[AusNOG] AusCERT Week in Review - Week Ending 27/10/2006

matthew at auscert.org.au matthew at auscert.org.au
Tue Oct 31 16:02:05 EST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings AusNOG,

Our week-in-review for the week gone.

Best,

- -- Matthew McGlashan --
Coordination Centre Team Leader             | Hotline: +61 7 3365 4417
Australian Computer Emergency Response Team | Direct:  +61 7 3365 7924
(AusCERT)                                   | Fax:     +61 7 3365 7031
The University of Queensland                | WWW:     www.auscert.org.au
Qld 4072 Australia                          | Email: auscert at auscert.org.au


Alerts, Advisories and Updates:
- -------------------------------
Title: AA-2006.0088 -- [Win][UNIX/Linux] -- Lotus Domino malformed GIF
       attachment denial of service 
Date:  27 October 2006
URL:   http://www.auscert.org.au/6914

Title: AA-2006.0087 -- [UNIX/Linux][Win] -- IBM DB2 - Label Based Access
       Control may not apply row protection 
Date:  27 October 2006
URL:   http://www.auscert.org.au/6913

Title: AU-2006.0038 -- AusCERT Update - [Win][UNIX/Linux] - Analysis of the
       Oracle October 2006 Critical Patch Update 
Date:  25 October 2006
URL:   http://www.auscert.org.au/6886

Title: AL-2006.0097 -- [Win] -- Flickr site spoofed by trojan email 
Date:  25 October 2006
URL:   http://www.auscert.org.au/6907

Title: AU-2006.0040 -- AusCERT Update - [Win] - CA BrightStor ARCserve Backup
       and CA Protection Suites - previous update did not fix remote
       vulnerability 
Date:  24 October 2006
URL:   http://www.auscert.org.au/6903

Title: AA-2006.0086 -- [Win] -- IBM Lotus Notes client - insecure file
       permissions vulnerability 
Date:  23 October 2006
URL:   http://www.auscert.org.au/6900

Title: AL-2006.0096 -- [Win][Linux][HP-UX][Solaris][AIX] -- Novell eDirectory
       - three critical vulnerabilities allow remote compromise 
Date:  23 October 2006
URL:   http://www.auscert.org.au/6898


External Security Bulletins:
- ----------------------------
Title: ESB-2006.0791 -- [Solaris][Linux][HP-UX] -- Java Enterprise System and
       Solaris - Security Vulnerability Issue of Forged RSA Signatures 
Date:  27 October 2006
OS:    Solaris, Debian GNU/Linux, Other Linux Variants, Red Hat Linux, HP-UX 
URL:   http://www.auscert.org.au/6912

Title: ESB-2006.0790 -- [Linux][Solaris] -- Sun Java System/iPlanet Messaging
       Server Webmail - email JavaScript can be executed in user's browser 
Date:  27 October 2006
OS:    Solaris, Debian GNU/Linux, Other Linux Variants, Red Hat Linux 
URL:   http://www.auscert.org.au/6911

Title: ESB-2006.0789 -- [Win][Linux][HP-UX][Solaris] -- HP Oracle for OpenView
       (OfO) Critical Patch Update October 2006 
Date:  26 October 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Windows 2003, Windows 2000,
       Other Linux Variants, Red Hat Linux, HP-UX 
URL:   http://www.auscert.org.au/6910

Title: ESB-2006.0788 -- [Win] -- Winamp - two remote buffer overflow
       vulnerabilities 
Date:  26 October 2006
OS:    Windows 98/98SE, Windows 2000, Windows XP, Windows ME 
URL:   http://www.auscert.org.au/6909

Title: ESB-2006.0787 -- [Linux] -- Cisco Security Agent for Linux Port Scan
       Denial of Service 
Date:  26 October 2006
OS:    Debian GNU/Linux, Other Linux Variants, Cisco Products, Red Hat Linux 
URL:   http://www.auscert.org.au/6908

Title: ESB-2006.0786 -- [UNIX/Linux][Win][Debian] -- New webmin packages fix
       input validation problems 
Date:  24 October 2006
OS:    Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD, HP-UX, Debian
       GNU/Linux, Other Linux Variants, Red Hat Linux, AIX, Windows 2003,
       Windows 2000, Windows NT 4, Windows XP, Mac OS X 
URL:   http://www.auscert.org.au/6906

Title: ESB-2006.0785 -- [Win] -- Symantec Device Driver Elevation of Privilege
Date:  24 October 2006
OS:    Windows 2003, Windows 2000, Windows XP 
URL:   http://www.auscert.org.au/6905

Title: ESB-2006.0784 -- [Win] -- Symantec Mail Security for Domino Server
       creates open relay 
Date:  24 October 2006
OS:    Windows 2003, Windows 2000 
URL:   http://www.auscert.org.au/6904

Title: ESB-2006.0783 -- [Win][Linux][Solaris][OSX] -- HTTP header injection
       vulnerabilities in Adobe Flash Player 
Date:  23 October 2006
OS:    Solaris, Windows 98/98SE, Debian GNU/Linux, Windows 2003, Windows 2000,
       Other Linux Variants, Windows XP, Red Hat Linux, Mac OS X, Windows ME 
URL:   http://www.auscert.org.au/6902

Title: ESB-2006.0782 -- [Win] -- Security Implications of failing to correctly
       use filtering in .NET web applications 
Date:  23 October 2006
OS:    Windows 2003, Windows 2000 
URL:   http://www.auscert.org.au/6901

Title: ESB-2006.0781 -- [Debian] -- New python2.4 packages fix arbitrary code
       execution 
Date:  25 October 2006
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/6899

Title: ESB-2006.0728 -- [Win][Linux][Solaris] -- Security Vulnerability in RSA
       Signature Verification Impacting Multiple SUN Products 
Date:  25 October 2006
OS:    Red Hat Linux, Windows XP, Other Linux Variants, Windows 2000, Windows
       2003, Debian GNU/Linux, Solaris 
URL:   http://www.auscert.org.au/6822

Title: ESB-2006.0441 -- [Linux][Solaris] -- Sun Java System/iPlanet Messaging
       Server vulnerability may allow local access to arbitrary files 
Date:  25 October 2006
OS:    Red Hat Linux, Other Linux Variants, Debian GNU/Linux, Solaris 
URL:   http://www.auscert.org.au/6449


===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRUbYzCh9+71yA2DNAQJ/6AP/YYvMBktehNhPc8cFyR6/mOhbtI9j44W4
fzSuzc73RIMLCB2v0gyQGG39k6duTLRGR8UqyVyB7ZPaIQ3Cgw++6zpjlN1AOsgq
dbKHATOhK+yQ54O+PgJgo1NDSO3O1M48KRh/uWOy762Z3IUscOr9H8P+cpVuTU6q
1vVLz4M6MPs=
=wlj7
-----END PGP SIGNATURE-----




More information about the AusNOG mailing list