[AusNOG] AusCERT Week in Review - Week Ending 14/03/2008 (AUSCERT#20073f686)

Zane Jarvis zane at auscert.org.au
Fri Mar 14 16:56:30 EST 2008


Hey AusNOG,

This week Microsoft released four critical updates which affected the Office
suites. It was reported that Excel documents were being spammed which actively
exploited one of the vulnerabilities. We did not personally see any of these
Excel files. So if you have been receiving any please feel free to forward
them to us.

Regards,


Zane Jarvis, Computer Security Analyst   | Hotline: +61 7 3365 4417
AusCERT, Australia's national CERT       | Fax:     +61 7 3365 7031
The University of Queensland             | WWW:     www.auscert.org.au
QLD 4072 Australia                       | Email:   auscert at auscert.org.au



AusCERT in the Media:
---------------------
Telstra, CommBank, DoD in secret cyberwar games
Builder AU, Australia
23 hours ago
http://www.builderau.com.au/news/soa/Telstra-CommBank-DoD-in-secret-cyberwar-games/0,339028227,339286727,00.htm

Internet fraud could cost you thousands: Are you protected?
SmartCompany.com.au, Australia
Mar 12, 2008
http://www.smartcompany.com.au/Premium-Articles/Top-Story/20080312-Internet-fraud-could-cost-you-thousands-Are-you-protected.html

Australia engages allies in cyber warfare
cso.online.com.au, Australia
Mar 12, 2008
http://www.csoonline.com.au/index.php/id;1447007406;fp;16;fpid;1

Analysis: DHS stages cyberwar exercise
United Press International
Mar 10, 2008
http://www.upi.com/International_Security/Emerging_Threats/Analysis/2008/03/10/analysis_dhs_stages_cyberwar_exercise/1908/


Papers, Articles and other documents:
-------------------------------------


Web Log Entries:
----------------
Title: AusCERT is 15!
Date:  09 March 2008
URL:   http://www.auscert.org.au/8924


Alerts, Advisories and Updates:
-------------------------------
Title: AL-2008.0030 -- [Win][Cisco][Solaris] -- CiscoWorks Internetwork
       Performance Monitor Remote Command Execution Vulnerability
Date:  14 March 2008
URL:   http://www.auscert.org.au/8957

Title: AA-2008.0066 -- [UNIX/Linux][OSX] -- Dovecot - multiple vulnerabilities
Date:  14 March 2008
URL:   http://www.auscert.org.au/8958

Title: AL-2008.0029 -- [Win][Cisco] -- Cisco Secure Access Control Server for
       Windows User-Changeable Password Vulnerabilities
Date:  13 March 2008
URL:   http://www.auscert.org.au/8944

Title: AA-2008.0065 -- [BSD] -- Patches released for OpenBSD address a
       vulnerability in ppp
Date:  13 March 2008
URL:   http://www.auscert.org.au/8949

Title: AL-2008.0027 -- [Win][OSX] -- MS08-016 - Critical Vulnerabilities in
       Microsoft Office Could Allow Remote Code Execution (949030)
Date:  12 March 2008
URL:   http://www.auscert.org.au/8933

Title: AL-2008.0028 -- [Win] -- MS08-017 - Critical Vulnerabilities in
       Microsoft Office Web Components Could Allow Remote Code Execution
       (933103)
Date:  12 March 2008
URL:   http://www.auscert.org.au/8934

Title: AL-2008.0025 -- [Win][OSX] -- MS08-014 Vulnerabilities in Microsoft
       Excel Could Allow Remote Code Execution
Date:  11 March 2008
URL:   http://www.auscert.org.au/8931

Title: AL-2008.0026 -- [Win] -- Critical Vulnerability in Microsoft Outlook
       Could Allow Remote Code Execution (949031)
Date:  11 March 2008
URL:   http://www.auscert.org.au/8932

Title: AL-2008.0024 -- [Win][OSX] -- Microsoft Bulletin Notification - March
       Prerelease Announcement
Date:  11 March 2008
URL:   http://www.auscert.org.au/8930

Title: AA-2008.0063 -- [Win] -- Panda Security products - multiple
       vulnerabilities
Date:  10 March 2008
URL:   http://www.auscert.org.au/8925

Title: AA-2008.0064 -- [Win][UNIX/Linux] -- IBM WebSphere MQ Security Bypass
Date:  10 March 2008
URL:   http://www.auscert.org.au/8926

Title: AA-2008.0062 -- [Win][Linux][Solaris] -- Sun Java JRE and JDK -
       multiple security vulnerabilities
Date:  09 March 2008
URL:   http://www.auscert.org.au/8911


External Security Bulletins:
----------------------------
Title: ESB-2008.0268 -- [AIX] -- AIX Perl buffer overflow vulnerability
Date:  14 March 2008
OS:    AIX
URL:   http://www.auscert.org.au/8956

Title: ESB-2008.0267 -- [AIX] -- AIX Logical Volume Manager buffer overflow
Date:  14 March 2008
OS:    AIX
URL:   http://www.auscert.org.au/8955

Title: ESB-2008.0266 -- [AIX] -- AIX libc inet_network buffer overflow
Date:  14 March 2008
OS:    AIX
URL:   http://www.auscert.org.au/8954

Title: ESB-2008.0265 -- [AIX] -- AIX reboot buffer overflow
Date:  14 March 2008
OS:    AIX
URL:   http://www.auscert.org.au/8953

Title: ESB-2008.0264 -- [AIX] -- AIX nddstat family environment variable error
Date:  14 March 2008
OS:    AIX
URL:   http://www.auscert.org.au/8952

Title: ESB-2008.0263 -- [AIX] -- AIX lsmcode environment variable error
Date:  14 March 2008
OS:    AIX
URL:   http://www.auscert.org.au/8951

Title: ESB-2008.0262 -- [AIX] -- AIX kernel multiple security vulnerabilities
Date:  14 March 2008
OS:    AIX
URL:   http://www.auscert.org.au/8950

Title: ESB-2008.0261 -- [Win][UNIX/Linux] -- Sun Java Server Faces - Cross
       Site Scripting May Lead to Elevation of Privileges
Date:  13 March 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
       Vista
URL:   http://www.auscert.org.au/8948

Title: ESB-2008.0260 -- [Win][UNIX/Linux] -- Ubercart (Drupal Third party
       module) - Cross site scripting
Date:  13 March 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, FreeBSD, Other Linux Variants, Windows XP,
       Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista
URL:   http://www.auscert.org.au/8947

Title: ESB-2008.0259 -- [Solaris] -- A Security Vulnerability Relating to
       Inter-Process Communication (IPC) May Lead to a Denial of Service
Date:  13 March 2008
OS:    Solaris
URL:   http://www.auscert.org.au/8946

Title: ESB-2008.0258 -- [Solaris] -- Solaris 10 Systems Equipped With e1000g
       Drivers May Experience Ethernet Link Flaps
Date:  13 March 2008
OS:    Solaris
URL:   http://www.auscert.org.au/8945

Title: ESB-2008.0257 -- [Win] -- RealNetworks RealPlayer ActiveX controls
       property heap memory corruption
Date:  13 March 2008
OS:    Windows 2003, Windows 2000, Windows XP, Windows Vista
URL:   http://www.auscert.org.au/8943

Title: ESB-2008.0256 -- [RedHat] -- Important: Red Hat Directory Server 7.1
       Service Pack 4 security update
Date:  12 March 2008
OS:    Red Hat Linux
URL:   http://www.auscert.org.au/8942

Title: ESB-2008.0255 -- [Win][Linux][RedHat][Solaris] -- Sun StorageTek Common
       Array Manager (CAM) 6.0.1 May Record an Incorrect IP Address For One of
       The Controllers During Array Registration
Date:  12 March 2008
OS:    Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
       Linux Variants, Windows XP, Red Hat Linux
URL:   http://www.auscert.org.au/8941

Title: ESB-2008.0254 -- [RedHat] -- Moderate: java-1.4.2-bea security update
Date:  12 March 2008
OS:    Red Hat Linux
URL:   http://www.auscert.org.au/8940

Title: ESB-2008.0253 -- [RedHat] -- Moderate: tomcat security update
Date:  12 March 2008
OS:    Red Hat Linux
URL:   http://www.auscert.org.au/8939

Title: ESB-2008.0252 -- [HP-UX] -- HPSBUX02316 SSRT071495 rev.1 - HP-UX
       running HP CIFS Server (Samba), Remote Execution of Arbitrary Code
Date:  12 March 2008
OS:    HP-UX
URL:   http://www.auscert.org.au/8938

Title: ESB-2008.0251 -- [Win] -- Symantec Altiris Deployment Server Escalation
       of Privileges
Date:  12 March 2008
OS:    Windows 2003, Windows 2000, Windows XP, Windows Vista
URL:   http://www.auscert.org.au/8937

Title: ESB-2008.0250 -- [Debian] -- New libnet-dns-perl packages fix several
       vulnerabilities
Date:  12 March 2008
OS:    Ubuntu, Debian GNU/Linux
URL:   http://www.auscert.org.au/8936

Title: ESB-2008.0249 -- [Win][UNIX/Linux] -- Adobe Security Bulletins - March
       2008
Date:  13 March 2008
OS:    Windows ME, Windows Vista, Mac OS X, Windows NT 4, Red Hat Linux,
       Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
       Windows 2003, Other BSD Variants, Debian GNU/Linux, Ubuntu, Windows
       98/98SE
URL:   http://www.auscert.org.au/8935

Title: ESB-2008.0248 -- [Win][UNIX/Linux] -- SAP MaxDB Signedness Error Heap
       Corruption Vulnerability
Date:  11 March 2008
OS:    Solaris, Ubuntu, Debian GNU/Linux, Other BSD Variants, Windows 2003,
       OpenBSD, Windows 2000, FreeBSD, Other Linux Variants, Red Hat Linux,
       HP-UX, AIX
URL:   http://www.auscert.org.au/8929

Title: ESB-2008.0247 -- [UNIX/Linux] -- SAP MaxDB sdbstarter Privilege
       Escalation Vulnerability
Date:  10 March 2008
OS:    Solaris, OpenBSD, Other BSD Variants, FreeBSD, HP-UX, Ubuntu, Debian
       GNU/Linux, Other Linux Variants, Red Hat Linux, AIX
URL:   http://www.auscert.org.au/8928

Title: ESB-2008.0246 -- [Win][UNIX/Linux] -- phpMyAdmin - SQL injection
       vulnerability
Date:  11 March 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
       Vista
URL:   http://www.auscert.org.au/8927

Title: ESB-2008.0245 -- [Solaris] -- Solaris Daylight Saving Time (DST) Update
       (March 2008)
Date:  10 March 2008
OS:    Solaris
URL:   http://www.auscert.org.au/8923

Title: ESB-2008.0244 -- [Solaris] -- Solaris ICU 3.2 Library - Multiple
       Security Vulnerabilities
Date:  10 March 2008
OS:    Solaris
URL:   http://www.auscert.org.au/8922

Title: ESB-2008.0243 -- [Linux][Solaris] -- Sun Java Web Console - Security
       Vulnerability
Date:  13 March 2008
OS:    Red Hat Linux, Other Linux Variants, Debian GNU/Linux, Ubuntu, Solaris
URL:   http://www.auscert.org.au/8921

Title: ESB-2008.0242 -- [Win][UNIX/Linux][Debian][OSX] -- New moin packages
       fix several vulnerabilities
Date:  10 March 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
       Vista
URL:   http://www.auscert.org.au/8920

Title: ESB-2008.0161 -- [HP-UX] -- HP-UX Running Apache, Remote Cross Site
       Scripting (XSS)
Date:  12 March 2008
OS:    HP-UX
URL:   http://www.auscert.org.au/8814

Title: ESB-2008.0084 -- [HP-UX] -- HP-UX Running ARPA Transport, Remote Denial
       of Service (DoS)
Date:  11 March 2008
OS:    HP-UX
URL:   http://www.auscert.org.au/8689



===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================







More information about the AusNOG mailing list