OCIPEP DAILY BRIEF Number: DOB02-076 Date: 6 June 2002 NEWS
OCIPEP Issues Advisory - Yahoo! Messenger Vulnerabilities OCIPEP has issued Advisory AV02-029 concerning multiple vulnerabilities in Yahoo! Messenger version 5,0,0,164 and prior for Microsoft Windows. These vulnerabilities may allow an attacker to execute arbitrary code with the privileges of the user on the victim's system. Comment: Advisory AV02-029 can be viewed at: http://www.ocipep.gc.ca/emergencies/advisories/AV02-029_e.html New Virus Challenges Anti-virus Software Makers Features of a new virus, called Simile.D, can make it difficult for current anti-virus software to detect it, according to anti-virus software maker Symantec. The virus does not cause much harm to infected computers, leaving a message with the author's name and the name of the virus, but its ability to propagate back and forth from Windows to Linux has security experts concerned. Unlike the Klez.H worm, Simile.D has the ability to change its characteristics like a chameleon, making it difficult to detect through its digital fingerprints. More complicated viruses will take longer to detect, and this can bog down a system, according to Jimmy Kuo, a researcher at Network Associates. (Source: zdnet.co.uk, 5 June 2002) http://news.zdnet.co.uk/story/0,,t269-s2111374,00.html IN BRIEF Security Measures for G7 Meeting in Halifax The RCMP and Halifax police are finalizing security details for the June 14-15 meeting of the G7 meeting of finance ministers at the World Trade and Convention Centre. The street in front of the centre will be closed during the meeting, and an area has been designated for protestors. (Source: CBC News, 5 June 2002) http://novascotia.cbc.ca/template/servlet/View?filename=ns_security020605 Better Security Required at Colleges: Richard Clarke In his address at the sixth annual National Colloquium for Computer Security Education at Microsoft's conference center, U.S. Special Advisor to the President for Cyberspace Security Richard Clarke urged computer security and information assurance program directors to focus more on security issues in their curriculum. He stressed that colleges and universities need to develop better security in their own systems to avoid becoming launching pads for attacks against infrastructure companies. (Source: Computerworld.com, 5 June 2002) http://www.computerworld.com/securitytopics/security/story/0,10801,71714,00. html Alberta Fires Costly The cost of fighting the giant House River fire in Alberta has risen to $17 million since it first started on May 17, according to fire information officer Rick Strickland. The daily cost is now about $2.7 million. It is also taking its toll on firefighters, who are exhausted, and are now receiving help from national park rangers, soldiers and volunteer firefighters. (Source: CBC News, 5 June 2002) http://calgary.cbc.ca/template/servlet/View?filename=mo_6052002 Comment: For more information on this incident and others, click the Incident Mapping button at the top of this Daily Brief. Canada's Health System Not Ready for Bioterrorism Canada's public health system is not prepared to detect and stop the spread of epidemics by terrorists, according to Dr. Lou Franscescutti, director of Alberta Centre for Injury Control and Research. He believes that Canada has not invested enough in its public health infrastructure to be able to quickly identify potential epidemics. (Source: Red Deer Advocate, 5 June 2002) http://www.reddeeradvocate.com/editorials/rad318B4.htm No Land Available to G8 Protestors in Calgary The City of Calgary has turned down a request to use municipal land by organizers of a "Solidarity Village", a festival planned to coincide with the G8 Summit. Organizers expressed their disappointment, saying that people need a safe place to "come and voice their opposition to G8." (Source: The Globe and Mail, 6 June 2002) http://www.globeandmail.ca/servlet/GIS.Servlets.HTMLTemplate?tf=tgam/common/ FullStory.html&cf= tgam/common/FullStory.cfg&configFileLoc=tgam/config&vg=BigAdVariableGenerato r&date=20020606&dateOffset= &hub=national&title=national&cache_key=nationalTheNationHeadline¤t_row =30&start_row=30&num_rows=1 Terrorism Exercise Held in Russia An exercise was held at a chemical weapons depot in Russia to practice emergency procedures in the event of a terrorist attack. Focus of the exercise was on co-ordination between law enforcement and medical workers to treat and evacuate residents. (Source: The New York Times, 6 June 2002) http://www.nytimes.com/aponline/international/AP-Russia-Anti-Terrorism-Exerc ise.html CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Symantec reports on WordPro.Spenty, which is a macro virus that infects Lotus Word Pro documents. It replicates only in Chinese versions of Word Pro. http://securityresponse.symantec.com/avcenter/venc/data/wordpro.spenty.html Symantec reports on Backdoor.GSpot, which is a Trojan horse that allows unauthorized access to an infected computer by using the GSpot client program. http://securityresponse.symantec.com/avcenter/venc/data/backdoor.gspot.html Vulnerabilities SecurityFocus reports on vulnerabilities in Teekai's Forum that could allow a remote attacker to gain unauthorized access to sensitive information or manipulate cookie values and authenticate as an arbitrary user. No known patch is available at this time. http://online.securityfocus.com/bid/4926/discussion/ http://online.securityfocus.com/bid/4925/discussion/ SecurityFocus reports on a cross-site scripting vulnerability in Teekai's Tracking Online that could allow a remote attacker to create a malicious link to a vulnerable webpage. No known patch is available at this time. http://online.securityfocus.com/bid/4924/discussion/ SecurityFocus reports on a buffer overflow vulnerability in Twibright Labs' Links that could allow a local attacker to execute arbitrary code as the user running the vulnerable client. At the least, it is possible to cause a denial-of-service. View the "solution" tab for upgrade information. http://online.securityfocus.com/bid/4921/discussion/ SecurityFocus reports on vulnerabilities in QNX ptrace(), pkg-installer, phlocale utility, phgrafx-startup utility, phgrafx utility and the 'su' utility that could allow an unprivileged process to attach to a setuid program without restriction. This could cause buffer overflows or could allow local attackers to execute arbitrary instructions as root, gain root privileges, or obtain sensitive information. View the "solution" tab for workaround information. http://online.securityfocus.com/bid/4919/discussion/ http://online.securityfocus.com/bid/4918/discussion/ http://online.securityfocus.com/bid/4917/discussion/ http://online.securityfocus.com/bid/4916/discussion/ http://online.securityfocus.com/bid/4915/discussion/ http://online.securityfocus.com/bid/4914/discussion/ SecurityFocus reports on a vulnerability in NGPT software for Linux that could allow a local attacker to cause a denial-of-service condition or launch "spoofing" attacks on vulnerable systems. View the "solution" tab for upgrade information. http://online.securityfocus.com/bid/4913/discussion/ SecurityFocus reports on a vulnerability in Working Resources BadBlue for MS Windows that could allow a remote attacker to view the contents of the current directory. View the "solution" tab for upgrade information. http://online.securityfocus.com/bid/4912/discussion/ SecurityFocus reports on a vulnerability in Sun Ray Server Software. When configured with NSCM, it could allow an unauthorized remote attacker to inadvertently gain access as an alternate user. View the "solution" tab for upgrade information. http://online.securityfocus.com/bid/4911/discussion/ SecurityFocus provides a report on a vulnerability in /usr/etc/rpc.passwd that could allow a remote attacker to compromise root. Follow link for solution. http://online.securityfocus.com/advisories/4179 Securiteam reports on a buffer overflow vulnerability in Nullsoft's SHOUTcast that could allow a remote attacker who knows the DJ password to gain unauthorized shell access to the system. Follow link for solution. http://www.securiteam.com/securitynews/5MP071F7FM.html Tools There are no updates to report at this time. CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk