways in which terrorists are using the Internet to plot and plan. In June, the IDF posted to its web site a discussion allegedly taken from the Hamas site in which members debated whether arsenic, rat poison or cyanide would be most effective in killing Americans. (Source: Wired News, 18 July 2002) Click here for the source article Comment: The cessation of Palnet services may lessen the ability of hackers that use Palnet to threaten public and private IT systems viewed as pro-Israeli or based in states that are viewed as pro-Israeli. Alternatively, however, the IDF action may prompt sympathetic attacks on IT systems perceived as pro-Israeli from pro-Palestinian hackers that operate outside Palnet. IN BRIEF National System Sought for U.S. Emergency Preparedness Under President Bush's national strategy for emergency preparedness and response, the proposed Department of Homeland Security would build and oversee a comprehensive national system for incident management, which would clarify the roles of federal, state and local agencies in responding to terrorist attacks or natural disasters. (Source: FCW.COM, 22 July 2002) Click here for the source article Anti-Israeli Hacker Defaces U.S. Army Site An attacker defaced a page on the U.S. Army Research Laboratory's web site Friday with a message criticizing the military organization for supplying weapons to Israel. (Source: Extreme Tech, 29 July 2002) Click here for the source article Broadband Usage to Increase A report by In-Stat says that broadband Internet subscriptions will increase by 16 million in a year, bringing the total number of people in the world with fast Internet access to more than 46 million by the end of the year. (Source: BBC News, 23 July 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Symantec reports on W32.Kitro.E.Worm, which is a worm that inserts a VB Script on the computer and propagates via e-mail and the KaZaA network. It arrives with one of several different subjects and attachments. http://securityresponse.symantec.com/avcenter/venc/data/w32.kitro.e.worm.html Symantec reports on W32.Lavehn.A@mm, which is a worm that propagates via Outlook e-mail and deletes all files on the infected computer with the extensions .xls, .doc, .mdb, .mp3, .rpt, or .dwg. It arrives with the subject line "ADMISION 2003" and the attachment "Unheval.exe". http:[EMAIL PROTECTED] Vulnerabilities See: News - OCIPEP Issues Advisory - PHP Vulnerability SecurityFocus reports on a remotely exploitable information disclosure vulnerability in multiple versions of MS Outlook Express SMTP that could allow a client and server to successfully negotiate an encrypted connection without authentication. No known patch is available at this time. http://online.securityfocus.com/bid/5274/discussion/ SecurityFocus reports on a remotely exploitable vulnerability in MS Outlook Express 5.0, 5.5 and 6.0. No known patch is available at this time. http://online.securityfocus.com/bid/5277/discussion/ CERT/CC reports on a remotely exploitable vulnerability in PHP versions 4.2.0 and 4.2.1 that could result in the execution of arbitrary code. Follow the link for patch information. http://www.kb.cert.org/vuls/id/929115 SecurityFocus reports on a locally exploitable vulnerability in HP Instant Support Enterprise Edition HP-UX 11.0 and 11.11 that could allow unauthorized file access. View the "Solution" tab for patch information. http://online.securityfocus.com/bid/5267/discussion/ SecurityFocus reports on a locally exploitable denial-of-service vulnerability in multiple versions of FreeBSD, NetBSD, OpenBSD and SuSE Linux. No known patch is available at this time. http://online.securityfocus.com/bid/5265/discussion/ SecurityFocus reports on a locally exploitable denial-of-service vulnerability in multiple versions of dump, FreeBSD, NetBSD, OpenBSD and SuSE Linux. No known patch is available at this time. View the "Solution" tab for details. http://online.securityfocus.com/bid/5264/discussion/ SecurityFocus reports on a remotely exploitable vulnerability in multiple versions of Sun Java Web Start JNLP that could allow the execution of arbitrary code. No known patch is available at this time. http://online.securityfocus.com/bid/5263/discussion/ SecurityFocus reports on a remotely exploitable information disclosure vulnerability in Oracle Reports6i 6.0.8.19, 6.0.8 and Oracle9iAS Reports 9.0.2. No known patch is available at this time. http://online.securityfocus.com/bid/5262/discussion/ SecurityFocus reports on a remotely exploitable vulnerability in Trend Micro InterScan VirusWall for Windows NT 3.52 that could allow malicious content to bypass VirusWall and still be interpreted by a client system. View the "Solution" tab for patch information. http://online.securityfocus.com/bid/5259/discussion/ SecurityFocus reports on a remotely exploitable buffer overflow vulnerability in Compaq Tru64 5.0 a, 5.0, 5.1 a and 5.1 SU that could allow an attacker to execute arbitrary instructions as root. No known patch is available at this time. http://online.securityfocus.com/bid/5272/discussion/ SecurityFocus provides a report on a locally exploitable vulnerability in HP Instant Support Enterprise Edition (ISEE) that could allow users to escalate their privileges. Follow the link for patch information. http://online.securityfocus.com/advisories/4296 SecuriTeam reports on multiple remotely exploitable buffer overflow vulnerabilities in the Novell Netmail 3.0.3 IMAPD service that could result in a denial-of-service. Follow the link for upgrade information. http://www.securiteam.com/securitynews/5MP0B207PW.html http://www.securiteam.com/securitynews/5NP0C207PI.html Additional vulnerabilities were reported in the following products: Geeklog 1.3.5 sr1 and 1.3.5 cross-site scripting vulnerabilities (SecurityFocus). http://online.securityfocus.com/bid/5271/discussion/ http://online.securityfocus.com/bid/5270/discussion/ Atrium Software MERCUR Mailserver Control-Service buffer overflow vulnerability (SecurityFocus). http://online.securityfocus.com/bid/5261/discussion/ Adobe eBook Reader for Windows 2.2 privilege escalation vulnerability (SecurityFocus). http://online.securityfocus.com/bid/5273/discussion/ Nullsoft Winamp Skin versions 2.65 thru 2.80 vulnerability (SecurityFocus). http://online.securityfocus.com/bid/5266/discussion/ Tools There are no new updates to report at this time. CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk