DAILY BRIEF Number: DOB02-071 Date: 30 May 2002

NEWS

OCIPEP Issues Advisory - Buffer Overflow Vulnerability
OCIPEP has issued Advisory AV02-027 to bring attention to a remotely
exploitable buffer overflow in Macromedia JRun 3.0 and 3.1, earlier reported
by CERT/CC. The vulnerability can permit remote execution of arbitrary code
on a system with system privileges.

Comment: The OCIPEP Advisory AV02-027 can be found at:
http://www.ocipep-bpiepc.gc.ca/emergencies/advisories/AV02-027_e.html

Hacker Group Attempts DDoS against NATO
A group calling itself "Stop the NATO" launched a distributed
denial-of-service (DDoS) attack against the main web site of the North
Atlantic Treaty Organization (NATO) on May 28, according to security firm
iDefense. The attack, which coincided with the meeting of NATO leaders at an
air force base near Rome, Italy, had not had much effect as of mid-day
Wednesday. iDefense believed that very few people had downloaded the Flash
tool available on the Stop the NATO web site, and that because the tool was
single-threaded, a large number of participants would have to join the
"Netstrike Against NATO" campaign for it to disrupt normal operations.
(Source: iDefense, 29 May 2002)

Comment: OCIPEP has no information indicating that the attack was successful
or resulted in any noticeable degradation of NATO systems





IN BRIEF

Alberta Fire Update
The House River fire burning near the hamlet of Conklin is still out of
control, and strong winds in the forecast are going to make the
firefighters' task even more difficult, according to a wildfire information
officer. People staying in shelters will not be able to return to their
homes for a few days yet. (Source: The Globe and Mail, CBC News, 29 May
2002)
http://www.globeandmail.ca/servlet/RTGAMArticleHTMLTemplate/C/20020529/wfire
y0529?hub=
homeBN&tf=tgam%252Frealtime%252Ffullstory.html&cf=tgam/realtime/config-neutr
al&vg=BigAdVariableGenerator&slug=
wfirey0529&date=20020529&archive=
RTGAM&site=Front&ad_page_name=breakingnews
http://edmonton.cbc.ca/template/servlet/View?filename=ck_5282002

Manitoba Forest Fire Threatens Communities
A forest fire raging in northern Manitoba may have been deliberately set,
according to fire investigators. The fire was burning near two communities,
Powell and Barrows, but as of yesterday the wind was pushing it away from
the residential areas. Some residents of Powell were evacuated from their
homes on Tuesday, and Barrows residents remained on evacuation alert.
(Source: CBC News, 29 May 2002)
http://winnipeg.cbc.ca/template/servlet/View?filename=mb_fires020529

Texas Company Faces Problems with Energy Deregulation
The transfer of customers to new energy service providers caused some
difficulties for the Electric Reliability Council of Texas Inc. (ERCOT),
prompting it to hire an agency to deal with the problems. Following energy
deregulation in Texas, ERCOT became responsible for arranging the supply of
electricity to most of the state through new service providers. The agency
hired, The Feld Group Inc., will oversee the company's systems upgrade.
(Source: Computerworld.com, 27 May 2002)
http://www.computerworld.com/managementtopics/management/outsourcing/story/0
,10801,71495,00.html

Comment: The ERCOT is unique in the North American Electric Reliability
Council (NERC) in that its mandate is limited to one state. This gave ERCOT
an unprecedented opportunity to play a key role in the deregulation of the
electricity market in Texas.

NORAD to Oversee No-Fly Zone for G8 Summit
CF-18 fighter jets, under the command of North American Aerospace Defense
Command (NORAD), will be patrolling the skies over Kananaskis during the
June 26-27 G8 Summit. Security measures at the Summit will be more stringent
than those put in place during the Winter Olympics in Salt Lake City,
according to Major Doug Martin, Deputy Director of Public Affairs at NORAD.
Planes flying over the Summit site will be diverted away from Kananaskis.
(Source: CBC News, 29 May 2002)
http://calgary.cbc.ca/template/servlet/View?filename=jt_5292002

FBI Announces Major Changes in Organization
The FBI will hire hundreds of agents and update its computer systems in
order to adapt to current priorities, particularly the fight against
terrorism. FBI Director Robert Mueller announced on Wednesday the creation
of a new Office of Intelligence that will concern itself with the prevention
of terrorist attacks. Another new division will focus on cyber crime and
include parts of the National Infrastructure Protection Center (NIPC).
(Source: govexec.com, 29 May 2002)
http://www.govexec.com/dailyfed/0502/052902t1.htm

Stolen Cyanide Containers Found in Mexico
A Mexican police officer found 70 of the 96 drums of sodium cyanide that had
been reported missing. The truck carrying them was stolen on May 10, and 20
of the drums were found along with the abandoned truck a week later. State
and local officials have given varying numbers for the drums found, which
indicates that some of the stolen cyanide could still be missing. (Source:
The Nando Times, 29 May 2002)
http://www.nandotimes.com/special_reports/terrorism/investigation/story/4176
58p-3330368c.html





CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information Products

Threats

Trend Micro reports on VBS_PLEXIS.A, which is a nondestructive virus that
infects MS Word and Excel files using MAPI to send e-mail with PE_PLEXIS.A
as an attachment to everyone in the victim's address book.
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_PLEXIS.A


McAfee Security reports on W32/Enemany.b@MM, which is a worm written in
Visual Basic that propagates via MS Outlook e-mail with the subject "Edonkey
Update" and the attachment "Esel_Update.Exe".
http://vil.nai.com/vil/content/v_99509.htm


McAfee Security reports on W32/Enemany.a.intd, which is an intended
mass-mailing worm but messages sent by this worm do not contain the intended
attachment due to a typo in the code. It arrives with the subject "The New
Xerox Update for our WinXP"
http://vil.nai.com/vil/content/v_99508.htm

Vulnerabilities

SecurityFocus reports on a buffer overflow vulnerability in MS Active Data
Objects (ADO). View the "solution" tab for workaround information.
http://online.securityfocus.com/bid/4849/discussion/


SecurityFocus reports on multiple vulnerabilities in MS SQL Server 2000
including heap and stack based buffer overflows and network
denial-of-services attacks. No known patch is available as of yet.
http://online.securityfocus.com/bid/4847/discussion/


SecurityFocus reports on a heap overflow vulnerability in MS IIS 5.0's HTR
ISAPI extension that could result in a denial-of-service or allow a remote
attacker to execute arbitrary instructions on the victim host. No known
patch is available as of yet.
http://online.securityfocus.com/bid/4855/discussion/
http://online.securityfocus.com/bid/4846/discussion/


SecurityFocus reports on a buffer overflow vulnerability in MS Windows
2000's Remote Access Service (RAS). No known patch is available as of yet.
http://online.securityfocus.com/bid/4852/discussion/


SecurityFocus reports on a vulnerability in HTML Help ActiveX control
(Hhctrl.ocx), which ships as part of MS HTML Help and can be used to exploit
denial-of-service attacks and stack and heap based overflow attacks. View
"solution" tab for workaround information.
http://online.securityfocus.com/bid/4857/discussion/


SecurityFocus reports on multiple buffer overflow vulnerabilities in MS
Commerce Server 2000 that could allow a remote attacker to execute arbitrary
attacker-supplied instructions with the privileges of the MS Commerce Server
2000 process. No known patch is available as of yet.
http://online.securityfocus.com/bid/4853/discussion/


SecurityFocus reports on buffer overflow vulnerabilities in Oracle Reports
Server, Oracle Web Cache and Oracle TNSListener that could allow a remote
attacker to execute code on a vulnerable system, access the local system,
and gain the privileges of the relevant process. View the "solution" tab for
workaround information.
http://online.securityfocus.com/bid/4848/discussion/
http://online.securityfocus.com/bid/4856/discussion/
http://online.securityfocus.com/bid/4845/discussion/


SecurityFocus reports on a format string vulnerability in Oracle Application
Server that could allow a remote attacker to write data to arbitrary
addresses in memory, and to potentially execute arbitrary code. No known
patch is available as of yet.
http://online.securityfocus.com/bid/4844/discussion/


SecurityFocus reports on a vulnerability in phpBB2 that could allow a remote
attacker to inject script code into forum messages. phpBB versions prior to
the phpBB2 series may also be affected. View the "solution" tab for upgrade
information.
http://online.securityfocus.com/bid/4858/discussion/


SecurityFocus provides a report on a vulnerability in Novell Netware 5.0
that could allow a remote attacker to discover the location of the webroot.
Follow link for solution.
http://online.securityfocus.com/advisories/4157
http://online.securityfocus.com/advisories/4158


SecurityFocus reports on a stack-based overflow vulnerability in Sun
Microsystems' iPlanet Webserver that could allow a remote attacker to
execute arbitrary code on, and gain control of, iPlanet hosts. Sending data
not specially constructed to execute code could cause the server to crash.
No known patch is available as of yet.
http://online.securityfocus.com/bid/4851/discussion/


SecurityFocus reports on a buffer overflow vulnerability in Ipswitch WS_FTP
Pro for MS Windows. No known patch is available as of yet.
http://online.securityfocus.com/bid/4850/discussion/


SecurityFocus provides a report on a buffer overflow vulnerability in the
SuSE tcpdump program that could lead to a root compromise of the vulnerable
system. Follow link for upgrade information.
http://online.securityfocus.com/advisories/4156


SecurityFocus provides a report on a vulnerability in Linux-Mandrake
fetchmail prior to v5.9.10 that could allow a malicious server to make the
fetchmail process write data outside of the array bounds. Follow link for
upgrade information.
http://online.securityfocus.com/advisories/4153


SecurityFocus reports on a vulnerability in Opera 6.01/6.02 related to the
handling of the 'file' HTML input-type that could allow a malicious attacker
to obtain arbitrary files from client systems. View the "solution" tab for
upgrade information.
http://online.securityfocus.com/bid/4834/discussion/


SecurityFocus reports on buffer overflow vulnerabilities in the AMANDA
amcheck component and amindexd daemon that could allow a local attacker to
execute arbitrary instructions as root. View the "solution" tab for upgrade
information.
http://online.securityfocus.com/bid/4840/discussion/
http://online.securityfocus.com/bid/4836/discussion/


SecurityFocus reports on a vulnerability in Falcon Web Server for MS
Windows, which may disclose known password protected files that reside on
the webserver to unauthorized users. No known patch is available as of yet.
http://online.securityfocus.com/bid/4833/discussion/


SecurityFocus provides a report on a vulnerability in the OpenServer 5.0.5
OpenServer 5.0.6 sort and scoadmin commands, which creates and uses
temporary files insecurely allowing names to be predicted and spoofed with
symbolic links. Follow link for upgrade information.
http://online.securityfocus.com/advisories/4154
http://online.securityfocus.com/advisories/4155


SecurityFocus reports on a vulnerability in Transoft Broker, which is an FTP
server for Windows, that could allow FTP users to cause the host to stop
responding. No known patch is available as of yet.
http://online.securityfocus.com/bid/4864/discussion/


SecurityFocus reports on a buffer overflow vulnerability in DataWizard FtpXQ
that could result in a denial-of-service. It may also be possible for
attackers to execute arbitrary code on target servers. No known patch is
available as of yet.
http://online.securityfocus.com/bid/4862/discussion/


SecurityFocus reports on multiple buffer overflow vulnerabilities in
Tomahawk Technologies Inc.'s SteelArrow Web Application Server that could
allow a remote attacker to execute arbitrary code on a target host. No known
patch is available as of yet.
http://online.securityfocus.com/bid/4860/discussion/


SecurityFocus reports on a vulnerability in WoltLab Burning Board that makes
it possible to hijack an account that has not yet been activated. View the
"solution" tab for workaround information.
http://online.securityfocus.com/bid/4859/discussion/

Tools
There are no updates to report at this time.



CONTACT US

For additions to, or removals from the distribution list for this product,
or to report a change in contact information, please send to:
Email: [EMAIL PROTECTED]

For urgent matters or to report any incidents, please contact OCIPEPís
Emergency Operations Centre at:

Phone: (613) 991-7000
Fax: (613) 996-0995
Secure Fax: (613) 991-7094
Email: [EMAIL PROTECTED]

For general information, please contact OCIPEPís Communications Division at:

Phone: (613) 991-7035 or 1-800-830-3118
Fax: (613) 998-9589
Email: [EMAIL PROTECTED]
Web Site: www.ocipep-bpiepc.gc.ca

Disclaimer
The information in the OCIPEP Daily Brief has been drawn from a variety of
external sources. Although OCIPEP makes reasonable efforts to ensure the
accuracy, currency and reliability of the content, OCIPEP does not offer any
guarantee in that regard. The links provided are solely for the convenience
of OCIPEP Daily Brief users. OCIPEP is not responsible for the information
found through these links.







IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk


Reply via email to