[AusNOG] AusCERT Week in Review - Week Ending 23/11/2007 (AUSCERT#20073F686)
Robert Lowe
rlowe at auscert.org.au
Fri Nov 23 12:26:39 EST 2007
AusCERT Week in Review
23 November 2007
AusCERT in the Media:
---------------------
Analysts lament security 'arms race'
ZDNet UK, UK
Nov 21, 2007
http://news.zdnet.co.uk/security/0,1000000189,39290987,00.htm
Papers, Articles and other documents:
-------------------------------------
Web Log Entries:
----------------
Alerts, Advisories and Updates:
-------------------------------
Title: AA-2007.0108 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in IBM
DB2
Date: 22 November 2007
URL: http://www.auscert.org.au/8401
Title: AA-2007.0109 -- [Win] -- Vulnerability in AhnLab Antivirus V3 Internet
Security 2008
Date: 22 November 2007
URL: http://www.auscert.org.au/8403
Title: AA-2007.0110 -- [Appliance] -- OmniPCX/IP Touch phone denial of service
Date: 22 November 2007
URL: http://www.auscert.org.au/8404
Title: AA-2007.0111 -- [Linux] -- Multiple Linux kernel vulnerabilities
Date: 22 November 2007
URL: http://www.auscert.org.au/8405
Title: AA-2007.0107 -- [Appliance] -- Multiple vulnerabilities in Ingate
Firewall and SIParator
Date: 21 November 2007
URL: http://www.auscert.org.au/8400
Title: AA-2007.0094 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in IBM
Lotus Domino
Date: 20 November 2007
URL: http://www.auscert.org.au/8294
Title: AA-2007.0104 -- [Win][UNIX/Linux] -- Cross-site scripting (XSS)
vulnerability in IBM WebSphere Application Server
Date: 19 November 2007
URL: http://www.auscert.org.au/8390
Title: AA-2007.0105 -- [Linux] -- Linux Kernel CIFS VFS Buffer Overflow
Date: 19 November 2007
URL: http://www.auscert.org.au/8391
Title: AA-2007.0106 -- [Win] -- Vulnerability in Citrix Presentation Server
could result in unauthorized code execution
Date: 19 November 2007
URL: http://www.auscert.org.au/8392
Title: AL-2007.0120 -- [UNIX/Linux] -- Multiple Vulnerabilities in Samba
Date: 16 November 2007
URL: http://www.auscert.org.au/8369
Title: AA-2007.0102 -- [Win][UNIX/Linux] -- PHP 5.2.5 released correcting
several vulnerabilities
Date: 16 November 2007
URL: http://www.auscert.org.au/8381
Title: AA-2007.0103 -- [Win][UNIX/Linux] -- Thunderbird 2.0.0.9 has been
released fixing arbitrary code execution
Date: 16 November 2007
URL: http://www.auscert.org.au/8385
External Security Bulletins:
----------------------------
Title: ESB-2007.0943 -- [Debian] -- New kdegraphics packages fix arbitrary
code execution
Date: 22 November 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8402
Title: ESB-2007.0942 -- [Win] -- Vulnerability Note VU#138633 Invensys
Wonderware InTouch creates insecure NetDDE share
Date: 21 November 2007
URL: http://www.auscert.org.au/8399
Title: ESB-2007.0941 -- [Win] -- BitDefender Online Scanner 8 Double Decode
Heap Overflow
Date: 21 November 2007
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Windows NT 4,
Windows Vista, Windows ME
URL: http://www.auscert.org.au/8398
Title: ESB-2007.0940 -- [HP-UX] -- HP-UX Running BIND 8, Remote DNS Cache
Poisoning
Date: 21 November 2007
OS: HP-UX
URL: http://www.auscert.org.au/8397
Title: ESB-2007.0939 -- [UNIX/Linux] -- teTeX: Multiple vulnerabilities
Date: 20 November 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/8395
Title: ESB-2007.0938 -- [Win][UNIX/Linux] -- MySQL: Denial of Service
Date: 20 November 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, Other Linux Variants,
Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/8394
Title: ESB-2007.0937 -- [Win][UNIX/Linux] -- Link Grammar: User-assisted
execution of arbitrary code
Date: 20 November 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8393
Title: ESB-2007.0936 -- [UNIX/Linux] -- Cpio: Buffer overflow
Date: 19 November 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8389
Title: ESB-2007.0935 -- [Win][UNIX/Linux] -- Ruby on Rails: Multiple
vulnerabilities
Date: 19 November 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8388
Title: ESB-2007.0934 -- [Debian] -- New cupsys packages fix arbitrary code
execution
Date: 19 November 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8387
Title: ESB-2007.0933 -- [Ubuntu] -- VMWare vulnerabilities
Date: 16 November 2007
OS: Ubuntu
URL: http://www.auscert.org.au/8386
Title: ESB-2007.0932 -- [Solaris] -- A Security Vulnerability in unzip(1L) May
Set Unintended Permissions on Extracted Files
Date: 16 November 2007
OS: Solaris
URL: http://www.auscert.org.au/8384
Title: ESB-2007.0931 -- [UNIX/Linux][RedHat] -- Moderate: net-snmp security
update
Date: 16 November 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8383
Title: ESB-2007.0930 -- [RedHat] -- Moderate: openldap security and
enhancement update
Date: 16 November 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8382
Title: ESB-2007.0929 -- [RedHat] -- Moderate: openssl security and bug fix
update
Date: 16 November 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8380
Title: ESB-2007.0928 -- [RedHat] -- Moderate: util-linux security update
Date: 16 November 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8379
Title: ESB-2007.0927 -- [RedHat] -- Low: mailman security and bug fix update
Date: 16 November 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8378
Title: ESB-2007.0926 -- [RedHat] -- Moderate: httpd security, bug fix, and
enhancement update
Date: 16 November 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8377
Title: ESB-2007.0925 -- [RedHat] -- Moderate: pam security, bug fix, and
enhancement update
Date: 16 November 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8376
Title: ESB-2007.0924 -- [RedHat] -- Low: wireshark security and bug fix update
Date: 16 November 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8375
Title: ESB-2007.0923 -- [RedHat] -- Moderate: openssh security and bug fix
update
Date: 16 November 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8374
Title: ESB-2007.0922 -- [UNIX/Linux][RedHat] -- Low: xterm security update
Date: 16 November 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8373
Title: ESB-2007.0921 -- [RedHat] -- Moderate: tcpdump security and bug fix
update
Date: 16 November 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8372
Title: ESB-2007.0920 -- [RedHat] -- Critical: samba security update
Date: 16 November 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8371
Title: ESB-2007.0919 -- [HP-UX] -- HP-UX Running Java JRE and JDK, Remote
Unauthorized Access
Date: 16 November 2007
OS: HP-UX
URL: http://www.auscert.org.au/8370
Title: ESB-2007.0918 -- [OSX] -- Mac OS X v10.5.1 Update
Date: 16 November 2007
OS: Mac OS X
URL: http://www.auscert.org.au/8368
Title: ESB-2007.0904 -- [UNIX/Linux][RedHat] -- Important: pcre security
update
Date: 16 November 2007
OS: AIX, HP-UX, Red Hat Linux, Other Linux Variants, FreeBSD, OpenBSD,
IRIX, Other BSD Variants, Debian GNU/Linux, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/8349
Title: ESB-2007.0894 -- [HP-UX] -- HP-UX Running Aries PA Emulator, Local
Unauthorized Access
Date: 21 November 2007
OS: HP-UX
URL: http://www.auscert.org.au/8335
Title: ESB-2007.0863 -- [Win][UNIX/Linux] -- Verity KeyView SDK Multiple File
Format Parsing
Date: 21 November 2007
OS: Windows Vista, Mac OS X, Red Hat Linux, Windows XP, Other Linux
Variants, Windows 2000, Windows 2003, Debian GNU/Linux
URL: http://www.auscert.org.au/8299
Title: ESB-2007.0778 -- [Solaris] -- Multiple Security Issues Within The X
Font Server (xfs(1)) QueryXBitmaps and QueryXExtents Protocol Handlers
Date: 16 November 2007
OS: Solaris
URL: http://www.auscert.org.au/8192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list