[AusNOG] AusCERT Week in Review - Week Ending 10/08/2007 (AUSCERT#20073F686) (fwd)
Robert Lowe
rlowe at auscert.org.au
Fri Aug 10 17:05:02 EST 2007
------- Forwarded Message
AusCERT Week in Review
10 August 2007
Greetings,
For those following the Storm malware activity, we've noticed that the
attackers have made some slight tweaks to the propagation spam. They now
reference 123greetings.com, Greetings-Cards.com, vintagegreetings.com and
many others for example, it now uses a subject line in the form of:
"School mate sent you a greeting card from 123greetings.com!"
Also, bleeding edge threats has the following snort rule for the down loader:
http://www.bleedingthreats.net/index.php/2007/07/19/storm-worm-signature/?s=sto
rm
If anyone has developed a snort signature for the detection of the subsequent
UDP C&C traffic generated by an infected system, we'd be interested in seeing
it.
This week saw the start of the Chaos Communication Camp 2007, the annual camp
run by the Chaos Computer Club. This camp has been allocated a IP address
range, so administrators may wish to see if they are seeing any "interesting"
traffic from the 81.163.0.0/16 address range:
IP range : 81.163.0.0 - 81.163.255.255
Network name : TEMPORARY-CCC-CAMP-NET
Infos : Chaos Computer Club Veranstaltungsgesellschaft mbH
Infos : This network is set aside for various
Country : Germany (DE)
Abuse E-mail : cpunkt at ccc.de
Source : RIPE
Finally, for sites running the Bind name server, you may be interested that
this week saw the official end of life announcement of Bind8:
http://marc.info/?l=bind-announce&m=118670081707688&w=2
Also, there has been the public release of a proof of concept for the BIND 9
DNS Cache Poisoning vulnerability to milw0rm. We have not verified this exploit
as functional, but even if it is not, administrators are urged to patch their
systems.
Regards,
Rob.
- - --
Robert Lowe, Computer Security Analyst | Hotline: +61 7 3365 4417
AusCERT, Australia's national CERT | Fax: +61 7 3365 7031
The University of Queensland | WWW: www.auscert.org.au
QLD 4072 Australia | Email: auscert at auscert.org.au
AusCERT in the Media:
- - ---------------------
Beware malicious raids
Courier Mail, Australia
Aug 7, 2007
http://www.news.com.au/couriermail/story/0,23739,22198689-8362,00.html
Trust no one, to be safe
Courier Mail, Australia
Aug 7, 2007
http://www.news.com.au/couriermail/story/0,23739,22198690-8362,00.html
Papers, Articles and other documents:
- - -------------------------------------
Web Log Entries:
- - ----------------
Alerts, Advisories and Updates:
- - -------------------------------
Title: AA-2007.0066 -- [Win][UNIX/Linux] -- OpenSSL RSA encryption may allow
local private key compromise
Date: 10 August 2007
URL: http://www.auscert.org.au/7956
Title: AL-2007.0093 -- [Win] -- Hewlett-Packard OpenView Operations OVTrace
Buffer Overflow Vulnerabilities
Date: 10 August 2007
URL: http://www.auscert.org.au/7955
Title: AA-2007.0065 -- [Win][UNIX/Linux] -- An updated version of The Sleuth
Kit (TSK) corrects multiple vulnerabilities
Date: 09 August 2007
URL: http://www.auscert.org.au/7954
Title: AA-2007.0064 -- [Win][AIX] -- IBM Lotus Sametime Server cross-site
scripting vulnerability
Date: 09 August 2007
URL: http://www.auscert.org.au/7928
Title: AL-2007.0091 -- [Win] -- Mozilla Firefox unpatched URI filtering
vulnerability allows remote compromise
Date: 09 August 2007
URL: http://www.auscert.org.au/7910
Title: AL-2007.0088 -- [Win] -- Citrix Access Gateway and Advanced Access
Control multiple vulnerabilities
Date: 09 August 2007
URL: http://www.auscert.org.au/7880
External Security Bulletins:
- - ----------------------------
Title: ESB-2007.0947 -- [Win] -- Symantec ActiveX Control Input Validation
Error
Date: 10 August 2007
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Windows NT 4,
Windows Vista, Windows ME
URL: http://www.auscert.org.au/7957
Title: ESB-2007.0946 -- [UNIX/Linux] -- Resource Exhaustion vulnerability in
IAX2 channel driver
Date: 10 August 2007
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, HP Tru64 UNIX,
Solaris
URL: http://www.auscert.org.au/7916
Title: ESB-2007.0607 -- [RedHat] -- Important: kernel security update
Date: 09 August 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/7953
Title: ESB-2007.0606 -- [UNIX/Linux] -- Asterisk - Remote crash vulnerability
in Skinny channel driver
Date: 09 August 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/7952
Title: ESB-2007.0605 -- [Win][Cisco] -- Cisco Security Response: Cisco Unified
MeetingPlace XSS Vulnerability
Date: 09 August 2007
OS: Windows 2003, Windows 2000, Windows XP, Cisco Products, Windows ME
URL: http://www.auscert.org.au/7951
Title: ESB-2007.0604 -- [Cisco] -- Voice Vulnerabilities in Cisco IOS and
Cisco Unified Communications Manager
Date: 09 August 2007
OS: Cisco Products
URL: http://www.auscert.org.au/7950
Title: ESB-2007.0603 -- [Cisco] -- Cisco IOS Secure Copy Authorization Bypass
Vulnerability
Date: 09 August 2007
OS: Cisco Products
URL: http://www.auscert.org.au/7949
Title: ESB-2007.0602 -- [Cisco] -- Cisco IOS Next Hop Resolution Protocol
Vulnerability
Date: 09 August 2007
OS: Cisco Products
URL: http://www.auscert.org.au/7948
Title: ESB-2007.0601 -- [Cisco] -- Cisco IOS Information Leakage Using IPv6
Routing Header
Date: 09 August 2007
OS: Cisco Products
URL: http://www.auscert.org.au/7947
Title: ESB-2007.0600 -- [UNIX/Linux][Debian] -- New pdfkit.framework packages
fix arbitrary code execution
Date: 08 August 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/7946
Title: ESB-2007.0599 -- [HP-UX] -- Hewlett-Packard HP-UX Remote ldcconn Buffer
Overflow Vulnerability
Date: 08 August 2007
OS: HP-UX
URL: http://www.auscert.org.au/7945
Title: ESB-2007.0598 -- [Win][UNIX/Linux][Debian] -- New bochs packages fix
privilege escalation
Date: 08 August 2007
OS: Solaris, Debian GNU/Linux, Other BSD Variants, IRIX, OpenBSD, FreeBSD,
Other Linux Variants, Red Hat Linux, AIX
URL: http://www.auscert.org.au/7944
Title: ESB-2007.0597 -- [Win][Linux][AIX] -- Critical: java-1.5.0-ibm security
update
Date: 08 August 2007
OS: Windows 98/98SE, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, AIX, Windows
Vista, Windows ME
URL: http://www.auscert.org.au/7943
Title: ESB-2007.0596 -- [RedHat] -- Moderate: gdm security and bug fix update
Date: 08 August 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/7942
Title: ESB-2007.0595 -- [RedHat] -- Moderate: libgtop2 security update
Date: 08 August 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/7941
Title: ESB-2007.0594 -- [Debian] -- New tetex-bin packages fix arbitrary code
execution
Date: 07 August 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/7940
Title: ESB-2007.0593 -- [RedHat] -- Critical: java-1.5.0-sun and
java-1.4.2-ibm security updates
Date: 07 August 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/7939
Title: ESB-2007.0592 -- [Linux][Solaris] -- Sun Java System Portal Server 7.0
affected by XSLT processing vulnerability
Date: 06 August 2007
OS: Solaris, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/7938
Title: ESB-2007.0591 -- [Win][Linux][HP-UX][Solaris][AIX] -- Vulnerability in
Redirect Functionality Affects Sun Java System Web Server
Date: 10 August 2007
OS: AIX, HP-UX, Red Hat Linux, Other Linux Variants, Windows 2000, Windows
2003, Debian GNU/Linux, Solaris
URL: http://www.auscert.org.au/7937
Title: ESB-2007.0590 -- [HP-UX] -- HP-UX Running BIND, Remote DNS Cache
Poisoning
Date: 06 August 2007
OS: HP-UX
URL: http://www.auscert.org.au/7936
Title: ESB-2007.0589 -- [Win][Linux] -- HP System Management Homepage (SMH)
for Linux and Windows Remote Execution of Arbitrary Code
Date: 06 August 2007
OS: Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux Variants, Red
Hat Linux
URL: http://www.auscert.org.au/7935
Title: ESB-2007.0588 -- [UNIX/Linux][Win][Debian] -- New libextractor packages
fix arbitrary code execution
Date: 06 August 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants, Red
Hat Linux, Mac OS X, HP-UX, AIX
URL: http://www.auscert.org.au/7934
Title: ESB-2007.0587 -- [Debian] -- New xpdf and poppler packages fix
arbitrary code execution
Date: 06 August 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/7933
Title: ESB-2007.0586 -- [UNIX/Linux][Debian] -- New iceweasel, iceape and
xulrunner packages fix vulnerabilities
Date: 06 August 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/7932
Title: ESB-2007.0565 -- [UNIX/Linux][Solaris] -- A Security Vulnerability in
lbxproxy(1) may Allow Unauthorized Read Access to Files
Date: 10 August 2007
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, HP Tru64 UNIX,
Solaris
URL: http://www.auscert.org.au/7903
Title: ESB-2007.0564 -- [Solaris] -- Security Vulnerability in Solaris 10
BIND: Susceptible to Cache Poisoning Attack
Date: 10 August 2007
OS: Solaris
URL: http://www.auscert.org.au/7902
Title: ESB-2007.0556 -- [Cisco] -- Wireless ARP Storm Vulnerabilities
Date: 09 August 2007
OS: Cisco Products
URL: http://www.auscert.org.au/7892
Title: ESB-2007.0544 -- [Win][UNIX/Linux] -- Vulnerability in Java Runtime
Environment May Allow an Untrusted Applet to Circumvent Network Access
Restrictions
Date: 08 August 2007
OS: Windows ME, Windows Vista, Mac OS X, Red Hat Linux, Windows XP, Other
Linux Variants, FreeBSD, Windows 2000, Windows 2003, Debian GNU/Linux,
Windows 98/98SE, Solaris
URL: http://www.auscert.org.au/7874
Title: ESB-2007.0489 -- [Win] -- Security Vulnerability With Java Web Start
May Allow Application to Escalate Privileges
Date: 08 August 2007
OS: Windows ME, Windows Vista, Windows NT 4, Windows XP, Windows 2000,
Windows 2003, Windows 98/98SE
URL: http://www.auscert.org.au/7799
Title: ESB-2007.0477 -- [Solaris] -- Multiple Memory Corruption
Vulnerabilities in Mozilla 1.7 for Solaris 8, 9 and 10
Date: 09 August 2007
OS: Solaris
URL: http://www.auscert.org.au/7786
Title: ESB-2007.0451 -- [Solaris] -- Multiple Security Vulnerabilities in the
Solaris Gnome PDF Viewer (gpdf(1)) may Allow a Denial of Service (DoS)
Condition or Lead to Execution of Arbitrary Code
Date: 09 August 2007
OS: Solaris
URL: http://www.auscert.org.au/7757
Title: ESB-2007.0244 -- [Solaris] -- Security Vulnerability in the IP
Implementation for Solaris 8 and 9 May Allow a Denial of Service
Date: 10 August 2007
OS: Solaris
URL: http://www.auscert.org.au/7488
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
- -----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRrwM7Ch9+71yA2DNAQJl5AP/QM9xo7afIDqEXo40tpunvG/qLDdonNy2
nFPUx2XskCvFw992QgYaMgEZ7JRyGC5S/eG4LYyLAVCxQb1MKrk1YKUk5DXL685i
xEKyRGz5caMyWcBVorOdOCHdG8oKKEMRdcPvDzL9lMynwWcue0d+7QGjalCf1NLJ
vpu9/lMY55s=
=p4oq
- -----END PGP SIGNATURE-----
------- End of Forwarded Message
More information about the AusNOG
mailing list