OCIPEP DAILY BRIEF Number: DOB02-075 Date: 5 June 2002 NEWS
OCIPEP Issues Advisory - Denial-of-Service Vulnerability OCIPEP has issued Advisory AV02-028 concerning a denial-of-service vulnerability in Domain Name System (DNS) servers running ISC BIND 9 prior to 9.2.1, which allows a remote attacker to shut down the DNS server by sending a specific DNS packet designed to trigger an internal consistency check. This vulnerability, however, does not allow the attacker to execute arbitrary code on the vulnerable system. Comment: Advisory AV02-028 can be found on the OCIPEP web site at: http://www.ocipep.gc.ca/emergencies/advisories/AV02-028_e.html OCIPEP Issues Information Note - Securing Publicly Available Information OCIPEP has released Information Note IN02-005 to assist security professionals in identifying risk management strategies for sensitive information that, if in the public domain, could place critical infrastructure (CI) at greater risk. The note encourages owners and operators of CI to consider certain criteria when deciding whether information should be made available to the public via the Internet or through other means. Comment: Information Note IN02-005 can be found on the OCIPEP web site at: http://www.ocipep.gc.ca/emergencies/info_notes/IN02_005_e.html Anti-terrorist Exercise in Vancouver Vancouver International Airport took part in a security exercise, called "Amalgam Virgo," that simulated the hijacking of two commercial airliners on Tuesday. One aircraft landed in Vancouver, where the RCMP was called in to handle negotiations with hijackers. The other aircraft was diverted to a U.S. Air Force base in Alaska, where FBI agents dealt with that situation. NORAD fighter aircraft from the U.S. and Canada also participated in the exercise. Major Doug Martin, the Canadian Armed Forces spokesperson at NORAD headquarters in Colorado Springs, said the exercise allowed all participants to improve communications with each other. The exercise did not cause any disruption at the airport. The exercise involved about 1,500 personnel, including 200-300 members of the RCMP. (Sources: CBC News, The Globe and Mail, 4 June 2002) http://vancouver.cbc.ca/template/servlet/View?filename=bc_norad020604 http://www.globeandmail.ca/servlet/RTGAMArticleHTMLTemplate/C/20020605/utest ?hub=homeBN&tf= tgam%252Frealtime%252Ffullstory.html&cf=tgam/realtime/config-neutral&vg=BigA dVariableGenerator&slug= utest&date=20020605&archive=RTGAM&site=Front&ad_page_name=breakingnews Comment: An official statement from NORAD on the outcome of the exercise is available at: http://www.norad.mil/statement_amalgam_virgo.htm IN BRIEF Several Boil Order Advisories in Manitoba Still in Effect Nearly 30 communities in Manitoba have been under boil water advisories since the Walkerton incident two years ago. Contamination is mostly due to poorly constructed wells and old-style septic fields on small lots. Some communities will have water pipelines built with the help of a provincial grant. (Source: CBC News, 4 June 2002) http://winnipeg.cbc.ca/template/servlet/View?filename=mb_water020604 Alberta Forest Fire Threatens Additional Communities The House River forest fire in Alberta continues to grow, and the communities of Janvier and Chard have been put on evacuation alert. The fire now covers 2,600 square kilometres. There is no rain in the forecast for the area. (Source: CBC News, 4 June 2002) http://cbc.ca/stories/2002/06/04/fire020604 CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Trend Micro reports on WORM_FRETHEM.B, which is a memory-resident variant of WORM_FRETHEM.A that propagates via e-mail using its own SMTP engine. It arrives with the subject line "Re: Your password!" and the attachment "Your password placed in password.txt yourpassword.exe" http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRETHEM. B Vulnerabilities SecurityFocus reports on a denial-of-service vulnerability in Double Precision Incorporated's Courier MTA for Unix and Linux. View the "solution" tab for upgrade information. http://online.securityfocus.com/bid/4908/discussion/ SecurityFocus provides a report on a vulnerability in Volution Manager that stores the Directory Admin password in clear text. Follow link for solution. http://online.securityfocus.com/advisories/4173 Tools Umpf is a system for managing encrypted files without using encrypted file systems. http://www.s0ftpj.org/ HAP-Linux 2.2.21-1 is a collection of security-related patches designed to be applied after Solar Designers Openwall patches are installed. http://www.TheAIMSGroup.com/~hlein/hap-linux Samhain 1.51a is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. http://samhain.sourceforge.net Openwall Linux kernel patch 2.2.21-ow1 is a collection of security "hardening" features for the Linux kernel. http://www.openwall.com/linux Firestorm 0.4.3 is a high performance network intrusion detection system (NIDS). http://www.scaramanga.co.uk/firestorm OpenSSL 0.9.6d is an Open Source toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide. http://www.openssl.org/ Ettercap 0.6.6.6 is a network sniffer/interceptor/logger for switched LANs. http://ettercap.sourceforge.net Sendmail 8.12.4 is a Unix Mail Transfer Agent, a program that moves mail from one machine to another. http://www.sendmail.org Linux Port/Socket Pseudo ACLs 2.2.21-14 project is a patch to the Linux kernel that allows the admin to delegate privileges for some protected network resources to non-root users. http://original.killa.net/infosec/acls Dnshijacker v1.2 is a libnet/libpcap based packet sniffer & dns spoofer. http://pedram.redhive.com/projects.php Airsnort 0.2.1 is a tool for wireless LANs that recovers encryption keys by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. http://airsnort.shmoo.com Nessus 1.2.1 is a free, up-to-date and full-featured remote security scanner for Linux, BSD, Solaris and other systems. http://www.nessus.org THC-Hydra 1.6 is a parallel login hacker. http://www.thehackerschoice.com CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
