OCIPEP DAILY BRIEF Number: DOB02-093 Date: 2 July 2002 http://www.ocipep.gc.ca/DOB/DOB02-093_e.html
NEWS New OCIPEP Advisory - DNS Applications OCIPEP issued Advisory AV02-034 concerning a buffer overflow vulnerability in resolver libraries that support Domain Name System (DNS) applications. Software from multiple UNIX, Linux and BSD vendors is vulnerable. Microsoft does not use the libraries and, therefore, is not vulnerable. Comment: Advisory AV02-034 can be viewed at http://www.ocipep.gc.ca/emergencies/advisories/AV02-034_e.html Increased Concerns over Terrorist Attacks in U.S. Intelligence gathered in recent weeks indicates that the al-Qaeda terrorist network may be planning to strike against the U.S. some time this summer, according to a U.S. media report. The current increased level of "chatter" by suspected al-Qaeda operatives, the report states, is similar to the way it was prior to the September 11 attacks. The Bush administration, however, had no plans to revise the homeland security alert status for the fourth of July celebrations. Administration officials stressed that there was no credible information about threats to the nation and the alert status would remain at the "yellow" (elevated) level. (Source: CNN.com, 1 July 2002) Click here for the source article IN BRIEF Saskatchewan Fire Update The massive forest fire near Prince Albert, Saskatchewan continued to burn out of control yesterday, but firefighters were confident that it could be kept out of the city of almost 40,000. Progress was made in battling the blaze over the weekend, and a timely rainfall on Sunday allowed fire crews to gain some ground. About 800 residents who were forced to leave their homes were allowed to return on Monday afternoon. (Source: Regina Leader-Post, 2 July 2002) Click here for the source article Apache Worm a Low Threat: Symantec A worm designed to exploit a vulnerability in computers running the FreeBSD operating system, an open-source variant of UNIX, and the Apache Web software, has not been as active as first anticipated, according to anti-virus experts. Anti-virus company Symantec rated the worm, dubbed FreeBSD.Scalper.Worm, as a low Internet threat. (Source: ZDNET.co.uk, 2 July 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats MicroLink Data reports on a new Apache worm (+Trojan) in the wild. Follow the link for details. http://dammit.lt/apache-worm/ Symantec reports on W32.Hokilo.irc, which is a worm that propagates via mIRC and does not contain a damaging payload. It could arrive as a file named "Worldcup.txt.shs". http://securityresponse.symantec.com/avcenter/venc/data/w32.hokilo.irc.html Symantec reports on W32.Bajar.Worm.Int, which is a worm that attempts to propagate via Outlook e-mail but fails to do so due to a programming bug. http://securityresponse.symantec.com/avcenter/venc/data/w32.bajar.worm.int.html Symantec reports on Backdoor.Anakha, which is a Trojan horse that allows a hacker to use IRC and TCP/UDP ports to take control of the system. http://securityresponse.symantec.com/avcenter/venc/data/backdoor.anakha.html Symantec reports on Backdoor.GRM, which is a Trojan horse that allows unauthorized remote access to an infected computer. http://securityresponse.symantec.com/avcenter/venc/data/backdoor.grm.html Computer Associates reports on Win32.Kowbot.13, which is an IRC controlled Trojan horse that allows unauthorized remote access to an infected computer. It can also exhibit worm like functionality. http://www3.ca.com/virus/virus.asp?ID=12436 Vulnerabilities CERT/CC reports on a denial-of-service vulnerability in multiple Cisco networking products. Follow the link for patch information. http://www.kb.cert.org/vuls/id/290140 SecurityFocus reports on a remote information disclosure vulnerability in MS Windows Media Player 6.4, 7.1, or Media Player for Windows XP that could also allow for the execution of arbitrary code on the targeted system. View the "Solution" tab for patch information. http://www.microsoft.com/technet/security/bulletin/ms02-032.asp SecurityFocus reports on a remote buffer overflow vulnerability in MS Commerce Server 2000 OWC package installer that could result in a denial-of-service or the execution of arbitrary code in the context of the LocalSystem. View the "Solution" tab for workaround information. http://online.securityfocus.com/bid/5108/discussion/ SecurityFocus reports on remote a buffer overflow vulnerability in versions of libc used by some operating systems (especially FreeBSD, NetBSD and OpenBSD) that could result in the execution of arbitrary code as the vulnerable process. View the "Solution" tab for workaround information. http://online.securityfocus.com/bid/5100/discussion/ SecuriTeam reports on a remote vulnerability in the Japanese version of VeriSign provided seals that could allow an attacker to create a false authenticity seal without it being issued by VeriSign. http://www.securiteam.com/securitynews/5IP0Q2A7FK.html SecurityFocus reports on a remote format string vulnerability in the Deception Finger Daemon (decfingerd) 0.7 that could allow for the execution of arbitrary instructions with the privileges of the decfingerd process (normally root). No known patch is available at this time. http://online.securityfocus.com/bid/5105/discussion/ Tools OpenSSH 3.4p1 is a Linux/portable port of OpenBSD's OpenSSH. http://www.openssh.com/ CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP�s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP�s Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
