[AusNOG] AusCERT Week in Review - Week Ending 28/07/2006
matthew at auscert.org.au
matthew at auscert.org.au
Fri Jul 28 16:32:51 EST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings AusNOG,
Round up for the week. Some items might be member-only so sorry about
that but they usually do time out and become fully public (at some point).
Have a good weekend,
- - Matt
AusCERT Week in Review
28 July 2006
Papers, Articles and other documents:
- -------------------------------------
Title: Tor anonymisation: a network defender's primer
Date: 26 July 2006
URL: http://www.auscert.org.au/6533
Alerts, Advisories and Updates:
- -------------------------------
Title: AL-2006.0060 -- [Win][UNIX/Linux] -- Mozilla Products Contain Multiple
Vulnerabilities
Date: 28 July 2006
URL: http://www.auscert.org.au/6540
Title: AL-2006.0059 -- [Win] -- Order WC2905036 Trojan
Date: 25 July 2006
URL: http://www.auscert.org.au/6537
Title: AL-2006.0058 -- [Win] -- McAfee ePolicy Orchestrator Remote Compromise
Date: 24 July 2006
URL: http://www.auscert.org.au/6514
Title: AU-2006.0027 -- AusCERT Update - [Win] - Public exploit code released
for Microsoft DHCP and IIS Vulnerabilities MS06-034 and MS06-036
Date: 24 July 2006
URL: http://www.auscert.org.au/6513
External Security Bulletins:
- ----------------------------
Title: ESB-2006.0994 -- [HP-UX] -- SSRT4728 rev.2 - HP-UX running TCP/IP
Remote Denial of Service (DoS)
Date: 26 July 2006
OS: HP-UX
URL: http://www.auscert.org.au/5848
Title: ESB-2006.0518 -- [Win][Linux][Solaris][AIX] -- Protocol Parsing Bug in
SMB Mailslot Parsing in ISS Products
Date: 28 July 2006
OS: Solaris, Windows 98/98SE, Debian GNU/Linux, Windows 2003, Windows 2000,
Other Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, HP-UX,
AIX, Windows ME
URL: http://www.auscert.org.au/6545
Title: ESB-2006.0517 -- [Win] -- eIQnetworks Enterprise Security Analyzer
Topology Server Buffer Overflow Vulnerability
Date: 28 July 2006
OS: Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/6544
Title: ESB-2006.0516 -- [Debian] -- New Asterisk packages fix denial of
service
Date: 28 July 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6543
Title: ESB-2006.0515 -- [Solaris] -- Solaris Hosts are Vulnerable to a Denial
of Service Induced by an Internet Transmission Control Protocol (TCP)
"ACK Storm"
Date: 28 July 2006
OS: Solaris
URL: http://www.auscert.org.au/6542
Title: ESB-2006.0514 -- [Win][UNIX/Linux][RedHat] -- Moderate: ruby security
update
Date: 28 July 2006
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows ME
URL: http://www.auscert.org.au/6541
Title: ESB-2006.0513 -- [RedHat] -- Critical: seamonkey security update
Date: 28 July 2006
OS: Red Hat Linux
URL: http://www.auscert.org.au/6539
Title: ESB-2006.0512 -- [Win] -- Windows VPN Client Local Privilege Escalation
Vulnerability
Date: 28 July 2006
OS: Windows 2003, Windows 2000, Windows XP, Windows NT 4
URL: http://www.auscert.org.au/6538
Title: ESB-2006.0511 -- [Win][UNIX/Linux][Debian] -- New drupal packages fix
execution of arbitrary web script code
Date: 27 July 2006
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows ME
URL: http://www.auscert.org.au/6536
Title: ESB-2006.0510 -- [Linux][Debian] -- New Linux kernel 2.6.8 packages fix
privilege escalation
Date: 27 July 2006
OS: Debian GNU/Linux, Other Linux Variants
URL: http://www.auscert.org.au/6535
Title: ESB-2006.0509 -- [Cisco] -- Cisco Security Response: Internet Key
Exchange Resource Exhaustion Attack
Date: 27 July 2006
OS: Cisco Products
URL: http://www.auscert.org.au/6534
Title: ESB-2006.0508 -- [RedHat] -- Important: samba security update
Date: 26 July 2006
OS: Red Hat Linux
URL: http://www.auscert.org.au/6532
Title: ESB-2006.0507 -- [UNIX/Linux][RedHat] -- Moderate: kdebase security fix
Date: 26 July 2006
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/6531
Title: ESB-2006.0506 -- [Debian] -- New fbi packages fix potential deletion of
user data
Date: 25 July 2006
OS: Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/6530
Title: ESB-2006.0505 -- [Win][UNIX/Linux][Debian][OSX] -- New libdumb packages
fix arbitrary code execution
Date: 25 July 2006
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows ME
URL: http://www.auscert.org.au/6529
Title: ESB-2006.0504 -- [Win][UNIX/Linux][Debian] -- New Net::Server packages
fix denial of service
Date: 25 July 2006
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows ME
URL: http://www.auscert.org.au/6528
Title: ESB-2006.0503 -- [UNIX/Linux][Debian] -- New postgrey packages fix
denial of service
Date: 25 July 2006
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/6527
Title: ESB-2006.0502 -- [Debian] -- New Mozilla Firefox packages fix several
vulnerabilities
Date: 25 July 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6526
Title: ESB-2006.0501 -- [UNIX/Linux][Debian] -- New hiki packages fix denial
of service
Date: 25 July 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6525
Title: ESB-2006.0500 -- [Debian] -- New Mozilla packages fix several
vulnerabilities
Date: 25 July 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6524
Title: ESB-2006.0499 -- [Solaris] -- Potential Kernel Memory Disclosure
Vulnerability in the Solaris sysinfo(2) System Call
Date: 25 July 2006
OS: Solaris
URL: http://www.auscert.org.au/6523
Title: ESB-2006.0498 -- [Solaris] -- Security Vulnerability in Sun's Internet
Protocol (IP) Implementation May Allow Local Users to Bypass the
Routing Table
Date: 24 July 2006
OS: Solaris
URL: http://www.auscert.org.au/6522
Title: ESB-2006.0497 -- [Win][UNIX/Linux][Debian] -- New libgd2 packages fix
denial of service
Date: 24 July 2006
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, HP-UX, AIX,
Windows ME
URL: http://www.auscert.org.au/6521
Title: ESB-2006.0496 -- [Debian] -- New gimp packages fix arbitrary code
execution
Date: 24 July 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6520
Title: ESB-2006.0495 -- [Debian] -- New GnuPG2 packages fix denial of service
Date: 24 July 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6519
Title: ESB-2006.0494 -- [UNIX/Linux][Debian] -- New hashcash packages fix
arbitrary code execution
Date: 24 July 2006
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows ME
URL: http://www.auscert.org.au/6518
Title: ESB-2006.0493 -- [Solaris] -- Local Users May be Able to Hang Systems
That Have Loaded The Kernel Debugger kmdb(1)
Date: 24 July 2006
OS: Solaris
URL: http://www.auscert.org.au/6517
Title: ESB-2006.0492 -- [Solaris] -- A Local Unprivileged User May be Able to
Cause a Denial of Service (DoS) to Solaris 10 Hosts via the "/net"
Mount Point
Date: 24 July 2006
OS: Solaris
URL: http://www.auscert.org.au/6516
Title: ESB-2006.0491 -- [Solaris] -- Security Vulnerabilities in The Solaris
Event Port API May Result in a Denial of Service (DoS) Condition
Date: 24 July 2006
OS: Solaris
URL: http://www.auscert.org.au/6515
Title: ESB-2006.0466 -- [Win][UNIX/Linux][RedHat] -- Moderate: php security
update
Date: 26 July 2006
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other Linux Variants,
FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX, Other BSD Variants,
Debian GNU/Linux, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/6478
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (FreeBSD)
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRMmvkih9+71yA2DNAQI3iAP/WpCli+rcGz4rYXIQk3oj3vxeSzc5PRdM
Z7ow+e4xn0odSPA2V2JMCiX0MmbEGCikK7RSzfKjX3/ALS0dHHX8rWIsbmuusdEF
cggFDRGHTVS1c2aEghajH1Dgbe1yLVv2v+fbMRfo1nV8GkmQlTq7w7hkFeewPn0p
DFsTnekCxTw=
=lvVy
-----END PGP SIGNATURE-----
More information about the AusNOG
mailing list