[AusNOG] AusCERT Week in Review - Week Ending 11/05/2007
Macleonard Starkey
macleonard at auscert.org.au
Fri May 11 21:43:55 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi AusNOG,
Week in Review attached for your viewing pleasure.
Have a great weekend.
MacLeonard
- --
MacLeonard Starkey, Security Analyst | Hotline: +61 7 3365 4417
AusCERT | Fax: +61 7 3365 7031
Australias National CERT | WWW: www.auscert.org.au
Brisbane QLD Australia | Email: auscert at auscert.org.au
AusCERT Week in Review - 11 May 2007
Alerts, Advisories and Updates:
- -------------------------------
Title: AL-2007.0062 -- [Win][UNIX/Linux] -- Darwin Streaming Server 5.5.5
Date: 11 May 2007
URL: http://www.auscert.org.au/7582
Title: AL-2007.0061 -- [Cisco] -- Multiple Vulnerabilities in the IOS FTP
Server
Date: 10 May 2007
URL: http://www.auscert.org.au/7574
Title: AA-2007.0029 -- [Win][UNIX/Linux] -- APSB07-10 - Patch Available for
RoboHelp Cross-Site Scripting Issue
Date: 10 May 2007
URL: http://www.auscert.org.au/7572
Title: AA-2007.0028 -- [Win][UNIX/Linux] -- PHP releases 5.2.2 and 4.4.7
correcting several vulnerabilities
Date: 09 May 2007
URL: http://www.auscert.org.au/7569
Title: AU-2007.0015 -- AusCERT Update - [Win] - Vulnerability in Windows DNS
RPC Interface Could Allow Remote Code Execution
Date: 09 May 2007
URL: http://www.auscert.org.au/7565
Title: AL-2007.0059 -- [Win] -- Vulnerabilities in Microsoft Exchange Could
Allow Remote Code Execution
Date: 09 May 2007
URL: http://www.auscert.org.au/7562
Title: AL-2007.0058 -- [Win][OSX] -- Vulnerability in Microsoft Office Could
Allow Remote Code Execution
Date: 09 May 2007
URL: http://www.auscert.org.au/7561
Title: AL-2007.0047 -- [Win] -- Windows DNS Server vulnerability may allow
remote compromise of Server 2003 and 2000 systems
Date: 09 May 2007
URL: http://www.auscert.org.au/7486
Title: AL-2007.0060 -- [Win] -- Cumulative Security Update for Internet
Explorer
Date: 09 May 2007
URL: http://www.auscert.org.au/7563
Title: AL-2007.0057 -- [Win][OSX] -- Vulnerabilities in Microsoft Word Could
Allow Remote Code Execution
Date: 09 May 2007
URL: http://www.auscert.org.au/7560
Title: AL-2007.0056 -- [Win][OSX] -- Vulnerabilities in Microsoft Excel Could
Allow Remote Code Execution (934233)
Date: 09 May 2007
URL: http://www.auscert.org.au/7559
Title: AL-2007.0055 -- [Win] -- LiveData Protocol Server Heap Overflow
Vulnerability
Date: 07 May 2007
URL: http://www.auscert.org.au/7557
External Security Bulletins:
- ----------------------------
Title: ESB-2006.0828 -- [Tru64] -- HP Tru64 UNIX and HP Internet Express for
Tru64 UNIX Running sendmail, Remote Execution of Arbitrary Code or
Denial of Service (DoS)
Date: 09 May 2007
OS: HP Tru64 UNIX
URL: http://www.auscert.org.au/6416
Title: ESB-2007.0314 -- [Netware] -- Novell NetMail NMDMC Buffer Overflow
Vulnerability
Date: 11 May 2007
OS: Novell Netware
URL: http://www.auscert.org.au/7581
Title: ESB-2007.0313 -- [Solaris] -- Sun Microsystems Solaris SRS Proxy Core
srsexec Arbitrary File Read Vulnerability
Date: 11 May 2007
OS: Solaris
URL: http://www.auscert.org.au/7580
Title: ESB-2007.0312 -- [Win] -- Computer Associates eTrust InoTask.exe
Antivirus Buffer Overflow Vulnerability
Date: 11 May 2007
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Windows NT 4,
Windows ME
URL: http://www.auscert.org.au/7579
Title: ESB-2007.0311 -- [RedHat] -- Moderate: freeradius security update
Date: 11 May 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/7578
Title: ESB-2007.0310 -- [RedHat] -- Important: php security update
Date: 11 May 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/7577
Title: ESB-2007.0309 -- [Win][UNIX/Linux][RedHat] -- Moderate: vim security
update
Date: 11 May 2007
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows Vista, Windows ME
URL: http://www.auscert.org.au/7576
Title: ESB-2007.0308 -- [Win] -- Symantec Norton Internet Security 2006 COM
Object Security ByPass Vulnerability
Date: 10 May 2007
OS: Windows 98/98SE, Windows 2000, Windows XP, Windows ME
URL: http://www.auscert.org.au/7575
Title: ESB-2007.0307 -- [Win] -- McAfee Security Center IsOldAppInstalled
ActiveX Buffer Overflow Vulnerability
Date: 10 May 2007
OS: Windows 2003, Windows 2000, Windows XP, Windows NT 4
URL: http://www.auscert.org.au/7573
Title: ESB-2007.0306 -- [RedHat] -- Important: php security update
Date: 10 May 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/7571
Title: ESB-2007.0305 -- [Win] -- Multiple Vulnerabilities in Trend Micro
ServerProtect Allow Arbitrary Code Execution
Date: 10 May 2007
OS: Windows 2003, Windows 2000, Windows NT 4
URL: http://www.auscert.org.au/7570
Title: ESB-2007.0304 -- [UNIX/Linux][Debian] -- New pptpd packages fix denial
of service
Date: 09 May 2007
OS: Solaris, Debian GNU/Linux, FreeBSD, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/7568
Title: ESB-2007.0303 -- [Win][Linux] -- Patches released to fix multiple
VMWare vulnerabilities
Date: 09 May 2007
OS: Windows 98/98SE, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Windows Vista,
Windows ME
URL: http://www.auscert.org.au/7567
Title: ESB-2007.0302 -- [Solaris] -- Security Vulnerability Relating to the
acl(2) System Call May Allow Denial of Service (DoS)
Date: 09 May 2007
OS: Solaris
URL: http://www.auscert.org.au/7566
Title: ESB-2007.0301 -- [Win] -- Vulnerability in CAPICOM Could Allow Remote
Code Execution
Date: 09 May 2007
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Windows NT 4,
Windows Vista, Windows ME
URL: http://www.auscert.org.au/7564
Title: ESB-2007.0300 -- [UNIX/Linux][Debian] -- New ldap-account-manager
packages fix multiple vulnerabilities
Date: 08 May 2007
OS: Solaris, Debian GNU/Linux, Other BSD Variants, IRIX, OpenBSD, FreeBSD,
Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX, AIX
URL: http://www.auscert.org.au/7558
Title: ESB-2007.0299 -- [UNIX/Linux][Solaris] -- Xorg(1) Contains a Denial of
Service Within the X Render Extension's Trapezoid Rendering
Date: 07 May 2007
OS: HP Tru64 UNIX, Solaris, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/7556
Title: ESB-2007.0034 -- [Appliance] -- HP Jetdirect Running ftp, Remote Denial
of Service (DoS)
Date: 09 May 2007
URL: http://www.auscert.org.au/7203
AusCERT in the Media:
- ----------------------------
Robert Lowe, a Senior Security Analyst with AusCERT talks BIND and Cisco
vulnerabilities on Risky Business: http://www.itradio.com.au
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRkRW+ih9+71yA2DNAQKC3QP+Ok0v9gCGGBvUhLRg/lYrkgSPfbbkIcdb
N569w4+jd/bpNaMAcPD3u5D4Z8+y0dlINZeL89zBWaVGAm2lm7V9fMQly00YyocA
8+oYhy3+tQfXsITvsl93DNTTk4QCkoZGJ5LJUEEVNVYNdYgT80zwN2yfjMQjrtS5
htbD7M7uk4c=
=mMIQ
-----END PGP SIGNATURE-----
More information about the AusNOG
mailing list