[AusNOG] AusCERT Week in Review - Week Ending 13/10/2006
matthew at auscert.org.au
matthew at auscert.org.au
Mon Oct 16 17:22:37 EST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings AusNOG,
AusCERT's week-in-review for last week.
Best regards,
- -- Matthew McGlashan --
Coordination Centre Team Leader | Hotline: +61 7 3365 4417
Australian Computer Emergency Response Team | Direct: +61 7 3365 7924
(AusCERT) | Fax: +61 7 3365 7031
The University of Queensland | WWW: www.auscert.org.au
Qld 4072 Australia | Email: auscert at auscert.org.au
Alerts, Advisories and Updates:
- -------------------------------
Title: AA-2006.0082 -- [Win][UNIX/Linux] -- Multiple vulnerabilties in phpBB
and components
Date: 13 October 2006
URL: http://www.auscert.org.au/6871
Title: AU-2006.0037 -- AusCERT Update - [Win] - End of Life for Windows XP
Service Pack 1
Date: 11 October 2006
URL: http://www.auscert.org.au/6858
Title: AA-2006.0081 -- [Win] -- Microsoft Security Bulletin MS06-065:
Vulnerability in Windows Object Packager Could Allow Remote Execution
Date: 11 October 2006
URL: http://www.auscert.org.au/6857
Title: AA-2006.0080 -- [Win] -- Microsoft Security Bulletin MS06-064:
Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service
Date: 11 October 2006
URL: http://www.auscert.org.au/6856
Title: AA-2006.0079 -- [Win] -- Microsoft Security Bulletin MS06-063:
Vulnerability in Server Service Could Allow Denial of Service
Date: 11 October 2006
URL: http://www.auscert.org.au/6855
Title: AL-2006.0093 -- [Win][Mac][OSX] -- Microsoft Security Bulletin
MS06-062: Vulnerabilities in Microsoft Office Could Allow Remote Code
Execution
Date: 11 October 2006
URL: http://www.auscert.org.au/6853
Title: AL-2006.0092 -- [Win] -- Microsoft Security Bulletin MS06-061:
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code
Execution
Date: 11 October 2006
URL: http://www.auscert.org.au/6852
Title: AL-2006.0090 -- [Win][Mac][OSX] -- Microsoft Security Bulletin
MS06-059: Vulnerabilities in Microsoft Excel Could Allow Remote Code
Execution
Date: 11 October 2006
URL: http://www.auscert.org.au/6850
Title: AA-2006.0050 -- [Win] -- End of Life for Windows XP Service Pack 1
Date: 11 October 2006
URL: http://www.auscert.org.au/6495
Title: AL-2006.0094 -- [Win] -- BrightStor ARCserve Backup and CA Protection
Suite r2 remote administrator compromise
Date: 11 October 2006
URL: http://www.auscert.org.au/6859
Title: AL-2006.0091 -- [Win][Mac][OSX] -- Microsoft Security Bulletin
MS06-060: Vulnerabilities in Microsoft Word Could Allow Remote Code
Execution
Date: 11 October 2006
URL: http://www.auscert.org.au/6851
Title: AL-2006.0089 -- [Win][Mac][OSX] -- Microsoft Security Bulletin
MS06-058: Vulnerabilities in Microsoft PowerPoint Could Allow Remote
Code Execution
Date: 11 October 2006
URL: http://www.auscert.org.au/6849
Title: AL-2006.0088 -- [Win] -- Microsoft Security Bulletin MS06-057:
Vulnerability in Windows Explorer Could Allow Remote Execution
Date: 11 October 2006
URL: http://www.auscert.org.au/6847
Title: AL-2006.0087 -- [Win] -- Microsoft October security bulletins
pre-release announcement
Date: 10 October 2006
URL: http://www.auscert.org.au/6845
Title: AL-2006.0086 -- [Win][UNIX/Linux] -- OpenVPN vulnerability allows
execution of arbitrary code
Date: 09 October 2006
URL: http://www.auscert.org.au/6836
External Security Bulletins:
- ----------------------------
Title: ESB-2005.0994 -- [HP-UX] -- SSRT4728 rev.2 - HP-UX running TCP/IP
Remote Denial of Service (DoS)
Date: 11 October 2006
OS: HP-UX
URL: http://www.auscert.org.au/5848
Title: ESB-2006.0761 -- [Solaris] -- Security Vulnerabilities in the Apache
1.3 Web Server "mod_rewrite" and "mod_imap" Modules
Date: 13 October 2006
OS: Solaris
URL: http://www.auscert.org.au/6870
Title: ESB-2006.0760 -- [Win][Linux] -- HP Version Control Agent, Remote
Unauthorized Access and Possible Elevation of Privilege
Date: 13 October 2006
OS: Windows 98/98SE, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Windows ME
URL: http://www.auscert.org.au/6869
Title: ESB-2006.0759 -- [OpenBSD] -- Fix 2 security bugs found in OpenSSH
Date: 13 October 2006
OS: OpenBSD
URL: http://www.auscert.org.au/6868
Title: ESB-2006.0758 -- [Cisco] -- Default Password in Wireless Location
Appliance
Date: 13 October 2006
OS: Cisco Products
URL: http://www.auscert.org.au/6867
Title: ESB-2006.0757 -- [Win][UNIX/Linux] -- MySQL 5.0.26 has been released
Date: 12 October 2006
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
Windows XP, Red Hat Linux, Windows NT 4, HP-UX, AIX
URL: http://www.auscert.org.au/6866
Title: ESB-2006.0756 -- [UNIX/Linux] -- PHP unserialize() Array Creation
Integer Overflow
Date: 12 October 2006
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, HP-UX, AIX,
Windows ME
URL: http://www.auscert.org.au/6865
Title: ESB-2006.0755 -- [Solaris] -- Sun Microsystems Solaris NSPR Library
Arbitrary File Creation Vulnerability
Date: 12 October 2006
OS: Solaris
URL: http://www.auscert.org.au/6864
Title: ESB-2006.0754 -- [Win] -- AOL YGPPDownload SetAlbumName ActiveX Control
Buffer Overflow Vulnerability
Date: 12 October 2006
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Windows NT 4,
Windows ME
URL: http://www.auscert.org.au/6863
Title: ESB-2006.0753 -- [Win] -- Symantec Automated Support Assistant:
Vulnerabilities in Support Tool ActiveX Control
Date: 12 October 2006
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Windows NT 4,
Windows ME
URL: http://www.auscert.org.au/6862
Title: ESB-2006.0752 -- [Solaris] -- A "Use-after-free" Vulnerability in
Sendmail Versions Before 8.13.8 may Allow a Denial of Service (DoS)
Date: 12 October 2006
OS: Solaris
URL: http://www.auscert.org.au/6861
Title: ESB-2006.0751 -- [Solaris] -- Security Vulnerabilities in the Apache
2.0 Web Server "mod_rewrite" Module
Date: 12 October 2006
OS: Solaris
URL: http://www.auscert.org.au/6860
Title: ESB-2006.0750 -- [FreeBSD] -- FreeBSD ptrace PT_LWPINFO Denial of
Service Vulnerability
Date: 11 October 2006
OS: FreeBSD
URL: http://www.auscert.org.au/6854
Title: ESB-2006.0749 -- [Debian] -- new openssl096 packages fix denial of
service
Date: 11 October 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6848
Title: ESB-2006.0748 -- [Win] -- Microsoft Security Bulletin MS06-056:
Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure
Date: 11 October 2006
OS: Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/6846
Title: ESB-2006.0747 -- [Win][UNIX/Linux][RedHat] -- Important: python
security update
Date: 10 October 2006
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows ME
URL: http://www.auscert.org.au/6844
Title: ESB-2006.0746 -- [Debian] -- New libwmf packages fix arbitrary code
execution
Date: 10 October 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6843
Title: ESB-2006.0745 -- [Debian] -- New XFree86 packages fix several
vulnerabilities
Date: 10 October 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6842
Title: ESB-2006.0744 -- [Win] -- Limitations in Cisco Secure Desktop
Date: 10 October 2006
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Windows NT 4,
Windows ME
URL: http://www.auscert.org.au/6841
Title: ESB-2006.0743 -- [Debian] -- New Mozilla packages fix several
vulnerabilities
Date: 09 October 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6840
Title: ESB-2006.0742 -- [UNIX/Linux][Solaris] -- Security Vulnerability in X
Display Manager (xdm(1)) Xsession Script
Date: 09 October 2006
OS: HP Tru64 UNIX, Solaris, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/6839
Title: ESB-2006.0741 -- [RedHat][Solaris] -- Security Vulnerability With RSA
Signature Affects the Sun Secure Global Desktop Software
Date: 09 October 2006
OS: Solaris, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/6838
Title: ESB-2006.0740 -- [Solaris] -- Security Vulnerability in Solaris 10 Link
Aggregation may Allow Local Users Total Access to Network Packets
Date: 09 October 2006
OS: Solaris
URL: http://www.auscert.org.au/6837
Title: ESB-2006.0739 -- [RedHat] -- Important: php security update
Date: 09 October 2006
OS: Red Hat Linux
URL: http://www.auscert.org.au/6835
Title: ESB-2006.0738 -- [Win][UNIX/Linux] -- PHP open_basedir Race Condition
Vulnerability
Date: 09 October 2006
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows ME
URL: http://www.auscert.org.au/6834
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRTMzPSh9+71yA2DNAQLGLQP+P2CNBvKXIAJ3RkSifyzdzPJdTiCAQn6y
05fE9UcPnrBQ8GvPGhk8EQXSgR4DWVGSOU8YeS5l4A5GtL/947sr3Yt+hjEzNpn1
+wWnbqMI4MB8eLTeVOPNKmtncCsfxlL5rCCI6cMAUn+cXP/JTieBxU1OQwE82oRm
vxzTFhEygL0=
=Jxp+
-----END PGP SIGNATURE-----
More information about the AusNOG
mailing list