[AusNOG] AusCERT Week in Review - Week Ending 20/10/2006

Mon Oct 23 15:54:18 EST 2006

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings AusNOG,

AusCERT's week-in-review for last week.

Best regards,

- -- Matthew McGlashan --
Coordination Centre Team Leader             | Hotline: +61 7 3365 4417
Australian Computer Emergency Response Team | Direct:  +61 7 3365 7924
(AusCERT)                                   | Fax:     +61 7 3365 7031
The University of Queensland                | WWW:     www.auscert.org.au
Qld 4072 Australia                          | Email: auscert at auscert.org.au

Papers, Articles and other documents:
- -------------------------------------
Title: Practical Computer Security slides 
Date:  19 October 2006
URL:   http://www.auscert.org.au/6891

Alerts, Advisories and Updates:
- -------------------------------
Title: AU-2006.0039 -- AusCERT Update - [Win] - Re-release of software update
       for MS06-061 
Date:  20 October 2006
URL:   http://www.auscert.org.au/6895

Title: AA-2006.0085 -- [Win] -- Multiple laptops - Bluetooth stack
       vulnerability may allow remote compromise 
Date:  20 October 2006
URL:   http://www.auscert.org.au/6893

Title: AU-2006.0038 -- AusCERT Update - [Win][UNIX/Linux] - Analysis of the
       Oracle October 2006 Critical Patch Update 
Date:  19 October 2006
URL:   http://www.auscert.org.au/6886

Title: AA-2006.0084 -- [Win][UNIX/Linux] -- Oracle Critical Patch Update for
       October 2006 
Date:  18 October 2006
URL:   http://www.auscert.org.au/6881

Title: AL-2006.0095 -- [Win][UNIX/Linux] -- Opera Web Browser URL Parsing Heap
       Overflow Vulnerability 
Date:  18 October 2006
URL:   http://www.auscert.org.au/6879

Title: AA-2006.0083 -- [Win][UNIX/Linux] -- Patches available for IBM
       WebSphere Application Server correcting several vulnerabiltiies 
Date:  16 October 2006
URL:   http://www.auscert.org.au/6875

External Security Bulletins:
- ----------------------------
Title: ESB-2006.0780 -- [HP-UX][Tru64] -- HP-UX and Tru64 Running dtmail -
       Local Execution of Arbitrary Code 
Date:  20 October 2006
OS:    HP Tru64 UNIX, HP-UX 
URL:   http://www.auscert.org.au/6897

Title: ESB-2006.0779 -- [Appliance] -- HP Storage Management Appliance (SMA)
       Microsoft Patch Applicability MS06-056 Through MS06-065 
Date:  20 October 2006
URL:   http://www.auscert.org.au/6896

Title: ESB-2006.0778 -- [Win] -- Kaspersky Anti-Virus IOCTL Local Privilege
       Escalation Vulnerability 
Date:  20 October 2006
OS:    Windows 98/98SE, Windows 2000, Windows XP, Windows NT 4, Windows ME 
URL:   http://www.auscert.org.au/6894

Title: ESB-2006.0777 -- [Linux][RedHat] -- Important: kernel security update 
Date:  20 October 2006
OS:    Debian GNU/Linux, Other Linux Variants, Red Hat Linux 
URL:   http://www.auscert.org.au/6892

Title: ESB-2006.0776 -- [UNIX/Linux] -- Asterisk - chan_skinny Remote
       Unauthenticated Heap Overflow 
Date:  19 October 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX 
URL:   http://www.auscert.org.au/6890

Title: ESB-2006.0775 -- [Debian] -- New clamav packages fix arbitrary code
       execution 
Date:  19 October 2006
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/6889

Title: ESB-2006.0774 -- [Win][UNIX/Linux] -- Oracle Updates for Multiple
       Vulnerabilities 
Date:  19 October 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Windows 2003, Windows 2000,
       Other Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, HP-UX,
       AIX 
URL:   http://www.auscert.org.au/6888

Title: ESB-2006.0773 -- [Solaris] -- Security Vulnerability in the Solaris 10
       TCP Fusion Code May Lead to a System Panic, Resulting in a Denial of
       Service (DoS) 
Date:  19 October 2006
OS:    Solaris 
URL:   http://www.auscert.org.au/6887

Title: ESB-2006.0772 -- [Win] -- Patch available for ColdFusion MX 7 local
       privilege escalation 
Date:  18 October 2006
URL:   http://www.auscert.org.au/6885

Title: ESB-2006.0771 -- [Win] -- Patch available for Breeze 5 Licensed Server
       Information Disclosure 
Date:  18 October 2006
OS:    Windows 2003, Windows 2000 
URL:   http://www.auscert.org.au/6884

Title: ESB-2006.0770 -- [Win][Linux][Solaris] -- Workaround available for
       Contribute Publishing Server local information disclosure 
Date:  18 October 2006
OS:    Solaris, Windows 2003, Windows 2000, Other Linux Variants, Windows XP,
       Red Hat Linux 
URL:   http://www.auscert.org.au/6883

Title: ESB-2006.0769 -- [UNIX/Linux][RedHat] -- Critical: kdelibs security
       update 
Date:  18 October 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX 
URL:   http://www.auscert.org.au/6882

Title: ESB-2006.0768 -- [UNIX/Linux] -- Buffer Overflow in NVIDIA Binary
       Graphics Driver For Linux 
Date:  18 October 2006
OS:    Solaris, Debian GNU/Linux, FreeBSD, Other Linux Variants, Red Hat Linux
URL:   http://www.auscert.org.au/6880

Title: ESB-2006.0767 -- [UNIX/Linux] -- Two Clam AntiVirus ClamAV
       vulnerabilities 
Date:  17 October 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
       AIX 
URL:   http://www.auscert.org.au/6878

Title: ESB-2006.0766 -- [Win][UNIX/Linux] -- Security Advisory for Bugzilla
       2.18.5, 2.20.2, 2.22, and 2.23.2 
Date:  17 October 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
       Windows XP, Red Hat Linux, Windows NT 4, Mac OS X, HP-UX, AIX 
URL:   http://www.auscert.org.au/6877

Title: ESB-2006.0765 -- [Appliance] -- Directory Traversal in IronWebMail 
Date:  17 October 2006
URL:   http://www.auscert.org.au/6876

Title: ESB-2006.0764 -- [Win] -- Storage Management Appliance (SMA), Microsoft
       Patch Applicability MS06-055 
Date:  16 October 2006
OS:    Windows 2003, Windows 2000 
URL:   http://www.auscert.org.au/6874

Title: ESB-2006.0763 -- [UNIX/Linux] -- Security Vulnerabilities In OpenSSL
       Affect Sun Grid Engine 5.3 and N1 Grid Engine 6.0 
Date:  16 October 2006
OS:    HP Tru64 UNIX, Solaris, Debian GNU/Linux, IRIX, Windows 2003, Windows
       2000, Other Linux Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX,
       AIX 
URL:   http://www.auscert.org.au/6873

Title: ESB-2006.0762 -- [Win][UNIX/Linux] -- Apache HTTP Server mod_tcl
       set_var Format String Vulnerability 
Date:  16 October 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
       Windows XP, Red Hat Linux, Windows NT 4, Mac OS X, HP-UX, AIX 
URL:   http://www.auscert.org.au/6872

Title: ESB-2006.0742 -- [UNIX/Linux][Solaris] -- Security Vulnerability in X
       Display Manager (xdm(1)) Xsession Script 
Date:  18 October 2006
OS:    AIX, HP-UX, Red Hat Linux, Other Linux Variants, FreeBSD, OpenBSD,
       IRIX, Other BSD Variants, Debian GNU/Linux, HP Tru64 UNIX, Solaris 
URL:   http://www.auscert.org.au/6839

Title: ESB-2006.0708 -- [HP-UX] -- HP-UX CIFS Server (Samba) Local
       Unauthorized Access, Elevated Privileges 
Date:  18 October 2006
OS:    HP-UX 
URL:   http://www.auscert.org.au/6798

Title: ESB-2006.0681 -- [Win] -- Storage Management Appliance (SMA), Microsoft
       Patch Applicability MS06-052, MS06-053 and MS06-054 
Date:  16 October 2006
OS:    Windows 2000, Windows 2003 
URL:   http://www.auscert.org.au/6769

Title: ESB-2005.0477 -- Sun Alert Notification 101783 -- Security
       Vulnerability in Samba's "ms_fnmatch()" Function May Result in a Denial
       of Service (DoS) 
Date:  19 October 2006
OS:    Solaris 
URL:   http://www.auscert.org.au/5207

Title: ESB-2005.0106 -- Sun Alert Notification 57730 -- Security Vulnerability
       in Samba(7) Versions Prior to 3.0.10 May Allow Unauthorized Root
       Privileges 
Date:  19 October 2006
OS:    Solaris 
URL:   http://www.auscert.org.au/4785

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRTxZCih9+71yA2DNAQIlvgP/SWl8a7E3yFjK8lLfKJRh/7a2niNBneN6
fUnbFz3aLAVjMeE0vSc2SS4115k+BwMeHTUI8Mqk5rjCGoA7BBgYY6Z6zT8Hm28f
vX1mGYeECh5A3xZKioWtpCDpXOjHVBLblIzJd7Ftd28EB/r+VRH4lqD7F2cjLz5+
2vS/in1RW4A=
=hUhM
-----END PGP SIGNATURE-----