[AusNOG] AusCERT Week in Review - Week Ending 25/08/2006
matthew at auscert.org.au
matthew at auscert.org.au
Fri Aug 25 17:20:30 EST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings AusNOG,
Our week-in-review for the week just gone. On time for a change too.
Regards,
- - Matthew
AusCERT Week in Review
25 August 2006
Papers, Articles and other documents:
- -------------------------------------
Alerts, Advisories and Updates:
- -------------------------------
Title: AU-2006.0031 -- AusCERT Update - [Win] - Updated patch for MS06-042
available fixing new 'Long URL Buffer Overflow' vulnerability
Date: 25 August 2006
URL: http://www.auscert.org.au/6668
Title: AA-2006.0068 -- [Win][Linux][Solaris] -- Blackboard vulnerabilities
allow cross-site scripting
Date: 25 August 2006
URL: http://www.auscert.org.au/6671
Title: AL-2006.0065 -- [Win] -- Microsoft Security Bulletin MS06-042 -
Cumulative Security Update for Internet Explorer (918899)
Date: 25 August 2006
URL: http://www.auscert.org.au/6593
Title: AA-2006.0067 -- [Win][UNIX/Linux] -- Wireshark (Ethereal)
vulnerabilities allow execution of arbitrary code
Date: 25 August 2006
URL: http://www.auscert.org.au/6670
Title: AA-2006.0066 -- [Win][UNIX/Linux] -- New versions of PHP 4 and 5
available
Date: 24 August 2006
URL: http://www.auscert.org.au/6664
Title: AA-2006.0065 -- [Win] -- A buffer overflow vulnerability in BlackBerry
Attachment Service may allow remote code execution
Date: 23 August 2006
URL: http://www.auscert.org.au/6661
Title: AU-2006.0030 -- AusCERT Update - [Win] - Recently reported PowerPoint
vulnerability has existing patch
Date: 23 August 2006
URL: http://www.auscert.org.au/6660
Title: AL-2006.0070 -- [Win] -- Unpatched vulnerability reported in PowerPoint
Date: 23 August 2006
URL: http://www.auscert.org.au/6647
Title: AA-2006.0064 -- [Win][UNIX/Linux] -- Vulnerabilities reported in
multiple Mambo / Joomla components
Date: 22 August 2006
URL: http://www.auscert.org.au/6655
Title: AL-2006.0071 -- [Win][UNIX/Linux] -- Vulnerability in SAP Internet
Graphics Service allows execution of arbitrary code
Date: 22 August 2006
URL: http://www.auscert.org.au/6654
Title: AA-2006.0063 -- [Win][UNIX/Linux] -- XSS vulnerabilities in Horde
framework and Horde IMP web mail
Date: 21 August 2006
URL: http://www.auscert.org.au/6648
External Security Bulletins:
- ----------------------------
Title: ESB-2006.0607 -- [Win][UNIX/Linux][RedHat] -- ImageMagick security
update
Date: 25 August 2006
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows ME
URL: http://www.auscert.org.au/6669
Title: ESB-2006.0606 -- [Debian] -- New sendmail packages fix denial of
service
Date: 25 August 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6667
Title: ESB-2006.0605 -- [BSD][NetBSD] -- Malicious PPP options can overrun a
kernel buffer
Date: 24 August 2006
OS: Other BSD Variants, OpenBSD
URL: http://www.auscert.org.au/6666
Title: ESB-2006.0604 -- [FreeBSD] -- Buffer overflow in ppp(4)
Date: 24 August 2006
OS: FreeBSD
URL: http://www.auscert.org.au/6665
Title: ESB-2006.0603 -- [Cisco] -- Unintentional Password Modification in
Cisco Firewall Products
Date: 24 August 2006
OS: Cisco Products
URL: http://www.auscert.org.au/6663
Title: ESB-2006.0602 -- [Cisco] -- Cisco VPN 3000 Concentrator FTP Management
Vulnerabilities
Date: 24 August 2006
OS: Cisco Products
URL: http://www.auscert.org.au/6662
Title: ESB-2006.0601 -- [Win][Linux][Solaris] -- Java Plug-in and Java Web
Start May Allow Applets and Applications to Run With Unpatched JRE
Date: 23 August 2006
OS: Solaris, Windows 98/98SE, Debian GNU/Linux, Windows 2003, Windows 2000,
Other Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Windows
ME
URL: http://www.auscert.org.au/6659
Title: ESB-2006.0600 -- [Solaris] -- Security Vulnerability May Allow Users
With the "File System Management" RBAC Profile to Gain Elevated
Privileges
Date: 23 August 2006
OS: Solaris
URL: http://www.auscert.org.au/6658
Title: ESB-2006.0599 -- [Solaris] -- Security Vulnerability Due to Buffer
Overflow in The format(1M) Command May Allow Privilege Elevation For
Certain RBAC Profiles
Date: 23 August 2006
OS: Solaris
URL: http://www.auscert.org.au/6657
Title: ESB-2006.0598 -- [Linux][RedHat] -- Important: kernel security update
Date: 23 August 2006
OS: Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/6656
Title: ESB-2006.0597 -- [UNIX/Linux][RedHat] -- Execute arbitrary code
vulnerability in X.org server
Date: 22 August 2006
OS: AIX, HP-UX, Red Hat Linux, Other Linux Variants, FreeBSD, OpenBSD,
IRIX, Other BSD Variants, Debian GNU/Linux, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/6653
Title: ESB-2006.0596 -- [Debian] -- New squirrelmail packages fix information
disclosure
Date: 22 August 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6652
Title: ESB-2006.0595 -- [Solaris] -- On Solaris 10 libnsl(3LIB) or TLI/XTI API
Routines May Cause Listener Programs for Databases or Other Network
Aware Applications to Stop Responding
Date: 21 August 2006
OS: Solaris
URL: http://www.auscert.org.au/6651
Title: ESB-2006.0594 -- [Debian] -- New ClamAV packages fix arbitrary code
execution
Date: 21 August 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6650
Title: ESB-2006.0593 -- [Win][UNIX/Linux][Debian] -- New trac packages fix
information disclosure
Date: 21 August 2006
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows ME
URL: http://www.auscert.org.au/6649
Title: ESB-2006.0568 -- [Linux][Solaris] -- Security Vulnerability in the Sun
Ray Utility utxconfig(1)
Date: 21 August 2006
OS: Other Linux Variants, Solaris
URL: http://www.auscert.org.au/6606
Title: ESB-2006.0567 -- [Win][UNIX/Linux][RedHat] -- apache security update
Date: 21 August 2006
OS: AIX, HP-UX, Mac OS X, Windows NT 4, Red Hat Linux, Other Linux
Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX, Other BSD
Variants, Debian GNU/Linux, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/6605
Title: ESB-2006.0509 -- [Cisco] -- Cisco Security Response: Internet Key
Exchange Resource Exhaustion Attack
Date: 21 August 2006
OS: Cisco Products
URL: http://www.auscert.org.au/6534
Title: ESB-2006.0489 -- [RedHat] -- Low: elfutils security update
Date: 21 August 2006
OS: Red Hat Linux
URL: http://www.auscert.org.au/6511
Title: ESB-2006.0421 -- [HP-UX] -- HP-UX running Support Tools Manager (xstm,
cstm, stm) Local Denial of Service (DoS)
Date: 24 August 2006
OS: HP-UX
URL: http://www.auscert.org.au/6410
Title: ESB-2006.0419 -- [Solaris] -- A Security Vulnerability in sendmail(1M)
May Allow a Denial of Service (DoS) To Occur
Date: 23 August 2006
OS: Solaris
URL: http://www.auscert.org.au/6408
Title: ESB-2006.0158 -- [Solaris] -- Security Vulnerabilities in the Apache
1.3 Web Server
Date: 21 August 2006
OS: Solaris
URL: http://www.auscert.org.au/6080
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRO6kvSh9+71yA2DNAQJVSwQAlLqPQW7oobiV9+Wq3UEoEaMR1tdD4k7W
ECBR2zyNrnkW71a3/I4sj+2/c4qdJqFeE4tOEAAP2ZtTWBDgu0oY8cYNiAt2ZZc5
DTKw/A6UlSQJ4r9bP4IWlbiWMHiTLsyXWZdOb71cxDguZnXOVvR/dz1NmydpYSPr
aSGFStNTxUo=
=dFO/
-----END PGP SIGNATURE-----
More information about the AusNOG
mailing list