OCIPEP DAILY BRIEF Number: DOB02-082 Date: 14 June 2002 NEWS
OCIPEP Issues Advisory - New Worm-Frethem.E OCIPEP has issued Advisory AV02-031 concerning a variant of the Frethem worm that is spreading in the wild. Frethem.E contains its own SMTP engine and mails copies of itself to addresses in the Microsoft Windows address book and Outlook Express mail storage files. Comment: Advisory AV02-031 can be viewed at: http://www.ocipep-bpiepc.gc.ca/emergencies/advisories_e.html Explosion at U.S. Consulate in Pakistan Eight people were killed and 40 others wounded when a suspected suicide car bomber detonated an explosion outside the U.S. Consulate in Karachi. As well, the powerful explosion destroyed a boundary wall, shattered windows and left a large crater outside the building. All of the dead were Pakistani and most casualties were sustained by individuals on motorcycles and in cars near the site of the explosion. Eleven French nationals and three Pakistanis were killed last month by a car bomb in Karachi, and Pakistani police suspect that the bombing was carried out in response to Pakistan's decision to ally itself with the U.S.-led war on terrorism. (Source: CNN, 14 June 2002) http://edition.cnn.com/2002/WORLD/asiapcf/south/06/14/karachi.blast/index.html Report: Canada Put At Risk by U.S. Ties The Canadian Security Intelligence Service (CSIS) report to Parliament yesterday noted that Canada's military alliance, proximity and close relationship with the U.S. "put Canada at risk of being targeted directly or indirectly by a terrorist network." The report stated that Canada could become a potential staging ground for terrorist attacks. (Source: Globe and Mail, 13 June 2002) http://www.theglobeandmail.com/servlet/GIS.Servlets.HTMLTemplate?tf=tgam/search/tgam/SearchFullStory .html&cf= tgam/search/tgam/SearchFullStory.cfg&configFileLoc=tgam/config&encoded_keywords=CSIS&option=&start_r ow= 1¤t_row=1&start_row_offset1=&num_rows=1&search_results_start=1 Comment: The complete CSIS report can be viewed: http://www.csis-scrs.gc.ca/eng/publicrp/pub2001_e.html Border Security Bypassed by G8 Protestors Activists have provided instructions on a web site that could assist individuals to transport gas masks, pepper spray and handcuffs across the border, without having to carry them across in person. American activists are urging protestors to mail items to Canada rather than risk having them confiscated by border security. (Source: Calgary Herald, 14 June 2002) http://www.canada.com/calgary/ Canadian Border Guards Receive Radiation Detectors In an effort to stem the transportation of radiological materials across the U.S.-Canadian border, all 3,600 Canadian customs officials will be outfitted with sophisticated Geiger counters. This equipment will alert officials to the presence of radiological materials that could be used in the fabrication of so called "dirty bombs". (Source: National Post, 13 June 2002) http://www.canada.com/news/story.asp?id={2D938AA2-4D07-40E0-B3D2-6946128C850B} IN BRIEF Microsoft Issues Patches Four recently discovered security vulnerabilities prompted Microsoft Corporation to issue three security bulletins on June 12. One of the vulnerabilities, affecting Windows NT, Windows 2000 and Windows XP, was rated as "critical." (Source: Microsoft, 13 June 2002) Comment: The three bulletins can be viewed at: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-029.asp http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-028.asp http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-030.asp Flooding in Southeast Manitoba Heavy rain has caused severe flooding in the southeast portion of Manitoba. Approximately 240 millimetres of rain has fallen since June 10, causing the worst flooding this area has seen in 45 years. Several communities have declared a state of emergency, and several roads and highways have been closed. Comment: For updates on this incident and others, click on the Incident Mapping button at the top of the Daily Brief. CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Symantec reports on Backdoor.Crat, which is a Trojan horse written in Delphi and compressed with Ezip. http://securityresponse.symantec.com/avcenter/venc/data/backdoor.crat.html McAfee Security reports on W32/Perrun, which is an appending JPEG infecting virus. http://vil.nai.com/vil/content/v_99522.htm Vulnerabilities Securiteam reports on buffer overflow vulnerabilities in the Oracle Net Listener and Report Server that could allow a remote attacker to gain complete control of a machine running the Oracle 9i Database. Follow the link for details. http://www.securiteam.com/securitynews/5OP0E0U7FI.html http://www.securiteam.com/securitynews/5PP0F0U7FA.html CERT/CC reports on a cross-site scripting vulnerability in Snitz Forums 2000 that could allow a remote attacker to execute arbitrary commands with the privileges and identity of other users of the Snitz Forums installation. http://www.kb.cert.org/vuls/id/132011 CERT/CC reports on a vulnerability in Lotus Domino Web server that could allow a remote attacker to discover limited information about the numbering of the Domino server's network. http://www.kb.cert.org/vuls/id/133771 SecurityFocus reports on a heap overflow vulnerability in Caldera OpenServer that could allow a local attacker to execute arbitrary code and gain elevated privileges. No known patch is available at this time. http://online.securityfocus.com/bid/4985/discussion/ SecurityFocus reports on vulnerabilities in csNews for Unix, Linux variants and Windows that could allow a remote attacker to access sensitive files, potentially exposing database authentication credentials and other sensitive information. Users with "public" access to the system may also be able to view and modify some admin pages. No known patch is available at this time. http://online.securityfocus.com/bid/4991/discussion/ http://online.securityfocus.com/bid/4994/discussion/ http://online.securityfocus.com/bid/4993/discussion/ SecurityFocus reports on a vulnerability in mmftpd for Linux that could allow a remote attacker to execute arbitrary code. View the "Solution" tab for upgrade information. http://online.securityfocus.com/bid/4990/discussion/ SecurityFocus reports on a vulnerability in the Linksys EtherFast 1.42.7 router, which does not respect existing rules that deny remote administration of the router. View the "Solution" tab for workaround information. http://online.securityfocus.com/bid/4987/discussion/ SecurityFocus reports on a vulnerability in rhmask that could allow a local attacker to cause system files to be overwritten. No known patch is available at this time. http://online.securityfocus.com/bid/4984/discussion/ SecurityFocus reports on a vulnerability in BBGallery prior to v1.1.0 that could allow a remote attacker to inject arbitrary script code in BBGallery images. View the "Solution" tab for upgrade information. http://online.securityfocus.com/bid/4992/discussion/ Tools There are no updates to report at this time. CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
