[AusNOG] AusCERT Week in Review - Week Ending 02/11/2007 (AUSCERT#20073F686)
Richard Billington
richard at auscert.org.au
Fri Nov 2 17:41:31 EST 2007
AusCERT Week in Review
02 November 2007
AusCERT in the Media:
- - ---------------------
Guest column: Planning for privacy
iT News, Australia
1 hour ago
http://www.itnews.com.au/Feature/3906,guest-column-planning-for-privacy.aspx
Lost your mobile? What's the damage
NEWS.com.au, Australia
Oct 30, 2007
http://www.news.com.au/business/story/0,23636,22678340-5012425,00.html
Web Log Entries:
- - ----------------
Title: Warezov and Stration seeding
Date: 28 October 2007
URL: http://www.auscert.org.au/8277
Alerts, Advisories and Updates:
- - -------------------------------
Title: AA-2007.0091 -- [Win][UNIX/Linux] -- WordPress 2.3.1 release now
available
Date: 02 November 2007
URL: http://www.auscert.org.au/8280
Title: AA-2007.0093 -- [UNIX/Linux] -- Two remote denial of service
vulnerabilities in OpenLDAP
Date: 02 November 2007
URL: http://www.auscert.org.au/8291
Title: AA-2007.0094 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in IBM
Lotus Domino
Date: 02 November 2007
URL: http://www.auscert.org.au/8294
Title: AA-2007.0090 -- [Win][Linux][Solaris] -- Multiple vulnerabilities in
third-party file scanners in Symantec Mail Security for Domino and
Symantec Mail Security for SMTP
Date: 30 October 2007
URL: http://www.auscert.org.au/8278
Title: AU-2007.0024 -- AusCERT Update - [Debian] - Revised dhcp packages fix
arbitrary code execution
Date: 30 October 2007
URL: http://www.auscert.org.au/8279
Title: AA-2007.0092 -- [Win][UNIX/Linux][OSX] -- Apache Tomcat WebDav Remote
Information Disclosure Vulnerability
Date: 30 October 2007
URL: http://www.auscert.org.au/8281
Title: AL-2007.0071 -- [Win][Linux][Solaris] -- Sun Java Runtime Environment
vulnerability allows remote compromise
Date: 29 October 2007
URL: http://www.auscert.org.au/7664
External Security Bulletins:
- - ----------------------------
Title: ESB-2005.0995 -- [Solaris] -- Sun Fire T2000 Server requires mandatory
patches
Date: 28 October 2007
OS: Solaris
URL: http://www.auscert.org.au/5849
Title: ESB-2007.0859 -- [Win][UNIX/Linux] -- RealNetworks RealPlayer, RealOne
Player, RealPlayer Enterprise - multiple vulnerabilities
Date: 02 November 2007
OS: Windows ME, AIX, HP-UX, Mac OS X, Windows NT 4, Red Hat Linux, Windows
XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003,
IRIX, Other BSD Variants, Debian GNU/Linux, Windows 98/98SE, HP Tru64
UNIX, Solaris
URL: http://www.auscert.org.au/8293
Title: ESB-2007.0858 -- [Netware] -- Novell BorderManager Client Trust Heap
Overflow Vulnerability
Date: 02 November 2007
OS: Novell Netware
URL: http://www.auscert.org.au/8292
Title: ESB-2007.0857 -- [RedHat] -- Important: kernel security update
Date: 02 November 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8290
Title: ESB-2007.0856 -- [Win] -- Symantec Altiris Deployment Solution
TFTP/MTFTP Service Directory Traversal Vulnerability
Date: 01 November 2007
OS: Windows 2003, Windows 2000
URL: http://www.auscert.org.au/8289
Title: ESB-2007.0855 -- [Win] -- Macrovision InstallShield Update Service
ActiveX Unsafe Method Vulnerability
Date: 01 November 2007
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Windows NT 4,
Windows Vista, Windows ME
URL: http://www.auscert.org.au/8288
Title: ESB-2007.0854 -- [UNIX/Linux][RedHat] -- Important: cups security and
bug fix update
Date: 01 November 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/8287
Title: ESB-2007.0853 -- [Win][UNIX/Linux][OSX] -- TikiWiki Remote PHP Code
Evaluation Vulnerability
Date: 31 October 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
Windows XP, Red Hat Linux, Windows NT 4, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8286
Title: ESB-2007.0852 -- [AIX] -- Multiple Vulnerabilities in IBM AIX
Date: 31 October 2007
OS: AIX
URL: http://www.auscert.org.au/8285
Title: ESB-2007.0851 -- [UNIX/Linux][OSX] -- Xcode 2.5 Developer Tools
Date: 31 October 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/8284
Title: ESB-2007.0850 -- [Solaris] -- Security Vulnerability in the Solaris 10
Internet Protocol (ip(7P)) may Lead to a Denial of Service (DoS)
Condition
Date: 01 November 2007
OS: Solaris
URL: http://www.auscert.org.au/8283
Title: ESB-2007.0849 -- [Solaris] -- Sun Fire X2100/X2200 M2 Servers ELOM
Software is Vulnerable to Arbitrary Command Execution
Date: 02 November 2007
OS: Solaris
URL: http://www.auscert.org.au/8282
Title: ESB-2007.0848 -- [Solaris] -- Security Vulnerability in Solaris 10
OpenSSL SSL_get_shared_ciphers() Function
Date: 29 October 2007
OS: Solaris
URL: http://www.auscert.org.au/8276
Title: ESB-2007.0847 -- [Solaris] -- Multiple Security Vulnerabilities in
JavaScript Engine in Mozilla 1.7 for Solaris 8, 9 and 10
Date: 29 October 2007
OS: Solaris
URL: http://www.auscert.org.au/8275
Title: ESB-2007.0846 -- [Solaris] -- Security Vulnerability in Solaris 10 SCTP
INIT Processing
Date: 02 November 2007
OS: Solaris
URL: http://www.auscert.org.au/8274
Title: ESB-2007.0845 -- [Win][Solaris] -- RSA Keon cross-site scripting
vulnerabilities
Date: 29 October 2007
OS: Solaris, Windows 2003
URL: http://www.auscert.org.au/8273
Title: ESB-2007.0844 -- [Linux][Debian] -- New iceweasel packages fix several
vulnerabilities
Date: 29 October 2007
OS: Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/8272
Title: ESB-2007.0811 -- [Debian] -- New dhcp packages fix arbitrary code
execution
Date: 30 October 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8232
Title: ESB-2007.0755 -- [Win][Linux][Solaris] -- Security Vulnerability in
Java Runtime Environment With Applet Caching May Allow Network Access
Restrictions to be Circumvented
Date: 29 October 2007
OS: Windows Vista, Red Hat Linux, Windows XP, Other Linux Variants, Windows
2000, Windows 2003, Debian GNU/Linux, Solaris
URL: http://www.auscert.org.au/8160
Title: ESB-2007.0754 -- [Win][Linux][Solaris] -- Security Vulnerabilities in
Java Runtime Environment May Allow Network Access Restrictions to be
Circumvented
Date: 29 October 2007
OS: Windows Vista, Red Hat Linux, Windows XP, Other Linux Variants, Windows
2000, Windows 2003, Debian GNU/Linux, Solaris
URL: http://www.auscert.org.au/8159
Title: ESB-2007.0751 -- [Win][Linux][Solaris] -- Java Runtime Environment
(JRE) May Allow Untrusted Applets or Applications to Display An
Oversized Window so that the Warning Banner is Not Visible to User
Date: 29 October 2007
OS: Windows Vista, Red Hat Linux, Windows XP, Other Linux Variants, Windows
2000, Windows 2003, Debian GNU/Linux, Solaris
URL: http://www.auscert.org.au/8156
Title: ESB-2007.0739 -- [Solaris] -- Sun Fire X2100 M2/X2200 M2 ELOM is
Vulnerable to Unauthorized Access
Date: 01 November 2007
OS: Solaris
URL: http://www.auscert.org.au/8143
Title: ESB-2007.0683 -- [Solaris] -- Security Vulnerability in RPCSEC_GSS
(rpcsec_gss(3NSL)) Affects Kerberos Administration Daemon (kadmind(1M))
Date: 29 October 2007
OS: Solaris
URL: http://www.auscert.org.au/8058
Title: ESB-2007.0660 -- [Win][Linux][HP-UX][Solaris] -- Security Vulnerability
in Processing XSLT Stylesheets Affects Sun Java System Application
Server and Web Server
Date: 29 October 2007
OS: HP-UX, Red Hat Linux, Windows XP, Other Linux Variants, Windows 2000,
Windows 2003, Debian GNU/Linux, Solaris
URL: http://www.auscert.org.au/8027
Title: ESB-2007.0615 -- [Win][Linux][HP-UX][AIX] -- Multiple HP Products
Running Shared Trace Service, Remote Arbitrary Code Execution
Date: 01 November 2007
OS: AIX, HP-UX, Windows NT 4, Red Hat Linux, Windows XP, Other Linux
Variants, Windows 2000, Windows 2003, Debian GNU/Linux, HP Tru64 UNIX,
Solaris
URL: http://www.auscert.org.au/7965
Title: ESB-2007.0561 -- [Win] -- Sun Java System Application Server on Windows
- JSP Source Code Exposure
Date: 29 October 2007
OS: Windows 2000, Windows 2003
URL: http://www.auscert.org.au/7898
Title: ESB-2007.0560 -- [Solaris] -- Security Vulnerability in Mozilla 1.7 May
Allow Arbitrary JavaScript Commands to be Run
Date: 29 October 2007
OS: Solaris
URL: http://www.auscert.org.au/7897
Title: ESB-2007.0427 -- [Solaris] -- Multiple Security Vulnerabilities in
samba(7) May Allow Remote Code Execution, Elevation of Privileges, or
Remote Shell Command Execution
Date: 29 October 2007
OS: Solaris
URL: http://www.auscert.org.au/7726
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 367 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20071102/448b831f/attachment.sig>
More information about the AusNOG
mailing list