[AusNOG] AusCERT week in review - week ending 23/03/2007
Macleonard Starkey
macleonard at auscert.org.au
Sat Mar 24 01:10:53 EST 2007
G'day AusNOG,
Here's our week in review for this week. If you've got any questions,
comments, flames or other - drop us a line, our operators are standing by.
Best regards,
MacLeonard
--
MacLeonard Starkey, Security Analyst | Hotline: +61 7 3365 4417
AusCERT | Fax: +61 7 3365 7031
Australia's National CERT | WWW: www.auscert.org.au
Brisbane QLD Australia | Email: auscert at auscert.org.au
-------------- next part --------------
AusCERT Week in Review
23 March 2007
Greetings Members,
This week has seen the team dealing with some interesting incidents -
smaller targeted attacks targeted attacks seem to be the flavour of the
month - no doubt you've read/heard or perhaps even preached a little of
that particular gospel to your management team recently.
The Microsoft Office file formats are always popular with miscreants,
particularly Word documents containing what appears to be very interesting
subject matter.
This is probably a good time to take another look at the policies on your
mail servers.
Speaking of mail - one of our members this week let us know that they we're
targeted by postal malware - a very low tech vector - is it low
enough to be below your anti-malware radar?
What's your strategy for dealing with this type of attack?
Most companies I've worked with or for in the past don't have one - save
disabling autorun, which doesn't really work in this situation - presumably
if your users are interested enough to put the cd in the drive, they're
interested enough to browse to and open autorun.exe.
Have a great weekend - here's a brief summary of the week that was.
MacLeonard
--
Alerts, Advisories and Updates:
-------------------------------
Title: AL-2007.0035 -- [Win] -- CA BrightStor ARCserve Backup Tape Engine and
Portmapper Vulnerabilities
Date: 21 March 2007
URL: http://www.auscert.org.au/7403
External Security Bulletins:
----------------------------
Title: ESB-2007.0193 -- [UNIX/Linux][Debian] -- New tcpdump packages fix
denial of service
Date: 23 March 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/7415
Title: ESB-2007.0192 -- [RedHat] -- Important: openoffice.org security update
Date: 23 March 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/7414
Title: ESB-2007.0191 -- [RedHat] -- Important: openoffice.org security update
Date: 23 March 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/7413
Title: ESB-2007.0190 -- [Cisco] -- CISCO IP Phone 7940/7960 DOS vulnerability
Date: 22 March 2007
OS: Cisco Products
URL: http://www.auscert.org.au/7412
Title: ESB-2007.0189 -- [Win][UNIX/Linux][Debian] -- New openafs packages fix
remote privilege escalation bug
Date: 22 March 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/7411
Title: ESB-2007.0188 -- [Win][UNIX/Linux][Debian] -- New OpenOffice.org
packages fix several vulnerabilities
Date: 22 March 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/7410
Title: ESB-2007.0187 -- [UNIX/Linux][Debian] -- New lookup-el packages fix
insecure temporary file
Date: 22 March 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/7409
Title: ESB-2007.0186 -- [Solaris] -- Security Vulnerability in the Mozilla
js_dtoa() Routine May Result in Denial of Service
Date: 22 March 2007
OS: Solaris
URL: http://www.auscert.org.au/7408
Title: ESB-2007.0185 -- [RedHat] -- Important: libwpd security update
Date: 21 March 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/7407
Title: ESB-2007.0184 -- [UNIX/Linux] -- Horde Project Cleanup Script Arbitrary
File Deletion Vulnerability
Date: 21 March 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants, Red
Hat Linux, Mac OS X, HP-UX, AIX
URL: http://www.auscert.org.au/7406
Title: ESB-2007.0183 -- [Win][UNIX/Linux] -- Sun Java System Web Server May
Allow A User with Revoked Client Certificate to Access Server Instance
Under Certain Conditions
Date: 21 March 2007
OS: Solaris, Debian GNU/Linux, Other BSD Variants, Windows 2003, OpenBSD,
Windows 2000, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/7405
Title: ESB-2007.0182 -- [Solaris] -- Multiple Security Vulnerabilities in
Adobe Reader May Lead to Execution of Arbitrary Code
Date: 21 March 2007
OS: Solaris
URL: http://www.auscert.org.au/7404
Title: ESB-2007.0181 -- [Win][UNIX/Linux][Cisco] -- Cisco Security Response:
Cross-Site Scripting Vulnerability in Online Help System
Date: 21 March 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
Windows XP, Cisco Products, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/7402
Title: ESB-2007.0180 -- [Win] -- [CAID 35145]: CA eTrust Admin Privilege
Escalation Vulnerability
Date: 20 March 2007
URL: http://www.auscert.org.au/7401
Title: ESB-2007.0179 -- [UNIX/Linux][Debian] -- New libwpd packages fix
arbitrary code execution
Date: 20 March 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/7400
Title: ESB-2007.0178 -- [Win][UNIX/Linux] -- New patches fix vulnerabilities
in ColdFusion MX 7 and JRun 4
Date: 20 March 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/7399
Title: ESB-2007.0177 -- [OSX] -- iPhoto 6.0.6
Date: 20 March 2007
URL: http://www.auscert.org.au/7398
Title: ESB-2007.0176 -- [Debian] -- New gnupg packages fix signature forgery
Date: 20 March 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/7397
Title: ESB-2007.0175 -- [HP-UX] -- HPSBUX02196 SSRT071318 rev.2 - HP-UX Java
(JRE and JDK) Remote Execution of Arbitrary Code
Date: 19 March 2007
OS: HP-UX
URL: http://www.auscert.org.au/7396
Title: ESB-2007.0174 -- [UNIX/Linux][HP-UX] -- HPSBUX02129 SSRT061149 rev.2 -
HP-UX running SLP, Remote Unauthorized Access
Date: 19 March 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX
URL: http://www.auscert.org.au/7395
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list