[AusNOG] AusCERT Week in Review - Week Ending 07/12/2007 (AUSCERT#20073f686)
Paul Fahey
paul at auscert.org.au
Fri Dec 7 16:55:02 EST 2007
AusCERT Week in Review
07 December 2007
AusCERT in the Media:
---------------------
Papers, Articles and other documents:
-------------------------------------
Web Log Entries:
----------------
Alerts, Advisories and Updates:
-------------------------------
Title: AL-2007.0124 -- [Win][Linux][HP-UX][Solaris] -- HP OpenView Network
Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code
Date: 07 December 2007
URL: http://www.auscert.org.au/8465
Title: AU-2007.0026 -- AusCERT Update - [Win] - CA BrightStor ARCserve Backup
Security Notice
Date: 07 December 2007
URL: http://www.auscert.org.au/8469
Title: AL-2007.0125 -- [Win][UNIX/Linux] -- Squid - Denial of service in cache
updates
Date: 06 December 2007
URL: http://www.auscert.org.au/8467
Title: AA-2007.0121 -- [Win] -- Weakness in Citrix EdgeSight for Endpoints and
Citrix EdgeSight for Presentation Server could result in information
disclosure
Date: 06 December 2007
URL: http://www.auscert.org.au/8462
Title: AL-2007.0123 -- [Win] -- Cisco Security Agent for Windows System Driver
Remote Buffer Overflow Vulnerability
Date: 05 December 2007
URL: http://www.auscert.org.au/8459
Title: AA-2007.0116 -- [UNIX/Linux] -- Mulitple vulnerabilities in rsync
Date: 05 December 2007
URL: http://www.auscert.org.au/8440
Title: AA-2007.0118 -- [Win][Linux] -- Multiple vulnerabilities in BEA
Plumtree Foundation and BEA AquaLogic Interaction
Date: 05 December 2007
URL: http://www.auscert.org.au/8445
Title: AA-2007.0119 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in
Hitachi JP1/File Transmission Server
Date: 04 December 2007
URL: http://www.auscert.org.au/8448
Title: AA-2007.0120 -- [Win] -- Vulnerability in Web Proxy Auto-Discovery
(WPAD)
Date: 04 December 2007
URL: http://www.auscert.org.au/8449
Title: AL-2007.0121 -- [Win] -- New vulnerabilities in Apple QuickTime may
allow remote execution of arbitrary code
Date: 03 December 2007
URL: http://www.auscert.org.au/8413
Title: AA-2007.0117 -- [Win] -- Multiple vulnerabilities in Citrix NetScaler
and Citrix Access Gateway Enterprise Edition
Date: 03 December 2007
URL: http://www.auscert.org.au/8444
External Security Bulletins:
----------------------------
Title: ESB-2007.0986 -- [Win][Linux] -- Skype skype4com URI Handler Remote
Heap Corruption
Date: 07 December 2007
OS: Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, Windows Vista
URL: http://www.auscert.org.au/8468
Title: ESB-2007.0985 -- [Win][UNIX/Linux] -- MySQL Community Server 5.0.51
released
Date: 07 December 2007
OS: Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
Tru64 UNIX, Solaris, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/8466
Title: ESB-2007.0984 -- [Win][UNIX/Linux][Debian] -- New wesnoth packages fix
arbitrary file disclosure
Date: 07 December 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8463
Title: ESB-2007.0983 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in
Drupal third-party modules
Date: 06 December 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8461
Title: ESB-2007.0982 -- [Win][Solaris] -- CiscoWorks Server XSS Vulnerability
Date: 06 December 2007
OS: Solaris, Windows 2003, Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/8460
Title: ESB-2007.0981 -- [RedHat] -- Moderate: openoffice.org, openoffice.org2,
hsqldb security update
Date: 06 December 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8458
Title: ESB-2007.0980 -- [UNIX/Linux][Debian] -- New zabbix packages fix
privilege escalation
Date: 06 December 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8457
Title: ESB-2007.0979 -- [Win][UNIX/Linux][Debian] -- New OpenOffice.org
packages fix arbitrary Java code execution
Date: 06 December 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8456
Title: ESB-2007.0978 -- [Win][UNIX/Linux] -- DRUPAL CORE - SQL INJECTION
POSSIBLE WHEN CERTAIN CONTRIBUTED MODULES ARE ENABLED
Date: 06 December 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8455
Title: ESB-2007.0977 -- [Solaris] -- Security Vulnerabilities in Early
Versions of Sun SPARC Enterprise M4000/M5000/M8000/M9000 XSCF Control
Package (XCP) firmware may Result in a Denial of Service (DoS)
Condition
Date: 06 December 2007
OS: Solaris
URL: http://www.auscert.org.au/8454
Title: ESB-2007.0976 -- [Win] -- Vulnerability in SonicWALL Global VPN Client
Date: 05 December 2007
OS: Windows 98/98SE, Windows 2000, Windows XP, Windows NT 4, Windows ME
URL: http://www.auscert.org.au/8453
Title: ESB-2007.0975 -- [Win][UNIX/Linux] -- Multiple Vulnerabilities in
Mortbay Jetty
Date: 05 December 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8452
Title: ESB-2007.0974 -- [Win] -- VLC Activex Bad Pointer Initialization
Vulnerability
Date: 07 December 2007
OS: Windows Vista, Windows XP, Windows 2000, Windows 2003
URL: http://www.auscert.org.au/8451
Title: ESB-2007.0973 -- [Win][RedHat][HP-UX][Solaris] -- HP Select Identity,
Remote Unauthorized Access
Date: 05 December 2007
OS: Solaris, Windows 2003, Red Hat Linux, HP-UX
URL: http://www.auscert.org.au/8450
Title: ESB-2007.0972 -- [UNIX/Linux][RedHat] -- Moderate: htdig security
update
Date: 04 December 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8447
Title: ESB-2007.0971 -- [RedHat] -- Important: kernel security and bug fix
update
Date: 04 December 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8446
Title: ESB-2007.0970 -- [Solaris] -- A Security Vulnerability Resulting From
Solaris 10 fcp(7D) and devfs(7FS) Interaction May Allow Certain File
Operations to Cause a System Hang
Date: 03 December 2007
OS: Solaris
URL: http://www.auscert.org.au/8443
Title: ESB-2007.0969 -- [Debian] -- New cacti packages fix SQL injection
Date: 03 December 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8442
Title: ESB-2007.0968 -- [Debian] -- New asterisk packages fix SQL injection
Date: 03 December 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8441
Title: ESB-2007.0941 -- [Win] -- BitDefender Online Scanner 8 Double Decode
Heap Overflow
Date: 03 December 2007
OS: Windows ME, Windows Vista, Windows NT 4, Windows XP, Windows 2000,
Windows 2003, Windows 98/98SE
URL: http://www.auscert.org.au/8398
Title: ESB-2007.0932 -- [Solaris] -- A Security Vulnerability in unzip(1L) May
Set Unintended Permissions on Extracted Files
Date: 05 December 2007
OS: Solaris
URL: http://www.auscert.org.au/8384
Title: ESB-2007.0790 -- [Solaris] -- Multiple Security Vulnerabilities in the
Solaris Tag Image File Format Library libtiff(3)
Date: 03 December 2007
OS: Solaris
URL: http://www.auscert.org.au/8204
Title: ESB-2007.0473 -- [Solaris] -- Security Vulnerabilities in OpenSSL May
Lead to a Denial of Service (DoS) to Applications or Execution of
Arbitrary Code With Elevated Privileges
Date: 05 December 2007
OS: Solaris
URL: http://www.auscert.org.au/7782
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list