[AusNOG] AusCERT Week in Review - Week Ending 17/08/2007 (AUSCERT#20073f686)
matthew at auscert.org.au
matthew at auscert.org.au
Tue Aug 21 14:32:05 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings AusNOG,
Our Week in Review for last week - sorry for the delay.
Hope this helps,
- -- Matthew McGlashan --
Coordination Centre Team Leader | Hotline: +61 7 3365 4417
Australian Computer Emergency Response Team | Direct: +61 7 3365 7924
(AusCERT) | Fax: +61 7 3365 7031
The University of Queensland | WWW: www.auscert.org.au
Qld 4072 Australia | Email: auscert at auscert.org.au
- ------- Forwarded Message
AusCERT Week in Review
17 August 2007
AusCERT in the Media:
- ---------------------
Pacific ICT Regulators convene at PacINET 2007
Tonga Now, Tonga
5 hours ago
http://www.tonga-now.to/Article.aspx?ID=3875&Mode=1
New alert for online scams
Sydney Morning Herald, Australia
Aug 13, 2007
http://www.smh.com.au/news/security/new-alert-for-online-scams/2007/08/13/1186857427330.html
Papers, Articles and other documents:
- -------------------------------------
Web Log Entries:
- ----------------
Title: Malware utilising Alternate Data Streams?
Date: 14 August 2007
URL: http://www.auscert.org.au/7967
Alerts, Advisories and Updates:
- -------------------------------
Title: AL-2007.0101 -- [UNIX/Linux] -- IBM DB2 Universal Database Multiple
Vulnerabilities
Date: 17 August 2007
URL: http://www.auscert.org.au/7983
Title: AL-2007.0100 -- [Win] -- Vulnerability in Vector Markup Language Could
Allow Remote Code Execution (938127)
Date: 15 August 2007
URL: http://www.auscert.org.au/7973
Title: AL-2007.0099 -- [Win] -- Vulnerability in GDI Could Allow Remote Code
Execution (938829)
Date: 15 August 2007
URL: http://www.auscert.org.au/7972
Title: AL-2007.0096 -- [Win][OSX] -- Vulnerability in OLE Automation Could
Allow Remote Code Execution (921503)
Date: 15 August 2007
URL: http://www.auscert.org.au/7969
Title: AL-2007.0095 -- [Win] -- Vulnerability in Microsoft XML Core Services
Could Allow Remote Code Execution (936227)
Date: 15 August 2007
URL: http://www.auscert.org.au/7968
Title: AL-2007.0098 -- [Win] -- Cumulative Security Update for Internet
Explorer (937143)
Date: 15 August 2007
URL: http://www.auscert.org.au/7971
Title: AL-2007.0097 -- [Win][OSX] -- Vulnerability in Microsoft Excel Could
Allow Remote Code Execution (940965)
Date: 15 August 2007
URL: http://www.auscert.org.au/7970
Title: AL-2007.0094 -- [Win][OSX] -- Microsoft August security bulletins
pre-release announcement
Date: 14 August 2007
URL: http://www.auscert.org.au/7966
External Security Bulletins:
- ----------------------------
Title: ESB-2007.0624 -- [Win][Linux][Solaris] -- Vulnerability in the Java
Runtime Environment Font Parsing Code may Allow an Untrusted Applet to
Elevate Privileges
Date: 17 August 2007
OS: Solaris, Windows 98/98SE, Debian GNU/Linux, Windows 2003, Windows 2000,
Other Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Windows
Vista, Windows ME
URL: http://www.auscert.org.au/7982
Title: ESB-2007.0623 -- [RedHat] -- Moderate: kernel security and bugfix
update
Date: 17 August 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/7981
Title: ESB-2007.0622 -- [Win][UNIX/Linux] -- ESRI ArcSDE Numeric Literal
Buffer Overflow Vulnerability
Date: 17 August 2007
OS: HP Tru64 UNIX, Solaris, HP-UX, Other Linux Variants, Red Hat Linux,
AIX, Windows 2003, Windows 2000
URL: http://www.auscert.org.au/7980
Title: ESB-2007.0621 -- [Linux] -- New Linux 2.6.18 packages fix several
vulnerabilities
Date: 17 August 2007
OS: Debian GNU/Linux, Other Linux Variants
URL: http://www.auscert.org.au/7979
Title: ESB-2007.0620 -- [Win] -- Local Privilege Escalation Vulnerabilities in
Cisco VPN Client
Date: 16 August 2007
OS: Windows 2000, Windows XP, Cisco Products, Windows NT 4, Windows Vista
URL: http://www.auscert.org.au/7978
Title: ESB-2007.0619 -- [Win] -- HP OpenView Operations Manager for Windows
(OVOW) running Shared Trace Service
Date: 16 August 2007
OS: Windows 2003, Windows 2000, Windows NT 4, Windows Vista
URL: http://www.auscert.org.au/7977
Title: ESB-2007.0618 -- [Win][OSX] -- Vulnerability in Virtual PC and Virtual
Server Could Allow Elevation of Privilege (937986)
Date: 15 August 2007
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Windows NT 4,
Mac OS X, Windows Vista, Windows ME
URL: http://www.auscert.org.au/7976
Title: ESB-2007.0617 -- [Win] -- Vulnerabilities in Windows Gadgets Could
Allow Remote Code Execution (938123)
Date: 15 August 2007
OS: Windows Vista
URL: http://www.auscert.org.au/7975
Title: ESB-2007.0616 -- [Win] -- Vulnerabilities in Windows Media Player Could
Allow Remote Code Execution (936782)
Date: 15 August 2007
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Windows NT 4,
Windows Vista, Windows ME
URL: http://www.auscert.org.au/7974
Title: ESB-2007.0615 -- [Win][UNIX/Linux] -- Multiple HP Products Running
Shared Trace Service, Remote Arbitrary Code Execution
Date: 14 August 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Windows 2003, Windows 2000,
Other Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, HP-UX,
AIX
URL: http://www.auscert.org.au/7965
Title: ESB-2007.0614 -- [Debian] -- New kdegraphics packages fix arbitrary
code execution
Date: 14 August 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/7964
Title: ESB-2007.0613 -- [Debian] -- New gpdf packages fix arbitrary code
execution
Date: 14 August 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/7963
Title: ESB-2007.0612 -- [AIX] -- AIX at Command Buffer Overflow Vulnerability
Date: 13 August 2007
OS: AIX
URL: http://www.auscert.org.au/7962
Title: ESB-2007.0611 -- [AIX] -- AIX fileplace Command Buffer Overflow
Vulnerability
Date: 13 August 2007
OS: AIX
URL: http://www.auscert.org.au/7961
Title: ESB-2007.0610 -- [AIX] -- AIX multiple buffer overflow vulnerabilities
in configuration commands
Date: 13 August 2007
URL: http://www.auscert.org.au/7960
Title: ESB-2007.0609 -- [Debian] -- New tcpdump packages fix arbitrary code
execution
Date: 13 August 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/7959
Title: ESB-2007.0606 -- [UNIX/Linux] -- Asterisk - Remote crash vulnerability
in Skinny channel driver
Date: 14 August 2007
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, HP Tru64 UNIX,
Solaris
URL: http://www.auscert.org.au/7952
Title: ESB-2007.0605 -- [Win][Cisco] -- Cisco Security Response: Cisco Unified
MeetingPlace XSS Vulnerability
Date: 13 August 2007
OS: Windows ME, Cisco Products, Windows XP, Windows 2000, Windows 2003
URL: http://www.auscert.org.au/7951
Title: ESB-2007.0604 -- [Cisco] -- Voice Vulnerabilities in Cisco IOS and
Cisco Unified Communications Manager
Date: 13 August 2007
OS: Cisco Products
URL: http://www.auscert.org.au/7950
Title: ESB-2007.0601 -- [Cisco] -- Cisco IOS Information Leakage Using IPv6
Routing Header
Date: 14 August 2007
OS: Cisco Products
URL: http://www.auscert.org.au/7947
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
- ------- End of Forwarded Message
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRspqxCh9+71yA2DNAQLPQgP+Lm0SbcwgLiAxXi7MOUwXz5J8Elx4pPXO
ocuZ1APoL1zQIp1eiKQgyJLldJEqgerk4MwM3+G1C2Ex8pCzC6L0k/Eph1TqwXSl
SjOvg7t78XqSzE+RVGzFSwlrBrNiC9/cFxP26SHIXogXacIoXPrQRSxRxnv5PVvj
JOU0+phePWA=
=dKzQ
-----END PGP SIGNATURE-----
More information about the AusNOG
mailing list