DAILY BRIEF Number: DOB02-080 Date: 13 June 2002 NEWS
Government Department Equipment Stolen Ottawa Police are investigating a break-in at a Citizenship and Immigration Canada office, in which thieves stole a number of weapons, including pepper spray canisters, batons, body armour and computers. Although the theft comes just days before large crowds of protestors are expected to come to Ottawa to stage protests against the G8 Summit, police had no evidence that the theft might be connected to the Summit. According to an Ottawa police spokesperson, the robbery "looks like a regular break-in" and that will be the focus of the investigation. Stolen computers did not contain sensitive information, according to Immigration officials. (Source: Ottawa Sun, 13 June 2002) http://www.canoe.ca/OttawaNews/os.os-06-13-0013.html Ontario Water Testing Lab Under Investigation An Ontario government investigation indicates that MDS Laboratory Services, a water-testing lab in London, Ontario, has failed to carry out proper tests on the drinking water used by 67 communities in southern Ontario. In cases where results may be doubtful, the government is advising waterworks to send samples to an accredited laboratory "to verify the water quality." A spokesperson for MDS acknowledged that some problems had occurred during the recent Ontario Public Service Employees Union strike, but that "all adverse results have been reported." (Source: CBC News, 13 June 2002) http://www.cbc.ca/stories/2002/06/12/tainted_water020612 IN BRIEF Peaceful Protest at G8 Foreign Ministers Meeting A protest staged in front of the Chateau Whistler, where the G8 foreign ministers were meeting, caused no disruption. Two of the 80 protesters were invited into the hotel to meet with Canadian Foreign Affairs Minister Bill Graham. (Source: CBC News, 13 June 2002) http://vancouver.cbc.ca/template/servlet/View?filename=bc_g8noon020612 Radiation Protection Drug Sales on the Increase Online sales of potassium iodide, a drug that mitigates potential effects from radiation exposures, have increased in the past few days after news of a terrorist plan to build and detonate a "dirty bomb." While the drug may prevent the body from absorbing radioactive iodine, which causes several forms of cancer, it would not protect people from other dangers such as gamma radiation, according to a media report. Sales of fallout shelters have apparently increased as well. (Source: CNet News.com, 12 June 2002) http://news.com.com/2100-1023-935471.html?tag=fd_top CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Symantec reports on Backdoor.FTP_Bmail, which is a Trojan horse that disguises itself as a FTP downloader for e-mail software. http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ftp_bmail.h tml Trend Micro reports on WORM_WORTRON.10B, which is a worm generated by TROJ_WORTRON.10B that propagates via e-mail. http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_WORTRON. 10B Trend Micro reports on TROJ_WORTRON.10B, which is a Trojan horse and Worm Generator that can run on any Windows platform. http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_WORTRON. 10B Vulnerabilities CERT/CC reports on a vulnerability in Novell NetWare 5.1 that could allow a remote attacker to gain access to sensitive information about the server's configuration and passwords. Follow the link for details. http://www.kb.cert.org/vuls/id/159203 CERT/CC reports on remotely exploitable buffer overflow vulnerabilities in America Online's Instant Messenger (AIM) that cause a denial-of-service. Follow the link for details. http://www.kb.cert.org/vuls/id/912659 http://www.kb.cert.org/vuls/id/259435 CERT/CC reports on a vulnerability in Apache Tomcat web server that could allow a remote attacker to gain sensitive information about the server's configuration. Follow the link for details. http://www.kb.cert.org/vuls/id/116963 SecurityFocus reports on a denial-of-service vulnerability in X-Windows. No known patch is available at this time. http://online.securityfocus.com/bid/4966/discussion/ SecurityFocus reports on vulnerabilities in the Seanox DevWex Windows binary version that could allow a remote attacker to view arbitrary web-readable files, to execute arbitrary attacker-supplied instructions with the privileges of the webserver process (normally SYSTEM), or to cause the server to crash. View the "Solution" tab for upgrade information. http://online.securityfocus.com/bid/4978/discussion/ http://online.securityfocus.com/bid/4979/discussion/ SecurityFocus reports on a SQL injection vulnerability in Lokwa BB that could allow a remote attacker to view sensitive information and possibly access and reply to arbitrary private messages. No known patch is available at this time. http://online.securityfocus.com/bid/4981/discussion/ SecurityFocus reports on a vulnerability in W-Agora that could allow a remote attacker to include arbitrary files located on a remote server and to execute arbitrary attacker-supplied code. No known patch is available at this time. http://online.securityfocus.com/bid/4977/discussion/ SecurityFocus reports on SQL injection, cross-site scripting and HTML injection vulnerabilities in MyHelpDesk that could allow a remote attacker to hijack web content or steal cookie-based authentication credentials from legitimate users. No known patch is available at this time. http://online.securityfocus.com/bid/4971/discussion/ http://online.securityfocus.com/bid/4970/discussion/ http://online.securityfocus.com/bid/4967/discussion/ SecurityFocus reports on a vulnerability in ImageFolio Pro prior to v2.27 that could allow a remote attacker to view the full file path (likely containing the web root), which could be used to launch further intelligent attacks against the server. No known patch is available at this time. http://online.securityfocus.com/bid/4976/discussion/ SecurityFocus reports on a vulnerability in AlienForm2 that could allow a remote attacker to access and modify arbitrary files residing on a host. No known patch is available at this time. http://online.securityfocus.com/bid/4983/discussion/ SecurityFocus reports on a vulnerability in the Belkin F5D5230-4 4-Port Cable/DSL Gateway Router that could allow a local attacker undetected access to the internal network. No known patch is available at this time. http://online.securityfocus.com/bid/4982/discussion/ SecurityFocus reports on a vulnerability in LPRng that could allow a remote attacker to submit many print requests to the existing print queue. View the "Solution" tab for upgrade information. http://online.securityfocus.com/bid/4980/discussion/ SecurityFocus reports on a path disclosure vulnerability in ZenTrack. This information may be used by a remote attacker to mount further attacks against a vulnerable system. No known patch is available at this time. http://online.securityfocus.com/bid/4973/discussion/ SecurityFocus reports on script injection and cross-site scripting vulnerabilities in Geeklog that could result in data corruption, disclosure of sensitive information and intrusion into the database server and could allow a remote attacker to steal cookie-based authentication credentials from legitimate users. View the "Solution" tab for patch information. http://online.securityfocus.com/bid/4968/discussion/ http://online.securityfocus.com/bid/4974/discussion/ http://online.securityfocus.com/bid/4969/discussion/ SecurityFocus provides a report on a vulnerability in an untrusted OpenLinux Ghostscript PostScript file that can force the Ghostscript program to execute arbitrary commands. Follow the link for details. http://online.securityfocus.com/advisories/4204 Tools There are no updates to report at this time. CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk