[AusNOG] AusCERT Week in Review - Week Ending 22/06/2007 (AUSCERT#20073F686) (fwd)
Robert Lowe
rlowe at auscert.org.au
Mon Jun 25 09:00:52 EST 2007
------- Forwarded Message
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
AusCERT Week in Review
22 June 2007
Greetings,
This week auDA published the feedback received in response to the "Issues
Paper,
May 2007". This paper suggested several potential changes to the domain name
registration policies in Australia. Of particular interest to AusCERT was the
suggestion of relaxing the policy rules for registration of asn.au, com.au,
id.au, net.au and org.au. All submissions are available from the auDA Names
Panel Policy web site:
http://www.auda.org.au/2007npp/2007npp-index/
This week also saw the release of Pixy, a tool for scanning PHP source code for
possible cross site scripting (XSS) and SQL injection vulnerabilities:
http://pixybox.seclab.tuwien.ac.at/pixy/index.php
This tool has been published by the Secure Systems Lab at the Technical
University of Vienna. This research organisation also published Anubis, a tool
designed to provide automatic analysis of (malicious) windows binaries and
provides a very useful resource to anyone responding to incidents involving
malicious windows binaries:
http://analysis.seclab.tuwien.ac.at/
Regards,
Rob.
- - --
Robert Lowe, Computer Security Analyst | Hotline: +61 7 3365 4417
AusCERT, Australia's national CERT | Fax: +61 7 3365 7031
The University of Queensland | WWW: www.auscert.org.au
QLD 4072 Australia | Email: auscert at auscert.org.au
AusCERT in the Media:
- - ----------------------------
Control Microsystems and TUSC beef-up SCADA solutions
Computerworld Australia, Australia
Jun 21, 2007
http://www.computerworld.com.au/index.php/id;621252430
Papers, Articles and other documents:
- - -------------------------------------
Title: .auDA 2007 Names Policy Panel Submission
Date: 18 June 2007
URL: http://www.auscert.org.au/7735
Alerts, Advisories and Updates:
- - -------------------------------
Title: AA-2007.0048 -- [UNIX/Linux] -- Reported weakness in certain
configurations of PostgreSQL
Date: 22 June 2007
URL: http://www.auscert.org.au/7758
Title: AA-2007.0047 -- [Win] -- Vulnerability in the exteNd Director ActiveX
control
Date: 21 June 2007
URL: http://www.auscert.org.au/7754
Title: AA-2007.0046 -- [Win][UNIX/Linux] -- Patches available for IBM
WebSphere Application Server 6.1
Date: 21 June 2007
URL: http://www.auscert.org.au/7752
Title: AA-2007.0045 -- [Win][UNIX/Linux] -- Patches for Lotus Domino correct
signature verification vulnerability
Date: 20 June 2007
URL: http://www.auscert.org.au/7748
Title: AA-2007.0044 -- [Netware] -- Novell release patches for denial of
service vulnerability in NetWare NFS Server
Date: 19 June 2007
URL: http://www.auscert.org.au/7747
Title: AA-2007.0043 -- [Win][Netware][UNIX/Linux] -- Novell Modular
Authentication Service potential information disclosure vulnerability
Date: 19 June 2007
URL: http://www.auscert.org.au/7740
External Security Bulletins:
- - ----------------------------
Title: ESB-2007.0451 -- [Solaris] -- Multiple Security Vulnerabilities in the
Solaris Gnome PDF Viewer (gpdf(1)) may Allow a Denial of Service (DoS)
Condition or Lead to Execution of Arbitrary Code
Date: 22 June 2007
OS: Solaris
URL: http://www.auscert.org.au/7757
Title: ESB-2007.0450 -- [Win] -- Ingres Database Multiple Heap Corruption
Vulnerabilities
Date: 22 June 2007
OS: Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/7756
Title: ESB-2007.0449 -- [Appliance] -- HP Storage Management Appliance (SMA),
Microsoft Patch Applicability MS07-030 to MS07-035
Date: 22 June 2007
URL: http://www.auscert.org.au/7755
Title: ESB-2007.0448 -- [UNIX/Linux][Debian] -- New emacs21 packages fix
denial of service
Date: 22 June 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/7753
Title: ESB-2007.0447 -- [Win] -- HP Help and Support Center Running on HP
Notebook Computers Running with Windows XP, Remote Unauthorized Access
Date: 21 June 2007
OS: Windows XP
URL: http://www.auscert.org.au/7751
Title: ESB-2007.0446 -- [OSX] -- Apple Security Advisory: Mac OS X v10.4.10
Date: 21 June 2007
OS: Mac OS X
URL: http://www.auscert.org.au/7750
Title: ESB-2007.0445 -- [Appliance] -- Apple Security Advisory: Apple TV 1.1
Date: 21 June 2007
URL: http://www.auscert.org.au/7749
Title: ESB-2007.0444 -- [Win][UNIX/Linux] -- Apache Tomcat XSS vulnerability
in Accept-Language header processing
Date: 20 June 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
Windows XP, Red Hat Linux, Windows NT 4, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/7746
Title: ESB-2007.0443 -- [Win][UNIX/Linux][Debian] -- New libphp-phpmailer
packages fix arbitrary shell command execution
Date: 20 June 2007
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows Vista, Windows ME
URL: http://www.auscert.org.au/7745
Title: ESB-2007.0442 -- [Debian] -- New open-iscsi packages fix several
vulnerabilities
Date: 20 June 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/7744
Title: ESB-2007.0441 -- [UNIX/Linux][Debian] -- New MPlayer packages fix
arbitrary code execution
Date: 20 June 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/7743
Title: ESB-2007.0440 -- [Solaris] -- Security Vulnerability in Solaris 10 BIND
DNSSEC May Cause a Denial of Service
Date: 20 June 2007
OS: Solaris
URL: http://www.auscert.org.au/7742
Title: ESB-2007.0439 -- [Linux] -- Linux kernel vulnerabilities
Date: 19 June 2007
OS: Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/7739
Title: ESB-2007.0438 -- [UNIX/Linux] -- libgd2 vulnerabilities
Date: 19 June 2007
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows Vista, Windows ME
URL: http://www.auscert.org.au/7738
Title: ESB-2007.0437 -- [Win] -- Cerulean Studios Trillian UTF-8 Word Wrap
Heap Overflow Vulnerability
Date: 19 June 2007
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Windows NT 4,
Windows Vista, Windows ME
URL: http://www.auscert.org.au/7737
Title: ESB-2007.0436 -- [Linux] -- HP System Management Homepage (SMH) for
Linux, Remote Privileged Access
Date: 19 June 2007
OS: Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/7736
Title: ESB-2007.0435 -- [Debian] -- New libapache-mod-jk packages fix
information disclosure
Date: 18 June 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/7734
Title: ESB-2007.0434 -- [Debian] -- New PostgreSQL 7.4 packages fix privilege
escalation
Date: 18 June 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/7733
Title: ESB-2007.0433 -- [Debian] -- New libexif packages fix integer overflow
Date: 18 June 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/7732
Title: ESB-2007.0432 -- [Debian] -- New PostgreSQL 8.1 packages fix privilege
escalation
Date: 18 June 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/7731
Title: ESB-2007.0431 -- [Debian] -- New Linux kernel 2.6.8 packages fix
several vulnerabilities
Date: 18 June 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/7730
Title: ESB-2007.0430 -- [Win][Linux][Solaris] -- Security Vulnerability with
Manipulated RTF Files May Lead to Heap Overflows and Arbitrary Code
Execution
Date: 18 June 2007
OS: Solaris, Windows 98/98SE, Debian GNU/Linux, Windows 2003, Windows 2000,
Other Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Windows
Vista, Windows ME
URL: http://www.auscert.org.au/7729
Title: ESB-2007.0429 -- [Win][UNIX/Linux] -- ClamAV: Multiple Denials of
Service
Date: 18 June 2007
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows Vista, Windows ME
URL: http://www.auscert.org.au/7728
Title: ESB-2007.0428 -- [Solaris] -- Security Vulnerability in IPv6
Implementation (ip6(7p)) Related to the Handling of IPsec Packets may
Lead to a a Denial of Service (DoS)
Date: 18 June 2007
OS: Solaris
URL: http://www.auscert.org.au/7727
Title: ESB-2007.0427 -- [Solaris] -- Multiple Security Vulnerabilities in
samba(7) May Allow Remote Code Execution, Elevation of Privileges, or
Remote Shell Command Execution
Date: 18 June 2007
OS: Solaris
URL: http://www.auscert.org.au/7726
Title: ESB-2007.0426 -- [Solaris] -- Xorg(1) Contains a Denial of Service
Within the X Render Extension's Trapezoid Rendering
Date: 18 June 2007
OS: Solaris
URL: http://www.auscert.org.au/7725
Title: ESB-2007.0425 -- [Linux][Debian] -- New iceweasel packages fix several
vulnerabilities
Date: 18 June 2007
OS: Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/7724
Title: ESB-2007.0424 -- [Win] -- Apple releases patches for Safari Beta 3.0.1
for Windows
Date: 18 June 2007
OS: Windows XP, Windows Vista
URL: http://www.auscert.org.au/7723
Title: ESB-2007.0417 -- [Win][UNIX/Linux] -- Low: mod_perl security update
Date: 19 June 2007
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other
Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,
Other BSD Variants, Debian GNU/Linux, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/7716
Title: ESB-2007.0365 -- [Solaris] -- Security Vulnerability in the Kerberos
kadm5 Library May Allow Execution of Arbitrary Code
Date: 20 June 2007
OS: Solaris
URL: http://www.auscert.org.au/7648
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
- -----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRnt7aCh9+71yA2DNAQJFJQP9HBWRVt9eKP2p8MrGKSsyHbE9H8Iz4T/Q
DBttV27Ykhyd/GHv2A+1eI1mrDv/WURUzh6KZiPXxou3JCGPG1blx5fTP4s1luKy
NbBmA4nwSZ7aqXu+b8/v7cQWYbDd1T2B7JZsPiQmsR40b3xmAcxxYwDXPPV5dbLj
IKfYs6UA9Co=
=0PBP
- -----END PGP SIGNATURE-----
------- End of Forwarded Message
More information about the AusNOG
mailing list