[AusNOG] AusCERT Week in Review - Week Ending 28/09/2007 (AUSCERT#20073F686) (fwd)

Mon Oct 1 10:29:36 EST 2007

------- Forwarded Message

AusCERT Week in Review
28 September 2007

Greetings,

We've recently noticed quite a few vulnerabilities reported in Google's various
services. With an increasing reliance on Google's web applications, even in the
business arena, this may be of concern to AusCERT members. 

Two vulnerabilities were posted by pdp (the same security researcher who
blogged about PDF vulnerabilities last week) who describes a cross site
scripting (XSS) vulnerability in Google Urchin and a cross site request forgery
(CSRF) vulnerability in GMail which may result in the unauthorised access of
the victim's GMail messages. The full details can be found at:

http://www.gnucitizen.org/blog/

This site also has some security articles about Google:

http://xs-sniper.com/blog/category/security/

This page describes using a flash crossdomain.xml file uploaded to Google Docs
to perform a cross domain request to steal the victim's Google credentials (or
other Google data). This page also describes a method for stealing images from
Google Picasa by inducing the user to click on a malicious link.

Users are storing more and more sensitive data on Google's servers and are
placing increasing levels of trust in the Google domain. Therefore, XSS and
CSRF vulnerabilities in Google are becoming increasingly critical.

I also noted an interesting paper on the use and the potential for abuse of
gadgets in Windows Vista:

http://www.mwrinfosecurity.com/publications/mwri_sidebar-gadgets_2007-09-25.pdf

This gives a very nice introduction to gadgets and then continues to discuss
some potential abuse and countermeasures for abuse of this technology.

Regards,
Rob.
- - --
Robert Lowe, Computer Security Analyst   | Hotline: +61 7 3365 4417
AusCERT, Australia's national CERT       | Fax:     +61 7 3365 7031
The University of Queensland             | WWW:     www.auscert.org.au
QLD 4072 Australia                       | Email:   auscert at auscert.org.au

Papers, Articles and other documents:
- - -------------------------------------
Title: 20th Annual FIRST Conference 
Date:  26 September 2007
URL:   http://www.auscert.org.au/8121

Web Log Entries:
- - ----------------
Title: RSS feeds of the AusCERT web log 
Date:  27 September 2007
URL:   http://www.auscert.org.au/8125

Title: Recent Adobe Acrobat/Reader PDF vulnerabilities 
Date:  25 September 2007
URL:   http://www.auscert.org.au/8120

Alerts, Advisories and Updates:
- - -------------------------------
Title: AL-2007.0112 -- [Win] -- Computer Associates BrightStor HSM r11.5
       Multiple Vulnerabilities 
Date:  28 September 2007
URL:   http://www.auscert.org.au/8138

Title: AU-2007.0022 -- AusCERT Update - [Win] - Microsoft Security Bulletin
       MS07-042 Re-Release 
Date:  28 September 2007
URL:   http://www.auscert.org.au/8135

Title: AA-2007.0080 -- [Win][Linux] -- VMware Workstation, Player, and ACE -
       multiple vulnerabilities 
Date:  27 September 2007
URL:   http://www.auscert.org.au/8107

Title: AA-2007.0082 -- [Linux] -- Multiple Linux kernel vulnerabilities 
Date:  27 September 2007
URL:   http://www.auscert.org.au/8129

Title: AA-2007.0081 -- [Win] -- CA ARCserve Backup for Laptops and Desktops
       contain Multiple Server Vulnerabilities 
Date:  25 September 2007
URL:   http://www.auscert.org.au/8119

External Security Bulletins:
- - ----------------------------
Title: ESB-2007.0735 -- [Solaris] -- A Security Vulnerability in the Handling
       of Thread Contexts in the Solaris Kernel May Allow a Denial of Service
       (DoS) 
Date:  28 September 2007
OS:    Solaris 
URL:   http://www.auscert.org.au/8137

Title: ESB-2007.0734 -- [OSX] -- iPhone v1.1.1 Update 
Date:  28 September 2007
OS:    Mac OS X 
URL:   http://www.auscert.org.au/8136

Title: ESB-2007.0733 -- [Linux][Debian] -- New Linux 2.6.18 packages fix
       several vulnerabilities 
Date:  28 September 2007
OS:    Debian GNU/Linux, Other Linux Variants, Red Hat Linux 
URL:   http://www.auscert.org.au/8134

Title: ESB-2007.0732 -- [RedHat] -- Important: kernel security update 
Date:  28 September 2007
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/8133

Title: ESB-2007.0731 -- [Win] -- Microsoft ISA Server SOCKS4 Proxy Connection
       Leakage 
Date:  27 September 2007
OS:    Windows 2003, Windows 2000 
URL:   http://www.auscert.org.au/8132

Title: ESB-2007.0730 -- [Appliance] -- Google Search Application XSS
       Vulnerability 
Date:  27 September 2007
URL:   http://www.auscert.org.au/8131

Title: ESB-2007.0729 -- [Cisco] -- Cisco Security Response: Catalyst 6500 and
       Cisco 7600 Series Devices Accessible via Loopback Address 
Date:  27 September 2007
OS:    Cisco Products 
URL:   http://www.auscert.org.au/8130

Title: ESB-2007.0728 -- [Solaris] -- Local DoS in the Human Interface Device
       (HID) Class Driver for Solaris 
Date:  27 September 2007
OS:    Solaris 
URL:   http://www.auscert.org.au/8128

Title: ESB-2007.0727 -- [UNIX/Linux][RedHat] -- Moderate: gimp security update
Date:  27 September 2007
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX 
URL:   http://www.auscert.org.au/8127

Title: ESB-2007.0726 -- [RedHat] -- Moderate: tomcat security update 
Date:  27 September 2007
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/8126

Title: ESB-2007.0725 -- [UNIX/Linux] -- [USN-519-1] elinks vulnerability 
Date:  26 September 2007
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
       AIX 
URL:   http://www.auscert.org.au/8124

Title: ESB-2007.0724 -- [Win][Linux][Solaris] -- StarOffice crafted TIFF file
       vulnerabilities 
Date:  26 September 2007
OS:    Solaris, Windows 98/98SE, Debian GNU/Linux, Windows 2003, Windows 2000,
       Other Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Windows
       Vista, Windows ME 
URL:   http://www.auscert.org.au/8123

Title: ESB-2007.0723 -- [Win][UNIX/Linux] -- IBM Tivoli Storage Manager
       Express CAD Service Buffer Overflow Vulnerability 
Date:  26 September 2007
OS:    Solaris, Debian GNU/Linux, Windows 2003, Other Linux Variants, Windows
       XP, Red Hat Linux, Mac OS X, Novell Netware, HP-UX, AIX, Windows Vista 
URL:   http://www.auscert.org.au/8122

Title: ESB-2007.0722 -- [Win][UNIX/Linux] -- Multiple ImageMagick
       Vulnerabilities 
Date:  24 September 2007
OS:    Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
       Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
       Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
       HP-UX, AIX, Windows Vista, Windows ME 
URL:   http://www.auscert.org.au/8118

Title: ESB-2007.0721 -- [UNIX/Linux][Debian] -- New fetchmail packages fix
       denial of service 
Date:  24 September 2007
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
       AIX 
URL:   http://www.auscert.org.au/8117

Title: ESB-2007.0720 -- [UNIX/Linux][Debian] -- New kdebase packages fix
       authentication bypass 
Date:  24 September 2007
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
       AIX 
URL:   http://www.auscert.org.au/8116

Title: ESB-2007.0717 -- [RedHat] -- Moderate: php security update 
Date:  27 September 2007
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/8110

Title: ESB-2007.0678 -- [AIX] -- Multiple AIX vulnerabilities 
Date:  26 September 2007
OS:    AIX 
URL:   http://www.auscert.org.au/8052

Title: ESB-2007.0664 -- [Win][UNIX/Linux] -- New vim packages fix several
       vulnerabilities 
Date:  24 September 2007
OS:    Windows ME, Windows Vista, AIX, HP-UX, Mac OS X, Windows NT 4, Red Hat
       Linux, Windows XP, Other Linux Variants, FreeBSD, Windows 2000,
       OpenBSD, Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux,
       Windows 98/98SE, HP Tru64 UNIX, Solaris 
URL:   http://www.auscert.org.au/8034

Title: ESB-2007.0579 -- [Debian] -- New file packages fix arbitrary code
       execution 
Date:  27 September 2007
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/7923

Title: ESB-2007.0560 -- [Solaris] -- Security Vulnerability in Mozilla 1.7 May
       Allow Arbitrary JavaScript Commands to be Run 
Date:  25 September 2007
OS:    Solaris 
URL:   http://www.auscert.org.au/7897

Title: ESB-2007.0244 -- [Solaris] -- Security Vulnerability in the IP
       Implementation for Solaris 8 and 9 May Allow a Denial of Service 
Date:  26 September 2007
OS:    Solaris 
URL:   http://www.auscert.org.au/7488

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

------- End of Forwarded Message