[AusNOG] AusCERT Week in Review - Week Ending 06/10/2006

Tue Oct 10 12:13:59 EST 2006

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings AusNOG,

AusCERT's week-in-review for last week.

Best regards,

- -- Matthew McGlashan --
Coordination Centre Team Leader             | Hotline: +61 7 3365 4417
Australian Computer Emergency Response Team | Direct:  +61 7 3365 7924
(AusCERT)                                   | Fax:     +61 7 3365 7031
The University of Queensland                | WWW:     www.auscert.org.au
Qld 4072 Australia                          | Email: auscert at auscert.org.au

Alerts, Advisories and Updates:
- -------------------------------
Title: AU-2006.0036 -- AusCERT Update - [Win][UNIX/Linux][OSX] - Reported
       Mozilla JavaScript engine vulnerabilities still unconfirmed 
Date:  05 October 2006
URL:   http://www.auscert.org.au/6826

Title: AA-2006.0073 -- [UNIX/Linux] -- Multiple vulnerabilities in Mailman 
Date:  05 October 2006
URL:   http://www.auscert.org.au/6717

Title: AA-2006.0078 -- [OSX] -- Vulnerability in Skype URI handling may allow
       remote code execution 
Date:  04 October 2006
URL:   http://www.auscert.org.au/6825

Title: AU-2006.0035 -- AusCERT Update - [Win][UNIX/Linux][OSX] - Unconfirmed
       vulnerabilities in Mozilla JavaScript engine may allow remote execution
       of arbitrary code 
Date:  03 October 2006
URL:   http://www.auscert.org.au/6821

Title: AL-2006.0085 -- [OSX] -- Mac OS X v10.4.8 and Security Update 2006-006 
Date:  02 October 2006
URL:   http://www.auscert.org.au/6816

External Security Bulletins:
- ----------------------------
Title: ESB-2006.0737 -- [Linux][RedHat] -- Important: kernel security update 
Date:  06 October 2006
OS:    Debian GNU/Linux, Other Linux Variants, Red Hat Linux 
URL:   http://www.auscert.org.au/6833

Title: ESB-2006.0736 -- [Win] -- Symantec AntiVirus IOCTL Kernel Privilege
       Escalation Vulnerability 
Date:  06 October 2006
OS:    Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Windows NT 4,
       Windows ME 
URL:   http://www.auscert.org.au/6832

Title: ESB-2006.0735 -- [Debian] -- New Mozilla Thunderbird packages fix
       several vulnerabilities 
Date:  06 October 2006
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/6831

Title: ESB-2006.0734 -- [Solaris] -- Security Vulnerability in Apache 2 Web
       Server Module 'mod_ssl' 
Date:  06 October 2006
OS:    Solaris 
URL:   http://www.auscert.org.au/6830

Title: ESB-2006.0733 -- [Debian] -- New maxdb-7.5.00 packages fix execution of
       arbitrary code 
Date:  05 October 2006
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/6829

Title: ESB-2006.0732 -- [Debian] -- New openssh-krb5 packages fix denial of
       service and potential execution of arbitrary code 
Date:  05 October 2006
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/6828

Title: ESB-2006.0731 -- [Debian] -- New mailman packages fix several problems 
Date:  05 October 2006
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/6827

Title: ESB-2006.0730 -- [Win][UNIX/Linux] -- phpMyAdmin Multiple CSRF
       Vulnerabilities 
Date:  04 October 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
       Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX 
URL:   http://www.auscert.org.au/6824

Title: ESB-2006.0729 -- [Win][Linux][Novell] -- Novell GroupWise Messenger
       nmma.exe DoS Vulnerability 
Date:  04 October 2006
OS:    Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux Variants, Red
       Hat Linux, Novell Netware 
URL:   http://www.auscert.org.au/6823

Title: ESB-2006.0728 -- [Win][Linux][Solaris] -- Security Vulnerability in RSA
       Signature Verification Impacting Multiple SUN Products 
Date:  04 October 2006
OS:    Solaris, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
       Variants, Windows XP, Red Hat Linux 
URL:   http://www.auscert.org.au/6822

Title: ESB-2006.0727 -- [Win] -- McAfee ePolicy Orchestrator and
       ProtectionPilot Command Execution Vulnerability 
Date:  03 October 2006
OS:    Windows 2003, Windows 2000, Windows XP 
URL:   http://www.auscert.org.au/6820

Title: ESB-2006.0726 -- [HP-UX] -- HP-UX Running Ignite-UX Server, Remote
       Unauthorized Access and Privilege Elevation 
Date:  03 October 2006
OS:    HP-UX 
URL:   http://www.auscert.org.au/6819

Title: ESB-2006.0725 -- [UNIX/Linux][HP-UX] -- HP-UX running SLP, Remote
       Unauthorized Access 
Date:  03 October 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX 
URL:   http://www.auscert.org.au/6818

Title: ESB-2006.0724 -- [Debian] -- New openssl packages fix arbitrary code
       execution 
Date:  03 October 2006
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/6817

Title: ESB-2006.0723 -- [Solaris] -- Vulnerability With Solaris IPv6 May Allow
       a Remote User the Ability to Create a Denial of Service Condition 
Date:  02 October 2006
OS:    Solaris 
URL:   http://www.auscert.org.au/6815

Title: ESB-2006.0722 -- [Linux][Solaris] -- Cross-site Scripting
       Vulnerabilities in the Sun Secure Global Desktop Software 
Date:  02 October 2006
OS:    Solaris, Debian GNU/Linux, Other Linux Variants, Red Hat Linux 
URL:   http://www.auscert.org.au/6814

Title: ESB-2006.0721 -- [UNIX/Linux][Debian] -- New cscope packages fix
       arbitrary code execution 
Date:  02 October 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX 
URL:   http://www.auscert.org.au/6813

Title: ESB-2006.0720 -- [UNIX/Linux][Debian] -- New migrationtools packages
       fix denial of service 
Date:  02 October 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX 
URL:   http://www.auscert.org.au/6812

Title: ESB-2006.0719 -- [FreeBSD] -- Multiple vulnerabilities in OpenSSH 
Date:  02 October 2006
OS:    FreeBSD 
URL:   http://www.auscert.org.au/6811

Title: ESB-2006.0718 -- [Solaris] -- On Solaris 10 libnsl(3LIB) or TLI/XTI API
       Routines May Cause Listener Programs for Databases or Other Network
       Aware Applications to Stop Responding 
Date:  02 October 2006
OS:    Solaris 
URL:   http://www.auscert.org.au/6810

Title: ESB-2006.0711 -- [FreeBSD] -- Multiple problems in crypto(3) 
Date:  02 October 2006
OS:    FreeBSD 
URL:   http://www.auscert.org.au/6803

Title: ESB-2006.0709 -- [Win][UNIX/Linux] -- OpenSSH 4.4 released 
Date:  05 October 2006
OS:    Windows ME, AIX, HP-UX, Mac OS X, Windows NT 4, Red Hat Linux, Windows
       XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows CE,
       Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Windows
       98/98SE, HP Tru64 UNIX, Solaris 
URL:   http://www.auscert.org.au/6800

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRSsB5yh9+71yA2DNAQIvCQP+KTFXuB7sw93m39Rsql+4FtuESyXm88k4
+svw07uqyXXt+r9ktCSUZrTVO+8G1RXBAMtv0qMgxS58HTrHBfLYzRArdF0xqCqe
b3cW7P0/eb3i/2jNu54rDD9WtkKwzZBluuW50NAxi3QwayhKwIHzLcEm8dNfZwEo
FRuXhC3myTU=
=5vcZ
-----END PGP SIGNATURE-----