[AusNOG] AusCERT Week in Review - 04 May 2007
Macleonard Starkey
macleonard at auscert.org.au
Fri May 4 23:24:20 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings AusNOG,
I've attached our latest week in review including some commentary on VMWare
vulnerabilities.
Have a great weekend.
MacLeonard
- --
MacLeonard Starkey, Security Analyst | Hotline: +61 7 3365 4417
AusCERT | Fax: +61 7 3365 7031
Australias National CERT | WWW: www.auscert.org.au
Brisbane QLD Australia | Email: auscert at auscert.org.au
- ------------
iDefense warned last week of a vulnerability in VMWare workstation allowing
an attacker to write files to arbitrary locations on the filesystem of a
host computer.
Many malware analysts use VMWare products to perform runtime analysis of
malicious code in a "safe" environment, and many organisations have - or
are in the process of virtualising portions of their infrastructure.
We already see malware which checks to see if it's running in a virtual
machine and self terminating - I have yet to see malcode which attempts
to attack the virtualisation infrastructure. But I'm sure I will.
invisiblethings.org operated by Joanna Rutkowska (who incidentally will
be speaking at the AusCERT conference in May) provides code which can
easily be added into malware for detection of virtual machine monitors.
Combining such techniques with appropriate exploit code allows for a more
offensive style of anti-analysis technique and as a bonus for malware
authors, detection of a virtual machine may allow you to compromise several
servers at once.
This should serve as a timely reminder to update your existing change
management/patching policies to include strategies for patching your
virtualisation infrastructure and your continuity plans - if you didn't
do this during the design phase.
That's it from me, have a great weekend.
MacLeonard
- - -
MacLeonard Starkey, Security Analyst | Hotline: +61 7 3365 4417
AusCERT | Fax: +61 7 3365 7031
Australias National CERT | WWW: www.auscert.org.au
Brisbane QLD Australia | Email: auscert at auscert.org.au
- - ----------------- ------------------ ------------------
AusCERT Week in Review
04 May 2007
Papers, Articles and other documents:
- - -------------------------------------
Title: Electronic Funds Transfer (EFT) Code of Conduct Review
Date: 01 May 2007
URL: http://www.auscert.org.au/7536
Alerts, Advisories and Updates:
- - -------------------------------
Title: AL-2007.0054 -- [Win][UNIX/Linux] -- ISC Advisory: BIND 9: query_addsoa
DoS
Date: 04 May 2007
URL: http://www.auscert.org.au/7553
Title: AL-2007.0053 -- [Cisco] -- LDAP and VPN Vulnerabilities in PIX and ASA
Appliances
Date: 03 May 2007
URL: http://www.auscert.org.au/7545
Title: AL-2007.0052 -- [Win][Mac][OSX] -- APPLE-SA-2007-05-01 QuickTime 7.1.6
Date: 02 May 2007
URL: http://www.auscert.org.au/7543
External Security Bulletins:
- - ----------------------------
Title: ESB-2007.0298 -- [Tru64] -- HPSBTU02179 SSRT061256 rev.1 - HP Tru64
UNIX Running the ps command, Local Disclosure of Sensitive Information
Date: 04 May 2007
OS: HP Tru64 UNIX
URL: http://www.auscert.org.au/7555
Title: ESB-2007.0297 -- [Appliance] -- HPSBMI02210 SSRT071396 rev.1 - ProCurve
Series 9300m Switches, Remote Denial of Service (DoS)
Date: 04 May 2007
URL: http://www.auscert.org.au/7554
Title: ESB-2007.0296 -- [Win][UNIX/Linux][RedHat] -- Moderate: postgresql
security update
Date: 04 May 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants, Red
Hat Linux, Mac OS X, HP-UX, AIX
URL: http://www.auscert.org.au/7552
Title: ESB-2007.0295 -- [RedHat] -- Moderate: evolution security update
Date: 04 May 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/7551
Title: ESB-2007.0294 -- [Linux][Debian] -- New Linux 2.6.18 packages fix
several vulnerabilities
Date: 04 May 2007
OS: Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/7550
Title: ESB-2007.0293 -- [RedHat] -- Important: xscreensaver security update
Date: 03 May 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/7549
Title: ESB-2007.0292 -- [Solaris] -- Solaris 9 Systems With Solaris Auditing
(BSM) Enabled may Panic if Certain Audit Classes are Being Audited
Date: 03 May 2007
OS: Solaris
URL: http://www.auscert.org.au/7548
Title: ESB-2007.0291 -- [Win][UNIX/Linux][Solaris] -- Security Vulnerability
in Sun Java System Directory Server May Cause Denial of Service (DoS)
Date: 03 May 2007
OS: Solaris, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/7547
Title: ESB-2007.0290 -- [Cisco] -- DHCP Relay Agent Vulnerability in Cisco PIX
and ASA Appliances
Date: 03 May 2007
OS: Cisco Products
URL: http://www.auscert.org.au/7546
Title: ESB-2007.0289 -- [Win] -- Cerulean Studios Trillian Multiple IRC
Vulnerabilities
Date: 02 May 2007
OS: Windows 98/98SE, Windows 2000, Windows XP, Windows NT 4, Windows Vista,
Windows ME
URL: http://www.auscert.org.au/7544
Title: ESB-2007.0288 -- [Mac][OSX] -- APPLE-SA-2007-05-01 Security Update
2007-004 v1.1
Date: 02 May 2007
OS: Mac OS X
URL: http://www.auscert.org.au/7542
Title: ESB-2007.0287 -- [Win][UNIX/Linux] -- New wordpress packages fix
multiple vulnerabilities
Date: 02 May 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/7541
Title: ESB-2007.0286 -- [Win][Linux][Solaris] -- Security Vulnerability With
Java Web Start Related to Incorrect Use of System Classes
Date: 02 May 2007
OS: Solaris, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
Variants, Windows XP, Red Hat Linux, Windows Vista
URL: http://www.auscert.org.au/7540
Title: ESB-2007.0285 -- [RedHat] -- Important: kernel security and bug fix
update
Date: 02 May 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/7539
Title: ESB-2007.0284 -- [RedHat] -- New Red Hat Packages fix Multiple
Vulnerabilities
Date: 02 May 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/7538
Title: ESB-2007.0283 -- [Win] -- VMware Workstation Shared Folders Directory
Traversal Vulnerability
Date: 02 May 2007
OS: Windows XP, Virtualisation
URL: http://www.auscert.org.au/7537
Title: ESB-2007.0282 -- [HP-UX] -- HPSBMA02197 SSRT061285 rev.1 - HP-UX
Running HP Power Manager Remote Agent (RA), Local Execution of
Arbitrary Code with Root Privileges
Date: 01 May 2007
OS: HP-UX
URL: http://www.auscert.org.au/7535
Title: ESB-2007.0281 -- [Win] -- Symantec Norton Ghost 10 Multiple
Vulnerabilities
Date: 30 April 2007
OS: Windows 2003, Windows 2000, Windows XP, Windows NT 4, Windows Vista
URL: http://www.auscert.org.au/7534
Title: ESB-2007.0280 -- [Debian] -- New php5 packages fix several
vulnerabilities
Date: 30 April 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/7533
Title: ESB-2007.0279 -- [Win][UNIX/Linux][Solaris] -- Memory Leak in the
Network Security Services (NSS) Software May Lead to Denial of Service
Date: 30 April 2007
OS: Solaris, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/7532
Title: ESB-2007.0278 -- [Solaris] -- Security Vulnerability in PostgreSQL
SECURITY DEFINER Functions May Allow Escalation of Privileges
Date: 30 April 2007
OS: Solaris
URL: http://www.auscert.org.au/7531
Title: ESB-2007.0196 -- [Win][RedHat][HP-UX][Solaris][AIX] -- The Directory
Server ("ns-slapd") May Exit Unexpectedly When Handling Certain Queries
Date: 04 May 2007
OS: AIX, HP-UX, Red Hat Linux, Windows 2000, Windows 2003, Solaris
URL: http://www.auscert.org.au/7418
AusCERT in the Media:
- - ----------------------------
Our benevolent Coordination Centre Manager Karl Hanmore talks to Tech
Journalist Patrick Gray on Risky Business.
You can hear Karl at http://www.itradio.com.au/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
- ------- End of Forwarded Message
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRjs0Aih9+71yA2DNAQILhAP+PRTYU/D4K99WuNsfWEzWsu+v/TbyCakz
SurVTjHCnPHMxUMa9Gsx5C3fp8htluPZssYMEhmScK2EaUl+bSqb+lxIsCRa9Z4H
Qt9g8ZTGpCdWL5GtIM5wv4VUhEcMvfDysYbH6BDPpw9UKx2FncL97f7zWNgq1NkB
ZNBA/Vd9G1o=
=b+f9
-----END PGP SIGNATURE-----
More information about the AusNOG
mailing list