[AusNOG] AusCERT Week in Review - Week Ending 13/06/2008 (AUSCERT#20073f686)
Zane Jarvis
zane at auscert.org.au
Fri Jun 13 15:45:14 EST 2008
AusCERT in the Media:
- - ---------------------
Gov grants $1.2M to train luddites
cso.online.com.au, Australia
23 hours ago
http://www.csoonline.com.au/index.php/id;243744875;fp;16;fpid;1
Australia's most gullible: Top victims of cybercrime?
ZDNet.com.au, Australia
Jun 10, 2008
http://www.zdnet.com.au/news/security/soa/Australia-s-most-gullible-Top-victims-of-cybercrime-/0,130061744,339289763,00.htm
Online crooks up the ante
Australian IT, Australia
Jun 9, 2008
http://www.australianit.news.com.au/story/0,24897,23837201-5013040,00.html
Conroy pushes global cybercrime fight
Australian IT, Australia
Jun 9, 2008
http://www.australianit.news.com.au/story/0,24897,23836748-15306,00.html
Cyberattack alert service helps Aussies Stay Smart
ZDNet Asia, Asia
Jun 8, 2008
http://www.zdnetasia.com/news/security/0,39044215,62042374,00.htm
Papers, Articles and other documents:
- - -------------------------------------
Web Log Entries:
- - ----------------
Title: [OFF-TOPIC] Feeling Green?
Date: 10 June 2008
URL: http://www.auscert.org.au/9417
Alerts, Advisories and Updates:
- - -------------------------------
Title: AL-2008.0068 -- [Win] -- Skype File URI Security Bypass Code Execution
Vulnerability
Date: 12 June 2008
URL: http://www.auscert.org.au/9404
Title: AL-2008.0077 -- [Win] -- CitectSCADA ODBC service vulnerability
Date: 12 June 2008
URL: http://www.auscert.org.au/9433
Title: AA-2008.0129 -- [Win] -- Remote code execution vulnerability in Novell
Groupwise Messenger for Windows
Date: 12 June 2008
URL: http://www.auscert.org.au/9443
Title: AL-2008.0073 -- [Win][UNIX/Linux][Appliance] -- SNMPv3 Authentication
Bypass Vulnerability
Date: 11 June 2008
URL: http://www.auscert.org.au/9421
Title: AL-2008.0074 -- [Win] -- Vulnerability in Bluetooth Stack Could Allow
Remote Code Execution (951376)
Date: 11 June 2008
URL: http://www.auscert.org.au/9423
Title: AL-2008.0075 -- [Win] -- Cumulative Security Update for Internet
Explorer Fixes Multiple Vulnerabilities
Date: 11 June 2008
URL: http://www.auscert.org.au/9424
Title: AL-2008.0076 -- [Win] -- Vulnerabilities in DirectX Could Allow Remote
Code Execution (951698)
Date: 11 June 2008
URL: http://www.auscert.org.au/9426
Title: AA-2008.0128 -- [Win] -- Vulnerability in WINS Could Allow Elevation of
Privilege (948745
Date: 11 June 2008
URL: http://www.auscert.org.au/9427
Title: AL-2008.0072 -- [Win][OSX] -- QuickTime 7.5 released fixing multiple
vulnerabilities
Date: 10 June 2008
URL: http://www.auscert.org.au/9419
Title: AL-2008.0067 -- [Win][VMware ESX][Linux] -- Patches available for
critical VMware vulnerabilities
Date: 09 June 2008
URL: http://www.auscert.org.au/9399
Title: AA-2008.0126 -- [Win][UNIX/Linux] -- Unspecified security vulnerability
in IBM Websphere Application Server.
Date: 09 June 2008
URL: http://www.auscert.org.au/9412
Title: AA-2008.0127 -- [Win][UNIX/Linux] -- Vulnerability reported in Adobe
Reader
Date: 09 June 2008
URL: http://www.auscert.org.au/9415
External Security Bulletins:
- - ----------------------------
Title: ESB-2008.0617 -- [UNIX/Linux] -- Important: openoffice.org security
update
Date: 13 June 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9452
Title: ESB-2008.0616 -- [Solaris] -- Installing Solaris 10 Fibre Channel
Device Driver patches without an immediate reboot may cause a System
Panic
Date: 13 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9451
Title: ESB-2008.0615 -- [Win][Linux][Solaris] -- A Security Vulnerability in
StarOffice/StarSuite 8 may allow file manipulation and Arbitrary Code
execution
Date: 13 June 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Server 2008, Red Hat Linux, Windows Vista
URL: http://www.auscert.org.au/9450
Title: ESB-2008.0614 -- [Solaris] -- Kernel Security Vulnerability on Solaris
Systems Using the Sun UltraSPARC T2 and UltraSPARC T2+ Processors May
Allow Denial of Service (DoS)
Date: 13 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9449
Title: ESB-2008.0613 -- [Solaris] -- Vulnerability in Access Manager 7.1 may
Allow Unauthorized Access to Resources
Date: 13 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9448
Title: ESB-2008.0612 -- [Solaris] -- Solaris 10 Event Port Implementation May
Lead to a System Panic
Date: 13 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9447
Title: ESB-2008.0611 -- [UNIX/Linux][Debian] -- New mt-daapd packages fix
several vulnerabilities
Date: 13 June 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/9446
Title: ESB-2008.0610 -- [Win][UNIX/Linux][Debian] -- New typo3 packages fix
several vulnerabilities
Date: 13 June 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9445
Title: ESB-2008.0609 -- [Win] -- Cumulative Security Update of ActiveX Kill
Bits
Date: 12 June 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9444
Title: ESB-2008.0608 -- [Solaris] -- Multiple Security Vulnerabilities in
Solaris 10 Firefox may Allow Execution of Arbitrary Code and Access to
Unauthorized Data
Date: 12 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9442
Title: ESB-2008.0607 -- [Win][UNIX/Linux] -- Multiple Third-Party Drupal
Module Vulnerabilities
Date: 12 June 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/9441
Title: ESB-2008.0606 -- [Win][Linux][HP-UX][Solaris] -- HP OpenView Network
Node Manager(OV NNM), Remote Execution of Arbitrary Code, Denial of
Service (DoS)
Date: 12 June 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Server 2008, Red Hat Linux, HP-UX
URL: http://www.auscert.org.au/9440
Title: ESB-2008.0605 -- [HP-UX] -- HP-UX Running Apache or Tomcat with PHP,
Remote Execution of Arbitrary Code
Date: 12 June 2008
OS: HP-UX
URL: http://www.auscert.org.au/9439
Title: ESB-2008.0604 -- [RedHat] -- Important: perl security update
Date: 12 June 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9438
Title: ESB-2008.0603 -- [RedHat] -- Multiple xorg-x11 security updates
Date: 12 June 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9437
Title: ESB-2008.0602 -- [UNIX/Linux][RedHat] -- Important: XFree86 security
update
Date: 12 June 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/9436
Title: ESB-2008.0601 -- [UNIX/Linux][Debian] -- New xorg-server packages fix
several vulnerabilities
Date: 13 June 2008
OS: AIX, HP-UX, Red Hat Linux, Other Linux Variants, FreeBSD, OpenBSD,
IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX,
Solaris
URL: http://www.auscert.org.au/9435
Title: ESB-2008.0600 -- [UNIX/Linux][Debian] -- New imlib2 packages fix
arbitrary code execution
Date: 12 June 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/9434
Title: ESB-2008.0599 -- [Win][UNIX/Linux] -- Multiple Vendor FreeType2
Multiple Vulnerabilities
Date: 11 June 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Windows NT 4, Mac OS
X, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/9432
Title: ESB-2008.0598 -- [Win] -- Vulnerabilities in Pragmatic General
Multicast (PGM) Could Allow Denial of Service
Date: 11 June 2008
OS: Windows 2003, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9431
Title: ESB-2008.0597 -- [Win] -- Vulnerability in Active Directory Could Allow
Denial of Service
Date: 11 June 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008
URL: http://www.auscert.org.au/9430
Title: ESB-2008.0596 -- [Win][UNIX/Linux] -- Multiple Vendor OpenOffice
rtl_allocateMemory() Integer Overflow Vulnerability
Date: 11 June 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/9429
Title: ESB-2008.0595 -- [Win] -- Akamai Technologies Security Advisory
2008-0003
Date: 11 June 2008
OS: Windows 2003, Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/9428
Title: ESB-2008.0594 -- [RedHat] -- ucd-snmp and net-snmp security update
Date: 11 June 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9425
Title: ESB-2008.0593 -- [Cisco] -- SNMP Version 3 Authentication
Vulnerabilities
Date: 11 June 2008
OS: Cisco Products
URL: http://www.auscert.org.au/9422
Title: ESB-2008.0592 -- [Win][Linux][HP-UX][Solaris] -- HPSBMA02338
SSRT080024, SSRT080041 rev.1 - HP OpenView Network Node Manager (OV
NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS)
Date: 11 June 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Red Hat Linux, HP-UX
URL: http://www.auscert.org.au/9420
Title: ESB-2008.0591 -- [Debian] -- New tomcat5.5 packages cross-site
scripting
Date: 10 June 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9418
Title: ESB-2008.0590 -- [Linux][Debian] -- New Linux 2.6.18 packages fix
overflow conditions
Date: 10 June 2008
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants
URL: http://www.auscert.org.au/9416
Title: ESB-2008.0589 -- [Solaris] -- With Certain Solaris 10 patches
installed, svccfg may remove External Dependencies and leave the system
Unbootable
Date: 09 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9414
Title: ESB-2008.0588 -- [Solaris] -- Security Vulnerability in inet_network()
Library Routine May Allow Denial of Service (DoS) to Applications
Date: 12 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9411
Title: ESB-2008.0570 -- [Solaris] -- Two Security Vulnerabilities in samba(7)
WINS Server Daemon (nmbd) May Allow Execution of Arbitrary Code or Lead
to a Denial of Service (DoS) Condition
Date: 13 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9382
Title: ESB-2008.0568 -- [Solaris] -- A Security Vulnerability in samba(7)
Domain logons may allow execution of Arbitrary code with Root
privileges
Date: 13 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9380
Title: ESB-2008.0556 -- Motorola RAZR -- JPG Processing Stack Overflow
Vulnerability
Date: 10 June 2008
URL: http://www.auscert.org.au/9361
Title: ESB-2008.0530 -- [UNIX/Linux][RedHat] -- Low: vsftpd security and bug
fix update
Date: 09 June 2008
OS: Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/9329
Title: ESB-2008.0277 -- [Solaris] -- Dynamic Reconfiguration (DR)
"deleteboard" and "moveboard" Operations May Hang on a SPARC Enterprise
M4000/M5000/M8000/M9000
Date: 13 June 2008
OS: Solaris
URL: http://www.auscert.org.au/8968
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list