DAILY BRIEF Number: DOB02-116 Date: 2 August 2002 NEWS
http://www.ocipep.gc.ca/DOB/DOB02-116_e.html OCIPEP Issues Advisory - Trojan Horse In OpenSSH Distribution On 1 August 2002, OCIPEP released Advisory AV02-039 to bring attention to a Trojan Horse in OpenSSH distribution. The Trojan can allow a remote attacker to gain unauthorized remote access. Comment: OCIPEP reported this exploit in yesterday's Daily Brief, DOB02-115. Ontario Will Spend $9 Million To Control West Nile Virus The Ontario government will distribute $9 million to boards of health throughout the province to fight the propagation of the West Nile (WN) virus by mosquitos. Although no Canadians have been diagnosed with the disease in Canada, Environment Canada officials stated that the record breaking high temperatures represent optimal conditions for the virus to spread. Most of the money will be invested in mosquito control and a smaller portion of the budget will be allocated for surveillance and public education. (Source: CTV News, 1 August 2002) Click here for the source article Comment: Authorities on the West Nile virus state that personal prevention, such as using insect repellant, is the most effective way to avoid contracting the disease. Attempting to prevent the spread of the disease by controlling the mosquito population through "fogging" is viewed as relatively inefficient. Ontario Electricity: Record Breaking Demand The ongoing heat wave across the province pushed the Ontario's electricity system to the limit yesterday. The extra demand for power, mainly from air conditioners, is roughly equivalent to adding another city of Toronto to the province's power grid. (Source: thestar.com, 2 August, 2002) Click here for the source article Comment: This situation demonstrates the potential for the natural environment to impact critical infrastructure. Last month, high temperatures brought about increased demand for power in Ontario and prompted a warning from Ontario's electricity distributor that residents should consider cutting back on consumption to reduce the load on the system. Ontario Energy Minister Chris Stockwell downplayed reports of possible brownouts if electricity use was not curtailed. See: http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/20020702/heat_electricity_02 0702/ IN BRIEF Quebec And Newfoundland: Groundwork For New Hydro Deal Premiers of Quebec and Newfoundland have laid the groundwork for a new deal to build a 2000 megawatt hydroelectric project at Gull Island on the Lower Churchill River in Labrador. (Source: globeandmail.com, 1 August 2002) Click here for the source article Pentagon: Hamas Experimenting with Chemical Weapons The Pentagon has determined that the Hamas terrorist organization has been conducting research in the use of chemical weapons for suicide bombers. (Source: World Tribune.com, 31 August 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Sophos reports on Troj/Tobizan-A, which is a Trojan horse that creates a copy of itself named kernel32.exe in the Windows system folder and allows a remote attacker to communicate with and control the compromised computer using IRC. http://sophos.com/virusinfo/analyses/trojtobizana.html Sophos reports on W32/Surnova-B, which is a worm that propagates via the KaZaA network and the MSN instant messenger. http://sophos.com/virusinfo/analyses/w32surnovab.html Symantec reports on W32.Parol@mm, which is a worm written in Visual Basic that propagates via Outlook e-mail. It arrives with the subject line "I LIVE or Hello Hello Hello" and the attachment "Par.exe" http:[EMAIL PROTECTED] Vulnerabilities Georgi Guninski reports on a remotely exploitable vulnerability in MS Internet Explorer 6.0, MS Office Web Components 9 and 10 and MS Office XP OWC that could cause an almost arbitrary file to be written to a client system. Follow the link for a workaround. http://www.guninski.com/iexla.html SecurityFocus provides a report on a remotely exploitable buffer overflow vulnerability in MS Windows Media Player XP, 6.3, 6.4, 7.0 and 7.1. View the "Solution" tab for patch information. http://online.securityfocus.com/bid/5357/discussion/ CERT/CC provides a report on a remotely exploitable buffer overflow vulnerability in Multiple Vendors' versions of Sun RPC xdr_array that could allow an attacker to execute arbitrary code on target hosts with root privileges. Follow the link for upgrade information. http://www.kb.cert.org/vuls/id/192995 SecurityFocus provides a report on two locally exploitable SuSE product vulnerabilities: the first is in mod_ssl and it results in a denial-of-service and remote code execution as the webserver user. The second vulnerability is in mm and it results in privilege escalation as root. Follow the link for upgrade information. http://online.securityfocus.com/advisories/4326 Additional vulnerabilities were reported in the following products: IPSwitch IMail Web Calendaring (multiple versions) denial-of-service vulnerability (SecurityFocus). http://online.securityfocus.com/bid/5365/discussion/ Synthetic Reality Sympoll 1.2 file disclosure vulnerability (SecurityFocus). http://online.securityfocus.com/bid/5360/discussion/ ncompress 4.2.4 and earlier buffer overflow vulnerability (CERT/CC). http://www.kb.cert.org/vuls/id/176363 Tools There are no new updates to report at this time. CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
