[AusNOG] AusCERT Week in Review - Week Ending 27/04/2007
matthew at auscert.org.au
matthew at auscert.org.au
Fri Apr 27 17:26:28 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings all,
Bulletins and alerts we send out for the week.
Best regards,
- -- Matthew McGlashan --
Coordination Centre Team Leader | Hotline: +61 7 3365 4417
Australian Computer Emergency Response Team | Direct: +61 7 3365 7924
(AusCERT) | Fax: +61 7 3365 7031
The University of Queensland | WWW: www.auscert.org.au
Qld 4072 Australia | Email: auscert at auscert.org.au
AusCERT Week in Review
27 April 2007
An unconfirmed critical vulnerability in Apple QuickTime has been reported
this week. If confirmed, this potentially allows remote compromise when
Windows or Mac OS X users visit a malicious web page in their browser,
provided that both the QuickTime plugin and Java are enabled.
System administrators may want to consider disabling either Java or
QuickTime in web browsers as a precaution.
Arising from the same CanSecWest conference is a detailed description of
the denial of service attacks made possible by IPv6 networks implementing
Type 0 routing headers (IPv6 source routing).
AusCERT has updated ESB-2007.0261 to link to the detailed information about
these vulnerabilities. Both OpenBSD and FreeBSD have acted this week to
remove support for Type 0 routing headers by default. IPv6 configuration
options on Cisco and Juniper routers can be used to either drop or ignore
Type 0 routing headers.
Papers, Articles and other documents:
- -------------------------------------
Alerts, Advisories and Updates:
- -------------------------------
Title: AA-2007.0027 -- [UNIX/Linux] -- Asterisk vulnerabilities allow denial
of service or remote compromise
Date: 26 April 2007
URL: http://www.auscert.org.au/7517
Title: AL-2007.0051 -- [Win] -- CA BrightStor ARCserve Backup Media Server RPC
service buffer overflows
Date: 26 April 2007
URL: http://www.auscert.org.au/7513
Title: AL-2007.0050 -- [Appliance] -- Nortel VPN Routers Critical Security
Issue - Unauthorized Remote Access
Date: 23 April 2007
URL: http://www.auscert.org.au/7510
External Security Bulletins:
- ----------------------------
Title: ESB-2007.0277 -- [Win][UNIX/Linux] -- PostgreSQL privilege escalation
vulnerability in SECURITY DEFINER functions
Date: 27 April 2007
OS: UNIX Variants, Windows
URL: http://www.auscert.org.au/7530
Title: ESB-2007.0276 -- [FreeBSD] -- IPv6 Routing Header 0 is dangerous
Date: 27 April 2007
OS: FreeBSD
URL: http://www.auscert.org.au/7529
Title: ESB-2007.0275 -- [Solaris] -- Multiple vulnerabilities in libfreetype,
Xsun(1) and Xorg(1)
Date: 27 April 2007
OS: Solaris
URL: http://www.auscert.org.au/7528
Title: ESB-2007.0274 -- [Win][Netware][UNIX/Linux] -- Novell eDirectory NCP
Fragment Denial of Service Vulnerability
Date: 27 April 2007
OS: Solaris, Linux Variants, Windows 2003, Windows 2000, Novell Netware, AIX
URL: http://www.auscert.org.au/7527
Title: ESB-2007.0273 -- [Win][UNIX/Linux] -- CA multiple products
incorporating CleverPath Portal - SQL injection
Date: 27 April 2007
OS: Solaris, Linux Variants, Windows 2003, Windows 2000, HP-UX, AIX
URL: http://www.auscert.org.au/7526
Title: ESB-2007.0272 -- [Win][UNIX/Linux][Debian] -- New php packages fix
several vulnerabilities
Date: 27 April 2007
OS: UNIX Variants, Windows
URL: http://www.auscert.org.au/7525
Title: ESB-2006.0728 -- [Win][Linux][Solaris] -- Security Vulnerability in RSA
Signature Verification Impacting Multiple SUN Products
Date: updated 27 April 2007
OS: Solaris, Linux Variants, Windows
URL: http://www.auscert.org.au/6822
Title: ESB-2007.0261 -- [OpenBSD] -- IPv6 Type 0 Route Header Design Flaw
Date: updated 27 April 2007
OS: OpenBSD
URL: http://www.auscert.org.au/7512
Title: ESB-2007.0271 -- [Solaris] -- Security Vulnerabilities in OpenSSL May
Lead to a Denial of Service (DoS) to Applications
Date: 26 April 2007
OS: Solaris
URL: http://www.auscert.org.au/7524
Title: ESB-2007.0270 -- [Solaris] -- Security Vulnerability in libX11 for
Solaris
Date: 26 April 2007
OS: Solaris
URL: http://www.auscert.org.au/7523
Title: ESB-2007.0269 -- [Solaris] -- A Security Vulnerability in Sun Cluster
Software may Lead to Data Corruption and "send_mondo" Panics
Date: 26 April 2007
OS: Solaris
URL: http://www.auscert.org.au/7522
Title: ESB-2007.0268 -- [Win] -- HP StorageWorks Command View XP Advanced
Edition, Local Unauthorized Access
Date: 26 April 2007
OS: Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/7521
Title: ESB-2007.0267 -- [RedHat] -- Critical: java-1.5.0-ibm and
java-1.4.2-ibm security updates
Date: 26 April 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/7520
Title: ESB-2007.0266 -- [Win][UNIX/Linux][Debian] -- New clamav packages fix
several vulnerabilities
Date: 26 April 2007
OS: UNIX Variants, Windows
URL: http://www.auscert.org.au/7519
Title: ESB-2007.0265 -- [Win][UNIX/Linux] -- New aircrack-ng packages fix
arbitrary code execution
Date: 26 April 2007
OS: Linux Variants, Windows, FreeBSD
URL: http://www.auscert.org.au/7518
Title: ESB-2007.0264 -- [Win][UNIX/Linux] -- Vulnerability in Sun Java System
Web Server May Allow Unauthorized Access to Host Data With Certain URLs
Date: 26 April 2007
OS: Solaris, Linux Variants, Windows 2003, Windows 2000, HP-UX, AIX
URL: http://www.auscert.org.au/7516
Title: ESB-2007.0263 -- [Cisco] -- PHP HTML Entity Encoder Heap Overflow
Vulnerability in multiple Web-based Management Interfaces
Date: 26 April 2007
OS: Cisco Products
URL: http://www.auscert.org.au/7515
Title: ESB-2007.0262 -- [Solaris][Linux][HP-UX] -- Default Passwords in Cisco
NetFlow Collection Engine
Date: 26 April 2007
OS: Solaris, Cisco Products, Red Hat Linux, HP-UX
URL: http://www.auscert.org.au/7514
Title: ESB-2006.0944 -- [Solaris] -- Security Vulnerability With RSA
Signatures Affects Solaris WAN Boot
Date: updated 26 April 2007
OS: Solaris
URL: http://www.auscert.org.au/7144
Title: ESB-2007.0257 -- [Solaris] -- Multiple Security Vulnerabilities in
Mozilla Layout Engine for Solaris 8, 9 and 10
Date: updated 26 April 2007
OS: Solaris
URL: http://www.auscert.org.au/7507
Title: ESB-2007.0260 -- [HP-UX] -- HP-UX sendmail, Remote Denial of Service
(DoS)
Date: 24 April 2007
OS: HP-UX
URL: http://www.auscert.org.au/7511
Title: ESB-2007.0259 -- [Win][UNIX/Linux][Debian] -- New webcalendar packages
fix cross-site scripting
Date: 23 April 2007
OS: UNIX Variants, Windows
URL: http://www.auscert.org.au/7509
Title: ESB-2006.0862 -- [Solaris] -- Security Vulnerability in GIMP(1) May
Lead to Denial of Service (DoS) or Execution of Arbitrary Code
Date: updated 23 April 2007
OS: Solaris
URL: http://www.auscert.org.au/7001
Title: ESB-2007.0247 -- [Win][UNIX/Linux][RedHat] -- Important: php security
update
Date: updated 23 April 2007
OS: UNIX Variants, Windows
URL: http://www.auscert.org.au/7494
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRjGlpCh9+71yA2DNAQJeCQP5AZBCxPIf6T0MhMeoHtQoWl/ghj21QCcq
XaL9430QT+24z80ng9tZmXeQmJjOgWIDOPUrXgBGcPPMsXE8FZJCFZEb2eisS+ln
susKo50Nyrt1D2aYyC8a/RQ9mqIwTDxynjFE9TpCUyzo911edl7UlUuhmq5ZfpJu
FGZPtCKJcec=
=ug06
-----END PGP SIGNATURE-----
More information about the AusNOG
mailing list