[AusNOG] AusCERT Week in Review - Week Ending 18/08/2006

matthew at auscert.org.au matthew at auscert.org.au
Mon Aug 21 11:45:17 EST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings AusNOG,

Our week-in-review for last week.

Regards,

- - Matthew

AusCERT Week in Review
18 August 2006


Papers, Articles and other documents:
- -------------------------------------


Alerts, Advisories and Updates:
- -------------------------------
Title: AL-2006.0069 -- [Win] -- "John Howard tragedy" email attachment
       installs Torpig credential stealing trojan 
Date:  18 August 2006
URL:   http://www.auscert.org.au/6645

Title: AA-2006.0061 -- [Win][Linux][HP-UX][Solaris][AIX] -- Multiple
       vulnerabilities in IBM Informix database 
Date:  16 August 2006
URL:   http://www.auscert.org.au/6637

Title: AA-2006.0060 -- [Win][Linux][HP-UX][Solaris][AIX] -- Multiple
       vulnerabilities in IBM WebSphere Application Server may allow access to
       sensitive information 
Date:  16 August 2006
URL:   http://www.auscert.org.au/6636

Title: AA-2006.0059 -- [Win] -- Microsoft Windows help file format may allow
       execution of arbitrary code 
Date:  15 August 2006
URL:   http://www.auscert.org.au/6633

Title: AA-2006.0058 -- [Win][UNIX/Linux] -- Ruby on Rails denial of service
       and data loss vulnerabilities 
Date:  15 August 2006
URL:   http://www.auscert.org.au/6632

Title: AU-2006.0029 -- AusCERT Update - [Win] - New MocBot variants exploiting
       recent Microsoft vulnerability 
Date:  14 August 2006
URL:   http://www.auscert.org.au/6627


External Security Bulletins:
- ----------------------------
Title: ESB-2006.0592 -- [Win] -- ActiveX control on IBM laptops and desktops
       may allow remote compromise 
Date:  18 August 2006
OS:    Windows
URL:   http://www.auscert.org.au/6644

Title: ESB-2006.0591 -- [AIX] -- A vulnerability in the setlocale() routine
       may allow for privilege escalation 
Date:  18 August 2006
OS:    AIX 
URL:   http://www.auscert.org.au/6643

Title: ESB-2006.0590 -- [OSX] -- Apple Xsan Filesystem path name buffer
       overflow 
Date:  18 August 2006
OS:    Mac OS X 
URL:   http://www.auscert.org.au/6642

Title: ESB-2006.0589 -- [HP-UX] -- HP-UX Running the LP Subsystem, remote
       Denial of Service (DoS) 
Date:  17 August 2006
OS:    HP-UX 
URL:   http://www.auscert.org.au/6641

Title: ESB-2006.0588 -- [UNIX/Linux][Win] -- SquirrelMail vulnerability in
       compose.php allows cross-user attacks 
Date:  17 August 2006
OS:    UNIX Variants, Windows
URL:   http://www.auscert.org.au/6640

Title: ESB-2006.0587 -- [Win][Linux][NetWare] -- Symantec NetBackup PureDisk:
       Non-Privileged User Authentication Bypass 
Date:  17 August 2006
OS:    Windows 2003, Windows 2000, Linux Variants, Windows XP, Novell Netware 
URL:   http://www.auscert.org.au/6639

Title: ESB-2006.0586 -- [RedHat] -- Moderate: wireshark security update (was
       ethereal) 
Date:  17 August 2006
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/6638

Title: ESB-2006.0585 -- [HP-UX] -- HP-UX in Trusted mode, Local Denial of
       Service (DoS) 
Date:  16 August 2006
OS:    HP-UX 
URL:   http://www.auscert.org.au/6635

Title: ESB-2006.0584 -- [Linux][Debian] -- New heartbeat packages fix denial
       of service 
Date:  16 August 2006
OS:    Debian GNU/Linux, Other Linux Variants, Red Hat Linux 
URL:   http://www.auscert.org.au/6634

Title: ESB-2006.0583 -- [Win][Linux][HP-UX][Solaris][AIX] -- HP OpenView
       Storage Data Protector, Remote Arbitrary Command Execution 
Date:  15 August 2006
OS:    Solaris, Windows, Linux variants, HP-UX, AIX
URL:   http://www.auscert.org.au/6631

Title: ESB-2006.0582 -- [Win] -- Symantec Backup Exec for Windows Server: RPC
       Interface Heap Overflow, Authorized User Potential Elevation of
       Privilege 
Date:  14 August 2006
OS:    Windows 2003, Windows 2000, Windows XP, Windows NT 4 
URL:   http://www.auscert.org.au/6630

Title: ESB-2006.0581 -- [Solaris] -- On Solaris 10 a System Panic may Result
       due to a Race Condition Between netstat(1M) (or snmp queries) and
       ifconfig(1M) 
Date:  14 August 2006
OS:    Solaris 
URL:   http://www.auscert.org.au/6629

Title: ESB-2006.0580 -- [Solaris] -- Certain Kerberos V5 patches May Cause
       kadmin(1M) to Fail or Create Incorrect File Ownership on NFS Clients 
Date:  14 August 2006
OS:    Solaris 
URL:   http://www.auscert.org.au/6628

Title: ESB-2006.0579 -- [Linux][Debian] -- New shadow packages fix
       privilege escalation 
Date:  14 August 2006
OS:    Linux Variants
URL:   http://www.auscert.org.au/6626


===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBROkQLSh9+71yA2DNAQJjfQP+L8ChJiB0P87fj4gLApM6u9o+YuYnqDM7
rWEjeAGeZXB6hqSPeq6LSq2PhYtpVW01pqdy5SZ1yxrfDncS1gWQiRQzt3NhkglQ
Ni8I11nxEDRjYtdiuGTlJ/0o0sDH5zjqm3hUeSQgxIRYRMdmbLEaIucllfRdISpF
CLXihdoawH8=
=xu/q
-----END PGP SIGNATURE-----

More information about the AusNOG mailing list