OCIPEP DAILY BRIEF Number: DOB02-146 Date: 17 September 2002

http://www.ocipep.gc.ca/DOB/DOB02-146_e.html

NEWS

Slapper worm continues to spread
The Linux Slapper worm continued to spread quickly over the weekend and into
Monday, with more than 6,700 compromised servers as of early Monday morning. The
worm is creating a peer-to-peer attack network that could eventually be used to
hit other servers, according to Al Huger, an official at security company
Symantec. Huger warns that "with the pipes these (infected servers) are
connected to, this network could easily take a large enterprise off the
Internet." (Source: CNet News.com, 16 September 2002)
Click here for the source article


Comment: For more information on this worm, see OCIPEP Advisory AV02-042.

Pipeline construction plan criticized by NWT government
Imperial Oil's plan to speed up development of a Mackenzie Valley pipeline may
not be realistic, according to the Northwest Territory's minister of economic
development. The plan to have gas flowing by 2007 is a year sooner than previous
estimates and may not provide enough time for the environmental review process,
which is expected to take two to three years to complete. Construction would
take another three years. The company will also need to negotiate revenue
sharing with the Deh Cho First Nations. (Source: CBC News, 16 September 2002)
Click here for the source article


Comment: Two northern pipeline projects are currently at the planning stage: one
from the Alaska gas fields through Yukon down to the U.S. markets and another
running from the Mackenzie Delta to northern Alberta. Media reports have
suggested that U.S. subsidies may speed up the Alaskan project. Background
information on the Mackenzie pipeline project can be viewed at
http://www.aboriginalpipeline.ca/pdfs/MackenzieGasProject.pdf.

Research to protect Canadians in case of CBRN attack
Two 5-year research projects aimed at protecting Canadians in the event of a
chemical, biological or nuclear attack will soon be undertaken by Cangene, a
Winnipeg-based biotechnology company. Research, which is estimated to cost $170
million, will be funded by the federally launched Chemical, Biological,
Radiological or Nuclear Research and Technology Initiative and will be
administered by Defence Research and Development, a National Defence agency.
"These projects are in direct response to the heightened interest in biological
warfare," said Dr. John Langstaff, Cangene president and CEO. The first project
will target creating and manufacturing antibodies which would be needed to treat
the Ebola and Marburg viruses. The second project will study how Leucotropin, a
protein which was developed by the company and used to fight cancer, may also be
effective to treat white-blood cell damage emanating from exposure to radiation.
(Source: globeandmail.ca, 17 September 2002)
Click here for the source article



Securing the power grid
An attack on North America's power grid could have serious consequences for the
entire global economy. One proposed solution is locally generated energy and
decentralized power grids, using renewable sources of energy. This would then be
used to electrolyze water and separate out hydrogen that can be used to power
fuel cells. (Source: globeandmail.com, 16 September 2002)
Click here for the source article

Comment: An economical industrial process for producing hydrogen has not yet
been developed, largely because a suitably low-cost catalyst for the process has
not been discovered.

White House Official Release of the National Strategy to Secure Cyberspace
Richard Clarke, Special Advisor to the President on Cyber Security, will
publicly unveil a draft U.S. National Strategy for Securing Cyberspace on
September 18 at Stanford University in California. The over 2,000-page strategy
is a companion to the National Strategy for Homeland Security that was released
in July by Tom Ridge, Director of the Office of Homeland Security. Among the
speakers participating in the event will be Margaret Purdy, Associate Deputy
Minister for National Defence with responsibility for OCIPEP, who will highlight
the importance of Canada-U.S. critical infrastructure protection cooperation and
the need to address the global dimensions of cyber security.

Comment: The Strategy will be made publicly available on the White House web
site immediately following the public announcement on a feedback link at:
www.securecyberspace.gov. It is portrayed by U.S. officials as a "living
document" to be refined through consultations with the public and the private
sector.

For additional information please see
http://www.computerworld.com/governmenttopics/government/policy/story/0,10801,74
296,00.html





IN BRIEF

Ontario West Nile patient dies
A man infected with the West Nile virus died in Mississauga on September 16,
according to an Ontario Health Ministry official. (Source: thestar.com, 16
September 2002)
Click here for the source article


Canadian customs inspectors should be armed: Union
Members of the Customs Excise Union will again demand that the government allow
customs inspectors to carry firearms. The Union is also stating that many border
points have still not received new equipment designed to detect terrorists and
that they are still short-staffed. (Source: canoe.ca, 16 September 2002)
Click here for the source article


U.S. Congress considers limiting IT vendor liability
The U.S. Congress is considering a proposal that would limit the liability of IT
companies supplying secure systems technology to government offices in the event
that their product fails to stop terrorist attacks on government networks.
(Source: computerworld.com, 16 September 2002)
Click here for the source article





CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information Products

Threats

Central Command reports on Worm/Linux.Slapper, which is a Linux-based worm that
uses the known OpenSSL buffer overflow exploit (August 2002), which allows it to
run a shell on a remote system. It targets vulnerable Apache Web server installs
on Linux operating systems. The versions affected include: Debian, Mandrake,
RedHat, Slackware and SuSE. The worm also contains a backdoor component that can
be used to start up a series of denial-of-service attacks.
http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.php?p_
refno=020916-000006


Comment: For additional information, see: News - Slapper worm continues to
spread


Symantec reports on W32.Efno.Worm, which is a worm written in Visual Basic that
attempts to propagate via KaZaA using the file name "Win XP SP1 cracker.exe.".
When this worm runs, it changes several KaZaA registry keys causing it to be
accessible to other users.
http://securityresponse.symantec.com/avcenter/venc/data/w32.efno.worm.html

Vulnerabilities

CERT/CC reports on a vulnerability in multiple vendors' e-mail content/virus
scanners, which do not adequately check "message/partial" MIME entities
resulting in a failure to detect viruses, malicious code, or other restricted
content. Follow the link for more information.
http://www.kb.cert.org/vuls/id/836088


CERT/CC reports on a vulnerability in Jakarta Tomcat, which serves JSP source
code when supplied malformed HTTP requests. Follow the link for more
information.
http://www.kb.cert.org/vuls/id/208131


CERT/CC reports on a buffer overflow vulnerability in IBM AIX FC that causes the
FC client to crash. Follow the link for more information.
http://www.kb.cert.org/vuls/id/152955


Additional vulnerabilities were reported in the following products:


Trend Micro InterScan VirusWall 3.52 and 3.6 content-encoding and
transfer-encoding bypass vulnerabilities. (SecurityFocus)
http://online.securityfocus.com/bid/5701/discussion/
http://online.securityfocus.com/bid/5697/discussion/


Mac OS X 10.2 (Jaguar) unauthorized access vulnerability. (SecurityFocus)
http://online.securityfocus.com/bid/5705/discussion/


Gabriele Bartolini ht://Check 1.1 script injection vulnerability.
(SecurityFocus)
http://online.securityfocus.com/bid/5699/discussion/


Avaya IP Office 1.0 denial-of-service vulnerability (SecurityFocus)
http://online.securityfocus.com/bid/5704/discussion/


Tolis Group BRU 17.0 Linux XBRU insecure temporary file vulnerability.
(SecurityFocus)
http://online.securityfocus.com/bid/5708/discussion/


Savant Webserver 3.1 and prior denial-of service-vulnerability. (SecurityFocus)
http://online.securityfocus.com/bid/5707/discussion/


Savant Webserver 3.1 and prior denial-of-service and file disclosure
vulnerabilities. (SecurityFocus)
http://online.securityfocus.com/bid/5706/discussion/
http://online.securityfocus.com/bid/5709/discussion/


Altavista BabelFish cross-site scripting vulnerability. (SecuriTeam)
http://www.securiteam.com/securitynews/5DP0B1P8AK.html


Lycos HTMLGear script injection vulnerability. (SecuriTeam)
http://www.securiteam.com/securitynews/5EP0C1P8AK.html


W3C HTML Validator cross-site scripting vulnerability. (SecuriTeam)
http://www.securiteam.com/securitynews/5FP0D1P8AK.html


W3C CSS Validator proxying attack vulnerability. (SecuriTeam)
http://www.securiteam.com/securitynews/5GP0E1P8AK.html


Ssldump Protocol Analyzer buffer overflows vulnerabilities. (Security Tracker)
http://www.infosyssec.com/cgi-bin/link.cgi?target=http://www.infosyssec.com/info
syssec/aaa33.htm


Network Associates WebShield SMTP Virus Scanner can be bypassed with fragmented
'partial' e-mail messages. (Security Tracker)
http://www.infosyssec.com/cgi-bin/link.cgi?target=http://www.infosyssec.com/info
syssec/aaa33.htm

Tools

Nessus 1.2.5 is a free, up-to-date, and full-featured remote security scanner
for Linux, BSD, Solaris and some other systems.
http://www.nessus.org/


Syscall Tracker 0.74 is a very powerful tool for Linux 2.2 and 2.4 which allows
users to write rules to track system calls.
http://syscalltrack.sourceforge.net/


Ssldump 0.9b3 is an SSLv3/TLS network protocol analyzer.
http://www.rtfm.com/ssldump/



CONTACT US

For additions to, or removals from the distribution list for this product, or to
report a change in contact information, please send to:
Email: [EMAIL PROTECTED]

For urgent matters or to report any incidents, please contact OCIPEPís Emergency
Operations Centre at:

Phone: (613) 991-7000
Fax: (613) 996-0995
Secure Fax: (613) 991-7094
Email: [EMAIL PROTECTED]

For general information, please contact OCIPEPís Communications Division at:

Phone: (613) 991-7035 or 1-800-830-3118
Fax: (613) 998-9589
Email: [EMAIL PROTECTED]
Web Site: www.ocipep-bpiepc.gc.ca

Disclaimer
The information in the OCIPEP Daily Brief has been drawn from a variety of
external sources. Although OCIPEP makes reasonable efforts to ensure the
accuracy, currency and reliability of the content, OCIPEP does not offer any
guarantee in that regard. The links provided are solely for the convenience of
OCIPEP Daily Brief users. OCIPEP is not responsible for the information found
through these links.







IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk


Reply via email to