[AusNOG] AusCERT Week in Review - Week Ending 15/08/2008 (AUSCERT#20073F686)

Richard Billington richard at auscert.org.au
Fri Aug 15 16:08:48 EST 2008


AusCERT Week in Review
15 August 2008


Greetings,

I am sure you are all expecting me to mention something about Microsoft
and how you should patch your systems now. And then I would go on to say
how you should patch all systems with patches as soon as you can. After
all I am a good little security professional.

If you were thinking that then you would be half right. I would definitely
recommend patching the Microsoft products. However yesterday you may have
seen the "VMware ESX and ESXi Update 2 patch causing error" bulletin we
sent. If you didn't read it - basically it caused virtual machines to
refuse to power on.

So if you can't patch, and you can't not patch, what do you do? Well
testing before deployment is one option. You probably won't be able to test
everything, but hopefully it will uncover bugs (like not being able to
boot any of your virtual machines) that you would like to avoid introducing
into a production environment.

In other news, Symantec Veritas Storage Foundation for Windows has a remote
SYSTEM compromise, so you may want to check any systems you run that on
are not accessible on TCP port 4888, or apply the patch (after testing of
course).

Richard


AusCERT in the Media:
- - ---------------------
Hackers launch attacks on Georgian sites
Ninemsn, Australia 
Aug 10, 2008
http://news.ninemsn.com.au/article.aspx?id=612436

Alerts, Advisories and Updates:
- - -------------------------------
Title: AA-2008.0133 -- [Win][UNIX/Linux] -- Multiple Vulnerabilities Reported
       in Horde Applications 
Date:  15 August 2008
URL:   http://www.auscert.org.au/9462

Title: AA-2008.0172 -- [Win][UNIX/Linux] -- New release of Joomla! to correct
       a possible administrator compromise vulnerability 
Date:  15 August 2008
URL:   http://www.auscert.org.au/9727

Title: AL-2008.0091 -- [Win] -- Symantec Veritas Storage Foundation Scheduler
       Service NULL Session Authentication Bypass Vulnerability 
Date:  15 August 2008
URL:   http://www.auscert.org.au/9729

Title: AU-2008.0018 -- AusCERT Update - [VMware ESX] - VMware ESX/ESXi 3.5
       Update 2 patch causing error 
Date:  14 August 2008
URL:   http://www.auscert.org.au/9720

Title: AL-2008.0085 -- [Win] -- MS08-041 - Vulnerability in the ActiveX
       Control for the Snapshot Viewer for Microsoft Access Could Allow Remote
       Code Execution 
Date:  13 August 2008
URL:   http://www.auscert.org.au/9701

Title: AL-2008.0086 -- [Win][OSX] -- MS08-043 - Vulnerabilities in Microsoft
       Excel Could Allow Remote Code Execution 
Date:  13 August 2008
URL:   http://www.auscert.org.au/9702

Title: AL-2008.0087 -- [Win] -- MS08-044 - Vulnerabilities in Microsoft Office
       Filters Could Allow Remote Code Execution 
Date:  13 August 2008
URL:   http://www.auscert.org.au/9703

Title: AL-2008.0088 -- [Win] -- MS08-045 - Cumulative Security Update for
       Internet Explorer 
Date:  13 August 2008
URL:   http://www.auscert.org.au/9704

Title: AL-2008.0089 -- [Win] -- MS08-046 - Vulnerability in Microsoft Windows
       Image Color Management System Could Allow Remote Code Execution 
Date:  13 August 2008
URL:   http://www.auscert.org.au/9705

Title: AL-2008.0090 -- [Win][OSX] -- MS08-051 - Vulnerabilities in Microsoft
       PowerPoint Could Allow Remote Code Execution 
Date:  13 August 2008
URL:   http://www.auscert.org.au/9706

Title: AA-2008.0169 -- [Win] -- Webex Meeting Manager ActiveX control
       vulnerability 
Date:  12 August 2008
URL:   http://www.auscert.org.au/9689

Title: AL-2008.0084 -- [Win] -- Microsoft Bulletin Notification - August
       Prerelease Announcement 
Date:  12 August 2008
URL:   http://www.auscert.org.au/9696

Title: AA-2008.0171 -- [Win] -- A vulnerability has been found in the Cygwin
       setup.exe program 
Date:  12 August 2008
URL:   http://www.auscert.org.au/9700

Title: AA-2008.0170 -- [Linux] -- A vulnerability in the Linux Kernel uvcvideo
       format descriptor parsing may allow code execution 
Date:  11 August 2008
URL:   http://www.auscert.org.au/9693


External Security Bulletins:
- - ----------------------------
Title: ESB-2008.0811 -- [RedHat] -- Moderate: yum-rhn-plugin security update 
Date:  15 August 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/9730

Title: ESB-2008.0810 -- [UNIX/Linux][RedHat] -- Moderate: postfix security
       update 
Date:  15 August 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/9728

Title: ESB-2008.0809 -- [Win][UNIX/Linux] -- Directory Traversal vulnerability
       in Bugzilla 
Date:  14 August 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/9726

Title: ESB-2008.0808 -- [Win][Linux][HP-UX][Solaris] -- A Security
       Vulnerability in the ftp Subsystem of Sun Java System Web Proxy Server
       4.0 May Lead to a Denial of Service (DoS) 
Date:  14 August 2008
OS:    Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
       Linux Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, Windows
       Vista 
URL:   http://www.auscert.org.au/9725

Title: ESB-2008.0807 -- [Win] -- Two vulnerabilities in CA HIPS kmxfw.sys and
       CA HIPS kmxfw.sys 
Date:  14 August 2008
OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista 
URL:   http://www.auscert.org.au/9724

Title: ESB-2008.0806 -- [Win][UNIX/Linux] -- ClamAV denial of service
       vulnerability 
Date:  14 August 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/9723

Title: ESB-2008.0805 -- [Win][UNIX/Linux] -- Multiple vulnerabilities and
       weaknesses were discovered in Drupal 
Date:  14 August 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/9722

Title: ESB-2008.0804 -- [HP Tru64 UNIX] -- HP Tru64 UNIX running BIND, Remote
       DNS Cache Poisoning 
Date:  14 August 2008
OS:    HP Tru64 UNIX 
URL:   http://www.auscert.org.au/9721

Title: ESB-2008.0803 -- [RedHat] -- Multiple Red Hat Network Satellite Server
       and Satellite Server client security updates 
Date:  14 August 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/9719

Title: ESB-2008.0802 -- [RedHat] -- Low: Red Hat Network Satellite Server
       security update 
Date:  14 August 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/9718

Title: ESB-2008.0801 -- [RedHat] -- Low: Red Hat Network Proxy Server security
       update 
Date:  14 August 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/9717

Title: ESB-2008.0800 -- [Solaris] -- A Security Vulnerability in Solaris 10
       involving the sendfilev() system call could result in Denial of Service
       (DoS) due to System Panic 
Date:  15 August 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9716

Title: ESB-2008.0799 -- [HP-UX] -- HP-UX Running ftpd, Remote Privileged
       Access 
Date:  13 August 2008
OS:    HP-UX 
URL:   http://www.auscert.org.au/9715

Title: ESB-2008.0798 -- [RedHat] -- Moderate: hplip security update 
Date:  13 August 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/9714

Title: ESB-2008.0797 -- [VMware ESX] -- Updated ESX packages for OpenSSL,
       net-snmp, perl 
Date:  13 August 2008
OS:    Virtualisation 
URL:   http://www.auscert.org.au/9713

Title: ESB-2008.0796 -- [Win] -- Updated VirtualCenter addresses User Account
       Disclosure Vulnerability 
Date:  13 August 2008
OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista 
URL:   http://www.auscert.org.au/9712

Title: ESB-2008.0795 -- [Win] -- MS08-050 - Vulnerability in Windows Messenger
       Could Allow Information Disclosure 
Date:  13 August 2008
OS:    Windows 2003, Windows 2000, Windows XP 
URL:   http://www.auscert.org.au/9711

Title: ESB-2008.0794 -- [Win] -- MS08-049 - Vulnerabilities in Event System
       Could Allow Remote Code Execution 
Date:  13 August 2008
OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista 
URL:   http://www.auscert.org.au/9710

Title: ESB-2008.0793 -- [Win] -- MS08-048 - Security Update for Outlook
       Express and Windows Mail 
Date:  13 August 2008
OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista 
URL:   http://www.auscert.org.au/9709

Title: ESB-2008.0792 -- [Win] -- MS08-047 - Vulnerability in IPsec Policy
       Processing Could Allow Information Disclosure 
Date:  13 August 2008
OS:    Server 2008, Windows Vista 
URL:   http://www.auscert.org.au/9708

Title: ESB-2008.0791 -- [Win] -- MS08-042 - Vulnerability in Microsoft Word
       Could Allow Remote Code Execution 
Date:  13 August 2008
OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista 
URL:   http://www.auscert.org.au/9707

Title: ESB-2008.0790 -- [Win] -- Trend Micro OfficeScan ActiveX Buffer
       Overflow Issue 
Date:  12 August 2008
OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista 
URL:   http://www.auscert.org.au/9699

Title: ESB-2008.0789 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in Ruby 
Date:  15 August 2008
OS:    Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
       Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
       Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
       Tru64 UNIX, Solaris 
URL:   http://www.auscert.org.au/9698

Title: ESB-2008.0788 -- [Win] -- Presenter 7 update available to address
       potential Cross-site Scripting issues 
Date:  12 August 2008
OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista 
URL:   http://www.auscert.org.au/9697

Title: ESB-2008.0787 -- [RedHat] -- Moderate: dnsmasq security update 
Date:  12 August 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/9695

Title: ESB-2008.0786 -- [Win][UNIX/Linux][RedHat] -- Moderate: condor security
       and bug fix update 
Date:  12 August 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/9694

Title: ESB-2008.0785 -- [Solaris] -- Security Vulnerability in Solaris Trusted
       Extensions Labeled Networking may lead to remote unauthorized access to
       the Global Zone (zones(5)) of the System 
Date:  11 August 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9692

Title: ESB-2008.0784 -- [Win][UNIX/Linux] -- New PowerDNS packages reduce DNS
       spoofing risk 
Date:  11 August 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/9691

Title: ESB-2008.0782 -- [Solaris] -- Security Vulnerability in Firmware for
       Netra T5220 Systems May Allow a Denial of Service (DoS) 
Date:  11 August 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9686

Title: ESB-2008.0781 -- [Solaris] -- Security Vulnerabilities in the Solaris
       Priority Inherited pthread mutex API May Result in a Denial of Service
       (DoS) Condition 
Date:  11 August 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9685

Title: ESB-2008.0770 -- [Solaris] -- Multiple Security Vulnerabilities in the
       Adobe Reader may lead to Execution of Arbitrary Code and Overwrite
       Arbitrary Files 
Date:  11 August 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9671

Title: ESB-2008.0747 -- [VMware ESX] -- Updated ESX packages address several
       security issues 
Date:  15 August 2008
OS:    Virtualisation 
URL:   http://www.auscert.org.au/9645

Title: ESB-2008.0715 -- [HP-UX] -- HP-UX Running BIND, Remote DNS Cache
       Poisoning 
Date:  11 August 2008
OS:    HP-UX 
URL:   http://www.auscert.org.au/9601

Title: ESB-2008.0684 -- [Solaris] -- Solaris BIND - Security Vulnerability in
       the DNS Protocol may lead to DNS Cache Poisoning 
Date:  11 August 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9560

Title: ESB-2008.0637 -- [Solaris] -- Multiple Security Vulnerabilities in the
       FreeType2 library for Printer Font Binary (PFB) or TrueType Font (TTF)
       format font files may lead to a Denial of Service (DoS) or allow
       Execution of Arbitrary Code 
Date:  15 August 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9489

Title: ESB-2008.0623 -- [VMware ESX] -- Updated Tomcat and Java JRE packages
       for VMware ESX 3.5 
Date:  15 August 2008
OS:    Virtualisation 
URL:   http://www.auscert.org.au/9463

Title: ESB-2008.0569 -- [Solaris] -- A Security Vulnerability in the Solaris
       crontab(1) utility may allow execution of Arbitrary Code 
Date:  11 August 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9381

Title: ESB-2008.0203 -- [Solaris] -- Security Vulnerability in Solaris 10 Perl
       5.8 
Date:  11 August 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/8865

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================




More information about the AusNOG mailing list