[AusNOG] AusCERT Week in Review - Week Ending 01/06/2007 (fwd)
Macleonard Starkey
macleonard at auscert.org.au
Fri Jun 1 15:45:59 EST 2007
AusCERT Week in Review
01 June 2007
Greetings AusNOG,
We hope everyone who attended AusCERT2007 enjoyed the conference. The feedback
has so far been generally positive. Please do take the time to let us know what
you think (if you haven't already), particularly with regards to speakers
you'd like to see next year and ways we might improve the event.
This week AusCERT released numerous bulletins regarding vulnerabilities in
Anti-virus products. Many of these were related to their unpacking and
decompression functionality. It is unfortunate that the very products that are
designed to protect also become a point of exposure. A redeeming point is that
many of these products will automatically download and apply the software
updates. However, this is not always to case for gateway or server based
products, so you may wish to check your environment.
In addition to specially crafted archives or packed file compromising
Anti-virus products, Microsoft Office document processing has also been a
fertile ground for vulnerabilities and are particularly popular for use in
targeted attacks. So it is excellent news that Microsoft have released a
product that can help: MOICE - Microsoft Office Isolated Conversion
Environment. Essentially, this converts the traditional binary Office formats
to the new XML format and opens that, ideally stripping any malicious
component from file. CIAC has produced an excellent summary of this tool,
available at:
http://www.ciac.org/ciac/techbull/CIACTech07-001.shtml
Regards,
Rob.
Robert Lowe, Computer Security Analyst | Hotline: +61 7 3365 4417
AusCERT, Australia's national CERT | Fax: +61 7 3365 7031
The University of Queensland | WWW: www.auscert.org.au
QLD 4072 Australia | Email: auscert at auscert.org.au
AusCERT in the Media:
- - ----------------------------
Software should defend itself: Oracle CSO
ZDNet Asia - Asia
http://www.zdnetasia.com/news/security/0,39044215,62016513,00.html
Owning database forensics
The Age - Melbourne,Victoria,Australia
http://www.theage.com.au/news/security/owning-database-forensics/2007/05/28/1180205158793.html
Is desktop security broken beyond repair?
ZDNet.com.au - Australia
http://www.zdnet.com.au/news/software/soa/Is-desktop-security-broken-beyond-repair-/0,130061733,339277930,00.htm
Papers, Articles and other documents:
- - -------------------------------------
Title: ZDNet Australia AusCERT2007 coverage
Date: 01 June 2007
URL: http://www.auscert.org.au/6335
Title: AusCERT employment opportunities
Date: 29 May 2007
URL: http://www.auscert.org.au/7632
Alerts, Advisories and Updates:
- - -------------------------------
Title: AA-2007.0035 -- [Win] -- Patches for multiple vulnerabilities in NOD32
Date: 01 June 2007
URL: http://www.auscert.org.au/7661
Title: AA-2007.0036 -- [Win] -- MOICE - Microsoft Office Isolated Conversion
Environment
Date: 01 June 2007
URL: http://www.auscert.org.au/7662
Title: AL-2007.0070 -- [Win][UNIX/Linux] -- Updates for various Mozilla
products: Firefox, Thunderbird amd SeaMonkey
Date: 31 May 2007
URL: http://www.auscert.org.au/7644
Title: AA-2007.0034 -- [Win][UNIX/Linux] -- Multiple WordPress vulnerabilities
Date: 31 May 2007
URL: http://www.auscert.org.au/7643
Title: AL-2007.0069 -- [Win][Linux] -- Multiple vulnerabilities in F-Secure
products
Date: 31 May 2007
URL: http://www.auscert.org.au/7641
Title: AA-2007.0033 -- [Win] -- Multiple anti-virus vendor unpacking and
decompression vulnerabilities
Date: 30 May 2007
URL: http://www.auscert.org.au/7637
Title: AA-2007.0032 -- [OSX] -- Vulnerability when installing Adobe Version
Cue CS3 Server on some Mac OS X systems
Date: 29 May 2007
URL: http://www.auscert.org.au/7635
Title: AA-2007.0031 -- [Win][OSX] -- BMP, DIB and RLE file processing
vulnerabilties in Adobe Photoshop
Date: 29 May 2007
URL: http://www.auscert.org.au/7631
External Security Bulletins:
- - ----------------------------
Title: ESB-2007.0994 -- [HP-UX] -- SSRT4728 - HP-UX running TCP/IP Remote
Denial of Service (DoS)
Date: 30 May 2007
OS: HP-UX
URL: http://www.auscert.org.au/5848
Title: ESB-2007.0377 -- [Linux] -- Updated MadWifi software fixes several
vulnerabilities
Date: 01 June 2007
OS: Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/7660
Title: ESB-2007.0376 -- [OSX] -- Xserve Lights-Out Management Firmware Update
1.0
Date: 01 June 2007
OS: Mac OS X
URL: http://www.auscert.org.au/7659
Title: ESB-2007.0375 -- [UNIX/Linux] -- GNU Findutils release 4.2.31 fixes
CVE-2007-2452 (GNU locate heap buffer overrun)
Date: 01 June 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/7658
Title: ESB-2007.0374 -- [Solaris] -- A Malformed Packet Received by snmpd(1)
via TCP may Cause a Denial of Service (DoS)
Date: 01 June 2007
OS: Solaris
URL: http://www.auscert.org.au/7657
Title: ESB-2007.0373 -- [Solaris] -- Security Vulnerability in Adobe Flash
Player May Allow Unauthorized Header Injection into HTTP Requests
Date: 01 June 2007
OS: Solaris
URL: http://www.auscert.org.au/7656
Title: ESB-2007.0372 -- [Win][UNIX/Linux] -- MPlayer: Two buffer overflows
Date: 31 May 2007
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows Vista, Windows ME
URL: http://www.auscert.org.au/7655
Title: ESB-2007.0371 -- [Linux] -- Blackdown Java: Applet privilege escalation
Date: 31 May 2007
OS: Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/7654
Title: ESB-2007.0370 -- [AIX] -- A vulnerability in the Perl interpreter may
allow a local user to execute arbitrary code as another user
Date: 31 May 2007
OS: AIX
URL: http://www.auscert.org.au/7653
Title: ESB-2007.0369 -- [AIX] -- A vulnerability in the BIND could allow a
remote attacker to cause a denial of service.
Date: 31 May 2007
URL: http://www.auscert.org.au/7652
Title: ESB-2007.0368 -- [AIX] -- A remotely exploitable denial of service
vulnerability exists in WebSM
Date: 31 May 2007
OS: AIX
URL: http://www.auscert.org.au/7651
Title: ESB-2007.0367 -- [Solaris] -- A Security Vulnerability in the
in.iked(1M) Service May Lead To a Denial of Service (DoS)
Date: 31 May 2007
OS: Solaris
URL: http://www.auscert.org.au/7650
Title: ESB-2007.0366 -- [Solaris] -- A Security Vulnerability in the Solaris
10 inetd(1M) Service May Lead to a Denial of Service (DoS) Condition
Date: 31 May 2007
OS: Solaris
URL: http://www.auscert.org.au/7649
Title: ESB-2007.0365 -- [Solaris] -- Security Vulnerability in the Kerberos
kadm5 Library May Allow Execution of Arbitrary Code
Date: 31 May 2007
OS: Solaris
URL: http://www.auscert.org.au/7648
Title: ESB-2007.0364 -- [RedHat] -- Critical: seamonkey security update
Date: 31 May 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/7647
Title: ESB-2007.0363 -- [RedHat] -- Critical: thunderbird security update
Date: 31 May 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/7646
Title: ESB-2007.0362 -- [RedHat] -- Critical: firefox security update
Date: 31 May 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/7645
Title: ESB-2007.0361 -- [UNIX/Linux] -- FreeType buffer overflowFreeType:
Buffer overflowFreeType: Buffer overflow
Date: 31 May 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/7642
Title: ESB-2007.0360 -- [Win][UNIX/Linux][RedHat] -- Important: mod_jk
security update
Date: 31 May 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
Windows XP, Red Hat Linux, Windows NT 4, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/7640
Title: ESB-2007.0359 -- [RedHat] -- Moderate: file security update
Date: 31 May 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/7639
Title: ESB-2007.0358 -- [RedHat] -- Moderate: quagga security update
Date: 31 May 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/7638
Title: ESB-2007.0357 -- [Win][Linux] -- HP System Management Homepage (SMH)
for Linux and Windows Running PHP, Remote Execution of Arbitrary Code
Date: 30 May 2007
OS: Windows 2003, Windows 2000, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/7636
Title: ESB-2007.0356 -- [Win][OSX] -- Apple Security Update for QuickTime
Date: 30 May 2007
OS: Windows 2000, Windows XP, Mac OS X
URL: http://www.auscert.org.au/7634
Title: ESB-2007.0355 -- [Appliance] -- TippingPoint(TM) IPS Unicode Evasion
Date: 29 May 2007
URL: http://www.auscert.org.au/7633
Title: ESB-2007.0354 -- [Win][UNIX/Linux] -- Tomcat documentation XSS
vulnerabilities
Date: 29 May 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
Windows XP, Red Hat Linux, Windows NT 4, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/7630
Title: ESB-2007.0353 -- [UNIX/Linux][Debian] -- New otrs2 packages fix
cross-site scripting
Date: 29 May 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
Windows XP, Red Hat Linux, Windows NT 4, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/7629
Title: ESB-2007.0352 -- [Win] -- Opera Web Browser Stack Overflow
Vulnerability
Date: 28 May 2007
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Windows NT 4,
Windows Vista, Windows ME
URL: http://www.auscert.org.au/7628
Title: ESB-2007.0351 -- [Solaris] -- Cross-site Scripting Vulnerability in Sun
Java System Messaging Server
Date: 01 June 2007
OS: Red Hat Linux, Solaris
URL: http://www.auscert.org.au/7627
Title: ESB-2007.0350 -- [UNIX/Linux][Debian] -- New gforge-plugin-scmcvs
packages fix arbitrary shell command execution
Date: 28 May 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/7626
Title: ESB-2007.0349 -- [Win] -- Symantec Enterprise Security Manager
Denial-of-Service
Date: 01 June 2007
OS: Windows XP, Windows 2000, Windows 2003
URL: http://www.auscert.org.au/7625
Title: ESB-2007.0348 -- [Solaris] -- Security Vulnerability With snmpd(1M)
When Processing Certain AgentX Subagent Requests
Date: 28 May 2007
OS: Solaris
URL: http://www.auscert.org.au/7624
Title: ESB-2007.0347 -- [Solaris] -- Security Vulnerability in NFS Client
Module May Lead to a Denial of Service Condition
Date: 28 May 2007
OS: Solaris
URL: http://www.auscert.org.au/7623
Title: ESB-2007.0346 -- [Win][Linux][HP-UX][Solaris][AIX] -- Security
Vulnerabilities in the SOCKS Module of Sun Java System Web Proxy Server
4.0
Date: 28 May 2007
OS: Solaris, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/7622
Title: ESB-2007.0332 -- [UNIX/Linux][RedHat] -- Moderate: evolution security
update
Date: 31 May 2007
OS: AIX, HP-UX, Red Hat Linux, Other Linux Variants, FreeBSD, OpenBSD,
IRIX, Other BSD Variants, Debian GNU/Linux, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/7605
Title: ESB-2007.0321 -- [Debian] -- New samba packages fix multiple
vulnerabilities
Date: 28 May 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/7592
Title: ESB-2007.0286 -- [Win][Linux][Solaris] -- Security Vulnerability With
Java Web Start Related to Incorrect Use of System Classes
Date: 01 June 2007
OS: Windows Vista, Red Hat Linux, Windows XP, Other Linux Variants, Windows
2000, Windows 2003, Debian GNU/Linux, Solaris
URL: http://www.auscert.org.au/7540
Title: ESB-2007.0278 -- [Solaris] -- Security Vulnerability in PostgreSQL
SECURITY DEFINER Functions May Allow Escalation of Privileges
Date: 31 May 2007
OS: Solaris
URL: http://www.auscert.org.au/7531
Title: ESB-2007.0275 -- [Solaris] -- Multiple vulnerabilities in libfreetype,
Xsun(1) and Xorg(1)
Date: 28 May 2007
OS: Solaris
URL: http://www.auscert.org.au/7528
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
------BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRl+iBih9+71yA2DNAQLrhwP/YXMpgQBWkhIh+o8jpHCq72koEJhKpm1K
Vg3k5rmmAMIahGwQo21DMKXalqxXvZf6jq3z7VD0lyR8mAZSNMYsCqmfa2ODALtG
pUxN+KazNsCNoT4ZJBS72sPyDsdHdY+zWWSjAt302i4+hcaOelCz+sPe+0owAhnt
Zw1uAiAyKPQ=
=RtXK
------END PGP SIGNATURE-----
More information about the AusNOG
mailing list