[AusNOG] AusCERT Week(s) in Review - for September
matthew at auscert.org.au
matthew at auscert.org.au
Fri Sep 29 16:38:42 EST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <59538.1159511887.1 at app.auscert.org.au>
Greetings AusNOG,
Sorry for not sending these along for the past weeks. I hope they are
still of some use.
Best regards,
- - Matthew
- ------- =_aaaaaaaaaa0
Content-Type: multipart/digest; boundary="----- =_aaaaaaaaaa1"
Content-ID: <59538.1159511887.2 at app.auscert.org.au>
Content-Description: forwarded messages
- ------- =_aaaaaaaaaa1
Content-Type: message/rfc822
Return-Path: auscert-list-errors at auscert.org.au
Delivery-Date: Fri, 08 Sep 2006 16:21:13 +1000
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on app.auscert.org.au
X-Spam-Level:
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,NO_RELAYS
autolearn=unavailable version=3.1.3
Received: (from macleonard at localhost)
by app.auscert.org.au (8.13.1/8.13.1) id k886L3I0094795;
Fri, 8 Sep 2006 16:21:03 +1000 (EST)
(envelope-from auscert-list-errors at auscert.org.au)
Date: Fri, 8 Sep 2006 16:21:03 +1000 (EST)
Message-Id: <200609080621.k886L3I0094795 at app.auscert.org.au>
From: "AusCERT" <auscert at auscert.org.au>
To: auscert-subscriber at auscert.org.au
Sender: auscert at auscert.org.au
Reply-To: auscert at auscert.org.au
Errors-To: auscert-list-errors at auscert.org.au
Subject: AusCERT Week In Review W/E: 10-09-2006
Precedence: bulk
X-Precedence: bulk
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
AusCERT Week in Review
08 September 2006
Alerts, Advisories and Updates:
- - -------------------------------
Title: AA-2006.0074 -- [Win] -- Vulnerabilities in AOL ICQ Pro 2003b and ICQ
Toolbar 1.3 for Internet Explorer
Date: 08 September 2006
URL: http://www.auscert.org.au/6719
Title: AA-2006.0066 -- [Win][UNIX/Linux] -- New versions of PHP 4 and 5
available
Date: 08 September 2006
URL: http://www.auscert.org.au/6664
Title: AU-2006.0032 -- AusCERT Update - [Win] - Microsoft responds to
Microsoft Word 2000 vulnerability
Date: 07 September 2006
URL: http://www.auscert.org.au/6714
Title: AL-2006.0076 -- [Win] -- Unpatched Microsoft Word 2000 vulnerability
being exploited by malware
Date: 07 September 2006
URL: http://www.auscert.org.au/6709
Title: AA-2006.0073 -- [UNIX/Linux] -- Multiple vulnerabilities in Mailman
Date: 06 September 2006
URL: http://www.auscert.org.au/6717
Title: AL-2006.0075 -- [Win][UNIX/Linux] -- NISCC Vulnerability Advisory
172003/NISCC/BIND9: Multiple DoS Vulnerabilities in the BIND 9 Software
Date: 06 September 2006
URL: http://www.auscert.org.au/6707
Title: AL-2006.0074 -- [Win][UNIX/Linux] -- OpenSSL SecurityOpenSSL Security
Advisory - RSA Signature Forgery
Date: 06 September 2006
URL: http://www.auscert.org.au/6706
Title: AA-2006.0072 -- [Appliance] -- SnapGear multiple Denial of Service
vulnerabilities
Date: 04 September 2006
URL: http://www.auscert.org.au/6700
External Security Bulletins:
- - ----------------------------
Title: ESB-2006.0643 -- [Debian] -- New ethereal packages fix execution of
arbitrary code
Date: 08 September 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6718
Title: ESB-2006.0642 -- [Cisco] -- Cisco Security Response: Cisco IOS GRE
decapsulation vulnerability
Date: 07 September 2006
OS: Cisco Products
URL: http://www.auscert.org.au/6716
Title: ESB-2006.0641 -- [Win] -- IBM Lotus Notes File Viewer Overflow
Vulnerability (dunzip32.dll)
Date: 07 September 2006
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Windows NT 4,
Windows ME
URL: http://www.auscert.org.au/6715
Title: ESB-2006.0640 -- [FreeBSD] -- Denial of Service in named(8)
Date: 07 September 2006
OS: FreeBSD
URL: http://www.auscert.org.au/6713
Title: ESB-2006.0639 -- [FreeBSD] -- Incorrect PKCS#1 v1.5 padding validation
in crypto(3)
Date: 07 September 2006
OS: FreeBSD
URL: http://www.auscert.org.au/6712
Title: ESB-2006.0638 -- [AIX] -- Potential denial of service vulnerability in
BIND 9.2.1.
Date: 07 September 2006
OS: AIX
URL: http://www.auscert.org.au/6711
Title: ESB-2006.0637 -- [Debian] -- New fastjar packages fix directory
traversal
Date: 07 September 2006
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/6710
Title: ESB-2006.0636 -- [HP-UX] -- HP-UX running Apache Remote Execution of
Arbitrary Code, Denial of Service (DoS), and Unauthorized Access
Date: 06 September 2006
OS: HP-UX
URL: http://www.auscert.org.au/6708
Title: ESB-2006.0635 -- [Debian] -- New imagemagick packages fix arbitrary
code execution
Date: 06 September 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6705
Title: ESB-2006.0634 -- [UNIX/Linux][Debian] -- New MySQL 4.1 packages fix
several vulnerabilities
Date: 05 September 2006
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/6704
Title: ESB-2006.0633 -- [Win][Appliance] -- Compression Plus and Tumbleweed
EMF Stack Overflow Security Advisory
Date: 05 September 2006
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Windows NT 4,
Windows ME
URL: http://www.auscert.org.au/6703
Title: ESB-2006.0632 -- [Debian] -- New imagemagick packages fix arbitrary
code execution
Date: 05 September 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6702
Title: ESB-2006.0631 -- [Debian] -- New apache packages fix several
vulnerabilities
Date: 05 September 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6701
Title: ESB-2006.0630 -- [UNIX/Linux][Debian] -- New cheesetracker packages fix
buffer overflow
Date: 04 September 2006
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/6699
Title: ESB-2006.0629 -- [OpenBSD] -- vulnerability handling LCP packets via an
sppp(4) connection
Date: 04 September 2006
OS: OpenBSD
URL: http://www.auscert.org.au/6698
Title: ESB-2006.0628 -- [Linux][Debian] -- New capi4hylafax packages fix
arbitrary command execution
Date: 04 September 2006
OS: Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/6697
Title: ESB-2006.0213 -- [HP-UX] -- SSRT051078 rev.1 - HP-UX usermod(1M) Local
Unauthorized Access
Date: 07 September 2006
OS: HP-UX
URL: http://www.auscert.org.au/6138
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
- -----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRQELsCh9+71yA2DNAQL72AP/UanfuRQS4MmzBX8Usui7Gct8f5ZtGnJ7
+BPZaez1EXjXbekB/zi/APMu+BeyWeShoBmc7L206Wfr7NMiS/eYg2LbBu7HqYiG
V3OUp0sKF96rB9RpZrwFcPy8H875UkX1/jUh0gciOYkGURq2L6FouqNbW70Z43rG
isa/26g4g0g=
=7Xkr
- -----END PGP SIGNATURE-----
- ------- =_aaaaaaaaaa1
Content-Type: message/rfc822
Return-Path: auscert-list-errors at auscert.org.au
Delivery-Date: Fri, 15 Sep 2006 17:58:02 +1000
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on app.auscert.org.au
X-Spam-Level:
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,NO_RELAYS
autolearn=unavailable version=3.1.3
Received: (from macleonard at localhost)
by app.auscert.org.au (8.13.1/8.13.1) id k8F7vfmw071999;
Fri, 15 Sep 2006 17:57:41 +1000 (EST)
(envelope-from auscert-list-errors at auscert.org.au)
Date: Fri, 15 Sep 2006 17:57:41 +1000 (EST)
Message-Id: <200609150757.k8F7vfmw071999 at app.auscert.org.au>
From: "AusCERT" <auscert at auscert.org.au>
To: auscert-subscriber at auscert.org.au
Sender: auscert at auscert.org.au
Reply-To: auscert at auscert.org.au
Errors-To: auscert-list-errors at auscert.org.au
Subject: AusCERT Week in Review - Week Ending 15/09/2006
Precedence: bulk
X-Precedence: bulk
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
AusCERT Week in Review
15 September 2006
Papers, Articles and other documents:
- - -------------------------------------
Title: Call for papers and tutorials for AusCERT2007
Date: 15 September 2006
URL: http://www.auscert.org.au/6748
Title: Computer Security Day 2006
Date: 14 September 2006
URL: http://www.auscert.org.au/6741
Alerts, Advisories and Updates:
- - -------------------------------
Title: AL-2006.0079 -- [Win] -- Public exploit code released targeting an
unpatched vulnerability in Internet Explorer
Date: 15 September 2006
URL: http://www.auscert.org.au/6749
Title: AL-2006.0078 -- [Cisco] -- Cisco VLAN Trunking Protocol Vulnerabilities
Date: 14 September 2006
URL: http://www.auscert.org.au/6737
Title: AL-2006.0077 -- [Win] -- "Australian Banks Closing" Trojan E-Mail
Date: 12 September 2006
URL: http://www.auscert.org.au/6724
Title: AU-2006.0033 -- AusCERT Update - [Solaris] - Security Vulnerabilities
in the Apache 2 Web Server
Date: 11 September 2006
URL: http://www.auscert.org.au/6722
External Security Bulletins:
- - ----------------------------
Title: ESB-2006.0667 -- [UNIX/Linux][RedHat][OSX] -- Important: gnutls
security update
Date: 15 September 2006
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/6747
Title: ESB-2006.0666 -- [SCO][Solaris] -- Buffer Overflow Vulnerability in
libX11
Date: 15 September 2006
OS: Solaris
URL: http://www.auscert.org.au/6746
Title: ESB-2006.0665 -- [HP-UX] -- HP-UX Running ARPA Transport Software Local
Denial of Service
Date: 15 September 2006
OS: HP-UX
URL: http://www.auscert.org.au/6745
Title: ESB-2006.0664 -- [HP-UX] -- HP-UX running X.25 Local Denial of Service
Date: 15 September 2006
OS: HP-UX
URL: http://www.auscert.org.au/6744
Title: ESB-2006.0663 -- [Win][UNIX/Linux] -- HP OpenView Operations, Remote
Unauthorized Access and Denial of Service
Date: 14 September 2006
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Windows 2003, Windows 2000,
Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/6743
Title: ESB-2006.0662 -- [UNIX/Linux] -- Multiple Vendor X Server CID-keyed
Fonts 'scan_cidfont()' Integer Overflow Vulnerability
Date: 14 September 2006
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/6742
Title: ESB-2006.0661 -- [UNIX/Linux] -- Multiple Vendor X Server CID-keyed
Fonts 'CIDAFM()' Integer Overflow
Date: 14 September 2006
OS: HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,
HP-UX, Debian GNU/Linux, Other Linux Variants, Red Hat Linux, AIX, Mac
OS X
URL: http://www.auscert.org.au/6740
Title: ESB-2006.0660 -- [Win][UNIX/Linux][Debian] -- New zope2.7 packages fix
information disclosure
Date: 14 September 2006
OS: HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,
HP-UX, Debian GNU/Linux, Other Linux Variants, Red Hat Linux, AIX,
Windows 2003, Windows 2000
URL: http://www.auscert.org.au/6739
Title: ESB-2006.0659 -- [Debian] -- New isakmpd packages fix replay protection
bypass
Date: 14 September 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6738
Title: ESB-2006.0658 -- [Debian] -- New openssl096 packages fix RSA signature
forgery cryptographic weakness
Date: 13 September 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6736
Title: ESB-2006.0657 -- [RedHat] -- Critical: flash-plugin security update
Date: 13 September 2006
OS: Red Hat Linux
URL: http://www.auscert.org.au/6735
Title: ESB-2006.0656 -- [RedHat] -- Important: XFree86 security update
Date: 13 September 2006
OS: Red Hat Linux
URL: http://www.auscert.org.au/6734
Title: ESB-2006.0655 -- [RedHat] -- Important: xorg-x11 security update
Date: 13 September 2006
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/6733
Title: ESB-2006.0654 -- Adobe Flash player 9.0.16.0 fixes multiple
vulnerabilities
Date: 13 September 2006
OS: Solaris, Windows 98/98SE, Debian GNU/Linux, Other BSD Variants, Windows
2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants, Windows XP,
Red Hat Linux, Windows NT 4, Windows ME
URL: http://www.auscert.org.au/6732
Title: ESB-2006.0653 -- [RedHat] -- Low: ncompress security update
Date: 13 September 2006
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/6731
Title: ESB-2006.0652 -- [RedHat] -- Low: wireshark security update
Date: 13 September 2006
OS: Red Hat Linux
URL: http://www.auscert.org.au/6730
Title: ESB-2006.0651 -- QuickTime 7.1.3 fixes multiple vulnerabilities
Date: 13 September 2006
OS: Windows 2003, Windows XP
URL: http://www.auscert.org.au/6729
Title: ESB-2006.0650 -- MS06-054 -- Vulnerability in Microsoft publisher
allows remote code execution
Date: 13 September 2006
OS: Windows 2003, Windows 2000, Windows NT 4, Windows ME, Windows XP,
Windows 98/98SE
URL: http://www.auscert.org.au/6728
Title: ESB-2006.0649 -- [Win] -- Vulnerability in Indexing Service allows
cross site scripting
Date: 13 September 2006
OS: Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/6727
Title: ESB-2006.0648 -- [Win] MS06-052 -- Vulnerability in Pragmatic General
Multicast (PGM) Could Allow Remote Code Execution (919007)
Date: 13 September 2006
OS: Windows XP
URL: http://www.auscert.org.au/6726
Title: ESB-2006.0647 -- New openssl packages fix RSA signature forgery
cryptographic weakness
Date: 12 September 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6725
Title: ESB-2006.0646 -- [Debian] -- New bind9 packages fix denial of service
Date: 11 September 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6723
Title: ESB-2006.0645 -- [UNIX/Linux][RedHat] -- Important: openssl security
update
Date: 11 September 2006
OS: Red Hat Linux
URL: http://www.auscert.org.au/6721
Title: ESB-2006.0644 -- [UNIX/Linux][RedHat] -- Moderate: mailman security
update
Date: 11 September 2006
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/6720
Title: ESB-2006.0622 -- [Debian] -- New Mozilla Firefox packages fix several
vulnerabilities
Date: 14 September 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6688
Title: ESB-2006.0618 -- [Debian] -- New Mozilla Thunderbird packages fix
several problems
Date: 11 September 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6682
Title: ESB-2006.0157 -- [Solaris] -- Security Vulnerabilities in the Apache 2
Web Server
Date: 11 September 2006
OS: Solaris
URL: http://www.auscert.org.au/6079
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
- -----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRQpc7Sh9+71yA2DNAQL4EgP/RyVkltzH7trpnaZrXzJqvVskh8zF6BqQ
P2FsP11OE9kB7PRBc2i/DhnzloCCeIjjaMbouA6A/KCX6cRcbT+bcmTAn+g7LXGD
guQZL05b/kB1FDIfNgj/CD8sMPawYZIv5hTQ+HPdlEBEAXrnP5NKPN4S75k30KFR
Ial0YSzo/3Y=
=cKyu
- -----END PGP SIGNATURE-----
- ------- =_aaaaaaaaaa1
Content-Type: message/rfc822
Return-Path: auscert-list-errors at auscert.org.au
Delivery-Date: Fri, 22 Sep 2006 16:40:49 +1000
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on app.auscert.org.au
X-Spam-Level:
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,NO_RELAYS
autolearn=unavailable version=3.1.3
Received: (from mdb at localhost)
by app.auscert.org.au (8.13.1/8.13.1) id k8M6eRZh006108;
Fri, 22 Sep 2006 16:40:27 +1000 (EST)
(envelope-from auscert-list-errors at auscert.org.au)
Date: Fri, 22 Sep 2006 16:40:27 +1000 (EST)
Message-Id: <200609220640.k8M6eRZh006108 at app.auscert.org.au>
From: "AusCERT" <auscert at auscert.org.au>
To: auscert-subscriber at auscert.org.au
Sender: auscert at auscert.org.au
Reply-To: auscert at auscert.org.au
Errors-To: auscert-list-errors at auscert.org.au
Subject: AusCERT Week in Review - Week Ending 22/09/2006
Precedence: bulk
X-Precedence: bulk
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
AusCERT Week in Review
22 September 2006
Papers, Articles and other documents:
- - -------------------------------------
Title: Call for papers for the 2007 FIRST conference
Date: 21 September 2006
URL: http://www.auscert.org.au/6767
Title: Computer Security Day 2006
Date: 14 September 2006
URL: http://www.auscert.org.au/6741
Alerts, Advisories and Updates:
- - -------------------------------
Title: AL-2006.0082 -- [Win] -- New trojan spam targeting unpatched Internet
Explorer VML vulnerability
Date: 22 September 2006
URL: http://www.auscert.org.au/6771
Title: AA-2006.0077 -- [Win] -- New Trojan exploiting old vulnerability in
Microsoft PowerPoint 2000
Date: 21 September 2006
URL: http://www.auscert.org.au/6763
Title: AL-2006.0081 -- [Win] -- Unpatched Microsoft Internet Explorer VML
Buffer Overflow Being Actively Exploited
Date: 20 September 2006
URL: http://www.auscert.org.au/6758
Title: AA-2006.0076 -- [Win] -- WS_FTP Server contains vulnerabilities in its
XCRC, XMD5 and XSHA1 commands
Date: 19 September 2006
URL: http://www.auscert.org.au/6757
Title: AA-2006.0075 -- [Win][NetWare] -- Local administrator compromise
vulnerabilities in multiple versions of Symantec AntiVirus
Date: 18 September 2006
URL: http://www.auscert.org.au/6756
Title: AL-2006.0080 -- [Win][UNIX/Linux][OSX] -- Vulnerabilities in Mozilla
Firefox, Thunderbird and Seamonkey allow execution of arbitrary code
Date: 18 September 2006
URL: http://www.auscert.org.au/6750
External Security Bulletins:
- - ----------------------------
Title: ESB-2006.0689 -- [Win] -- CA eTrust Security Command Center and eTrust
Audit vulnerabilities
Date: 22 September 2006
OS: Windows 2003, Windows 2000, Windows XP, Windows NT 4
URL: http://www.auscert.org.au/6778
Title: ESB-2006.0688 -- [OSX] -- AirPort Update 2006-001 and Security Update
2006-005
Date: 22 September 2006
OS: Mac OS X
URL: http://www.auscert.org.au/6777
Title: ESB-2006.0687 -- [HP-UX] -- HP-UX Running Thunderbird, Remote
Unauthorized Access or Elevation of Privileges or Denial of Service
(DoS)
Date: 22 September 2006
OS: HP-UX
URL: http://www.auscert.org.au/6776
Title: ESB-2006.0686 -- [NetBSD] -- BIND recursive query and SIG query
processing
Date: 22 September 2006
OS: Other BSD Variants
URL: http://www.auscert.org.au/6775
Title: ESB-2006.0685 -- [NetBSD] -- OpenSSL RSA Signature Forgery
Date: 22 September 2006
OS: Other BSD Variants
URL: http://www.auscert.org.au/6774
Title: ESB-2006.0684 -- [NetBSD] -- Integer overflows in PCF font parsers
Date: 22 September 2006
OS: Other BSD Variants
URL: http://www.auscert.org.au/6773
Title: ESB-2006.0683 -- [NetBSD] -- Integer overflows in CID-keyed font parser
Date: 22 September 2006
OS: Other BSD Variants
URL: http://www.auscert.org.au/6772
Title: ESB-2006.0682 -- [HP-UX] -- HP-UX Running Firefox, Remote Unauthorized
Access or Elevation of Privileges or Denial of Service (DoS)
Date: 22 September 2006
OS: HP-UX
URL: http://www.auscert.org.au/6770
Title: ESB-2006.0681 -- [Win] -- Storage Management Appliance (SMA), Microsoft
Patch Applicability MS06-052, MS06-053 and MS06-054
Date: 22 September 2006
OS: Windows 2003, Windows 2000
URL: http://www.auscert.org.au/6769
Title: ESB-2006.0680 -- [Win][UNIX/Linux][RedHat] -- Moderate: php security
update
Date: 22 September 2006
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows ME
URL: http://www.auscert.org.au/6768
Title: ESB-2006.0679 -- [Cisco] -- DOCSIS Read-Write Community String Enabled
in Non-DOCSIS Platforms
Date: 21 September 2006
OS: Cisco Products
URL: http://www.auscert.org.au/6766
Title: ESB-2006.0678 -- [Cisco] -- Cisco Intrusion Prevention System
Management Interface Denial of Service and Fragmented Packet Evasion
Vulnerabilities
Date: 21 September 2006
OS: Cisco Products
URL: http://www.auscert.org.au/6765
Title: ESB-2006.0677 -- [Cisco] -- Cisco Guard enables Cross Site Scripting
Date: 21 September 2006
OS: Cisco Products
URL: http://www.auscert.org.au/6764
Title: ESB-2006.0676 -- [Linux][Debian] -- New alsaplayer packages fix denial
of service
Date: 20 September 2006
OS: Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/6762
Title: ESB-2006.0675 -- [FreeBSD] -- Multiple vulnerabilities in gzip
Date: 20 September 2006
OS: FreeBSD
URL: http://www.auscert.org.au/6761
Title: ESB-2006.0674 -- [RedHat] -- Moderate: gzip security update
Date: 20 September 2006
OS: Red Hat Linux
URL: http://www.auscert.org.au/6760
Title: ESB-2006.0673 -- [Win][UNIX/Linux][Debian] -- New gzip packages fix
arbitrary code execution
Date: 20 September 2006
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows ME
URL: http://www.auscert.org.au/6759
Title: ESB-2006.0672 -- [UNIX/Linux][Debian] -- New usermin packages fix
denial of service
Date: 18 September 2006
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/6755
Title: ESB-2006.0671 -- [Debian] -- New freetype packages fix execution of
arbitrary code
Date: 18 September 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6754
Title: ESB-2006.0670 -- [RedHat] -- Critical: thunderbird security update
Date: 18 September 2006
OS: Red Hat Linux
URL: http://www.auscert.org.au/6753
Title: ESB-2006.0669 -- [RedHat] -- Critical: seamonkey security update
Date: 18 September 2006
OS: Red Hat Linux
URL: http://www.auscert.org.au/6752
Title: ESB-2006.0668 -- [RedHat] -- Critical: firefox security update
Date: 18 September 2006
OS: Red Hat Linux
URL: http://www.auscert.org.au/6751
Title: ESB-2006.0441 -- [Linux][Solaris] -- Sun Java System/iPlanet Messaging
Server vulnerability may allow local access to arbitrary files
Date: 18 September 2006
OS: Red Hat Linux, Other Linux Variants, Debian GNU/Linux, Solaris
URL: http://www.auscert.org.au/6449
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
- -----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRROFOih9+71yA2DNAQLoIAP8CAv16BoVtceMqxYvnGPJoaLDKIJK4FKA
8dy/6ODIL4bhGfXjQftQYkI9rZAVlWocEl3BwcdLH8TnGe6z7dwrLVoziamMh1X9
SAmZ8wsX0/Cje8mtWua2J6qSMRfpy/AG3kL6wHhjqlXAYXgRIu3IMETHKDToz1Mq
r64P77+rwB0=
=H8r5
- -----END PGP SIGNATURE-----
- ------- =_aaaaaaaaaa1
Content-Type: message/rfc822
Return-Path: auscert-list-errors at auscert.org.au
Delivery-Date: Fri, 29 Sep 2006 16:32:41 +1000
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on app.auscert.org.au
X-Spam-Level:
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,NO_RELAYS
autolearn=unavailable version=3.1.3
Received: (from mdb at localhost)
by app.auscert.org.au (8.13.1/8.13.1) id k8T6WZhB055514;
Fri, 29 Sep 2006 16:32:35 +1000 (EST)
(envelope-from auscert-list-errors at auscert.org.au)
Date: Fri, 29 Sep 2006 16:32:35 +1000 (EST)
Message-Id: <200609290632.k8T6WZhB055514 at app.auscert.org.au>
From: "AusCERT" <auscert at auscert.org.au>
To: auscert-subscriber at auscert.org.au
Sender: auscert at auscert.org.au
Reply-To: auscert at auscert.org.au
Errors-To: auscert-list-errors at auscert.org.au
Subject: AusCERT Week in Review - Week Ending 29/09/2006
Precedence: bulk
X-Precedence: bulk
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
AusCERT Week in Review
29 September 2006
Papers, Articles and other documents:
- - -------------------------------------
Alerts, Advisories and Updates:
- - -------------------------------
Title: AL-2006.0084 -- [Win][UNIX/Linux] -- New OpenSSL releases are now
available to correct four security issues.
Date: 29 September 2006
URL: http://www.auscert.org.au/6802
Title: AL-2006.0083 -- [Win] -- Microsoft Internet Explorer WebViewFolderIcon
ActiveX Vulnerability
Date: 28 September 2006
URL: http://www.auscert.org.au/6799
Title: AU-2006.0034 -- AusCERT Update - [Win] - Patch released for Microsoft
Internet Explorer VML buffer overflow vulnerability
Date: 27 September 2006
URL: http://www.auscert.org.au/6786
External Security Bulletins:
- - ----------------------------
Title: ESB-2006.0717 -- [FreeBSD] -- FreeBSD i386_set_ldt Integer Signedness
and Overflow Vulnerabilities
Date: 29 September 2006
OS: FreeBSD
URL: http://www.auscert.org.au/6809
Title: ESB-2006.0716 -- [Win][OSX] -- Vulnerability in PowerPoint Could Allow
Remote Code Execution
Date: 29 September 2006
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Windows NT 4,
Mac OS X, Windows ME
URL: http://www.auscert.org.au/6808
Title: ESB-2006.0715 -- [SUN] -- Sun Cobalt sendmail(8) Security Issue
Involving Signal Handling Daemon
Date: 29 September 2006
URL: http://www.auscert.org.au/6807
Title: ESB-2006.0714 -- [RedHat] -- Important: openssh security update
Date: 29 September 2006
OS: Red Hat Linux
URL: http://www.auscert.org.au/6806
Title: ESB-2006.0713 -- [RedHat] -- Important: openssl security update
Date: 29 September 2006
OS: Red Hat Linux
URL: http://www.auscert.org.au/6805
Title: ESB-2006.0712 -- [Debian] -- New openssl packages fix denial of service
Date: 29 September 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6804
Title: ESB-2006.0711 -- [FreeBSD] -- Multiple problems in crypto(3)
Date: 29 September 2006
OS: FreeBSD
URL: http://www.auscert.org.au/6803
Title: ESB-2006.0710 -- [Solaris] -- A Remote SSL Client May be Able to Cause
a Denial of Service (DoS) of a Solaris 10 System Running a Kernel SSL
Service Instance
Date: 28 September 2006
OS: Solaris
URL: http://www.auscert.org.au/6801
Title: ESB-2006.0709 -- [Win][UNIX/Linux][Mac] -- OpenSSH 4.4 released
Date: 28 September 2006
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, Windows CE, OpenBSD, Windows 2000,
FreeBSD, Other Linux Variants, Windows XP, Red Hat Linux, Windows NT 4,
Mac OS X, HP-UX, AIX, Windows ME
URL: http://www.auscert.org.au/6800
Title: ESB-2006.0708 -- [HP-UX] -- HP-UX CIFS Server (Samba) Local
Unauthorized Access, Elevated Privileges
Date: 27 September 2006
OS: HP-UX
URL: http://www.auscert.org.au/6798
Title: ESB-2006.0707 -- [HP-UX] -- HP-UX Kerberos Client Remote
Unauthenticated Execution of Arbitrary Code
Date: 27 September 2006
OS: HP-UX
URL: http://www.auscert.org.au/6797
Title: ESB-2006.0706 -- [Solaris] -- Security Vulnerability May Allow the
syslog(3C) Service to be Disabled
Date: 27 September 2006
OS: Solaris
URL: http://www.auscert.org.au/6796
Title: ESB-2006.0705 -- [Solaris] -- A Security Issue With Solaris 10 x64
Systems Using IPv6 Forwarding May Result in a Denial of Service (DoS)
Date: 27 September 2006
OS: Solaris
URL: http://www.auscert.org.au/6795
Title: ESB-2006.0704 -- [AIX] -- Vulnerability in acctctl may allow for
arbitrary command execution
Date: 27 September 2006
OS: AIX
URL: http://www.auscert.org.au/6794
Title: ESB-2006.0703 -- [AIX] -- Vulnerability in invscoutClient_VPD_Survey
may allow for arbitrary file overwrite
Date: 27 September 2006
OS: AIX
URL: http://www.auscert.org.au/6793
Title: ESB-2006.0702 -- [AIX] -- Vulnerability in xlock may allow for
arbitrary code execution
Date: 27 September 2006
OS: AIX
URL: http://www.auscert.org.au/6792
Title: ESB-2006.0701 -- [AIX] -- Vulnerability in named8 may allow for
arbitrary command execution
Date: 27 September 2006
OS: AIX
URL: http://www.auscert.org.au/6791
Title: ESB-2006.0700 -- [AIX] -- Vulnerability in rdist may allow for
arbitrary file overwrite
Date: 27 September 2006
OS: AIX
URL: http://www.auscert.org.au/6790
Title: ESB-2006.0699 -- [AIX] -- Vulnerability in uucp may allow for arbitrary
command execution
Date: 27 September 2006
OS: AIX
URL: http://www.auscert.org.au/6789
Title: ESB-2006.0698 -- [RedHat] -- Moderate: squirrelmail security update
Date: 27 September 2006
OS: Red Hat Linux
URL: http://www.auscert.org.au/6788
Title: ESB-2006.0697 -- [Win] -- Microsoft Internet Explorer VML Buffer
Overflow (Update)
Date: 27 September 2006
OS: Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/6787
Title: ESB-2006.0696 -- [AIX] -- Vulnerability in mkvg may allow for arbitrary
command execution
Date: 26 September 2006
OS: AIX
URL: http://www.auscert.org.au/6785
Title: ESB-2006.0695 -- [AIX] -- Vulnerability in snappd may allow for
arbitrary command execution
Date: 26 September 2006
OS: AIX
URL: http://www.auscert.org.au/6784
Title: ESB-2006.0694 -- [AIX] -- Vulnerability in /etc/slip.login may allow
for arbitrary command execution
Date: 26 September 2006
OS: AIX
URL: http://www.auscert.org.au/6783
Title: ESB-2006.0693 -- [AIX] -- Vulnerabilities in cfgmgr allow for arbitrary
code execution and arbitrary file overwrite
Date: 26 September 2006
OS: AIX
URL: http://www.auscert.org.au/6782
Title: ESB-2006.0692 -- [AIX] -- Vulnerabilities in utape may allow for
arbitrary command execution and arbitrary file overwrite
Date: 26 September 2006
OS: AIX
URL: http://www.auscert.org.au/6781
Title: ESB-2006.0691 -- [Linux][Debian] -- New Linux 2.4.27 and 2.6.8 packages
fix several vulnerabilities
Date: 26 September 2006
OS: Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/6780
Title: ESB-2006.0690 -- [Debian] -- New gnutls11 packages fix RSA signature
forgery cryptographic weakness
Date: 25 September 2006
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/6779
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
- -----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRRy9zih9+71yA2DNAQImjwP9FJfenrxmkGO8M9qjb9YnnA5ASFdPAgfZ
UrsYbVZ6zb4FtuEdlgSAA/tJW26WBSRFGB1OKT5NnneXw1bP2SiRvHvAVziJFOWG
Qa1qpblVH0U0y58MJVdMGgCv5n8LM1tz9MpPxznz3d/Czuia3gEEBHWPJ+b5gTy4
1+i6WxFOaZk=
=BkKm
- -----END PGP SIGNATURE-----
- ------- =_aaaaaaaaaa1--
- ------- =_aaaaaaaaaa0--
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRRy/cih9+71yA2DNAQLC4AP+L8DRBDYLaLSzKdHzyt/+4uBm5fnfRd1x
lS7fUs38v6l9tfNRXinuLgzslyBVLgfByjrkTMd3MjzEnY5plqJqUOXrGcBnZyFH
VsxsBWaBzXCRUtCfx2MWbXzfqOnOdMytp+iIJaqcPYAU2ja1JIV9IkP0Jj0Msc8S
807P5TH21PI=
=dc7N
-----END PGP SIGNATURE-----
More information about the AusNOG
mailing list