OCIPEP DAILY BRIEF Number: DOB02-174 Date: 28 October 2002


OCIPEP issues Advisory AV02-046
On 25 October 2002, OCIPEP issued Advisory AV02-046, subsequent to
CERT/CC's report of a new remote buffer overflow in the Kerboros
Administration Daemon. The remote vulnerability could result in the
execution of arbitrary code or commands. It is recommended that users
contact the vendor of the affected software for patches and updates.

OCIPEP Comment: The latest OCIPEP Advisories can be viewed at:

Amtrak increases security
U.S. passenger railroad operator Amtrak has increased security of its
trains and stations following last week's FBI warning about possible
terrorist attacks on trains. The increase in security measures, however,
should not be evident to passengers, according to Amtrak President David
Gunn. (Source: abcnews.go.com, 25 October 2002)
Click here for the source article

OCIPEP Comment: As reported in OCIPEP Daily Brief DOB02-173 released 25
October 2002, in response to the threat of terrorist activity, U.S.
officials had begun implementing additional protective measures
including increased presence of law enforcement officers, increased
surveillance of critical areas and improved physical protections. OCIPEP
has no information on specific threats to Canadian critical

West Nile virus detected in U.K.
In the U.K., the Guardian reports this morning that scientists may have
recently found traces of the virus in dead birds. If confirmed, this
would constitute the first occurrence of the West Nile virus in that
country. (Source: guardian.co.uk, 28 October 2002)
Click here for the source article

OCIPEP Comment: There have been two confirmed West Nile virus deaths in
Canada, while at least 188 people have died in the U.S. to date.
According to reports, meteorologists are predicting a mild winter and
possibly a warm wet spring, conditions that will allow mosquitoes to
thrive next year, increasing the chances that the virus could spread to
most provinces.



APEC leaders unite to fight terrorism 
On Sunday, as the Asia-Pacific Economic Cooperation (APEC) forum in
Mexico concluded, APEC leaders endorsed a declaration made by their
senior ministers who said that "terrorism in all its forms is a threat
to economic stability in APEC as well as a threat to regional peace and
stability." (Source: economist.com, 28 October 2002)
Click here for the source article

Europe cleans up after windstorm 
A powerful windstorm struck Britain and northwestern Europe on 27
October, bringing with it gusts of up to 150 km/hr, which uprooted trees
and cancelled air, sea and rail travel. Officials said buildings
sustained structural damage. The storm also blew down power lines,
knocking out electricity to thousands of people in England and Wales.
Air France and British Airways cancelled dozens of flights, while ferry
trips to the European mainland were cancelled. Officials in the U.K.
estimate the damage could total up to $150 million. (Source: cbc.ca, 28
October 2002)
Click here for the source article

Series of earthquakes awaken Sicily's Mount Etna
As many as 200 small earthquakes hit the region of Catania, with the
strongest registered at a magnitude of 4.2 on the Richter scale. As a
result, after months of tranquility, Mount Etna erupted spewing lava and
ashes, igniting fires in forests nearby. (Source: reuters.com, 28
October, 2002)

See: What's New for the latest Alerts, Advisories and Information

See : News - OCIPEP issues Advisory AV02-046


Central Command reports on BDS/Nethief.XP.C, which is a Trojan horse
that could allow someone with malicious intent backdoor access to a
computer. If executed, it adds the file "IExplorer.exe" to the
\windows\%syste% directory and stays resident in memory. It arrives with
the subject line "Iraqi FM: US Wants Change in International Law,
Subordinate World to US Hegemony" and the attachment "IExplorer.exe".

Central Command reports on Worm/FriendGreet, which is a worm that
arrives in a user inbox as an electronic greeting card from
"http://www.friendgreetings.com"; with the subject line "<RECIPIENT> you
have an E-Card from <SENDER>". If a user clicks on the URL provided, the
page is loaded and the user is prompted to download and run an
msi-installer and to accept 2 separate End User License Agreements
(EULA). If the user agrees, the program will install itself as the
program "Friend Greetings.msi" or "Friend%20Greetings.msi" and then send
itself out to all contacts in the user's address book.


SecuriTeam reports on a remotely exploitable denial-of-service
vulnerability in IBM Infoprint Remote Management. No known patch is
available at this time.

SecuriTeam reports on a locally exploitable privilege escalation
vulnerability in Norton Antivirus Corporate Edition that could allow an
attacker to run winhlp32 in context of local system. Follow the link for
patch information.


New ypserv packages are now available for Red Hat Linux 7.x and 6.2.

Additional vulnerabilities were reported in the following products:

gBook 1.4 administrative access vulnerability. (SecurityFocus)

AOL Instant Messenger (multiple versions) file execution vulnerability.

Gentoo Linux xfree package shared memory exploit. (Gentoo Linux)

NetBSD trek(6) buffer overrun vulnerability. (NetBSD)

Zope insecure XML-RPC exception handling vulnerability. (Zope Collectors

SCO OpenLinux ethereal multiple packet handling vulnerabilities. (Santa
Cruz Operation)

Mandrake Linux mod_ssl cross-site scripting vulnerability. (Mandrake

Mandrake Linux kdegraphics package buffer overflow vulnerabilty.

Linksys WET11 denial-of-service vulnerability. (SecuriTeam)

vpopmail CGIApps arbitrary command execution vulnerability (vadddomain,
vpasswd). (SecuriTeam)

Mojo Mail Sign-Up Form cross-site scripting vulnerability. (SecuriTeam)

SolarWinds TFTP Server directory traversal vulnerability. (SecuriTeam)

BRS WebWeaver Web Server 1.01 protected file access vulnerability.

BadBlue Web Server 1.7 protected file access vulnerability. (SecuriTeam)

Liteserve Web Server 2.0 authorization bypass vulnerability.

TFTP Server 2002 Standard Edition 5.0.55 denial-of-service
vulnerability. (SecuriTeam)


Tunnel Finder is a proxy checker that can display information from a
list of proxies by searching for proxy servers that permit the CONNECT

Opticon Users 2002 is a simple tool to show administrators who is logged
onto the network and from what workstation that user is accessing the
network from.



To add or remove a name from the distribution list, or to modify
existing contact information, e-mail: [EMAIL PROTECTED]

For urgent matters or to report any incidents, please contact OCIPEP's
Emergency Operations Centre at:

Phone: (613) 991-7000
Fax: (613) 996-0995
Secure Fax: (613) 991-7094

For general information, please contact OCIPEP's Communications Division

Phone: (613) 944-4875 or 1-800-830-3118
Fax: (613) 998-9589
Web Site: www.ocipep-bpiepc.gc.ca

The information in the OCIPEP Daily Brief has been drawn from a variety
of external sources. Although OCIPEP makes reasonable efforts to ensure
the accuracy, currency and reliability of the content, OCIPEP does not
offer any guarantee in that regard. The links provided are solely for
the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible
for the information found through these links. 

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to