[AusNOG] AusCERT Week in Review - Week Ending 05/10/2007 (AUSCERT#20073F686)
Richard Billington
richard at auscert.org.au
Fri Oct 5 16:46:03 EST 2007
AusCERT Week in Review
05 October 2007
Greetings,
This week, AusCERT announced the call for papers for AusCERT2008. We would
really like to see our membership better represented on the AusCERT2008
program, so we encourage all our members to submit a presentation or tutorial
for consideration:
http://conference.auscert.org.au/conf2008/cfp2008.html
Or alternatively, we'd like to hear from our membership for ideas on
interesting presenters who you think may make a good addition to the program.
There has been an alleged vulnerability in Symantec Veritas Backup Exec for
Windows Servers 11d put up on the WabiSabiLabi vulnerability auction site:
http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000147
At this point it would be easy to launch into a rant about this site that is
"to bring the world closer to zero risk". But I'll leave that for another blog
entry.
So, there may be unpatched vulnerability in Symantec Veritas Backup Exec that
is to be soon sold and potentially used publicly. So, as with any backup
product, access to server ports used for backup should be restricted to the
backup client, and vice versa for client ports. All backup service ports should
not be accessible from outside your organisation.
Regards,
Rob and Richard
- - --
Security Analyst | Hotline: +61 7 3365 4417
AusCERT | Fax: +61 7 3365 7031
Australia's National CERT | WWW: www.auscert.org.au
Brisbane QLD Australia | Email: auscert at auscert.org.au
Papers, Articles and other documents:
- - -------------------------------------
Title: Call for presentations and tutorials for AusCERT2008
Date: 03 October 2007
URL: http://www.auscert.org.au/6748
Web Log Entries:
- - ----------------
Alerts, Advisories and Updates:
- - -------------------------------
Title: AA-2007.0084 -- [Win][UNIX/Linux] -- Cross Site Scripting (XSS)
vulnerability in BlackBoard Learning System
Date: 05 October 2007
URL: http://www.auscert.org.au/8162
Title: AL-2007.0112 -- [Win] -- Computer Associates BrightStor HSM r11.5
Multiple Vulnerabilities
Date: 03 October 2007
URL: http://www.auscert.org.au/8138
Title: AA-2007.0083 -- [Linux] -- Execution of arbitrary code across Xen
virtual machines
Date: 02 October 2007
URL: http://www.auscert.org.au/8144
External Security Bulletins:
- - ----------------------------
Title: ESB-2007.0756 -- [UNIX/Linux][Debian] -- New gforge packages fix
cross-site scripting
Date: 05 October 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/8161
Title: ESB-2007.0755 -- [Win][Linux][Solaris] -- Security Vulnerability in
Java Runtime Environment With Applet Caching May Allow Network Access
Restrictions to be Circumvented
Date: 05 October 2007
OS: Solaris, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
Variants, Windows XP, Red Hat Linux, Windows Vista
URL: http://www.auscert.org.au/8160
Title: ESB-2007.0754 -- [Win][Linux][Solaris] -- Security Vulnerabilities in
Java Runtime Environment May Allow Network Access Restrictions to be
Circumvented
Date: 05 October 2007
OS: Solaris, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
Variants, Windows XP, Red Hat Linux, Windows Vista
URL: http://www.auscert.org.au/8159
Title: ESB-2007.0753 -- [Win][Linux][Solaris] -- Multiple Security
Vulnerabilities in Java Web Start Relating to Local File Access
Date: 05 October 2007
OS: Solaris, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
Variants, Windows XP, Red Hat Linux, Windows Vista
URL: http://www.auscert.org.au/8158
Title: ESB-2007.0752 -- [Win][Linux][Solaris] -- An Untrusted Java Web Start
Application or Java Applet May Move or Copy Arbitrary Files by
Requesting the User to Drag and Drop a File from Application or Applet
Window to a Desktop Application
Date: 05 October 2007
OS: Solaris, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
Variants, Windows XP, Red Hat Linux, Windows Vista
URL: http://www.auscert.org.au/8157
Title: ESB-2007.0751 -- [Win][Linux][Solaris] -- Java Runtime Environment
(JRE) May Allow Untrusted Applets or Applications to Display An
Oversized Window so that the Warning Banner is Not Visible to User
Date: 05 October 2007
OS: Solaris, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
Variants, Windows XP, Red Hat Linux, Windows Vista
URL: http://www.auscert.org.au/8156
Title: ESB-2007.0750 -- [UNIX/Linux] -- Patches available to correct
vulnerabilities in Drupal Project issue tracking and Boost modules
Date: 04 October 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/8155
Title: ESB-2007.0749 -- [FreeBSD] -- Buffer overflow in OpenSSL
SSL_get_shared_ciphers()
Date: 04 October 2007
OS: FreeBSD
URL: http://www.auscert.org.au/8154
Title: ESB-2007.0748 -- [Win] -- Security Update for QuickTime 7.2
Date: 04 October 2007
OS: Windows XP, Windows Vista
URL: http://www.auscert.org.au/8153
Title: ESB-2007.0747 -- [RedHat] -- Moderate: elinks security update
Date: 04 October 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8152
Title: ESB-2007.0746 -- [Debian] -- New quagga packages fix denial of service
Date: 04 October 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/8151
Title: ESB-2007.0745 -- [Solaris] -- Security Vulnerability in Solaris Named
Pipes (pipe(2)) May Allow Unauthorized Data Access
Date: 04 October 2007
OS: Solaris
URL: http://www.auscert.org.au/8150
Title: ESB-2007.0744 -- [Debian] -- New Linux 2.6.18 packages fix several
vulnerabilities
Date: 03 October 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8149
Title: ESB-2007.0743 -- [UNIX/Linux] -- Multiple Vendor X Font Server Multiple
Vulnerabilities
Date: 03 October 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/8148
Title: ESB-2007.0742 -- [Debian] -- New elinks packages fix information
disclosure
Date: 03 October 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8147
Title: ESB-2007.0741 -- [Linux][RedHat] -- Important: xen security update
Date: 03 October 2007
OS: Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/8146
Title: ESB-2007.0740 -- [Debian] -- New openssl packages fix arbitrary code
execution
Date: 03 October 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8145
Title: ESB-2007.0739 -- [Solaris] -- Sun Fire X2100 M2/X2200 M2 ELOM is
Vulnerable to Unauthorized Access
Date: 03 October 2007
OS: Solaris
URL: http://www.auscert.org.au/8143
Title: ESB-2007.0738 -- [Win][UNIX/Linux] -- openssl vulnerabilities
Date: 01 October 2007
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows Vista, Windows ME
URL: http://www.auscert.org.au/8142
Title: ESB-2007.0737 -- [Win][Linux][HP-UX][Solaris] -- Installation of Sun
Java System Access Manager 7.1 on Sun Java System Application Server
9.1 or 8.x May Compromise Application Server Security
Date: 02 October 2007
OS: HP-UX, Red Hat Linux, Windows XP, Windows 2000, Windows 2003, Solaris
URL: http://www.auscert.org.au/8141
Title: ESB-2007.0733 -- [Linux] -- New Linux 2.6.18 packages fix several
vulnerabilities
Date: 01 October 2007
OS: Red Hat Linux, Other Linux Variants, Debian GNU/Linux
URL: http://www.auscert.org.au/8134
Title: ESB-2007.0729 -- [Cisco] -- Cisco Security Response: Catalyst 6500 and
Cisco 7600 Series Devices Accessible via Loopback Address
Date: 01 October 2007
OS: Cisco Products
URL: http://www.auscert.org.au/8130
Title: ESB-2007.0728 -- [Solaris] -- Local DoS in the Human Interface Device
(HID) Class Driver for Solaris
Date: 01 October 2007
OS: Solaris
URL: http://www.auscert.org.au/8128
Title: ESB-2007.0711 -- [Linux][RedHat] -- Important: nfs-utils-lib security
update
Date: 03 October 2007
OS: Red Hat Linux, Other Linux Variants, Debian GNU/Linux
URL: http://www.auscert.org.au/8102
Title: ESB-2007.0665 -- [UNIX/Linux] -- New id3lib3.8.3 packages fix denial of
service
Date: 03 October 2007
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, HP Tru64 UNIX,
Solaris
URL: http://www.auscert.org.au/8035
Title: ESB-2007.0427 -- [Solaris] -- Multiple Security Vulnerabilities in
samba(7) May Allow Remote Code Execution, Elevation of Privileges, or
Remote Shell Command Execution
Date: 01 October 2007
OS: Solaris
URL: http://www.auscert.org.au/7726
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 367 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20071005/04f82188/attachment.sig>
More information about the AusNOG
mailing list