[AusNOG] AusCERT Week in Review - Week Ending 12/05/2006

matthew at auscert.org.au matthew at auscert.org.au
Fri May 12 17:32:57 EST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

The following is a summary of what we have pushed to our subscribers for
the past week.

I hope this is of some use.  As usual - feedback appreciated and thanks
for the feedback given so far.

Best regards,

- -- Matthew McGlashan --
Coordination Centre Team Leader             | Hotline: +61 7 3365 4417
Australian Computer Emergency Response Team | Direct:  +61 7 3365 7924
(AusCERT)                                   | Fax:     +61 7 3365 7031
The University of Queensland                | WWW:     www.auscert.org.au
Qld 4072 Australia                          | Email: auscert at auscert.org.au

AusCERT Week in Review
12 May 2006


Papers, Articles and other documents:
- -------------------------------------


Alerts, Advisories and Updates:
- -------------------------------
Title: AL-2006.0039 -- [OSX] -- APPLE-SA-2006-05-11 Security Update 2006-003 
Date:  12 May 2006
URL:   http://www.auscert.org.au/6300

Title: AA-2006.0029 -- [Win][OSX] -- Dreamweaver generated websites - server
       behaviour SQL injection vulnerabilities 
Date:  11 May 2006
URL:   http://www.auscert.org.au/6295

Title: AA-2006.0028 -- [Win] -- Novell Client for Windows 2000/XP/2003 buffer
       overflow vulnerability in DPRPCW32.DLL 
Date:  10 May 2006
URL:   http://www.auscert.org.au/6293

Title: AU-2006.0014 -- AusCERT Update - [Win] - MS06-018 MSDTC vulnerability
       impact is denial of service 
Date:  10 May 2006
URL:   http://www.auscert.org.au/6292

Title: AL-2006.0038 -- [Win] -- MS06-020 - Vulnerabilities in Macromedia Flash
       Player from Adobe Could Allow Remote Code Execution 
Date:  10 May 2006
URL:   http://www.auscert.org.au/6286

Title: AL-2006.0037 -- [Win] -- MS06-019 - Vulnerability in Microsoft Exchange
       Could Allow Remote Code Execution 
Date:  10 May 2006
URL:   http://www.auscert.org.au/6285

Title: AL-2006.0036 -- [Win][UNIX/Linux][Mac] -- Sophos multiple desktop and
       gateway AV products vulnerable to remote code execution scanning CAB
       files 
Date:  09 May 2006
URL:   http://www.auscert.org.au/6280

Title: AA-2006.0027 -- [UNIX/Linux] -- rsync 2.6.8 release fixes buffer
       overflow in extended attribute support 
Date:  08 May 2006
URL:   http://www.auscert.org.au/6276

Title: AA-2006.0026 -- [Win][UNIX/Linux] -- AWStats vulnerability allows
       remote execution of arbitrary commands 
Date:  08 May 2006
URL:   http://www.auscert.org.au/6273

Title: AL-2006.0035 -- [Win][UNIX/Linux] -- PHP release fixes multiple
       vulnerabilities 
Date:  08 May 2006
URL:   http://www.auscert.org.au/6272


External Security Bulletins:
- ----------------------------
Title: ESB-2006.0336 -- [Win] -- Verisign i-Nav ActiveX Control Code Execution
       Vulnerability 
Date:  12 May 2006
OS:    Windows
URL:   http://www.auscert.org.au/6301

Title: ESB-2006.0335 -- [Win][OSX] -- QuickTime 7.1 update fixes multiple
       buffer overflow vulnerabilities 
Date:  12 May 2006
OS:    Windows 2000, Windows XP, Mac OS X 
URL:   http://www.auscert.org.au/6299

Title: ESB-2006.0334 -- [Debian] -- New Mozilla Firefox packages fix arbitrary
       code execution 
Date:  11 May 2006
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/6296

Title: ESB-2006.0333 -- [Cisco] -- AVS TCP Relay Vulnerability 
Date:  11 May 2006
OS:    Cisco Products 
URL:   http://www.auscert.org.au/6294

Title: ESB-2006.0332 -- [Debian] -- New TIFF packages fix denial of service
       and arbitrary code execution 
Date:  10 May 2006
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/6291

Title: ESB-2006.0331 -- [Debian] -- New Mozilla packages fix arbitrary code
       execution 
Date:  10 May 2006
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/6290

Title: ESB-2006.0330 -- [Win][UNIX/Linux] -- Moderate: ruby security update 
Date:  10 May 2006
OS:    UNIX Variants, Windows
URL:   http://www.auscert.org.au/6289

Title: ESB-2006.0329 -- [UNIX/Linux][RedHat] -- Important: libtiff security
       update 
Date:  10 May 2006
OS:    UNIX Variants
URL:   http://www.auscert.org.au/6288

Title: ESB-2006.0328 -- [Win] -- MS06-018 - Vulnerability in Microsoft
       Distributed Transaction Coordinator Could Allow Denial of Service 
Date:  10 May 2006
OS:    Windows XP, Windows 2000, Windows 2003 
URL:   http://www.auscert.org.au/6287

Title: ESB-2006.0327 -- [Solaris] -- A Security Vulnerability in the "libike"
       Library May Potentially Cause a Denial of Service to the in.iked(1M)
       Daemon 
Date:  09 May 2006
OS:    Solaris 
URL:   http://www.auscert.org.au/6284

Title: ESB-2006.0326 -- [z/OS] -- Computer Associates multiple z/OS products
       CAIRIM LMP SVC vulnerability 
Date:  09 May 2006
URL:   http://www.auscert.org.au/6283

Title: ESB-2006.0325 -- [Win] -- Cisco Secure ACS for Windows - Administrator
       Password Disclosure 
Date:  09 May 2006
OS:    Windows 2003, Windows 2000, Windows XP 
URL:   http://www.auscert.org.au/6279

Title: ESB-2006.0324 -- [Cisco] -- PIX/ASA/FWSM Websense/N2H2 Content Filter
       Bypass 
Date:  09 May 2006
OS:    Cisco Products 
URL:   http://www.auscert.org.au/6278

Title: ESB-2006.0323 -- [Win][Linux][Solaris] -- Symantec Scan Engine fails to
       properly perform authentication 
Date:  08 May 2006
OS:    Windows 2003, Windows 2000, Linux, Solaris
URL:   http://www.auscert.org.au/6277

Title: ESB-2006.0322 -- [UNIX/Linux][Debian] -- New cgiirc packages fix
       arbitrary code execution 
Date:  08 May 2006
OS:    UNIX Variants
URL:   http://www.auscert.org.au/6275

Title: ESB-2006.0321 -- [UNIX/Linux] -- Nagios 2.3 released fixing CGI remote
       buffer overflow 
Date:  08 May 2006
OS:    UNIX Variants
URL:   http://www.auscert.org.au/6274

Title: ESB-2006.0320 -- [Solaris] -- Security Vulnerability in the Xorg(1)
       Version of the Render Extension 
Date:  08 May 2006
OS:    Solaris 
URL:   http://www.auscert.org.au/6271

Title: ESB-2006.0287 -- [SCO] -- GhostScript Insecure Temporary File Creation
       Vulnerability 
Date:  11 May 2006
URL:   http://www.auscert.org.au/6228


===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRGQ6KSh9+71yA2DNAQKUewP/X3czoxRl0BHBjxPN9S5miyIiwb00m8Ij
7OgZHdKDkww5ESr1YrOjaXdEeUST1F/JcCyPvP/aBuvv5lOhcAlgIFrTJrucCXbn
jxx29hrlH3+AJ180HvgUFLf/zPw5Cb0Uzb/aZQIE9FFpyVeBKEBumVNuUTzS57mG
lr/GChSB/Ds=
=PVJ6
-----END PGP SIGNATURE-----

More information about the AusNOG mailing list