[AusNOG] AusCERT Week in Review - Week Ending 22/02/2008 (AUSCERT#20073F686)

Damien Curtain damien at auscert.org.au
Fri Feb 22 16:25:06 EST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

AusCERT Week in Review
22 February 2008


Alerts, Advisories and Updates:
- -------------------------------
Title: AA-2008.0046 -- [Win][UNIX/Linux] -- Mambo and Joomla components - SQL
       injections 
Date:  22 February 2008
URL:   http://www.auscert.org.au/8826

Title: AA-2008.0049 -- [Win][UNIX/Linux] -- Opera version 9.26 released fixing
       several vulnerabilities 
Date:  21 February 2008
URL:   http://www.auscert.org.au/8843

Title: AA-2008.0050 -- [Win][UNIX/Linux] -- Multiple Horde products do not
       properly check access rights 
Date:  21 February 2008
URL:   http://www.auscert.org.au/8844

Title: AA-2008.0047 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in IBM
       DB2 9.1 
Date:  20 February 2008
URL:   http://www.auscert.org.au/8833

Title: AA-2008.0048 -- [Linux] -- Linux kernel 2.4 security update 
Date:  20 February 2008
URL:   http://www.auscert.org.au/8835

Title: AA-2008.0027 -- [Win][UNIX/Linux] -- Multiple SQL injection
       vulnerabilities in Wordpress plugins 
Date:  19 February 2008
URL:   http://www.auscert.org.au/8730

Title: AA-2008.0045 -- [Win][UNIX/Linux] -- New Cacti release has multiple
       vulnerability fixes 
Date:  18 February 2008
URL:   http://www.auscert.org.au/8812


External Security Bulletins:
- ----------------------------
Title: ESB-2007.1047 -- [Solaris] -- Security Vulnerabilities in the Apache
       1.3 and 2.0 Web Server Daemon and "mod_status" Module May Lead to Cross
       Site Scripting (XSS) or Denial of Service (DoS). 
Date:  17 February 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/8548

Title: ESB-2007.1032 -- [Linux][Solaris] -- Security Vulnerabilities in the
       Sun Ray Device Manager Daemon 
Date:  20 February 2008
OS:    Solaris, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux 
URL:   http://www.auscert.org.au/8530

Title: ESB-2008.0196 -- [Win][Linux][HP-UX][Solaris][AIX] -- Veritas Storage
       Foundation by Symantec: Veritas Enterprise Administrator, Heap Overflow
Date:  22 February 2008
OS:    Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
       Linux Variants, Red Hat Linux, HP-UX, AIX 
URL:   http://www.auscert.org.au/8856

Title: ESB-2008.0195 -- [Win][UNIX/Linux][Ubuntu] -- Qt vulnerability 
Date:  22 February 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Red Hat Linux, HP-UX, AIX, Windows Vista 
URL:   http://www.auscert.org.au/8855

Title: ESB-2008.0194 -- [Appliance] -- Storage Management Appliance (SMA),
       Microsoft Patch Applicability MS08-003 to MS08-013 
Date:  22 February 2008
URL:   http://www.auscert.org.au/8854

Title: ESB-2008.0193 -- [Win][UNIX/Linux][Debian] -- New wordpress packages
       fix multiple vulnerabilities 
Date:  22 February 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
       Vista 
URL:   http://www.auscert.org.au/8853

Title: ESB-2008.0192 -- [Debian] -- New dspam packages fix information
       disclosure 
Date:  22 February 2008
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/8852

Title: ESB-2008.0191 -- [UNIX/Linux][Debian] -- New splitvt packages fix
       privilege escalation 
Date:  22 February 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/8851

Title: ESB-2008.0190 -- [AIX] -- IBM Pegasus CIM Server for Director on AIX
       vulnerabilities 
Date:  22 February 2008
OS:    AIX 
URL:   http://www.auscert.org.au/8850

Title: ESB-2008.0189 -- [VMware ESX] -- Moderate: Updated aacraid driver and
       samba and python service console updates 
Date:  22 February 2008
OS:    Other Linux Variants, Virtualisation 
URL:   http://www.auscert.org.au/8849

Title: ESB-2008.0188 -- [UNIX/Linux][RedHat] -- Important: cups security
       update 
Date:  22 February 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/8848

Title: ESB-2008.0187 -- [RedHat] -- Moderate: tk security update 
Date:  22 February 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/8847

Title: ESB-2008.0186 -- [RedHat] -- Moderate: tcltk security update 
Date:  22 February 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/8846

Title: ESB-2008.0185 -- [UNIX/Linux][RedHat] -- Moderate: openldap security
       update 
Date:  22 February 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/8845

Title: ESB-2008.0184 -- [Win] -- Possible Java plug-in vulnerability in Lotus
       Notes 
Date:  21 February 2008
OS:    Windows 2003, Windows 2000, Windows XP, Windows Vista 
URL:   http://www.auscert.org.au/8842

Title: ESB-2008.0183 -- [Win] -- Potential security issue with the Execution
       Control List and Notes signatures on Java applets in Lotus Notes 
Date:  22 February 2008
OS:    Windows Vista, Windows XP, Windows 2000, Windows 2003 
URL:   http://www.auscert.org.au/8841

Title: ESB-2008.0182 -- [Win] -- Symantec Altiris Notification Server Agent
       Privilege Escalation Vulnerability 
Date:  21 February 2008
OS:    Windows 2003, Windows 2000, Windows XP, Windows Vista 
URL:   http://www.auscert.org.au/8840

Title: ESB-2008.0181 -- [Win] -- Symantec Veritas Storage Foundation Scheduler
       Service DoS Vulnerability 
Date:  21 February 2008
OS:    Windows 2003, Windows 2000, Windows XP, Windows Vista 
URL:   http://www.auscert.org.au/8839

Title: ESB-2008.0180 -- [Win][UNIX/Linux] -- Unspecified vulnerability in the
       Drupal Header Image Module 
Date:  21 February 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
       Vista 
URL:   http://www.auscert.org.au/8838

Title: ESB-2008.0179 -- [Win] -- EMC RepliStor Multiple Heap Overflow
       Vulnerabilities 
Date:  21 February 2008
OS:    Windows 2003, Windows 2000, Windows XP, Windows Vista 
URL:   http://www.auscert.org.au/8837

Title: ESB-2008.0178 -- [TRU64] -- HP Tru64 UNIX running Perl, Remote
       Execution of Arbitrary Code 
Date:  21 February 2008
OS:    HP Tru64 UNIX 
URL:   http://www.auscert.org.au/8836

Title: ESB-2008.0177 -- [UNIX/Linux][Debian] -- New pcre3 packages fix
       arbitrary code execution 
Date:  20 February 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/8834

Title: ESB-2008.0176 -- [Appliance] -- SOPHOS Email Security Appliance Cross
       Site Scripting Vulnerability 
Date:  22 February 2008
URL:   http://www.auscert.org.au/8832

Title: ESB-2008.0175 -- [Win][Linux][Solaris] -- Lyris ListManager - Multiple
       Vulnerabilities 
Date:  20 February 2008
OS:    Solaris, Windows 2003, Windows 2000, Windows XP, Red Hat Linux 
URL:   http://www.auscert.org.au/8831

Title: ESB-2008.0174 -- [Win][UNIX/Linux] -- BEA Systems release 21 security
       advisories for multiple products 
Date:  22 February 2008
OS:    Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other
       Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,
       Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris 
URL:   http://www.auscert.org.au/8830

Title: ESB-2008.0173 -- [Win][UNIX/Linux][Debian] -- New libimager-perl
       packages fix arbitrary code execution 
Date:  20 February 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
       Vista 
URL:   http://www.auscert.org.au/8829

Title: ESB-2008.0172 -- [Win] -- Patch available for RoboHelp Cross-Site
       Scripting issue 
Date:  19 February 2008
OS:    Windows 2000, Windows XP, Windows Vista 
URL:   http://www.auscert.org.au/8828

Title: ESB-2008.0171 -- [Solaris] -- Security Vulnerability in the
       vuidmice(7M) STREAMS Modules May Lead to a System Panic 
Date:  22 February 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/8827

Title: ESB-2008.0170 -- [Debian] -- New clamav packages fix several
       vulnerabilities 
Date:  18 February 2008
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/8825

Title: ESB-2008.0164 -- [Win][Linux] -- F-Secure - Specially crafted CAB and
       RAR archives can bypass antivirus scanning 
Date:  18 February 2008
OS:    Windows Vista, Red Hat Linux, Windows XP, Other Linux Variants, Windows
       2000, Windows 2003, Debian GNU/Linux, Ubuntu 
URL:   http://www.auscert.org.au/8818

Title: ESB-2008.0154 -- [Debian] -- New nagios-plugins packages fix several
       vulnerabilities 
Date:  18 February 2008
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/8804

Title: ESB-2008.0151 -- [Win] -- MS08-011 - Important - Vulnerabilities in
       Microsoft Works File Converter Could Allow Remote Code Execution 
Date:  22 February 2008
OS:    Windows Vista, Windows XP, Windows 2000, Windows 2003 
URL:   http://www.auscert.org.au/8801

Title: ESB-2008.0145 -- [Win][UNIX/Linux] -- New versions of Apache Tomcat
       correct multiple vulnerabilities 
Date:  21 February 2008
OS:    Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other
       Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,
       Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris 
URL:   http://www.auscert.org.au/8779



===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBR75cSSh9+71yA2DNAQLWyAP+NUqnFvQB1k8tMcpjOT2KImhHC+rDSK1I
EjDv6WDf3ELg4JcIvDuBUXN6Ask1BxvB1XJNfMTDpZsK+dVClABytqFoYaRYCToO
vxmyOPFzo7WH4/fzcbxgLjfjmJKAiKMZ3eWefnBhV9Pavensy6ONUKK6beHFPCuj
bKMyvlEMZsU=
=mG5r
-----END PGP SIGNATURE-----





More information about the AusNOG mailing list