[AusNOG] AusCERT Week in Review - Week ending 11/07/2008 (AUSCERT#20073f686)
Zane Jarvis
zane at auscert.org.au
Fri Jul 11 16:25:14 EST 2008
Hi all,
I hope you all have started you DNS & BIND server update plan.
Cheers,
Zane Jarvis, Computer Security Analyst | Hotline: +61 7 3365 4417
AusCERT, Australia's national CERT | Fax: +61 7 3365 7031
The University of Queensland | WWW: www.auscert.org.au
QLD 4072 Australia | Email: auscert at auscert.org.au
AusCERT in the Media:
---------------------
Staying secure at the Olympics
Secure Computing, Australia
Jul 8, 2008
http://securecomputing.net.au/Feature/116138,staying-secure-at-the-olympics.aspx
Online crims run stolen data market
Australian IT, Australia
Jul 7, 2008
http://www.australianit.news.com.au/story/0,24897,23984660-15306,00.html
Papers, Articles and other documents:
-------------------------------------
Web Log Entries:
----------------
Alerts, Advisories and Updates:
-------------------------------
Title: AU-2008.0015 -- AusCERT Update - [Win] - MS08-037 and ZoneAlarm -
Connection Issues resolved
Date: 11 July 2008
URL: http://www.auscert.org.au/9567
Title: AA-2008.0154 -- [UNIX/Linux] -- Sophos - Denial of Service
vulnerability corrected
Date: 11 July 2008
URL: http://www.auscert.org.au/9569
Title: AA-2008.0153 -- [Win] -- Microsoft Office Word 2002 - Possible
Execution of Code
Date: 10 July 2008
URL: http://www.auscert.org.au/9564
Title: AL-2008.0080 -- [Win][UNIX/Linux][Juniper][Cisco] -- Multiple DNS
implementations vulnerable to cache poisoning
Date: 09 July 2008
URL: http://www.auscert.org.au/9546
Title: AA-2008.0151 -- [Win][UNIX/Linux] -- Joomla! 1.5.4 released correct
multiple vulnerabilities
Date: 08 July 2008
URL: http://www.auscert.org.au/9544
Title: AL-2008.0079 -- [Win] -- Microsoft Office Snapshot Viewer ActiveX
Vulnerability
Date: 08 July 2008
URL: http://www.auscert.org.au/9543
Title: AA-2008.0152 -- [Win] -- Microsoft Security Bulletin Prenotification
for July 2008
Date: 08 July 2008
URL: http://www.auscert.org.au/9545
Title: AA-2008.0150 -- [Linux] -- Linux Kernel 2.6.25.9 corrects two Denial of
Service vulnerabilities
Date: 07 July 2008
URL: http://www.auscert.org.au/9542
External Security Bulletins:
----------------------------
Title: ESB-2008.0690 -- [UNIX/Linux] -- Poppler vulnerability
Date: 11 July 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/9568
Title: ESB-2008.0689 -- [Appliance] -- Apple TV 2.1 is now available
addressing multiple issues
Date: 11 July 2008
OS: Mac OS X
URL: http://www.auscert.org.au/9566
Title: ESB-2008.0688 -- [Win][Netware][Linux][Solaris][AIX] -- Novell
eDirectory LDAP Search Request Heap Corruption Vulnerability
Date: 11 July 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Server 2008, Red Hat Linux, Novell Netware, AIX
URL: http://www.auscert.org.au/9565
Title: ESB-2008.0687 -- [Win][RedHat][HP-UX][Solaris] -- HP OpenView Network
Node Manager - Multiple vulnerabilities
Date: 10 July 2008
OS: Solaris, Windows 2003, Windows 2000, Windows XP, Server 2008, Red Hat
Linux, HP-UX, Windows Vista
URL: http://www.auscert.org.au/9563
Title: ESB-2008.0686 -- [Win][UNIX/Linux] -- Drupal - Multiple vulnerabilities
in core and third party module
Date: 10 July 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/9562
Title: ESB-2008.0685 -- [Debian] -- poppler packages fix execution of
arbitrary code
Date: 10 July 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9561
Title: ESB-2008.0684 -- [Solaris] -- Solaris BIND - Security Vulnerability in
the DNS Protocol may lead to DNS Cache Poisoning
Date: 10 July 2008
OS: Solaris
URL: http://www.auscert.org.au/9560
Title: ESB-2008.0683 -- [Win][UNIX/Linux] -- Sun Java Platform - Multiple
vulnerabilities
Date: 10 July 2008
OS: HP Tru64 UNIX, Solaris, Windows 98/98SE, Ubuntu, Debian GNU/Linux,
Other BSD Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD,
Other Linux Variants, Windows XP, Server 2008, Red Hat Linux, Windows
NT 4, HP-UX, AIX, Windows Vista, Windows ME
URL: http://www.auscert.org.au/9559
Title: ESB-2008.0682 -- [Win][UNIX/Linux][RedHat] -- Important: pidgin
security and bug fix update
Date: 10 July 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9558
Title: ESB-2008.0681 -- [UNIX/Linux][RedHat] -- Important: openldap security
update
Date: 10 July 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/9557
Title: ESB-2008.0680 -- [RedHat] -- Important: bind security update
Date: 10 July 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9556
Title: ESB-2008.0679 -- [Solaris] -- Multiple Security Vulnerabilities in the
Solaris X Server Extensions may lead to a Denial of Service (DoS)
condition or allow Execution of Arbitrary Code
Date: 09 July 2008
OS: Solaris
URL: http://www.auscert.org.au/9555
Title: ESB-2008.0678 -- [Win] -- Adobe RoboHelp - Patch available for
Cross-Site Scripting
Date: 09 July 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9554
Title: ESB-2008.0677 -- [Win] -- MS08-040 - Vulnerabilities in Microsoft SQL
Server Could Allow Elevation of Privilege
Date: 09 July 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9553
Title: ESB-2008.0676 -- [Win] -- MS08-039 - Vulnerabilities in Outlook Web
Access for Exchange Server Could Allow Elevation of Privilege
Date: 09 July 2008
OS: Windows 2003, Windows 2000, Server 2008
URL: http://www.auscert.org.au/9552
Title: ESB-2008.0675 -- [Win] -- MS08-038 - Vulnerability in Windows Explorer
Could Allow Remote Code Execution
Date: 09 July 2008
OS: Server 2008, Windows Vista
URL: http://www.auscert.org.au/9551
Title: ESB-2008.0674 -- [Win] -- MS08-037 Vulnerabilities in DNS could allow
spoofing
Date: 09 July 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008
URL: http://www.auscert.org.au/9550
Title: ESB-2008.0673 -- [UNIX/Linux][Debian] -- DNS vulnerability impact on
the libc stub resolver
Date: 09 July 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/9549
Title: ESB-2008.0672 -- [Debian] -- New bind9 packages fix cache poisoning and
bind8 end of life
Date: 09 July 2008
OS: Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/9548
Title: ESB-2008.0671 -- [Cisco] -- Multiple Cisco Products Vulnerable to DNS
Cache Poisoning Attacks
Date: 09 July 2008
OS: Cisco Products
URL: http://www.auscert.org.au/9547
Title: ESB-2008.0670 -- [Win][UNIX/Linux][Debian] -- New pcre3 packages fix
arbitrary code execution
Date: 07 July 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/9541
Title: ESB-2008.0669 -- [Win][UNIX/Linux][Debian] -- New wordpress packages
fix several vulnerabilities
Date: 07 July 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9540
Title: ESB-2008.0661 -- [Win][UNIX/Linux] -- phpMyAdmin before 2.11.7 is
vulnerabile to a Cross-site Scripting attack
Date: 07 July 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/9525
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list