DAILY BRIEF Number: DOB02-042 Date: 18 April 2002 NEWS
OCIPEP Issues Advisory - New Variant of Klez.A OCIPEP issued Advisory AV02-020 to bring attention to a new version of the worm W32.Klez.A@mm, which was first discovered on 25 October 2001. This new variant of Klez is currently spreading through Europe and the U.S. Comment: For more information, go to: http://www.ocipep-bpiepc.gc.ca/emergencies/advisories/AV02-020_e.html Canada Opts Out of American Plan to Defend Continent The Canadian government has announced that, for the moment, it will not join the U.S.-led North American defence plan and will remain responsible for its own defence. U.S. Defense Secretary Donald Rumsfeld announced yesterday the creation of a new military zone stretching from the Canadian Arctic to southern Mexico. Senior Canadian and U.S. military officials have been putting pressure on the Canadian government to join the "Northern Command". Foreign Affairs Minister Bill Graham, however, has suggested that Canada could join at a later date and that Ottawa is content, for now, to limit its role in continental defence to NORAD. (Source: Globe and Mail, 18 April 2002) http://www.theglobeandmail.com/ Four Canadian Soldiers Killed in Afghanistan A U.S. fighter jet mistakenly bombed Canadian soldiers during a live-fire training exercise in Afghanistan, killing four and wounding eight. (Source: Globe and Mail, 18 April 2002) http://www.theglobeandmail.com/ IN BRIEF Bush Warns of More Terror Attacks While addressing military cadets, President Bush predicted that there will be an increase in terrorist activity as bin Laden's network tries to regroup and strike again. (Source: NanadoTimes, 17 April 2002) http://www.nandotimes.com/ One Alert System Seen As Ineffective A commentary by ZDNet argues that no single alerting system, such as the one recently unveiled by the Office of Homeland Security, is up to the task of describing the myriad of different cyber threats. (Source: ZDNet, 17 April 2002) http://zdnet.com.com/ Survival in an Insecure World David A. Fisher, a researcher with the Computer Emergency Response Team (CERT) at Carnegie Mellon University, has developed Easel, a new computer language that allows the simulation of unbounded systems "even when given incomplete information about their state." The aim is to develop infrastructure systems that continue to perform in the face of cyber attacks. (Source: Scientific American, Issue: May 2002) http://www.scientificamerican.com/ Businesses First Line of Defence in Battling Cybercrime The head of a U.S. government task force has called on U.S. companies to act as the first line of defence against cyber terrorists and criminals, by investing heavily in the protection of their computer networks. (Source: Jacksonville.com, 17 April 2002) http://www.jacksonville.com/ CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Trendmicro provides a report on WORM_KLEZ.G, which is a modified variant of the worm WORM_KLEZ.G. It uses SMTP to propagate via email and is capable of spreading via shared drives/folders with read/write access. The subject line and body of the email may be randomly composed. The email receiver does not need to open the attachment for it to execute due to a known vulnerability in Internet Explorer-based email. http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.G Comment: OCIPEP has released Advisory AV02-020 regarding Klez.H and Klez.G. Please see the News section or go to: http://www.ocipep-bpiepc.gc.ca/emergencies/advisories/AV02-020_e.html Vulnerabilities SecurityFocus reports on a vulnerability in StepWeb Search Engine (SWS). A remote attacker could guess the location of the admin web page and gain access to admin functions thus enabling the addition of arbitrary search entries or access to search logs. No patch is available as of yet. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4503 SecurityFocus reports on a vulnerability in SunShop that allows remote attackers to embed arbitrary script code into form fields. This may enable a remote attacker to perform actions as the administrative user of the shopping cart. View the "solutions" tab for patch information. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4506 SecurityFocus reports on a vulnerability in Melange Chat System that could allow a local attacker to initiate a buffer overflow. View the "solutions" tab for patch information. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4509 SecurityFocus reports on a vulnerability in ICQ. If a remote user attempts to access a malformed .hpf file (a file specific to ICQ that is created when a new user registers), ICQ will crash. No patch is available as of yet. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4514 SecurityFocus reports on a vulnerability in Burning Board. A remote attacker could create a malicious link capable of causing actions to be performed on behalf of a user visiting the link. Other web forum software, such as phpBB, may also be affected by this vulnerability. No patch is available as of yet. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4512 SecurityFocus reports on a vulnerability in some versions of Internet Explorer. It is possible to remotely inject JavaScript code into the browser history list and execute it within any page context, given appropriate user interaction. No patch is available as of yet. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4505 SecurityFocus reports on a vulnerability in Nortel CX 1800 Multi-Service Access Switch, which may allow a remote attacker to gain access to sensitive information such as authentication credentials for local accounts on the device and network infrastructure. View the "solutions" tab for a workaround. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4507 SecurityFocus reports on a vulnerability in Webalizer, which contains a remote buffer overflow condition. A malicious DNS server could exploit this condition if reverse DNS lookups are enabled. View the "solutions" tab for a workaround. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4504 SecurityFocus provides a report on a vulnerability in Cisco products installed on MS operating systems using IIS. It allows an attacker to execute arbitrary code or perform a denial-of-service against the server. No patch is available as of yet. http://online.securityfocus.com/advisories/4036 This advisory is available at: http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018. shtml SecurityFocus provides a report on a Cross Site Scripting (CSS) issue in Horde and IMP. This was fixed upstream in Horde version 1.2.8 and IMP version 2.2.8. Follow link for details. http://online.securityfocus.com/advisories/4037 SecurityFocus provides a report on two related problems with syncache. Both involve issues with pointers, which would cause a machine to crash. Follow link for a workaround. http://online.securityfocus.com/advisories/403 9 SecurityFocus provides a report on a security issue that was recently found and fixed in Squid-2.X releases. Follow link for upgrade info. http://online.securityfocus.com/advisories/4040 SecurityFocus provides a report on IRIX cron daemon that uses predictably named temporary files that could lead to a root exploit. These vulnerabilities may be not exploited by a remote user as a local account is required. Follow link for upgrade info. http://online.securityfocus.com/advisories/4041 Tools No updates to report at this time. CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7066 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk