[AusNOG] AusCERT Week in Review - Week Ending 27/07/2007 (fwd)
Matthew Aburn
maburn at auscert.org.au
Fri Jul 27 17:39:48 EST 2007
Greetings all,
I have attached this week's AusCERT Week in Review.
We would like to draw special attention to the BIND 9 DNS poisoning
vulnerability alert listed below (AL-2007.0089).
For some reason this BIND vuln has not been given much publicity, with some
vendors even marking this as low importance.
AusCERT assesses this BIND vuln to be high risk, in particular for the
ISP community, due to the ways these have been used by attackers in the past.
(as per http://isc.sans.org/diary.html?storyid=1305)
We would welcome reports of any exploit attempts that you observe for this.
Best regards,
--
Matthew Aburn, Computer Security Analyst | Hotline: +61 7 3365 4417
AusCERT, Australia's national CERT | Fax: +61 7 3365 7031
The University of Queensland | WWW: www.auscert.org.au
QLD 4072 Australia | Email: auscert at auscert.org.au
AusCERT Week in Review
27 July 2007
Papers, Articles and other documents:
-------------------------------------
Title: AusCERT UNIX and Linux Security Checklist v3.0 publicly released
Date: 25 July 2007
URL: http://www.auscert.org.au/7289
AusCERT in the Media:
---------------------
Email sender forgery and tracing emails to the source
ABC Radio, Tasmania
Jul 26, 2007
Web Log Entries:
----------------
Title: BIND up your DNS - The recent BIND vulnerability
Date: 26 July 2007
URL: http://www.auscert.org.au/7900
Title: Improving international arrangements to deal with cybercrime
Date: 24 July 2007
URL: http://www.auscert.org.au/7888
Title: AusCERT Slashdotted
Date: 20 July 2007
URL: http://www.auscert.org.au/7865
Alerts, Advisories and Updates:
-------------------------------
Title: AA-2007.0061 -- [Win] -- Novell Client NWSPOOL.DLL buffer overflow
vulnerability
Date: 27 July 2007
URL: http://www.auscert.org.au/7911
Title: AL-2007.0091 -- [Win] -- Mozilla Firefox unpatched URI filtering
vulnerability allows remote compromise
Date: 27 July 2007
URL: http://www.auscert.org.au/7910
Title: AL-2007.0090 -- [Win][Netware] -- Computer Associates multiple products
- buffer overflow in message queuing component
Date: 26 July 2007
URL: http://www.auscert.org.au/7895
Title: AL-2007.0089 -- [UNIX/Linux][Win] -- New BIND 9 versions released
fixing DNS cache poisoning vulnerability
Date: 25 July 2007
URL: http://www.auscert.org.au/7889
Title: AA-2007.0060 -- [Win][Netware][Linux] -- Norman antivirus products -
report of critical unpatched vulnerabilities
Date: 24 July 2007
URL: http://www.auscert.org.au/7886
Title: AL-2007.0088 -- [Win] -- Citrix Access Gateway and Advanced Access
Control multiple vulnerabilities
Date: 23 July 2007
URL: http://www.auscert.org.au/7880
Title: AU-2007.0018 -- AusCERT Update - [Win] - Multiple vendors may be
affected by Windows URI handler vulnerability
Date: 20 July 2007
URL: http://www.auscert.org.au/7879
External Security Bulletins:
----------------------------
Title: ESB-2007.0571 -- [AIX] -- AIX pioinit File Replacement Vulnerability
Date: 27 July 2007
OS: AIX
URL: http://www.auscert.org.au/7909
Title: ESB-2007.0570 -- [AIX] -- AIX pioout Arbitrary Library Loading
Vulnerability
Date: 27 July 2007
OS: AIX
URL: http://www.auscert.org.au/7908
Title: ESB-2007.0569 -- [AIX] -- AIX arp Buffer Overflow Vulnerability
Date: 27 July 2007
OS: AIX
URL: http://www.auscert.org.au/7907
Title: ESB-2007.0568 -- [AIX] -- AIX lpd Buffer Overflow Vulnerability
Date: 27 July 2007
OS: AIX
URL: http://www.auscert.org.au/7906
Title: ESB-2007.0567 -- [AIX] -- AIX ftp client gets() Buffer Overflow
Vulnerabilities
Date: 27 July 2007
OS: AIX
URL: http://www.auscert.org.au/7905
Title: ESB-2007.0566 -- [AIX] -- AIX capture Terminal Control Sequence Stack
Buffer Overflow Vulnerability
Date: 27 July 2007
OS: AIX
URL: http://www.auscert.org.au/7904
Title: ESB-2007.0565 -- [UNIX/Linux][Solaris] -- A Security Vulnerability in
lbxproxy(1) may Allow Unauthorized Read Access to Files
Date: 27 July 2007
OS: HP Tru64 UNIX, Solaris, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/7903
Title: ESB-2007.0564 -- [Solaris] -- Security Vulnerability in Solaris 10
BIND: Susceptible to Cache Poisoning Attack
Date: 27 July 2007
OS: Solaris
URL: http://www.auscert.org.au/7902
Title: ESB-2007.0563 -- [Win][UNIX/Linux] -- HP Oracle for OpenView (OfO)
Critical Patch Update July 2007
Date: 27 July 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Windows 2003, Windows 2000,
Other Linux Variants, Red Hat Linux, HP-UX
URL: http://www.auscert.org.au/7901
Title: ESB-2007.0562 -- [Cisco] -- Cisco Unified Call Manager/Unified Presence
Java Secure Socket Extension DoS
Date: 26 July 2007
OS: Cisco Products
URL: http://www.auscert.org.au/7899
Title: ESB-2007.0561 -- [Win] -- Sun Java System Application Server on Windows
- JSP Source Code Exposure
Date: 26 July 2007
OS: Windows 2003, Windows 2000
URL: http://www.auscert.org.au/7898
Title: ESB-2007.0560 -- [Solaris] -- Security Vulnerability in Mozilla 1.7 May
Allow Arbitrary JavaScript Commands to be Run
Date: 26 July 2007
OS: Solaris
URL: http://www.auscert.org.au/7897
Title: ESB-2007.0559 -- [Debian] -- New bind9 packages fix DNS cache poisoning
Date: 26 July 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/7896
Title: ESB-2007.0558 -- [Win][UNIX/Linux][Debian] -- New ClamAV packages fix
denial of service
Date: 25 July 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/7894
Title: ESB-2007.0557 -- [RedHat] -- Moderate: bind security update
Date: 25 July 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/7893
Title: ESB-2007.0556 -- [Cisco] -- Wireless ARP Storm Vulnerabilities
Date: 25 July 2007
OS: Cisco Products
URL: http://www.auscert.org.au/7892
Title: ESB-2007.0555 -- [Win][Linux][Solaris] -- Borland Interbase
ibserver.exe Create-Request Buffer Overflow Vulnerability
Date: 25 July 2007
OS: Solaris, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
Variants, Red Hat Linux
URL: http://www.auscert.org.au/7891
Title: ESB-2007.0554 -- [Win] -- Computer Associates eTrust Intrusion
Detection CallCode ActiveX Control Code Execution Vulnerability
Date: 25 July 2007
OS: Windows Vista, Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/7890
Title: ESB-2007.0553 -- [Debian] -- New iceweasel and iceape packages fix
several vulnerabilities
Date: 24 July 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/7885
Title: ESB-2007.0552 -- [HP-UX] -- HP-UX Running Firefox, Remote Unauthorized
Access or Elevation of Privileges or Denial of Service
Date: 23 July 2007
OS: HP-UX
URL: http://www.auscert.org.au/7884
Title: ESB-2007.0551 -- [Appliance] -- HP Storage Management Appliance (SMA),
Microsoft Patch Applicability MS07-036 to MS07-041
Date: 23 July 2007
URL: http://www.auscert.org.au/7883
Title: ESB-2007.0550 -- [Win][UNIX/Linux][Debian] -- New xulrunner packages
fix several vulnerabilities
Date: 23 July 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/7882
Title: ESB-2007.0549 -- [Debian] -- New mozilla-firefox packages fix several
vulnerabilities
Date: 23 July 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/7881
Title: ESB-2007.0548 -- [Win] -- Ipswitch IMail Server 2006 IMAP Search
Command Buffer Overflow Vulnerability
Date: 20 July 2007
OS: Windows 2003, Windows 2000
URL: http://www.auscert.org.au/7878
Title: ESB-2007.0547 -- [Win] -- Microsoft DirectX RLE Compressed Targa Image
File Heap Overflow
Date: 20 July 2007
OS: Windows Vista, Windows 2003, Windows 2000, Windows NT 4, Windows ME,
Windows XP, Windows 98/98SE
URL: http://www.auscert.org.au/7877
Title: ESB-2007.0546 -- [Win][UNIX/Linux] -- Multiple RSA products affected by
Progress Server heap overflow vulnerability
Date: 20 July 2007
OS: HP Tru64 UNIX, Solaris, IRIX, HP-UX, Debian GNU/Linux, Other Linux
Variants, Red Hat Linux, AIX, Windows 2003, Windows 2000, Windows NT 4,
Windows XP
URL: http://www.auscert.org.au/7876
Title: ESB-2007.0545 -- [Win][UNIX/Linux] -- Opera Software Opera Web Browser
BitTorrent Dangling Pointer Vulnerability
Date: 20 July 2007
OS: Solaris, OpenBSD, Other BSD Variants, FreeBSD, Debian GNU/Linux, Other
Linux Variants, Red Hat Linux, Windows Vista, Windows 2003, Windows
2000, Windows NT 4, Windows ME, Windows XP, Windows 98/98SE, Mac OS X
URL: http://www.auscert.org.au/7875
Title: ESB-2007.0544 -- [Win][UNIX/Linux] -- Vulnerability in Java Runtime
Environment May Allow an Untrusted Applet to Circumvent Network Access
Restrictions
Date: 20 July 2007
OS: Solaris, FreeBSD, Debian GNU/Linux, Other Linux Variants, Red Hat
Linux, Windows Vista, Windows 2003, Windows 2000, Windows ME, Windows
XP, Windows 98/98SE, Mac OS X
URL: http://www.auscert.org.au/7874
Title: ESB-2007.0537 -- [Win] -- Trillian Instant Messenger client fails to
properly handle malformed URIs
Date: 20 July 2007
OS: Windows Vista, Windows 2003, Windows 2000, Windows NT 4, Windows ME,
Windows XP, Windows 98/98SE
URL: http://www.auscert.org.au/7862
Title: ESB-2007.0480 -- [Solaris] -- Security Vulnerability in the Kerberos
Administration Daemon (kadmind(1M)) May Lead to Arbitrary Code
Execution
Date: 20 July 2007
OS: Solaris
URL: http://www.auscert.org.au/7789
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list