[AusNOG] AusCERT Week in Review - Week Ending 11/04/2008 (AUSCERT#20073F686)

Matthew Braid mdb at auscert.org.au
Fri Apr 11 15:51:52 EST 2008


AusCERT Week in Review
11 April 2008

==========================================================

AusCERT2008 Asia Pacific Information Security Conference

Don't miss out. Early Bird closes Sunday 20th April

http://conference.auscert.org.au/conf2008/index.html

==========================================================
 
AusCERT in the Media:
---------------------
Malware warning on HP USB keys
USB Core, UK 
5 hours ago
http://www.usb-core.co.uk/10-04-2008-malware-warning-on-hp-usb-keys.html

HP ships infected USB drives
TechSpot 
14 hours ago
http://www.techspot.com/news/29677-hp-ships-infected-usb-drives.html

HP warns of infected hardware
VNUNet.com, UK 
15 hours ago
http://www.vnunet.com/vnunet/news/2214042/hp-warns-infected-hardware

HP becomes next vendor to ship malware-infected media
TechRepublic, KY 
17 hours ago
http://blogs.techrepublic.com.com/tech-news/?p=2157

HP ships USB sticks with malware
CNET News.com, CA 
Apr 9, 2008
http://www.news.com/HP-ships-USB-sticks-with-malware/2100-7349_3-6236976.html

Infected USB sticks from HP
Current IT news from heise online, UK 
Apr 9, 2008
http://www.heise-online.co.uk/security/Infected-USB-sticks-from-HP--/news/110502

HP ships infected USB keys
Virus Bulletin, UK 
Apr 9, 2008
http://www.virusbtn.com/news/2008/04_09b.xml

HP admits to selling infected flash-floppy drives
Computerworld, MA 
Apr 8, 2008
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage_security&articleId=9075438&taxonomyId=153

Brown stuff on HP's fan
Blocks & Files, UK 
Apr 8, 2008
http://blocksandfiles.com/article/4722

HP flogs infected USB drives
Inquirer, UK 
Apr 8, 2008
http://www.theinquirer.net/gb/inquirer/news/2008/04/08/hp-flogs-infected-usb-drives


Papers, Articles and other documents:
-------------------------------------


Web Log Entries:
----------------
Title: The service you run when you don't run a service 
Date:  08 April 2008
URL:   http://www.auscert.org.au/9084


Alerts, Advisories and Updates:
-------------------------------
Title: AA-2008.0083 -- [Win][UNIX/Linux] -- HP WebSphere MQ 5.1 user access
       restriction bypass 
Date:  10 April 2008
URL:   http://www.auscert.org.au/9111

Title: AL-2008.0042 -- [Win] -- MS08-018 Vulnerability in Microsoft Project
       Could Allow Remote Code Execution 
Date:  09 April 2008
URL:   http://www.auscert.org.au/9087

Title: AL-2008.0043 -- [Win] -- MS08-021 Vulnerabilities in GDI Could Allow
       Remote Code Execution 
Date:  09 April 2008
URL:   http://www.auscert.org.au/9088

Title: AL-2008.0044 -- [Win] -- MS08-022 Vulnerability in VBScript and JScript
       Scripting Engines Could Allow Remote Code Execution 
Date:  09 April 2008
URL:   http://www.auscert.org.au/9089

Title: AL-2008.0045 -- [Win] -- MS08-023 Security Update of ActiveX Kill Bits 
Date:  09 April 2008
URL:   http://www.auscert.org.au/9090

Title: AL-2008.0046 -- [Win] -- MS08-024 Cumulative Security Update for
       Internet Explorer 
Date:  09 April 2008
URL:   http://www.auscert.org.au/9091

Title: AA-2008.0081 -- [UNIX/Linux] -- New release of Apache-SSL fixes
       authentication bypass vulnerability 
Date:  08 April 2008
URL:   http://www.auscert.org.au/9083

Title: AA-2008.0082 -- [Win][UNIX/Linux] -- Cross site scripting vulnerability
       in Blackboard Academic Suite 
Date:  08 April 2008
URL:   http://www.auscert.org.au/9086

Title: AL-2007.0125 -- [Win][UNIX/Linux] -- Squid - Denial of service in cache
       updates 
Date:  08 April 2008
URL:   http://www.auscert.org.au/8467

Title: AL-2008.0041 -- [Win] -- Microsoft Bulletin Notification - April
       Prerelease Announcement 
Date:  08 April 2008
URL:   http://www.auscert.org.au/9082

Title: AL-2008.0040 -- [Win] -- CA ARCserve Backup for Laptops and Desktops
       Server and CA Desktop Management Suite Multiple Vulnerabilities 
Date:  07 April 2008
URL:   http://www.auscert.org.au/9078

Title: AA-2008.0080 -- [Win][UNIX/Linux] -- VLC Media Player multiple
       vulnerabilities 
Date:  07 April 2008
URL:   http://www.auscert.org.au/9080


External Security Bulletins:
----------------------------
Title: ESB-2008.0380 -- [Linux][HP-UX][IRIX][Solaris][AIX][OSX] -- A Security
       Vulnerability in The N1 Grid Engine 6.1 Qmaster Daemon May Lead to a
       Denial of Service 
Date:  11 April 2008
OS:    Solaris, Ubuntu, Debian GNU/Linux, IRIX, Other Linux Variants, Red Hat
       Linux, Mac OS X, HP-UX, AIX 
URL:   http://www.auscert.org.au/9115

Title: ESB-2008.0379 -- [Win] -- EMC DiskXtender multiple vulnerabilities 
Date:  11 April 2008
OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista 
URL:   http://www.auscert.org.au/9114

Title: ESB-2008.0378 -- [UNIX/Linux][Debian] -- New rsync packages fix
       arbitrary code execution 
Date:  11 April 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/9113

Title: ESB-2008.0377 -- [UNIX/Linux][Debian] -- New gnumeric packages fix
       arbitrary code execution 
Date:  11 April 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/9112

Title: ESB-2008.0376 -- [Win][UNIX/Linux] -- Potential security
       vulnerabilities in Lotus Notes file viewers 
Date:  10 April 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, AIX, Windows
       Vista 
URL:   http://www.auscert.org.au/9110

Title: ESB-2008.0375 -- [Win][UNIX/Linux] -- Drupal - Simple access - Access
       bypass 
Date:  10 April 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/9109

Title: ESB-2008.0374 -- [Win][UNIX/Linux] -- Updated php-apc packages fix
       vulnerability 
Date:  10 April 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/9108

Title: ESB-2008.0373 -- [UNIX/Linux] -- New m4 packages are available 
Date:  10 April 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL:   http://www.auscert.org.au/9107

Title: ESB-2008.0372 -- [Win][UNIX/Linux] -- Update available for ColdFusion 8
       CFC method access level issue 
Date:  10 April 2008
OS:    Solaris, Ubuntu, Debian GNU/Linux, Other BSD Variants, Windows 2003,
       OpenBSD, Windows 2000, FreeBSD, Other Linux Variants, Windows XP,
       Server 2008, Red Hat Linux, Mac OS X, Windows Vista 
URL:   http://www.auscert.org.au/9106

Title: ESB-2008.0371 -- [UNIX/Linux][Debian] -- New libcairo packages fix
       arbitrary code execution 
Date:  10 April 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/9105

Title: ESB-2008.0370 -- [Debian] -- New vlc packages fix several
       vulnerabilities 
Date:  10 April 2008
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/9104

Title: ESB-2008.0369 -- [Win][UNIX/Linux] -- Drupal core - Access bypass 
Date:  10 April 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/9103

Title: ESB-2008.0368 -- [Debian] -- New pdns-recursor packages fix cache
       poisoning vulnerability 
Date:  10 April 2008
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/9102

Title: ESB-2008.0367 -- [Win][UNIX/Linux] -- APSB08-11 Flash Player update
       available to address security vulnerabilities 
Date:  09 April 2008
OS:    Solaris, Ubuntu, Debian GNU/Linux, Other BSD Variants, Windows 2003,
       OpenBSD, Windows 2000, FreeBSD, Other Linux Variants, Windows XP,
       Server 2008, Red Hat Linux, Mac OS X, Windows Vista 
URL:   http://www.auscert.org.au/9101

Title: ESB-2008.0366 -- [Win][UNIX/Linux] -- Vulnerability Note VU#162289 gcc
       silently discards some wraparound checks 
Date:  09 April 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/9100

Title: ESB-2008.0365 -- [Appliance] -- HP Integrity Servers iLO-2 Management
       Processors (iLO-2 MP), Denial of Service 
Date:  09 April 2008
URL:   http://www.auscert.org.au/9099

Title: ESB-2008.0364 -- [Win][UNIX/Linux] -- HP Storage Essentials Software,
       Remote Unauthorized Access to Data 
Date:  09 April 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, AIX, Windows
       Vista 
URL:   http://www.auscert.org.au/9098

Title: ESB-2008.0363 -- [Debian] -- New openldap2.3 packages fix denial of
       service 
Date:  09 April 2008
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/9097

Title: ESB-2008.0362 -- [RedHat] -- Moderate: squid security update 
Date:  09 April 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/9096

Title: ESB-2008.0361 -- [RedHat] -- Critical: flash-plugin security update 
Date:  09 April 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/9095

Title: ESB-2008.0360 -- [Win] -- MS08-019 Vulnerabilities in Microsoft Visio
       Could Allow Remote Code Execution 
Date:  09 April 2008
OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista 
URL:   http://www.auscert.org.au/9094

Title: ESB-2008.0359 -- [Win] -- MS08-025 Vulnerability in Windows Kernel
       Could Allow Elevation of Privilege 
Date:  09 April 2008
OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista 
URL:   http://www.auscert.org.au/9093

Title: ESB-2008.0358 -- [Win] -- MS08-020 Vulnerability in DNS Client Could
       Allow Spoofing 
Date:  09 April 2008
OS:    Windows 2003, Windows 2000, Windows XP, Windows Vista 
URL:   http://www.auscert.org.au/9092

Title: ESB-2008.0357 -- [Win][UNIX/Linux] -- Vulnerability in OTRS SOAP
       interface allows remote access without valid SOAP user 
Date:  08 April 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/9085

Title: ESB-2008.0356 -- [Debian] -- New lighttpd packages fix denial of
       service 
Date:  08 April 2008
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/9081

Title: ESB-2008.0355 -- [Linux] -- Webwasher Denial of Service Vulnerability 
Date:  07 April 2008
OS:    Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux 
URL:   http://www.auscert.org.au/9079

Title: ESB-2008.0354 -- [Appliance] -- HP USB Floppy Drive Key (Option) for
       ProLiant Servers, Local Virus Infection 
Date:  07 April 2008
URL:   http://www.auscert.org.au/9077

Title: ESB-2008.0353 -- [Win] -- Computer Associates Alert Notification
       Service Multiple RPC Buffer Overflow Vulnerabilities 
Date:  07 April 2008
OS:    Windows 2003, Windows XP, Server 2008, Windows Vista 
URL:   http://www.auscert.org.au/9076

Title: ESB-2008.0352 -- [UNIX/Linux][Debian] -- New alsaplayer packages fix
       arbitrary code execution 
Date:  07 April 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL:   http://www.auscert.org.au/9075

Title: ESB-2008.0351 -- [UNIX/Linux][Debian] -- New mapserver packages fix
       multiple vulnerabilities 
Date:  07 April 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL:   http://www.auscert.org.au/9074

Title: ESB-2008.0068 -- [Appliance] -- Vulnerability in UPnP 
Date:  08 April 2008
URL:   http://www.auscert.org.au/8667

Title: ESB-2008.0034 -- [Win][HP-UX][Solaris][AIX] -- HP OpenView Operations
       (OVO) Agents Running Shared Trace Service, Remote Arbitrary Code
       Execution 
Date:  09 April 2008
OS:    AIX, HP-UX, Windows 2000, Windows 2003, HP Tru64 UNIX, Solaris 
URL:   http://www.auscert.org.au/8612



===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================




More information about the AusNOG mailing list