[AusNOG] AusCERT Week in Review - Week Ending 11/08/2006
matthew at auscert.org.au
matthew at auscert.org.au
Mon Aug 14 07:35:28 EST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings AusNOG,
Quite a big week for us just gone.
Hope this helps,
- - Matthew
AusCERT Week in Review
11 August 2006
Papers, Articles and other documents:
- -------------------------------------
Alerts, Advisories and Updates:
- -------------------------------
Title: AL-2006.0068 -- [Win] -- Greeting card trojan contains Haxdoor
credential-stealing malware
Date: 11 August 2006
URL: http://www.auscert.org.au/6625
Title: AA-2006.0057 -- [Win][Linux][NetWare] -- Novell GroupWise WebAccess
cross-site scripting vulnerabilities
Date: 11 August 2006
URL: http://www.auscert.org.au/6624
Title: AA-2006.0056 -- [UNIX/Linux][Win] -- PHP 4.4.3 release fixes multiple
potentially serious vulnerabilities
Date: 11 August 2006
URL: http://www.auscert.org.au/6623
Title: AU-2006.0028 -- AusCERT Update - [OSX] - Security Update 2006-004 for
Mac Pro
Date: 10 August 2006
URL: http://www.auscert.org.au/6612
Title: AA-2006.0055 -- [Win] -- Vulnerable ActiveX control from CA eTrust
web-based antivirus scan
Date: 10 August 2006
URL: http://www.auscert.org.au/6608
Title: AL-2006.0066 -- [Win][OSX] -- MS06-048 - Vulnerabilities in Microsoft
Office Could Allow Remote Code Execution
Date: 09 August 2006
URL: http://www.auscert.org.au/6599
Title: AL-2006.0065 -- [Win] -- Microsoft Security Bulletin MS06-042 -
Cumulative Security Update for Internet Explorer (918899)
Date: 09 August 2006
URL: http://www.auscert.org.au/6593
Title: AL-2006.0067 -- [Win] -- MS06-049, MS06-051 - Multiple Windows kernel
vulnerabilities allow remote code execution and privilege elevation
Date: 09 August 2006
URL: http://www.auscert.org.au/6600
Title: AL-2006.0064 -- [Win] -- Critical vulnerability in Microsoft RPC
(Remote Procedure Call) implementation - MS06-040
Date: 08 August 2006
URL: http://www.auscert.org.au/6591
Title: AA-2006.0054 -- [Win][UNIX/Linux] -- Buffer overflow in PHP sscanf
function may allow execution of arbitrary code
Date: 08 August 2006
URL: http://www.auscert.org.au/6590
Title: AA-2006.0053 -- [Win][UNIX/Linux][Mac] -- Heap overflow in ClamAV may
allow remote execution of arbitrary code
Date: 08 August 2006
URL: http://www.auscert.org.au/6589
Title: AA-2006.0052 -- [Win][UNIX/Linux] -- Vulnerabilities in vBulletin 3.x
and 2.x may allow cross site scripting and the execution of arbitrary
code or commands.
Date: 07 August 2006
URL: http://www.auscert.org.au/6585
External Security Bulletins:
- ----------------------------
Title: ESB-2006.0578 -- [RedHat] -- Red Hat update for Perl fixes security
regression
Date: 11 August 2006
OS: Red Hat Linux
URL: http://www.auscert.org.au/6622
Title: ESB-2006.0577 -- [UNIX/Linux][RedHat] -- Low: kdebase security fix
Date: 11 August 2006
OS: Solaris, Debian GNU/Linux, Other BSD Variants, IRIX, OpenBSD, FreeBSD,
Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX, AIX
URL: http://www.auscert.org.au/6621
Title: ESB-2006.0576 -- [Linux][RedHat] -- Updated kernel packages available
for Red Hat Enterprise Linux 4 Update 4
Date: 11 August 2006
OS: Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/6620
Title: ESB-2006.0575 -- [RedHat] -- Low: ntp security update
Date: 11 August 2006
OS: Red Hat Linux
URL: http://www.auscert.org.au/6619
Title: ESB-2006.0574 -- [UNIX/Linux] -- Heimdal Kerberos also affected by
privilege escalation vulnerabilities
Date: 11 August 2006
OS: Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/6618
Title: ESB-2006.0573 -- [UNIX/Linux][Debian] -- New ncompress packages fix
potential code execution
Date: 10 August 2006
OS: Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/6617
Title: ESB-2006.0572 -- [Win][UNIX/Linux] -- ColdFusion AdminAPI
Authentication Issue
Date: 10 August 2006
OS: Solaris, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, AIX
URL: http://www.auscert.org.au/6613
Title: ESB-2006.0571 -- [UNIX/Linux][Win][Debian] -- New gallery packages fix
several vulnerabilities
Date: 10 August 2006
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants, Red
Hat Linux, Windows NT 4, Mac OS X, HP-UX, AIX
URL: http://www.auscert.org.au/6611
Title: ESB-2006.0570 -- [UNIX/Linux][Win][Debian] -- New drupal packages fix
cross-site scripting
Date: 10 August 2006
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants, Red
Hat Linux, Windows NT 4, Mac OS X, HP-UX, AIX
URL: http://www.auscert.org.au/6610
Title: ESB-2006.0569 -- [Debian] -- New krb5 packages fix privilege escalation
Date: 09 August 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6607
Title: ESB-2006.0568 -- [Solaris][Linux] -- Security Vulnerability in the Sun
Ray Utility utxconfig(1)
Date: 09 August 2006
OS: Solaris, Other Linux Variants
URL: http://www.auscert.org.au/6606
Title: ESB-2006.0567 -- [Win][UNIX/Linux][RedHat] -- apache security update
Date: 09 August 2006
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants, Red
Hat Linux, Windows NT 4, Mac OS X, HP-UX, AIX
URL: http://www.auscert.org.au/6605
Title: ESB-2006.0566 -- [RedHat] -- Important: krb5 security update
Date: 09 August 2006
OS: Red Hat Linux
URL: http://www.auscert.org.au/6604
Title: ESB-2006.0565 -- [Linux][AIX] -- MIT Kerberos 5 - multiple local
privilege escalation vulnerabilities
Date: 09 August 2006
OS: Debian GNU/Linux, Other Linux Variants, Red Hat Linux, AIX
URL: http://www.auscert.org.au/6603
Title: ESB-2006.0564 -- [Win] -- MS06-050 - Vulnerabilities in Microsoft
Windows Hyperlink Object Library Could Allow Remote Code Execution
Date: 09 August 2006
OS: Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/6602
Title: ESB-2006.0563 -- [Win] -- MS06-045 - Vulnerability in Windows Explorer
Could Allow Remote Code Execution
Date: 09 August 2006
OS: Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/6601
Title: ESB-2006.0562 -- [Win] -- Microsoft Security Bulletin MS06-047 -
Vulnerability in Microsoft Visual Basic for Applications Could Allow
Remote Code Execution (921645)
Date: 09 August 2006
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Windows NT 4,
Windows ME
URL: http://www.auscert.org.au/6598
Title: ESB-2006.0561 -- [Win] -- Microsoft Security Bulletin MS06-046 -
Vulnerability in HTML Help Could Allow Remote Code Execution (922616)
Date: 09 August 2006
OS: Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/6597
Title: ESB-2006.0560 -- [Win] -- Microsoft Security Bulletin MS06-045 -
Vulnerability in Windows Explorer Could Allow Remote Code Execution
(921398)
Date: 09 August 2006
OS: Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/6596
Title: ESB-2006.0559 -- [Win] -- Microsoft Security Bulletin MS06-044 -
Vulnerability in Microsoft Management Console Could Allow Remote Code
Execution (917008)
Date: 09 August 2006
OS: Windows 2000
URL: http://www.auscert.org.au/6595
Title: ESB-2006.0558 -- [Win] -- Microsoft Security Bulletin MS06-043 -
Vulnerability in Microsoft Windows Could Allow Remote Code Execution
(920214)
Date: 09 August 2006
OS: Windows 2003, Windows XP
URL: http://www.auscert.org.au/6594
Title: ESB-2006.0557 -- [Win] -- Microsoft Security Bulletin MS06-041 -
Vulnerability in DNS Resolution Could Allow Remote Code Execution
(920683)
Date: 09 August 2006
OS: Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/6592
Title: ESB-2006.0556 -- [Win] -- McAfee multiple products stack buffer
overflow in ActiveX control
Date: 08 August 2006
OS: Windows 2000, Windows XP
URL: http://www.auscert.org.au/6588
Title: ESB-2006.0555 -- [Debian] -- New freeradius packages fix several
vulnerabilities
Date: 08 August 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6587
Title: ESB-2006.0554 -- [UNIX/Linux][Debian] -- New chmlib packages fix
directory traversal
Date: 08 August 2006
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/6586
Title: ESB-2006.0553 -- [Win][UNIX/Linux] -- MySQL 5.0.24 fixes access
restriction bypass and several DoS vulnerabilities
Date: 07 August 2006
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows ME
URL: http://www.auscert.org.au/6584
Title: ESB-2006.0552 -- [UNIX/Linux][Debian] -- New dhcp packages fix denial
of service
Date: 07 August 2006
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/6583
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRN+bICh9+71yA2DNAQLbGwP/eUcYNJL0KL/kNt835CO56pQJoe+UQiG3
912n2JLlWeaKN421n334btCSSnjemUvlq1NQ66mLiynjowtL4M/YYxjuijWjV3K5
9mb9uZCBWxzuHI2HZaRH/iE029rNbTn0HOAABqiSOLJ5SnlRuEkESxm1rkmcJ5Gk
1qMvaM8PgqQ=
=9PZZ
-----END PGP SIGNATURE-----
More information about the AusNOG
mailing list