[AusNOG] AusCERT Week in Review - Week Ending 07/09/2007 (AUSCERT#20073F686)
Richard Billington
richard at auscert.org.au
Fri Sep 7 16:26:16 EST 2007
AusCERT Week in Review
07 September 2007
AusCERT in the Media:
- - - ---------------------
Trust free security software, says Which?
Contractor UK, UK
Sep 5, 2007
http://www.contractoruk.com/news/003432.html
Malware a sophisticated service, says researcher
Computerworld New Zealand, New Zealand
Sep 3, 2007
http://computerworld.co.nz/news.nsf/scrt/845500F75AA3F969CC257348000B7B43
Papers, Articles and other documents:
- - - -------------------------------------
Web Log Entries:
- - - ----------------
Alerts, Advisories and Updates:
- - - -------------------------------
Title: AA-2007.0073 -- [Win][UNIX/Linux] -- Joomla! 1.5 RC2 has been released
correcting three security vulnerabilities
Date: 07 September 2007
URL: http://www.auscert.org.au/8059
Title: AA-2007.0072 -- [Win][Linux][FreeBSD][Solaris][Mac][OSX] -- Multiple
vunerabilities in Firebird RDBMS
Date: 06 September 2007
URL: http://www.auscert.org.au/8054
Title: AU-2007.0019 -- AusCERT Update - [UNIX/Linux] - MIT krb5 Security
Advisory 2007-006 Update
Date: 06 September 2007
URL: http://www.auscert.org.au/8049
Title: AA-2007.0074 -- [Win][UNIX/Linux] -- New version of OpenSSH fixes X11
cookie fallback
Date: 05 September 2007
URL: http://www.auscert.org.au/8060
Title: AL-2007.0107 -- [UNIX/Linux] -- MIT krb5 Security Advisory 2007-006
Date: 05 September 2007
URL: http://www.auscert.org.au/8041
Title: AA-2007.0071 -- [Win][UNIX/Linux] -- Updates released for BEA WebLogic,
WebLogic and JRockit correcting multiple vulnerabilities
Date: 04 September 2007
URL: http://www.auscert.org.au/8040
Title: AL-2007.0106 -- [Win][UNIX/Linux] -- PHP 5.2.4 release fixes several
vulnerabilities
Date: 04 September 2007
URL: http://www.auscert.org.au/8039
External Security Bulletins:
- - - ----------------------------
Title: ESB-2007.0683 -- [Solaris] -- Security Vulnerability in RPCSEC_GSS
(rpcsec_gss(3NSL)) Affects Kerberos Administration Daemon (kadmind(1M))
Date: 07 September 2007
OS: Solaris
URL: http://www.auscert.org.au/8058
Title: ESB-2007.0682 -- [UNIX/Linux][Debian] -- New gforge packages fix SQL
injection
Date: 07 September 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/8057
Title: ESB-2007.0681 -- [Debian] -- New krb5 packages fix arbitrary code
execution
Date: 07 September 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8056
Title: ESB-2007.0680 -- [Mac][OSX] -- iTunes 7.4 has been released fixing
arbitrary code execution vulnerability
Date: 07 September 2007
OS: Windows 2003, Windows XP, Mac OS X, Windows Vista
URL: http://www.auscert.org.au/8055
Title: ESB-2007.0679 -- [Win] -- Symantec SYMTDI.SYS Device Driver Local
Denial of Service
Date: 06 September 2007
OS: Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/8053
Title: ESB-2007.0678 -- [AIX] -- Multiple AIX vulnerabilities
Date: 06 September 2007
OS: AIX
URL: http://www.auscert.org.au/8052
Title: ESB-2007.0677 -- [Cisco] -- Cisco Video Surveillance IP Gateway and
Services Platform Authentication Vulnerabilities
Date: 06 September 2007
OS: Cisco Products
URL: http://www.auscert.org.au/8051
Title: ESB-2007.0676 -- [Cisco] -- Denial of Service Vulnerabilities in
Content Switching Module
Date: 06 September 2007
OS: Cisco Products
URL: http://www.auscert.org.au/8050
Title: ESB-2007.0675 -- [Debian] -- New librpcsecgss packages fix arbitrary
code execution
Date: 05 September 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8048
Title: ESB-2007.0674 -- [RedHat] -- Moderate: aide security update
Date: 05 September 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8047
Title: ESB-2007.0673 -- [UNIX/Linux][RedHat] -- Moderate: star security update
Date: 05 September 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/8046
Title: ESB-2007.0672 -- [RedHat] -- Moderate: kernel security and bugfix
update
Date: 05 September 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8045
Title: ESB-2007.0671 -- [RedHat] -- Moderate: cyrus-sasl security and bug fix
update
Date: 05 September 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8044
Title: ESB-2007.0670 -- [RedHat] -- Important: krb5 security update
Date: 05 September 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8043
Title: ESB-2007.0669 -- [Debian] -- New krb5 packages fix arbitrary code
execution
Date: 05 September 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8042
Title: ESB-2007.0668 -- [Tru64] -- HP Tru64 UNIX or HP Tru64 Internet Express
running BIND, Remote DNS Cache Poisoning
Date: 03 September 2007
OS: HP Tru64 UNIX
URL: http://www.auscert.org.au/8038
Title: ESB-2007.0667 -- [Solaris] -- A Security Vulnerability With the Special
File System (SPECFS) strfreectty() Function May Allow a Local
Unprivileged User to Panic a System
Date: 07 September 2007
OS: Solaris
URL: http://www.auscert.org.au/8037
Title: ESB-2007.0666 -- [Debian] -- New clamav packages fix several
vulnerabilities
Date: 03 September 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8036
Title: ESB-2007.0665 -- [UNIX/Linux] -- New id3lib3.8.3 packages fix denial of
service
Date: 03 September 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/8035
Title: ESB-2007.0664 -- [Win][UNIX/Linux] -- New vim packages fix several
vulnerabilities
Date: 03 September 2007
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows Vista, Windows ME
URL: http://www.auscert.org.au/8034
Title: ESB-2007.0663 -- [Linux] -- New Linux 2.6.18 packages fix several
vulnerabilities
Date: 03 September 2007
OS: Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/8033
Title: ESB-2007.0659 -- [Win][Linux][HP-UX][Solaris][AIX] -- Security
Vulnerabilities in the Network Security Services (NSS) Library May
Affect Sun Java System Application Server, Web Server and Web Proxy
Server
Date: 06 September 2007
OS: AIX, HP-UX, Red Hat Linux, Windows XP, Other Linux Variants, Windows
2000, Windows 2003, Debian GNU/Linux, Solaris
URL: http://www.auscert.org.au/8028
Title: ESB-2007.0654 -- [Win][Cisco] -- XSS and SQL Injection in Cisco
CallManager/Unified Communications Manager Logon Page
Date: 05 September 2007
OS: Windows ME, Windows Vista, Windows NT 4, Cisco Products, Windows XP,
Windows 2000, Windows 2003, Windows 98/98SE
URL: http://www.auscert.org.au/8022
Title: ESB-2007.0615 -- [Win][Linux][HP-UX][AIX] -- Multiple HP Products
Running Shared Trace Service, Remote Arbitrary Code Execution
Date: 04 September 2007
OS: AIX, HP-UX, Windows NT 4, Red Hat Linux, Windows XP, Other Linux
Variants, Windows 2000, Windows 2003, Debian GNU/Linux, HP Tru64 UNIX,
Solaris
URL: http://www.auscert.org.au/7965
Title: ESB-2007.0603 -- [Cisco] -- Cisco IOS Secure Copy Authorization Bypass
Vulnerability
Date: 05 September 2007
OS: Cisco Products
URL: http://www.auscert.org.au/7949
Title: ESB-2007.0564 -- [Solaris] -- Security Vulnerability in Solaris 10
BIND: Susceptible to Cache Poisoning Attack
Date: 06 September 2007
OS: Solaris
URL: http://www.auscert.org.au/7902
Title: ESB-2007.0552 -- [HP-UX] -- HP-UX Running Firefox, Remote Unauthorized
Access or Elevation of Privileges or Denial of Service
Date: 05 September 2007
OS: HP-UX
URL: http://www.auscert.org.au/7884
Title: ESB-2007.0515 -- [Win][UNIX/Linux] -- Java Secure Socket Extension Does
Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial
of Service (DoS) Condition
Date: 04 September 2007
OS: Windows ME, Windows Vista, AIX, HP-UX, Mac OS X, Windows NT 4, Red Hat
Linux, Windows XP, Other Linux Variants, FreeBSD, Windows 2000,
OpenBSD, Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux,
Windows 98/98SE, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/7837
Title: ESB-2007.0304 -- [UNIX/Linux] -- New pptpd packages fix denial of
service
Date: 03 September 2007
OS: Red Hat Linux, Other Linux Variants, FreeBSD, Debian GNU/Linux, Solaris
URL: http://www.auscert.org.au/7568
Title: ESB-2007.0269 -- [Solaris] -- A Security Vulnerability in Sun Cluster
Software may Lead to Data Corruption and "send_mondo" Panics
Date: 03 September 2007
OS: Solaris
URL: http://www.auscert.org.au/7522
Title: ESB-2007.0195 -- [HP-UX] -- HP-UX Running Thunderbird, Remote
Unauthorized Access or Elevation of Privileges or Denial of Service
(DoS)
Date: 05 September 2007
OS: HP-UX
URL: http://www.auscert.org.au/7417
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 367 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20070907/a9f1f295/attachment.sig>
More information about the AusNOG
mailing list