DAILY BRIEF Number: DOB02-159 Date: 04 October 2002 http://www.ocipep.gc.ca/DOB/DOB02-159_e.html NEWS
West Nile virus approaching B.C.? The report of a dead raven infected with the West Nile virus in Washington State has prompted B.C. health officials to speculate that the virus may spread to their province within weeks. The infected bird, the first known carrier of the disease in the Pacific Northwest, was found in the northeast corner of the state, just south of B.C.'s Trail-Castlegar area. (Source: www.cbc.ca, 3 October 2002) Click here for the source article Comment: To date, there have been no reported cases of West Nile virus in either Alberta or British Columbia. Report questions Ontario water safety - Correction The OCIPEP Daily Brief DOB02-154 released on 27 September 2002 incorrectly reported that since the Walkerton incident, no new provincial legislation has been enacted to ensure the quality and safety of water supply. However, Ontario's Nutrient Management Act, which was passed on 27 June 2002, enhances the protection of Ontario's water resources by minimizing the effects of agricultural practices on the environment, especially as they relate to land-applied materials containing nutrients. As well, Environment Minister Chris Stockwell plans to introduce a Safe Drinking Water Act as part of the Ontario government's response to the Walkerton Inquiry recommendations. http://www.gov.on.ca/OMAFRA/english/agops/ http://www.ene.gov.on.ca/envision/news/2002/082002a.htm Bugbear becomes top virus In just a few days, the Bugbear worm has become the most serious threat to the Internet in months, according to anti-virus companies. On Wednesday, Symantec upgraded Bugbear's rating to 4 out of a possible 5. Meanwhile, infections by another prevalent worm, Klez, have dropped sharply because users are updating their anti-virus software to counter Bugbear. (Source: zdnet.com, 3 October 2002) Click here for the source article Comment: Reports indicate that one of the signs of the virus is that the size of the attachment is always 50,688 bytes. EPA drops chemical security effort The Bush administration has abandoned efforts to impose tough new security regulations on the chemical industry to protect against possible terrorist attacks. The EPA's Homeland Security strategy, released on 2 October 2002, downplayed chemical security initiatives, which had previously been high on their agenda. The decision marks a victory for major chemical manufacturers who have argued they can improve security without regulatory intervention. Questions had been raised about whether the EPA could invoke the Clean Air Act to impose anti-terrorism standards on chemical plants. (Source: www.pittsburghlive.com, 3 October, 2002) Click here for the source article Comment : As reported in OCIPEP Daily Brief DOB02-158 , released 3 October 2002, the EPA's Homeland Security strategy stated that the agency would provide technical support and "will work with the states, tribes, and other partners to enhance security in the chemical and oil industry" to ensure that environmental threat monitoring information and technologies are available. Several environmental groups took the EPA to task for not pursuing new regulations to require security plants to more closely scrutinize their vulnerabilities and to improve security. IN BRIEF Microsoft issues security bulletins Four new security bulletins were issued late Wednesday by Microsoft Corporation, to warn about newly discovered vulnerabilities in Windows operating system and SQL Server database software. (Source: CNet News.com, 3 October 2002) Click here for the source article Comment: The latest Microsoft security bulletins can be found at: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/current.asp Commercial satellite security should be more fully addressed: Report The GAO has issued a report which addresses the extent to which the federal government is reliant upon commercial satellites and the vulnerabilities associated with satellite technology. The report concludes that federal agencies risk losing needed capabilities in the event of the exploitation of satellite system vulnerabilities, and also recommends that the government consider recognizing the satellite industry as either a new infrastructure or part of an existing infrastructure. (Source: GAO, 30 August, 2002) http://www.gao.gov/new.items/d02781.pdf State Department website defaced The U.S. State Department website was defaced Wednesday, forcing the department to close the site. The site was still out of order on Thursday. A spokesperson for the department said no sensitive or classified information was compromised. (Source: CNet news.com, 3 October 2002) Click here for the source article U.S. plans a system to detect bioattack The U.S. Centers for Disease Control (CDC) announced on Wednesday that they are planning to put in place a national early warning system, which will be aimed at detecting bioterror attacks. Pioneered at Harvard, the system will review thousands of diagnoses on a daily basis, detecting strange patterns that may indicate signs of anthrax, smallpox or other disease epidemics. CDC will be committing US$1.2 million to a trial of the computerized surveillance network. (Source: boston.com, 3 October 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Central Command reports on BDS/Sporkbot, which is a Trojan horse that could allow an attacker to have backdoor access to a computer. If executed, the Trojan adds the file "Wintwdmu.exe" to the \windows\%system%\ directory. http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_ad p.php?p_refno=021002-000022 Symantec reports on W32.HLLP.Flate.D, which is a variant of W32.HLLP.Flate. It is a prepender virus that is written in C# and which infects only .NET executable files. The virus functions only if the .NET Framework is installed. http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.flate.d .html Vulnerabilities Microsoft reports on a remotely exploitable vulnerability in the MS Windows 98 with Plus! Pack, Windows Me, or Windows XP file decompression functions that could allow code execution. Follow the link for patch information. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/bulletin/MS02-054.asp Microsoft reports on a remotely exploitable vulnerability in the Windows (multiple versions) Help Facility that could allow an attacker to run code in the security context of the user. Follow the link for patch information. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/bulletin/MS02-055.asp Microsoft reports on a remotely exploitable buffer overflow and denial-of-service vulnerability in services for Unix 3.0 Interix SDK that could allow code execution. Follow the link for patch information. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/bulletin/MS02-057.asp SecurityFocus reports on a remotely exploitable vulnerability in MS Internet Explorer (multiple versions) that could allow an attacker to execute script code in the context of other domains/security Zones. View the "Solution" tab for workaround information. http://online.securityfocus.com/bid/5841/discussion/ SecurityFocus reports on a remotely exploitable directory disclosure vulnerability in Apache Tomcat 3.2-3.2.4 Mod_JK /Mod_JServ. View the "Solution" tab for workaround information. http://online.securityfocus.com/bid/5838/discussion/ SecuriTeam reports on a remotely exploitable cross-site scripting vulnerability in Apache 2.0 prior to 2.0.43. Follow the link for patch information. http://www.securiteam.com/unixfocus/6O0020K5PE.html SecuriTeam reports on a locally exploitable buffer overflow vulnerability in MySQL for Win32 that could allow an attacker to execute code in the context of the SYSTEM account if MySQL is running as an NT Service (which is the default). Follow the link for patch information. http://www.securiteam.com/windowsntfocus/6P0030K5PS.html CERT/CC reports on a remotely exploitable vulnerability in MS SmartHTML interpreter (shtml.dll) that could allow a remote attacker to disrupt the normal operation of the web server or execute arbitrary code with system privileges. Follow the link for patch information. http://www.kb.cert.org/vuls/id/723537 CERT/CC reports on a remotely exploitable buffer overflow vulnerability in MS Internet Explorer 4.01 and 5 SetupCtl 1.0 Type Library that could allow an attacker to execute arbitrary commands http://www.kb.cert.org/vuls/id/40813 Patches: A cumulative patch that includes the functionality of all previously released patches for SQL Server 7.0, SQL Server 2000, and Microsoft Data Engine (MSDE) 1.0, Microsoft Desktop Engine (MSDE) 2000, as well as four new vulnerabilities, is now available. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/bulletin/MS02-056.asp EnGarde Secure Linux GNU libc (glibc) packages are now available http://online.securityfocus.com/advisories/4519 Additional vulnerabilities were reported in the following products: Bugzilla SQL injection, arbitrary command execution and privilege elevation vulnerabilities. (SecurityFocus) http://online.securityfocus.com/bid/5842/discussion/ http://online.securityfocus.com/bid/5844/discussion/ http://online.securityfocus.com/bid/5843/discussion/ Ghost View (GV) (multiple versions) GZip Archive command execution vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5840/discussion/ BEA WebLogic Server and Express (multiple versions) inadvertent security removal vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5846/discussion/ HP-UX LDAP-UX Integration B.03.00 and B.02.00 Pam-Authz privilege escalation vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5839/discussion/ Multiple vendor Zip utility code execution vulnerability. (SecurityFocus) http://online.securityfocus.com/advisories/4517 GENTOO LINUX python 2.2.1-r4 and earlier arbitrary code execution vulnerability. (SecurityFocus) http://online.securityfocus.com/advisories/4521 Net-SNMP 5.0.1, 5.0.3 and 5.0.4.pre2 denial-of-service vulnerability. (SecuriTeam) http://www.securiteam.com/unixfocus/6N0010K5PQ.html SuperScout Web Reports Server vulnerabilities. (SecuriTeam) http://www.securiteam.com/windowsntfocus/6X0010U5PO.html Tools There are no new updates to report at this time. CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP's Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP's Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk