[AusNOG] AusCERT Week in Review - Week Ending 07/09/2007 (AUSCERT#20073F686)

Richard Billington richard at auscert.org.au
Fri Sep 7 16:26:16 EST 2007


AusCERT Week in Review
07 September 2007


AusCERT in the Media:
- - - ---------------------
Trust free security software, says Which?
Contractor UK, UK 
Sep 5, 2007
http://www.contractoruk.com/news/003432.html

Malware a sophisticated service, says researcher
Computerworld New Zealand, New Zealand 
Sep 3, 2007
http://computerworld.co.nz/news.nsf/scrt/845500F75AA3F969CC257348000B7B43


Papers, Articles and other documents:
- - - -------------------------------------


Web Log Entries:
- - - ----------------


Alerts, Advisories and Updates:
- - - -------------------------------
Title: AA-2007.0073 -- [Win][UNIX/Linux] -- Joomla! 1.5 RC2 has been released
       correcting three security vulnerabilities 
Date:  07 September 2007
URL:   http://www.auscert.org.au/8059

Title: AA-2007.0072 -- [Win][Linux][FreeBSD][Solaris][Mac][OSX] -- Multiple
       vunerabilities in Firebird RDBMS 
Date:  06 September 2007
URL:   http://www.auscert.org.au/8054

Title: AU-2007.0019 -- AusCERT Update - [UNIX/Linux] - MIT krb5 Security
       Advisory 2007-006 Update 
Date:  06 September 2007
URL:   http://www.auscert.org.au/8049

Title: AA-2007.0074 -- [Win][UNIX/Linux] -- New version of OpenSSH fixes X11
       cookie fallback 
Date:  05 September 2007
URL:   http://www.auscert.org.au/8060

Title: AL-2007.0107 -- [UNIX/Linux] -- MIT krb5 Security Advisory 2007-006 
Date:  05 September 2007
URL:   http://www.auscert.org.au/8041

Title: AA-2007.0071 -- [Win][UNIX/Linux] -- Updates released for BEA WebLogic,
       WebLogic and JRockit correcting multiple vulnerabilities 
Date:  04 September 2007
URL:   http://www.auscert.org.au/8040

Title: AL-2007.0106 -- [Win][UNIX/Linux] -- PHP 5.2.4 release fixes several
       vulnerabilities 
Date:  04 September 2007
URL:   http://www.auscert.org.au/8039


External Security Bulletins:
- - - ----------------------------
Title: ESB-2007.0683 -- [Solaris] -- Security Vulnerability in RPCSEC_GSS
       (rpcsec_gss(3NSL)) Affects Kerberos Administration Daemon (kadmind(1M))
Date:  07 September 2007
OS:    Solaris 
URL:   http://www.auscert.org.au/8058

Title: ESB-2007.0682 -- [UNIX/Linux][Debian] -- New gforge packages fix SQL
       injection 
Date:  07 September 2007
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
       AIX 
URL:   http://www.auscert.org.au/8057

Title: ESB-2007.0681 -- [Debian] -- New krb5 packages fix arbitrary code
       execution 
Date:  07 September 2007
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/8056

Title: ESB-2007.0680 -- [Mac][OSX] -- iTunes 7.4 has been released fixing
       arbitrary code execution vulnerability 
Date:  07 September 2007
OS:    Windows 2003, Windows XP, Mac OS X, Windows Vista 
URL:   http://www.auscert.org.au/8055

Title: ESB-2007.0679 -- [Win] -- Symantec SYMTDI.SYS Device Driver Local
       Denial of Service 
Date:  06 September 2007
OS:    Windows 2003, Windows 2000, Windows XP 
URL:   http://www.auscert.org.au/8053

Title: ESB-2007.0678 -- [AIX] -- Multiple AIX vulnerabilities 
Date:  06 September 2007
OS:    AIX 
URL:   http://www.auscert.org.au/8052

Title: ESB-2007.0677 -- [Cisco] -- Cisco Video Surveillance IP Gateway and
       Services Platform Authentication Vulnerabilities 
Date:  06 September 2007
OS:    Cisco Products 
URL:   http://www.auscert.org.au/8051

Title: ESB-2007.0676 -- [Cisco] -- Denial of Service Vulnerabilities in
       Content Switching Module 
Date:  06 September 2007
OS:    Cisco Products 
URL:   http://www.auscert.org.au/8050

Title: ESB-2007.0675 -- [Debian] -- New librpcsecgss packages fix arbitrary
       code execution 
Date:  05 September 2007
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/8048

Title: ESB-2007.0674 -- [RedHat] -- Moderate: aide security update 
Date:  05 September 2007
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/8047

Title: ESB-2007.0673 -- [UNIX/Linux][RedHat] -- Moderate: star security update
Date:  05 September 2007
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
       AIX 
URL:   http://www.auscert.org.au/8046

Title: ESB-2007.0672 -- [RedHat] -- Moderate: kernel security and bugfix
       update 
Date:  05 September 2007
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/8045

Title: ESB-2007.0671 -- [RedHat] -- Moderate: cyrus-sasl security and bug fix
       update 
Date:  05 September 2007
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/8044

Title: ESB-2007.0670 -- [RedHat] -- Important: krb5 security update 
Date:  05 September 2007
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/8043

Title: ESB-2007.0669 -- [Debian] -- New krb5 packages fix arbitrary code
       execution 
Date:  05 September 2007
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/8042

Title: ESB-2007.0668 -- [Tru64] -- HP Tru64 UNIX or HP Tru64 Internet Express
       running BIND, Remote DNS Cache Poisoning 
Date:  03 September 2007
OS:    HP Tru64 UNIX 
URL:   http://www.auscert.org.au/8038

Title: ESB-2007.0667 -- [Solaris] -- A Security Vulnerability With the Special
       File System (SPECFS) strfreectty() Function May Allow a Local
       Unprivileged User to Panic a System 
Date:  07 September 2007
OS:    Solaris 
URL:   http://www.auscert.org.au/8037

Title: ESB-2007.0666 -- [Debian] -- New clamav packages fix several
       vulnerabilities 
Date:  03 September 2007
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/8036

Title: ESB-2007.0665 -- [UNIX/Linux] -- New id3lib3.8.3 packages fix denial of
       service 
Date:  03 September 2007
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
       AIX 
URL:   http://www.auscert.org.au/8035

Title: ESB-2007.0664 -- [Win][UNIX/Linux] -- New vim packages fix several
       vulnerabilities 
Date:  03 September 2007
OS:    Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
       Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
       Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
       HP-UX, AIX, Windows Vista, Windows ME 
URL:   http://www.auscert.org.au/8034

Title: ESB-2007.0663 -- [Linux] -- New Linux 2.6.18 packages fix several
       vulnerabilities 
Date:  03 September 2007
OS:    Debian GNU/Linux, Other Linux Variants, Red Hat Linux 
URL:   http://www.auscert.org.au/8033

Title: ESB-2007.0659 -- [Win][Linux][HP-UX][Solaris][AIX] -- Security
       Vulnerabilities in the Network Security Services (NSS) Library May
       Affect Sun Java System Application Server, Web Server and Web Proxy
       Server 
Date:  06 September 2007
OS:    AIX, HP-UX, Red Hat Linux, Windows XP, Other Linux Variants, Windows
       2000, Windows 2003, Debian GNU/Linux, Solaris 
URL:   http://www.auscert.org.au/8028

Title: ESB-2007.0654 -- [Win][Cisco] -- XSS and SQL Injection in Cisco
       CallManager/Unified Communications Manager Logon Page 
Date:  05 September 2007
OS:    Windows ME, Windows Vista, Windows NT 4, Cisco Products, Windows XP,
       Windows 2000, Windows 2003, Windows 98/98SE 
URL:   http://www.auscert.org.au/8022

Title: ESB-2007.0615 -- [Win][Linux][HP-UX][AIX] -- Multiple HP Products
       Running Shared Trace Service, Remote Arbitrary Code Execution 
Date:  04 September 2007
OS:    AIX, HP-UX, Windows NT 4, Red Hat Linux, Windows XP, Other Linux
       Variants, Windows 2000, Windows 2003, Debian GNU/Linux, HP Tru64 UNIX,
       Solaris 
URL:   http://www.auscert.org.au/7965

Title: ESB-2007.0603 -- [Cisco] -- Cisco IOS Secure Copy Authorization Bypass
       Vulnerability 
Date:  05 September 2007
OS:    Cisco Products 
URL:   http://www.auscert.org.au/7949

Title: ESB-2007.0564 -- [Solaris] -- Security Vulnerability in Solaris 10
       BIND: Susceptible to Cache Poisoning Attack 
Date:  06 September 2007
OS:    Solaris 
URL:   http://www.auscert.org.au/7902

Title: ESB-2007.0552 -- [HP-UX] -- HP-UX Running Firefox, Remote Unauthorized
       Access or Elevation of Privileges or Denial of Service 
Date:  05 September 2007
OS:    HP-UX 
URL:   http://www.auscert.org.au/7884

Title: ESB-2007.0515 -- [Win][UNIX/Linux] -- Java Secure Socket Extension Does
       Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial
       of Service (DoS) Condition 
Date:  04 September 2007
OS:    Windows ME, Windows Vista, AIX, HP-UX, Mac OS X, Windows NT 4, Red Hat
       Linux, Windows XP, Other Linux Variants, FreeBSD, Windows 2000,
       OpenBSD, Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux,
       Windows 98/98SE, HP Tru64 UNIX, Solaris 
URL:   http://www.auscert.org.au/7837

Title: ESB-2007.0304 -- [UNIX/Linux] -- New pptpd packages fix denial of
       service 
Date:  03 September 2007
OS:    Red Hat Linux, Other Linux Variants, FreeBSD, Debian GNU/Linux, Solaris
URL:   http://www.auscert.org.au/7568

Title: ESB-2007.0269 -- [Solaris] -- A Security Vulnerability in Sun Cluster
       Software may Lead to Data Corruption and "send_mondo" Panics 
Date:  03 September 2007
OS:    Solaris 
URL:   http://www.auscert.org.au/7522

Title: ESB-2007.0195 -- [HP-UX] -- HP-UX Running Thunderbird, Remote
       Unauthorized Access or Elevation of Privileges or Denial of Service
       (DoS) 
Date:  05 September 2007
OS:    HP-UX 
URL:   http://www.auscert.org.au/7417



===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 367 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20070907/a9f1f295/attachment.sig>


More information about the AusNOG mailing list