[AusNOG] AusCERT Week in Review - Week Ending 19/10/2007 (AUSCERT#20073F686)

Richard Billington richard at auscert.org.au
Fri Oct 19 17:20:42 EST 2007


AusCERT Week in Review
19 October 2007

Greetings,

This week at AusCERT we have two new Computer Security Analysts to join
the AusCERT co-ordination centre: Paul Fahey and Damien Curtain. They are
both very welcome additions to team and look forward to working with you,
our members.


We were also made aware that Storm (aka Peacomm) is now using encryption
with a 40 byte key for its communication. This change may point to the
future (or current) selling of the Storm network to others for SPAM, DDoS
and other malicious activity. [1]


Wednesday saw Oracle release patches for 51 vulnerabilities in "hundreds"
of Oracle products. [2] So if you are running any Oracle products you
should probably think about applying the patches.


Lastly today a new version of Firefox (2.0.0.8) was released correcting
multiple security vulnerabilities. [3]


Regards,
Richard

- - --
Security Analyst           |  Hotline: +61 7 3365 4417
AusCERT                    |  Fax:     +61 7 3365 7031
Australia's National CERT  |  WWW:     www.auscert.org.au
Brisbane QLD Australia     |  Email:   auscert at auscert.org.au


Refrences
  [1] The Changing Storm
      http://www.secureworks.com/research/blog/index.php/2007/10/15/the-changing-storm

  [2] Oracle Critical Patch Update Pre-Release Announcement - October 2007
      http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html

  [3] New versions of Firefox, Thuinderbird, and SeaMonkey fix multiple security vulnerabilities
      http://www.auscert.org.au/render.html?it=8237


Web Log Entries:
- - ----------------
Title: A newly registered Australian political party trials online voting in
       Australia 
Date:  17 October 2007
URL:   http://www.auscert.org.au/8217

Title: Australian Taxation Office Notification 
Date:  15 October 2007
URL:   http://www.auscert.org.au/8208


Alerts, Advisories and Updates:
- - -------------------------------
Title: AL-2007.0117 -- [Win][UNIX/Linux] -- Oracle Critical Patch Update
       Pre-Release Announcement for October 2007 
Date:  19 October 2007
URL:   http://www.auscert.org.au/8213

Title: AU-2007.0023 -- AusCERT Update - [Win][UNIX/Linux] - Oracle Critical
       Patch Update for October 2007 
Date:  19 October 2007
URL:   http://www.auscert.org.au/8218

Title: AA-2007.0089 -- [Win][Appliance] -- Multiple vulnerabilities in Nortel
       IP Phone products 
Date:  19 October 2007
URL:   http://www.auscert.org.au/8239

Title: AA-2007.0087 -- [Win][UNIX/Linux] -- Opera versions prior to 9.24
       contain a code execution and same-origin policy vulnerabilities 
Date:  19 October 2007
URL:   http://www.auscert.org.au/8234

Title: AA-2007.0088 -- [Win][Linux][Solaris][AIX] -- IBM WebSphere Application
       Server Scripting Tools unspecified vulnerabilities 
Date:  19 October 2007
URL:   http://www.auscert.org.au/8238

Title: AA-2007.0086 -- [UNIX/Linux] -- Multiple denial of service
       vulnerabilities in libpng 
Date:  18 October 2007
URL:   http://www.auscert.org.au/8225

Title: AA-2007.0085 -- [Win][UNIX/Linux] -- Remote code execution
       vulnerability in TikiWiki 
Date:  16 October 2007
URL:   http://www.auscert.org.au/8207


External Security Bulletins:
- - ----------------------------
Title: ESB-2007.0814 -- [Win][UNIX/Linux] -- New versions of Firefox,
       Thuinderbird, and SeaMonkey fix multiple security vulnerabilities 
Date:  19 October 2007
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
       Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista 
URL:   http://www.auscert.org.au/8237

Title: ESB-2007.0813 -- [Win][UNIX/Linux] -- New t1lib packages fix arbitrary
       code execution 
Date:  19 October 2007
OS:    Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
       Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
       Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
       HP-UX, AIX, Windows Vista, Windows ME 
URL:   http://www.auscert.org.au/8235

Title: ESB-2007.0812 -- [Win][UNIX/Linux] -- New zoph packages fix SQL
       injection 
Date:  19 October 2007
OS:    Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
       Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
       Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
       HP-UX, AIX, Windows Vista, Windows ME 
URL:   http://www.auscert.org.au/8233

Title: ESB-2007.0811 -- [Debian] -- New dhcp packages fix arbitrary code
       execution 
Date:  19 October 2007
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/8232

Title: ESB-2007.0810 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in
       Drupal 
Date:  18 October 2007
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
       Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista 
URL:   http://www.auscert.org.au/8230

Title: ESB-2007.0809 -- [HP-UX] -- HP-UX Running OpenSSL, Local Denial of
       Service (DoS) 
Date:  19 October 2007
OS:    HP-UX 
URL:   http://www.auscert.org.au/8229

Title: ESB-2007.0808 -- [Win] -- HP Storage Management Appliance (SMA),
       Microsoft Patch Applicability MS07-055 to MS07-060 
Date:  18 October 2007
OS:    Windows 2000 
URL:   http://www.auscert.org.au/8228

Title: ESB-2007.0807 -- [Cisco] -- Cisco Unified Communications Manager Denial
       of Service Vulnerabilities 
Date:  19 October 2007
OS:    Cisco Products 
URL:   http://www.auscert.org.au/8227

Title: ESB-2007.0806 -- [Win][UNIX/Linux] -- Buffer overflow in Tk when
       loading some images 
Date:  18 October 2007
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
       Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista 
URL:   http://www.auscert.org.au/8226

Title: ESB-2007.0805 -- [Win] -- Cisco Unified Communications Web-based
       Management Vulnerability 
Date:  19 October 2007
OS:    Windows 2000, Windows 2003 
URL:   http://www.auscert.org.au/8224

Title: ESB-2007.0804 -- [Win][UNIX/Linux] -- Two Security Vulnerabilities in
       the bzip2(1) Command may Allow the Permissions of Arbitrary Files to be
       Modified or Allow for Arbitrarily Large Files to be Created 
Date:  18 October 2007
OS:    HP Tru64 UNIX, Solaris, Debian GNU/Linux, Other BSD Variants, IRIX,
       Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
       Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista 
URL:   http://www.auscert.org.au/8223

Title: ESB-2007.0803 -- [Cisco] -- Multiple Vulnerabilities in Cisco PIX and
       ASA Appliances 
Date:  18 October 2007
OS:    Cisco Products 
URL:   http://www.auscert.org.au/8222

Title: ESB-2007.0802 -- [Cisco] -- Multiple Vulnerabilities in Firewall
       Services Module 
Date:  18 October 2007
OS:    Cisco Products 
URL:   http://www.auscert.org.au/8221

Title: ESB-2007.0801 -- [Win][UNIX/Linux] -- IBM Lotus Domino Web Server
       service is vulnerable to a stack based buffer overflow 
Date:  18 October 2007
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
       Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista 
URL:   http://www.auscert.org.au/8220

Title: ESB-2007.0800 -- [UNIX/Linux] -- Asterisk - SQL Injection Vulnerability
       in cdr_addon_mysql 
Date:  18 October 2007
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
       AIX 
URL:   http://www.auscert.org.au/8219

Title: ESB-2007.0799 -- [Tru64] -- HP Tru64 UNIX Running Apache Tomcat, Remote
       Unauthorized Access, Remote Denial of Service (DoS) 
Date:  17 October 2007
OS:    HP Tru64 UNIX 
URL:   http://www.auscert.org.au/8216

Title: ESB-2007.0798 -- [Appliance] -- FTP Security Vulnerability May Cause a
       Denial of Service to Sun StorEdge 3510 Data Services 
Date:  17 October 2007
URL:   http://www.auscert.org.au/8215

Title: ESB-2007.0797 -- [RedHat] -- Moderate: java-1.5.0-bea security update 
Date:  17 October 2007
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/8214

Title: ESB-2007.0796 -- [Win] -- EMC RepliStor Server Heap Overflow
       Vulnerability 
Date:  16 October 2007
OS:    Windows 2003, Windows 2000 
URL:   http://www.auscert.org.au/8212

Title: ESB-2007.0795 -- [Debian] -- New librpcsecgss packages fix arbitrary
       code execution 
Date:  16 October 2007
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/8211

Title: ESB-2007.0794 -- [Win][UNIX/Linux][Debian] -- New wesnoth packages fix
       denial of service 
Date:  16 October 2007
OS:    Solaris, Windows 98/98SE, Debian GNU/Linux, Other BSD Variants, Windows
       2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants, Windows XP,
       Red Hat Linux, Windows NT 4, Mac OS X, Windows Vista, Windows ME 
URL:   http://www.auscert.org.au/8210

Title: ESB-2007.0793 -- [Win][UNIX/Linux] -- IBM DB2 DB2JDS Multiple
       Vulnerabilities 
Date:  15 October 2007
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
       Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista 
URL:   http://www.auscert.org.au/8209

Title: ESB-2007.0792 -- [Solaris] -- Security Vulnerability in the Solaris RPC
       Services Library (librpcsvc(3LIB)) may Lead to a Denial of Service
       (DoS) Against Networked File Systems 
Date:  15 October 2007
OS:    Solaris 
URL:   http://www.auscert.org.au/8206

Title: ESB-2007.0791 -- [Solaris] -- Multiple Memory Corruption
       Vulnerabilities in Mozilla 1.7 for Solaris 8, 9, and 10 
Date:  15 October 2007
OS:    Solaris 
URL:   http://www.auscert.org.au/8205

Title: ESB-2007.0790 -- [Solaris] -- Multiple Security Vulnerabilities in the
       Solaris Tag Image File Format Library libtiff(3) 
Date:  15 October 2007
OS:    Solaris 
URL:   http://www.auscert.org.au/8204

Title: ESB-2007.0789 -- [RedHat] -- Important: java-1.5.0-sun security update 
Date:  15 October 2007
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/8203

Title: ESB-2007.0788 -- [RedHat] -- Important: openssl security update 
Date:  15 October 2007
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/8202

Title: ESB-2007.0785 -- [Win][RedHat][HP-UX][Solaris] -- HP Select Identity,
       Remote Unauthorized Access 
Date:  15 October 2007
OS:    HP-UX, Red Hat Linux, Windows 2003, Solaris 
URL:   http://www.auscert.org.au/8199

Title: ESB-2007.0784 -- [HP-UX] -- HP-UX running Apache, Remote Unauthorized
       Denial of Service (DoS) 
Date:  19 October 2007
OS:    HP-UX 
URL:   http://www.auscert.org.au/8198

Title: ESB-2007.0778 -- [Solaris] -- Multiple Security Issues Within The X
       Font Server (xfs(1)) QueryXBitmaps and QueryXExtents Protocol Handlers 
Date:  15 October 2007
OS:    Solaris 
URL:   http://www.auscert.org.au/8192

Title: ESB-2007.0776 -- [Cisco] -- Cisco IOS Line Printer Daemon (LPD)
       Protocol Stack Overflow 
Date:  15 October 2007
OS:    Cisco Products 
URL:   http://www.auscert.org.au/8190

Title: ESB-2007.0774 -- [Win][Linux][HP-UX] -- HP System Management Homepage
       (SMH) Remote Cross Site Scripting (XSS) 
Date:  19 October 2007
OS:    Windows Vista, HP-UX, Red Hat Linux, Windows XP, Other Linux Variants,
       Windows 2000, Windows 2003, Debian GNU/Linux 
URL:   http://www.auscert.org.au/8188

Title: ESB-2007.0770 -- [UNIX/Linux] -- Asterisk - Buffer overflows in
       voicemail when using IMAP storage 
Date:  18 October 2007
OS:    AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
       OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, HP Tru64 UNIX,
       Solaris 
URL:   http://www.auscert.org.au/8183

Title: ESB-2007.0754 -- [Win][Linux][Solaris] -- Security Vulnerabilities in
       Java Runtime Environment May Allow Network Access Restrictions to be
       Circumvented 
Date:  16 October 2007
OS:    Windows Vista, Red Hat Linux, Windows XP, Other Linux Variants, Windows
       2000, Windows 2003, Debian GNU/Linux, Solaris 
URL:   http://www.auscert.org.au/8159

Title: ESB-2007.0724 -- [Win][Linux][Solaris] -- StarOffice crafted TIFF file
       vulnerabilities 
Date:  18 October 2007
OS:    Windows ME, Windows Vista, Windows NT 4, Red Hat Linux, Windows XP,
       Other Linux Variants, Windows 2000, Windows 2003, Debian GNU/Linux,
       Windows 98/98SE, Solaris 
URL:   http://www.auscert.org.au/8123

Title: ESB-2007.0709 -- [Solaris] -- Security Vulnerability in BIND 8 May
       Allow Cache Poisoning Attack 
Date:  17 October 2007
OS:    Solaris 
URL:   http://www.auscert.org.au/8100

Title: ESB-2007.0683 -- [Solaris] -- Security Vulnerability in RPCSEC_GSS
       (rpcsec_gss(3NSL)) Affects Kerberos Administration Daemon (kadmind(1M))
Date:  18 October 2007
OS:    Solaris 
URL:   http://www.auscert.org.au/8058

Title: ESB-2007.0427 -- [Solaris] -- Multiple Security Vulnerabilities in
       samba(7) May Allow Remote Code Execution, Elevation of Privileges, or
       Remote Shell Command Execution 
Date:  15 October 2007
OS:    Solaris 
URL:   http://www.auscert.org.au/7726



===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 367 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20071019/5ff515d7/attachment.sig>


More information about the AusNOG mailing list