<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.5pt;
font-family:Consolas;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:Consolas;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-AU link=blue vlink=purple>
<div class=Section1>
<p class=MsoPlainText>AusCERT Week in Review<o:p></o:p></p>
<p class=MsoPlainText>07 November 2008<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>AusCERT in the Media:<o:p></o:p></p>
<p class=MsoPlainText>- ---------------------<o:p></o:p></p>
<p class=MsoPlainText>Community warned over local scams<o:p></o:p></p>
<p class=MsoPlainText>Eyre Peninsula Tribune, Australia<o:p></o:p></p>
<p class=MsoPlainText>Nov 4, 2008<o:p></o:p></p>
<p class=MsoPlainText><a
href="http://eyrepeninsula.yourguide.com.au/news/local/news/general/community-warned-over-local-scams/1352924.aspx">http://eyrepeninsula.yourguide.com.au/news/local/news/general/community-warned-over-local-scams/1352924.aspx</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Real-life internet scammers dissected<o:p></o:p></p>
<p class=MsoPlainText>ZDNet.com.au, Australia<o:p></o:p></p>
<p class=MsoPlainText>Nov 4, 2008<o:p></o:p></p>
<p class=MsoPlainText><a
href="http://www.zdnet.com.au/insight/security/soa/Real-life-internet-scammers-dissected/0,139023764,339292871,00.htm">http://www.zdnet.com.au/insight/security/soa/Real-life-internet-scammers-dissected/0,139023764,339292871,00.htm</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Computer Security Day 2008 (Australia)<o:p></o:p></p>
<p class=MsoPlainText>Seguí la Flecha, Argentina<o:p></o:p></p>
<p class=MsoPlainText>Nov 4, 2008<o:p></o:p></p>
<p class=MsoPlainText><a
href="http://www.seguilaflecha.com/news_26057_Computer-Security-Day-2008-(Australia).html">http://www.seguilaflecha.com/news_26057_Computer-Security-Day-2008-(Australia).html</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Papers, Articles and other documents:<o:p></o:p></p>
<p class=MsoPlainText>- -------------------------------------<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Web Log Entries:<o:p></o:p></p>
<p class=MsoPlainText>- ----------------<o:p></o:p></p>
<p class=MsoPlainText>Title: Obama new President and new malware<o:p></o:p></p>
<p class=MsoPlainText>Date: 05 November 2008<o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10038">http://www.auscert.org.au/10038</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Alerts, Advisories and Updates:<o:p></o:p></p>
<p class=MsoPlainText>- -------------------------------<o:p></o:p></p>
<p class=MsoPlainText>Title: AA-2008.0228 -- [Win][UNIX/Linux] -- A
vulnerability has been<o:p></o:p></p>
<p class=MsoPlainText> identified in VLC media player versions 0.5.0
through to 0.9.5. <o:p></o:p></p>
<p class=MsoPlainText>Date: 07 November 2008<o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10049">http://www.auscert.org.au/10049</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: AA-2008.0226 -- [Win][UNIX/Linux] -- A
vulnerability has been<o:p></o:p></p>
<p class=MsoPlainText> identified in Novell Access Manager<o:p></o:p></p>
<p class=MsoPlainText>Date: 06 November 2008<o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10042">http://www.auscert.org.au/10042</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: AA-2008.0227 -- [UNIX/Linux] -- A vulnerability
exists in Nagios prior<o:p></o:p></p>
<p class=MsoPlainText> to version 3.0.5<o:p></o:p></p>
<p class=MsoPlainText>Date: 06 November 2008<o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10043">http://www.auscert.org.au/10043</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: AA-2008.0225 -- [Linux] -- A number of
vulnerabilities have been<o:p></o:p></p>
<p class=MsoPlainText> identified in the 2.6 Linux kernel<o:p></o:p></p>
<p class=MsoPlainText>Date: 05 November 2008<o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10041">http://www.auscert.org.au/10041</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: AL-2008.0111 -- [Win][Linux][Solaris][OSX] --
Security Update available<o:p></o:p></p>
<p class=MsoPlainText> for Adobe Reader 8 and Acrobat 8<o:p></o:p></p>
<p class=MsoPlainText>Date: 04 November 2008<o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10033">http://www.auscert.org.au/10033</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: AA-2008.0168 -- [Win][UNIX/Linux] -- A cross-site
scripting<o:p></o:p></p>
<p class=MsoPlainText> vulnerability has been found in Apache httpd
mod_proxy_ftp<o:p></o:p></p>
<p class=MsoPlainText>Date: 03 November 2008<o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/9688">http://www.auscert.org.au/9688</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>External Security Bulletins:<o:p></o:p></p>
<p class=MsoPlainText>- ----------------------------<o:p></o:p></p>
<p class=MsoPlainText>Title: ESB-2008.1028 -- [Win][Linux][Solaris][OSX] --
Flash Player update<o:p></o:p></p>
<p class=MsoPlainText> available to address security vulnerabilities<o:p></o:p></p>
<p class=MsoPlainText>Date: 07 November 2008<o:p></o:p></p>
<p class=MsoPlainText>OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003,
Windows 2000, Other<o:p></o:p></p>
<p class=MsoPlainText> Linux Variants, Windows XP, Red Hat Linux, Mac OS
X, Windows Vista <o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10048">http://www.auscert.org.au/10048</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: ESB-2008.1027 -- [Debian] -- New mysql-dfsg-5.0
packages fix<o:p></o:p></p>
<p class=MsoPlainText> authorization bypass<o:p></o:p></p>
<p class=MsoPlainText>Date: 07 November 2008<o:p></o:p></p>
<p class=MsoPlainText>OS: Debian GNU/Linux <o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10047">http://www.auscert.org.au/10047</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: ESB-2008.1026 -- [Solaris] -- A Security
Vulnerability in the Sun<o:p></o:p></p>
<p class=MsoPlainText> System Firmware on Certain SPARC Systems May Allow
Unauthorized Data<o:p></o:p></p>
<p class=MsoPlainText> Access<o:p></o:p></p>
<p class=MsoPlainText>Date: 07 November 2008<o:p></o:p></p>
<p class=MsoPlainText>OS: Solaris <o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10046">http://www.auscert.org.au/10046</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: ESB-2008.1025 -- [Tru64] -- HP Tru64 UNIX running
AdvFS "showfile"<o:p></o:p></p>
<p class=MsoPlainText> command, Local Gain Extended Privileges<o:p></o:p></p>
<p class=MsoPlainText>Date: 07 November 2008<o:p></o:p></p>
<p class=MsoPlainText>OS: HP Tru64 UNIX <o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10045">http://www.auscert.org.au/10045</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: ESB-2008.1024 -- [Win][Linux][Solaris][AIX][OSX]
-- Update available<o:p></o:p></p>
<p class=MsoPlainText> for potential ColdFusion 8 privilege escalation
issue<o:p></o:p></p>
<p class=MsoPlainText>Date: 07 November 2008<o:p></o:p></p>
<p class=MsoPlainText>OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003,
Windows 2000, Other<o:p></o:p></p>
<p class=MsoPlainText> Linux Variants, Windows XP, Server 2008, Red Hat
Linux, Mac OS X, AIX,<o:p></o:p></p>
<p class=MsoPlainText> Windows Vista <o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10044">http://www.auscert.org.au/10044</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: ESB-2008.1023 -- [Win][UNIX/Linux] -- A cross site
scripting<o:p></o:p></p>
<p class=MsoPlainText> vulnerability has been identified in CCK (Drupal
third-party module)<o:p></o:p></p>
<p class=MsoPlainText>Date: 06 November 2008<o:p></o:p></p>
<p class=MsoPlainText>OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux,
Other BSD Variants,<o:p></o:p></p>
<p class=MsoPlainText> IRIX, Windows 2003, OpenBSD, Windows 2000,
FreeBSD, Other Linux<o:p></o:p></p>
<p class=MsoPlainText> Variants, Windows XP, Server 2008, Red Hat Linux,
Mac OS X, HP-UX, AIX,<o:p></o:p></p>
<p class=MsoPlainText> Windows Vista <o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10040">http://www.auscert.org.au/10040</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: ESB-2008.1022 -- [Appliance][Cisco] -- Cisco VLAN
Trunking Protocol<o:p></o:p></p>
<p class=MsoPlainText> Vulnerability<o:p></o:p></p>
<p class=MsoPlainText>Date: 06 November 2008<o:p></o:p></p>
<p class=MsoPlainText>OS: Cisco Products <o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10039">http://www.auscert.org.au/10039</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: ESB-2008.1021 -- [RedHat] -- Important:
openoffice.org security update<o:p></o:p></p>
<p class=MsoPlainText>Date: 06 November 2008<o:p></o:p></p>
<p class=MsoPlainText>OS: Red Hat Linux <o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10037">http://www.auscert.org.au/10037</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: ESB-2008.1020 -- [HP-UX] -- HP System Management
Homepage (SMH) for<o:p></o:p></p>
<p class=MsoPlainText> HP-UX, Local Unauthorized Access<o:p></o:p></p>
<p class=MsoPlainText>Date: 05 November 2008<o:p></o:p></p>
<p class=MsoPlainText>OS: HP-UX <o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10036">http://www.auscert.org.au/10036</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: ESB-2008.1019 -- [HP-UX] -- HP-UX Running Xserver,
Remote Execution of<o:p></o:p></p>
<p class=MsoPlainText> Arbitrary Code<o:p></o:p></p>
<p class=MsoPlainText>Date: 05 November 2008<o:p></o:p></p>
<p class=MsoPlainText>OS: HP-UX <o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10035">http://www.auscert.org.au/10035</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: ESB-2008.1018 -- [RedHat] -- Important: kernel
security and bug fix<o:p></o:p></p>
<p class=MsoPlainText> update<o:p></o:p></p>
<p class=MsoPlainText>Date: 05 November 2008<o:p></o:p></p>
<p class=MsoPlainText>OS: Red Hat Linux <o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10034">http://www.auscert.org.au/10034</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: ESB-2008.1017 -- [Win][UNIX/Linux] -- Shibboleth
IdP 2.0<o:p></o:p></p>
<p class=MsoPlainText> UsernamePassword Login Handler Vulnerable to
Cross-site Request Attack<o:p></o:p></p>
<p class=MsoPlainText>Date: 04 November 2008<o:p></o:p></p>
<p class=MsoPlainText>OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux,
Other BSD Variants,<o:p></o:p></p>
<p class=MsoPlainText> IRIX, Windows 2003, OpenBSD, Windows 2000,
FreeBSD, Other Linux<o:p></o:p></p>
<p class=MsoPlainText> Variants, Windows XP, Server 2008, Red Hat Linux,
Mac OS X, HP-UX, AIX,<o:p></o:p></p>
<p class=MsoPlainText> Windows Vista <o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10032">http://www.auscert.org.au/10032</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: ESB-2008.1016 -- [UNIX/Linux][RedHat] --
Important: net-snmp security<o:p></o:p></p>
<p class=MsoPlainText> update<o:p></o:p></p>
<p class=MsoPlainText>Date: 04 November 2008<o:p></o:p></p>
<p class=MsoPlainText>OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux,
Other BSD Variants,<o:p></o:p></p>
<p class=MsoPlainText> IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red
Hat Linux, Mac OS X,<o:p></o:p></p>
<p class=MsoPlainText> HP-UX, AIX <o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10031">http://www.auscert.org.au/10031</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: ESB-2008.1015 -- [Linux][HP-UX][Solaris] -- Oracle
WebLogic Apache<o:p></o:p></p>
<p class=MsoPlainText> Connector<o:p></o:p></p>
<p class=MsoPlainText>Date: 03 November 2008<o:p></o:p></p>
<p class=MsoPlainText>OS: Solaris, Ubuntu, Debian GNU/Linux, Other Linux
Variants, Red Hat Linux,<o:p></o:p></p>
<p class=MsoPlainText> HP-UX <o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10030">http://www.auscert.org.au/10030</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: ESB-2008.1014 -- [VMware ESX] -- Updated ESX
packages for libxml2,<o:p></o:p></p>
<p class=MsoPlainText> ucd-snmp, libtiff<o:p></o:p></p>
<p class=MsoPlainText>Date: 03 November 2008<o:p></o:p></p>
<p class=MsoPlainText>OS: Virtualisation <o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10029">http://www.auscert.org.au/10029</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: ESB-2008.1011 -- [Win][Mac][OSX] -- Adobe
PageMaker Key Strings Stack<o:p></o:p></p>
<p class=MsoPlainText> Buffer Overflow<o:p></o:p></p>
<p class=MsoPlainText>Date: 04 November 2008<o:p></o:p></p>
<p class=MsoPlainText>OS: Windows Vista, Mac OS X, Server 2008, Windows XP,
Windows 2000, Windows<o:p></o:p></p>
<p class=MsoPlainText> 2003 <o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/10023">http://www.auscert.org.au/10023</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: ESB-2008.0846 -- [Win][VMware ESX][Linux] --
Updates to VMware<o:p></o:p></p>
<p class=MsoPlainText> Workstation, VMware Player, VMware ACE, VMware
Server, VMware ESX<o:p></o:p></p>
<p class=MsoPlainText> address information disclosure, privilege
escalation and other security<o:p></o:p></p>
<p class=MsoPlainText> issues<o:p></o:p></p>
<p class=MsoPlainText>Date: 03 November 2008<o:p></o:p></p>
<p class=MsoPlainText>OS: Windows Vista, Red Hat Linux, Server 2008,
Virtualisation, Windows XP,<o:p></o:p></p>
<p class=MsoPlainText> Other Linux Variants, Windows 2000, Windows 2003,
Debian GNU/Linux,<o:p></o:p></p>
<p class=MsoPlainText> Ubuntu <o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/9775">http://www.auscert.org.au/9775</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Title: ESB-2008.0747 -- [VMware ESX] -- Updated ESX
packages address several<o:p></o:p></p>
<p class=MsoPlainText> security issues<o:p></o:p></p>
<p class=MsoPlainText>Date: 03 November 2008<o:p></o:p></p>
<p class=MsoPlainText>OS: Virtualisation <o:p></o:p></p>
<p class=MsoPlainText>URL: <a href="http://www.auscert.org.au/9645">http://www.auscert.org.au/9645</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>===========================================================================<o:p></o:p></p>
<p class=MsoPlainText>Australian Computer Emergency Response Team The
University of Queensland Brisbane Qld 4072<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Internet Email: <a href="mailto:auscert@auscert.org.au">auscert@auscert.org.au</a><o:p></o:p></p>
<p class=MsoPlainText>Facsimile: (07) 3365 7031<o:p></o:p></p>
<p class=MsoPlainText>Telephone: (07) 3365 4417 (International: +61 7 3365
4417)<o:p></o:p></p>
<p class=MsoPlainText> AusCERT personnel answer during
Queensland business hours<o:p></o:p></p>
<p class=MsoPlainText> which are GMT+10:00 (AEST).<o:p></o:p></p>
<p class=MsoPlainText> On call after hours for member
emergencies only.<o:p></o:p></p>
<p class=MsoPlainText>===========================================================================<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>