OCIPEP DAILY BRIEF Number: DOB02-174 Date: 28 October 2002 http://www.ocipep.gc.ca/DOB/DOB02-174_e.html NEWS
OCIPEP issues Advisory AV02-046 On 25 October 2002, OCIPEP issued Advisory AV02-046, subsequent to CERT/CC's report of a new remote buffer overflow in the Kerboros Administration Daemon. The remote vulnerability could result in the execution of arbitrary code or commands. It is recommended that users contact the vendor of the affected software for patches and updates. OCIPEP Comment: The latest OCIPEP Advisories can be viewed at: http://www.ocipep.gc.ca/home/index_e.html#upd Amtrak increases security U.S. passenger railroad operator Amtrak has increased security of its trains and stations following last week's FBI warning about possible terrorist attacks on trains. The increase in security measures, however, should not be evident to passengers, according to Amtrak President David Gunn. (Source: abcnews.go.com, 25 October 2002) Click here for the source article OCIPEP Comment: As reported in OCIPEP Daily Brief DOB02-173 released 25 October 2002, in response to the threat of terrorist activity, U.S. officials had begun implementing additional protective measures including increased presence of law enforcement officers, increased surveillance of critical areas and improved physical protections. OCIPEP has no information on specific threats to Canadian critical infrastructure. West Nile virus detected in U.K. In the U.K., the Guardian reports this morning that scientists may have recently found traces of the virus in dead birds. If confirmed, this would constitute the first occurrence of the West Nile virus in that country. (Source: guardian.co.uk, 28 October 2002) Click here for the source article OCIPEP Comment: There have been two confirmed West Nile virus deaths in Canada, while at least 188 people have died in the U.S. to date. According to reports, meteorologists are predicting a mild winter and possibly a warm wet spring, conditions that will allow mosquitoes to thrive next year, increasing the chances that the virus could spread to most provinces. IN BRIEF APEC leaders unite to fight terrorism On Sunday, as the Asia-Pacific Economic Cooperation (APEC) forum in Mexico concluded, APEC leaders endorsed a declaration made by their senior ministers who said that "terrorism in all its forms is a threat to economic stability in APEC as well as a threat to regional peace and stability." (Source: economist.com, 28 October 2002) Click here for the source article Europe cleans up after windstorm A powerful windstorm struck Britain and northwestern Europe on 27 October, bringing with it gusts of up to 150 km/hr, which uprooted trees and cancelled air, sea and rail travel. Officials said buildings sustained structural damage. The storm also blew down power lines, knocking out electricity to thousands of people in England and Wales. Air France and British Airways cancelled dozens of flights, while ferry trips to the European mainland were cancelled. Officials in the U.K. estimate the damage could total up to $150 million. (Source: cbc.ca, 28 October 2002) Click here for the source article Series of earthquakes awaken Sicily's Mount Etna As many as 200 small earthquakes hit the region of Catania, with the strongest registered at a magnitude of 4.2 on the Richter scale. As a result, after months of tranquility, Mount Etna erupted spewing lava and ashes, igniting fires in forests nearby. (Source: reuters.com, 28 October, 2002) CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products See : News - OCIPEP issues Advisory AV02-046 Threats Central Command reports on BDS/Nethief.XP.C, which is a Trojan horse that could allow someone with malicious intent backdoor access to a computer. If executed, it adds the file "IExplorer.exe" to the \windows\%syste% directory and stays resident in memory. It arrives with the subject line "Iraqi FM: US Wants Change in International Law, Subordinate World to US Hegemony" and the attachment "IExplorer.exe". http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_ad p.php?p_refno=021024-000012 Central Command reports on Worm/FriendGreet, which is a worm that arrives in a user inbox as an electronic greeting card from "http://www.friendgreetings.com" with the subject line "<RECIPIENT> you have an E-Card from <SENDER>". If a user clicks on the URL provided, the page is loaded and the user is prompted to download and run an msi-installer and to accept 2 separate End User License Agreements (EULA). If the user agrees, the program will install itself as the program "Friend Greetings.msi" or "Friend%20Greetings.msi" and then send itself out to all contacts in the user's address book. http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_ad p.php?p_refno=021025-000010 Vulnerabilities SecuriTeam reports on a remotely exploitable denial-of-service vulnerability in IBM Infoprint Remote Management. No known patch is available at this time. http://www.securiteam.com/securitynews/6K00K1F5QW.html SecuriTeam reports on a locally exploitable privilege escalation vulnerability in Norton Antivirus Corporate Edition that could allow an attacker to run winhlp32 in context of local system. Follow the link for patch information. http://www.securiteam.com/windowsntfocus/6R00S1F5PC.html Patches: New ypserv packages are now available for Red Hat Linux 7.x and 6.2. (SecurityFocus) http://online.securityfocus.com/advisories/4597 Additional vulnerabilities were reported in the following products: gBook 1.4 administrative access vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/6033/discussion/ AOL Instant Messenger (multiple versions) file execution vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/6027/discussion/ Gentoo Linux xfree package shared memory exploit. (Gentoo Linux) http://lists.gentoo.org/pipermail/gentoo-announce/2002-October/000224.ht ml NetBSD trek(6) buffer overrun vulnerability. (NetBSD) ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-025.tx t.asc Zope insecure XML-RPC exception handling vulnerability. (Zope Collectors Site) http://collector.zope.org/Zope/359 SCO OpenLinux ethereal multiple packet handling vulnerabilities. (Santa Cruz Operation) ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-037.0.txt Mandrake Linux mod_ssl cross-site scripting vulnerability. (Mandrake Linux) http://www.mandrakesecure.net/en/advisories/2002/MDKSA-2002-072.php Mandrake Linux kdegraphics package buffer overflow vulnerabilty. http://www.mandrakesecure.net/en/advisories/2002/MDKSA-2002-071.php Linksys WET11 denial-of-service vulnerability. (SecuriTeam) http://www.securiteam.com/securitynews/6L00M1F5PM.html vpopmail CGIApps arbitrary command execution vulnerability (vadddomain, vpasswd). (SecuriTeam) http://www.securiteam.com/unixfocus/6P00Q1F5PC.html Mojo Mail Sign-Up Form cross-site scripting vulnerability. (SecuriTeam) http://www.securiteam.com/unixfocus/6Q00R1F5PY.html SolarWinds TFTP Server directory traversal vulnerability. (SecuriTeam) http://www.securiteam.com/windowsntfocus/6K00L1F5PI.html BRS WebWeaver Web Server 1.01 protected file access vulnerability. (SecuriTeam) http://www.securiteam.com/windowsntfocus/6M00N1F5PK.html BadBlue Web Server 1.7 protected file access vulnerability. (SecuriTeam) http://www.securiteam.com/windowsntfocus/6N00O1F5PQ.html Liteserve Web Server 2.0 authorization bypass vulnerability. (SecuriTeam) http://www.securiteam.com/windowsntfocus/6O00P1F5PU.html TFTP Server 2002 Standard Edition 5.0.55 denial-of-service vulnerability. (SecuriTeam) http://www.securiteam.com/windowsntfocus/6V00N155PI.html Tools Tunnel Finder is a proxy checker that can display information from a list of proxies by searching for proxy servers that permit the CONNECT command. http://packetstormsecurity.nl/filedesc/TunnelFinder.zip.html Opticon Users 2002 is a simple tool to show administrators who is logged onto the network and from what workstation that user is accessing the network from. http://www.securitystorm.net/ CONTACT US To add or remove a name from the distribution list, or to modify existing contact information, e-mail: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP's Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP's Communications Division at: Phone: (613) 944-4875 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk