DAILY BRIEF Number: DOB02-111 Date: 26 July 2002 http://www.ocipep.gc.ca/DOB/DOB02-111_e.html
NEWS The Case for Mass Smallpox Vaccination A recent study in the U.S. suggesting that mass vaccination is the most efficient method of eradication, cited in OCIPEP Daily Brief DOB02-102 of 15 July 2002, is now available on line at Click here for the source article NIPC and State CIOs to Share Threat Information The National Association of State Chief Information Officers signed an agreement with the National Infrastructure Protection Center (NIPC) that will allow states to receive alerts on threats to their infrastructure. States are forming an Interstate Information Sharing and Analysis Center (Interstate ISAC) as a secure means of disseminating "information and intelligence on threats and vulnerabilities." (Source: FCW.COM, 25 July 2002) Click here for the source article Comment: OCIPEP shares cyber threat and vulnerability information with provincial CIOs. IN BRIEF Caisse Telecom Exposure Risks Pensions, Stocks The Caisse de dépôt et placement du Québec, Quebec's public pension fund and Canada's biggest stockholder, is massively exposed to the troubled telecommunications and media sectors, and faces major losses on its European cable television investments. (Source: globeandmail.com, 26 July 2002) Click here for the source article A Third More Forest Fires Caused by People Alberta fire information officer Rhonda King said Thursday that the number of wildfires sparked by humans this year has jumped by a third, while the amount of land charred has quadrupled. (Source: Calgary Herald, 26 July 2002) Click here for the source article Canadians Use Internet for Government, News Information More than half the people who used the Internet from home last year were looking for news sites or government information, says Statistics Canada. (Source: cnews, 25 July 2002) Click here for the source article Major Gas Discovery in BC Talisman Energy Inc. has made a major natural gas discovery in northeastern British Columbia that confirms that the Western Canadian basin still holds promise for substantial petroleum deposits. (Source: globeandmail.com, 26 July 2002) Click here for the source article War Games Prepare U.S. for Future Battle Earlier this week, the U.S. military launched a massive series of war games, designed to simulate a worldwide crisis five years from now. The exercise is said to be the largest, most complex military exercise ever conducted. (Source: NATIONAL POST, 25 July 2002) Click here for the source article Yale Accuses Princeton of Hacking Yale University complained to the FBI on Thursday that admissions officials at Princeton improperly entered a Yale web site that was set up for prospective students. (Source: YAHOO!News, 25 July 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Symantec reports on VBS.Zevach, which is a VB script Trojan horse that creates more than 300 copies of itself in the root folder of the C drive. It attempts to open two browser windows to display two images from a web site. http://securityresponse.symantec.com/avcenter/venc/data/vbs.zevach.html Symantec reports on Trojan.Beway, which is a Trojan horse that attempts to stop the processes of many other programs and to download a copy of the backdoor Trojan program Backdoor.Subseven. http://securityresponse.symantec.com/avcenter/venc/data/trojan.beway.html Trend Micro reports on WORM_MANYMIZE.A, which is a worm that propagates via e-mail. It arrives with varying subject lines and usually arrives with the attachments "MI2.EXE", "MI2.CHM", "MI2.HTM" and "MI2.WMV". http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MANYMIZE.A Vulnerabilities A cumulative patch for MS Windows Media Player 6.4, 7.1 and Windows Media Player for Windows XP has been re-issued because a file was inadvertently omitted from the original patch that was issued on 26 June 2002. The patch has been repackaged to include all of the fixes. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bull etin/MS02-032.asp A cumulative patch has been issued to fix a buffer overrun and an SQL injection vulnerability in MS SQL Server 2000 Service Pack 2 and MS Desktop Engine (MSDE) 2000. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bull etin/ms02-038.asp Microsoft TechNet reports on a remotely exploitable authentication vulnerability in Microsoft Metadirectory Services 2.2 that could allow an unauthorized attacker to escalate his privileges. Follow the link for patch information. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bull etin/MS02-036.asp Microsoft TechNet reports on a remotely exploitable buffer overrun vulnerability in MS Exchange 5.5 that could allow an attacker to execute arbitrary code. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bull etin/ms02-037.asp Microsoft TechNet reports on remotely exploitable denial-of-service vulnerability and two buffer overrun vulnerabilities in SQL Server 2000 Resolution Service that could allow an attacker to run code in the security context of the SQL Server service. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bull etin/ms02-039.asp SecurityFocus reports on a remotely exploitable vulnerability in MS Internet Explorer version 5.0 thru 6.0 and Opera web browser version 6.01 (various platforms) that could result in the disclosure of arbitrary local files to a remote server. No known patch is available at this time. http://online.securityfocus.com/bid/5290/discussion/ Comment: Microsoft does not consider this to be a vulnerability, but a malicious web site could use this to obtain an arbitrary file from a vulnerable machine. The attacker would likely have to know the name of the file to do it; however, it is not usually difficult to guess, and password files have standard names/locations. CERT/CC reports on a remotely exploitable vulnerability in MS Windows 98, NT, 2000, or XP DNS resolvers, which accepts responses from non-queried DNS servers by default and could allow for domain information spoofing or DNS cache poisoning. Follow the link for more information. http://www.kb.cert.org/vuls/id/458659 EnGarde Secure Linux reports on a remotely exploitable buffer overflow vulnerability in EnGarde Secure Linux BIND4-derived resolver libraries that could allow an attacker to execute arbitrary code or cause a denial-of-service. Follow the link for upgrade information. http://www.linuxsecurity.com/advisories/other_advisory-2207.html SecuriTeam reports on a remotely exploitable buffer overflow vulnerability in GroupWise 6.0.1 Service Pack 1 on a Novell NetWare 5.1 Support Pack 3 that crashes the machine and could be exploitable. Follow the link for patch information. http://www.securiteam.com/securitynews/5VP0P1F7PU.html Additional vulnerabilities were reported in the following products: SmartMax MailMax 4.8 Popmax buffer overflow vulnerability (SecurityFocus). http://online.securityfocus.com/bid/5285/discussion/ Van Dyke Technologies SecureCRT 3.4- 3.4.5 and 4.0 buffer overflow vulnerability (SecurityFocus). http://online.securityfocus.com/bid/5287/discussion/ Daniel Barron DansGuardian 2 2.2.4 - 2 2.2.10 vulnerability (SecurityFocus). http://online.securityfocus.com/bid/5291/discussion/ Tools There are no new updates to report at this time. CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk