[AusNOG] AusCERT Week in Review - Week Ending 18/05/2007
Robert Lowe
rlowe at auscert.org.au
Mon May 21 11:42:39 EST 2007
Apologies for the delay in sending this.
Regards,
Rob.
AusCERT Week in Review
18 May 2007
The notable event for this week was the malicious "Dell online Store" email
and malicious web site. While the modus operandi for this malware was nothing
new, it generated a lot more attention. AusCERT had more reports than many
similar incidents so it appears that this spam was circulated far more widely
and managed to evade a large proportion of spam filters. Given this, and the
fact that it appeared to be from a reputable organisation, it has most likely
enticed people to click on the link (which now appears to be unavailable).
Unfortunately, this means that it was also probably quite successful. The
media have also picked this up (see below).
Next week will be the annual AusCERT Asia Pacific Information Technology
Security Conference. It has once again proved very popular with registrations
closing today. We're all looking forward to another week of world class talks
by highly regarded Information Security experts, including David Litchfield,
Johannes Ullrich, Joanna Rutkowska, Howard Schmidt, Brian Carrier and Richard
Bejtlich, just to name a few. But don't just look for the big names, the
program committee has selected an excellent range of speakers to speak on a
wide variety of topics and feel there should be something there for every
information security professional.
AusCERT is also very keen to speak to members about the service we provide and
how we might improve it. A perfect forum for this is the AusCERT member Birds
of a Feather (BoF) session which is to be held at 16:50 on Tuesday evening.
However, if you are unable to attend that session, please drop into the AusCERT
booth and have a chat.
Regards,
- - --
Robert Lowe, Computer Security Analyst | Hotline: +61 7 3365 4417
AusCERT, Australia's national CERT | Fax: +61 7 3365 7031
The University of Queensland | WWW: www.auscert.org.au
QLD 4072 Australia | Email: auscert at auscert.org.au
Papers, Articles and other documents:
- - -------------------------------------
Alerts, Advisories and Updates:
- - -------------------------------
Title: AU-2007.0016 -- AusCERT Update - [Win] - More information regarding the
"Dell online Store" Trojan
Date: 17 May 2007
URL: http://www.auscert.org.au/7598
Title: AL-2007.0066 -- [Win] -- "Dell online Store" Trojan emails
Date: 17 May 2007
URL: http://www.auscert.org.au/7595
Title: AL-2007.0065 -- [UNIX/Linux] -- Samba vulnerabilities: Multiple Heap
Overflows and Remote Command Injection
Date: 15 May 2007
URL: http://www.auscert.org.au/7587
Title: AL-2007.0064 -- [UNIX/Linux] -- Samba vulnerability: Local SID/Name
translation bug can result in user privilege elevation
Date: 15 May 2007
URL: http://www.auscert.org.au/7586
Title: AL-2007.0063 -- [Win] -- CA Anti-Virus, CA Threat Manager, and CA
Anti-Spyware Console Login and File Mapping Vulnerabilities
Date: 14 May 2007
URL: http://www.auscert.org.au/7585
External Security Bulletins:
- - ----------------------------
Title: ESB-2007.0583 -- [Win][Linux][HP-UX][Solaris][AIX] -- HP OpenView
Storage Data Protector, Remote Arbitrary Command Execution
Date: 16 May 2007
OS: Windows ME, AIX, HP-UX, Windows NT 4, Red Hat Linux, Windows XP, Other
Linux Variants, Windows 2000, Windows 2003, Debian GNU/Linux, Windows
98/98SE, Solaris
URL: http://www.auscert.org.au/6631
Title: ESB-2007.0336 -- [UNIX/Linux] -- Apache mod_security: Rule bypass
Date: 18 May 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/7609
Title: ESB-2007.0335 -- [Debian] -- New xfree86 packages fix several
vulnerabilities
Date: 18 May 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/7608
Title: ESB-2007.0334 -- [UNIX/Linux][RedHat] -- Moderate: libpng security
update
Date: 18 May 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/7607
Title: ESB-2007.0333 -- [Debian] -- New quagga packages fix denial of service
Date: 18 May 2007
OS: Solaris, Debian GNU/Linux, Other BSD Variants, OpenBSD, FreeBSD, Other
Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/7606
Title: ESB-2007.0332 -- [RedHat] -- Moderate: evolution security update
Date: 18 May 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/7605
Title: ESB-2007.0331 -- [UNIX/Linux][RedHat] -- Moderate: vixie-cron security
update
Date: 18 May 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/7604
Title: ESB-2007.0330 -- [UNIX/Linux][RedHat] -- Moderate: squirrelmail
security update
Date: 18 May 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/7603
Title: ESB-2007.0329 -- [UNIX/Linux] -- Moderate: ipsec-tools security update
Date: 18 May 2007
OS: Debian GNU/Linux, Other BSD Variants, FreeBSD, Other Linux Variants,
Red Hat Linux
URL: http://www.auscert.org.au/7602
Title: ESB-2007.0328 -- [Win] -- Storage Management Appliance (SMA), Microsoft
Patch Applicability MS07-023 to MS07-029
Date: 18 May 2007
OS: Windows 2003, Windows 2000
URL: http://www.auscert.org.au/7601
Title: ESB-2007.0327 -- [Win] -- HP Systems Insight Manager (SIM) for Windows,
Remote Privileged Access and Arbitrary Code Execution
Date: 18 May 2007
OS: Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/7600
Title: ESB-2007.0326 -- [Tru64] -- HP Tru64 UNIX Running Secure Shell (SSH),
Remote Unauthorized Identification of Valid Users
Date: 18 May 2007
OS: HP Tru64 UNIX
URL: http://www.auscert.org.au/7599
Title: ESB-2007.0325 -- [RedHat] -- Important: kernel security and bug fix
update
Date: 17 May 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/7597
Title: ESB-2007.0324 -- [Win] -- Symantec Norton Personal Firewall 2004
ActiveX Control Buffer Overflow
Date: 17 May 2007
OS: Windows 98/98SE, Windows 2000, Windows XP, Windows ME
URL: http://www.auscert.org.au/7596
Title: ESB-2007.0323 -- [Cisco] -- Cisco Security Response: HTTP Full-Width
and Half-Width Unicode Encoding Evasion
Date: 17 May 2007
OS: Cisco Products
URL: http://www.auscert.org.au/7594
Title: ESB-2007.0322 -- [UNIX/Linux] -- New qt4-x11 packages fix cross-site
scripting vulnerability
Date: 16 May 2007
OS: Solaris, Windows 98/98SE, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
Windows XP, Red Hat Linux, Windows NT 4, Mac OS X, HP-UX, AIX, Windows
Vista, Windows ME
URL: http://www.auscert.org.au/7593
Title: ESB-2007.0321 -- [Debian] -- New samba packages fix multiple
vulnerabilities
Date: 16 May 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/7592
Title: ESB-2007.0320 -- [Linux] -- Moderate: bluez-utils security update
Date: 15 May 2007
OS: Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/7591
Title: ESB-2007.0319 -- [Win][UNIX/Linux][RedHat] -- Important: tomcat
security update
Date: 15 May 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
Windows XP, Red Hat Linux, Windows NT 4, Mac OS X, HP-UX, Windows Vista
URL: http://www.auscert.org.au/7590
Title: ESB-2007.0318 -- [RedHat] -- Critical: samba security update
Date: 15 May 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/7589
Title: ESB-2007.0317 -- [Solaris] -- Security Vulnerability in Sun Remote
Services (SRS) Net Connect Software
Date: 14 May 2007
OS: Solaris
URL: http://www.auscert.org.au/7588
Title: ESB-2007.0316 -- [UNIX/Linux][Debian] -- New squirrelmail packages fix
cross-site scripting
Date: 14 May 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/7584
Title: ESB-2007.0315 -- [Linux][Debian] -- New Linux 2.6.18 packages fix
several vulnerabilities
Date: 14 May 2007
OS: Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/7583
Title: ESB-2007.0297 -- [Appliance] -- HPSBMI02210 SSRT071396 rev.1 - ProCurve
Series 9300m Switches, Remote Denial of Service (DoS)
Date: 16 May 2007
URL: http://www.auscert.org.au/7554
AusCERT in the Media:
- - ----------------------------
Criminologists pwn AusCERT
Sydney Morning Herald - Sydney,New South Wales,Australia
http://www.smh.com.au/news/security/criminologists-pwn-auscert/2007/05/14/11789
95074670.html
AusCERT2007: Global security experts flock to Gold Coast
CRN Australia - Australia
http://www.crn.com.au/story.aspx?CIID=81189
Experts comment on fake Dell email
iT News - Australia
http://www.itnews.com.au/newsstory.aspx?CIaNID=52273&r=hstory
AusCERT prepares for biggest ever conference
ZDNet Australia
http://www.zdnet.com.au/news/security/soa/AusCERT-prepares-for-biggest-ever-con
ference/0,130061744,339277575,00.htm
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list