[AusNOG] AusCERT Week in Review - Week Ending 11/04/2008 (AUSCERT#20073F686)
Matthew Braid
mdb at auscert.org.au
Fri Apr 11 15:51:52 EST 2008
AusCERT Week in Review
11 April 2008
==========================================================
AusCERT2008 Asia Pacific Information Security Conference
Don't miss out. Early Bird closes Sunday 20th April
http://conference.auscert.org.au/conf2008/index.html
==========================================================
AusCERT in the Media:
---------------------
Malware warning on HP USB keys
USB Core, UK
5 hours ago
http://www.usb-core.co.uk/10-04-2008-malware-warning-on-hp-usb-keys.html
HP ships infected USB drives
TechSpot
14 hours ago
http://www.techspot.com/news/29677-hp-ships-infected-usb-drives.html
HP warns of infected hardware
VNUNet.com, UK
15 hours ago
http://www.vnunet.com/vnunet/news/2214042/hp-warns-infected-hardware
HP becomes next vendor to ship malware-infected media
TechRepublic, KY
17 hours ago
http://blogs.techrepublic.com.com/tech-news/?p=2157
HP ships USB sticks with malware
CNET News.com, CA
Apr 9, 2008
http://www.news.com/HP-ships-USB-sticks-with-malware/2100-7349_3-6236976.html
Infected USB sticks from HP
Current IT news from heise online, UK
Apr 9, 2008
http://www.heise-online.co.uk/security/Infected-USB-sticks-from-HP--/news/110502
HP ships infected USB keys
Virus Bulletin, UK
Apr 9, 2008
http://www.virusbtn.com/news/2008/04_09b.xml
HP admits to selling infected flash-floppy drives
Computerworld, MA
Apr 8, 2008
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage_security&articleId=9075438&taxonomyId=153
Brown stuff on HP's fan
Blocks & Files, UK
Apr 8, 2008
http://blocksandfiles.com/article/4722
HP flogs infected USB drives
Inquirer, UK
Apr 8, 2008
http://www.theinquirer.net/gb/inquirer/news/2008/04/08/hp-flogs-infected-usb-drives
Papers, Articles and other documents:
-------------------------------------
Web Log Entries:
----------------
Title: The service you run when you don't run a service
Date: 08 April 2008
URL: http://www.auscert.org.au/9084
Alerts, Advisories and Updates:
-------------------------------
Title: AA-2008.0083 -- [Win][UNIX/Linux] -- HP WebSphere MQ 5.1 user access
restriction bypass
Date: 10 April 2008
URL: http://www.auscert.org.au/9111
Title: AL-2008.0042 -- [Win] -- MS08-018 Vulnerability in Microsoft Project
Could Allow Remote Code Execution
Date: 09 April 2008
URL: http://www.auscert.org.au/9087
Title: AL-2008.0043 -- [Win] -- MS08-021 Vulnerabilities in GDI Could Allow
Remote Code Execution
Date: 09 April 2008
URL: http://www.auscert.org.au/9088
Title: AL-2008.0044 -- [Win] -- MS08-022 Vulnerability in VBScript and JScript
Scripting Engines Could Allow Remote Code Execution
Date: 09 April 2008
URL: http://www.auscert.org.au/9089
Title: AL-2008.0045 -- [Win] -- MS08-023 Security Update of ActiveX Kill Bits
Date: 09 April 2008
URL: http://www.auscert.org.au/9090
Title: AL-2008.0046 -- [Win] -- MS08-024 Cumulative Security Update for
Internet Explorer
Date: 09 April 2008
URL: http://www.auscert.org.au/9091
Title: AA-2008.0081 -- [UNIX/Linux] -- New release of Apache-SSL fixes
authentication bypass vulnerability
Date: 08 April 2008
URL: http://www.auscert.org.au/9083
Title: AA-2008.0082 -- [Win][UNIX/Linux] -- Cross site scripting vulnerability
in Blackboard Academic Suite
Date: 08 April 2008
URL: http://www.auscert.org.au/9086
Title: AL-2007.0125 -- [Win][UNIX/Linux] -- Squid - Denial of service in cache
updates
Date: 08 April 2008
URL: http://www.auscert.org.au/8467
Title: AL-2008.0041 -- [Win] -- Microsoft Bulletin Notification - April
Prerelease Announcement
Date: 08 April 2008
URL: http://www.auscert.org.au/9082
Title: AL-2008.0040 -- [Win] -- CA ARCserve Backup for Laptops and Desktops
Server and CA Desktop Management Suite Multiple Vulnerabilities
Date: 07 April 2008
URL: http://www.auscert.org.au/9078
Title: AA-2008.0080 -- [Win][UNIX/Linux] -- VLC Media Player multiple
vulnerabilities
Date: 07 April 2008
URL: http://www.auscert.org.au/9080
External Security Bulletins:
----------------------------
Title: ESB-2008.0380 -- [Linux][HP-UX][IRIX][Solaris][AIX][OSX] -- A Security
Vulnerability in The N1 Grid Engine 6.1 Qmaster Daemon May Lead to a
Denial of Service
Date: 11 April 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, IRIX, Other Linux Variants, Red Hat
Linux, Mac OS X, HP-UX, AIX
URL: http://www.auscert.org.au/9115
Title: ESB-2008.0379 -- [Win] -- EMC DiskXtender multiple vulnerabilities
Date: 11 April 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9114
Title: ESB-2008.0378 -- [UNIX/Linux][Debian] -- New rsync packages fix
arbitrary code execution
Date: 11 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/9113
Title: ESB-2008.0377 -- [UNIX/Linux][Debian] -- New gnumeric packages fix
arbitrary code execution
Date: 11 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/9112
Title: ESB-2008.0376 -- [Win][UNIX/Linux] -- Potential security
vulnerabilities in Lotus Notes file viewers
Date: 10 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/9110
Title: ESB-2008.0375 -- [Win][UNIX/Linux] -- Drupal - Simple access - Access
bypass
Date: 10 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9109
Title: ESB-2008.0374 -- [Win][UNIX/Linux] -- Updated php-apc packages fix
vulnerability
Date: 10 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9108
Title: ESB-2008.0373 -- [UNIX/Linux] -- New m4 packages are available
Date: 10 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/9107
Title: ESB-2008.0372 -- [Win][UNIX/Linux] -- Update available for ColdFusion 8
CFC method access level issue
Date: 10 April 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Other BSD Variants, Windows 2003,
OpenBSD, Windows 2000, FreeBSD, Other Linux Variants, Windows XP,
Server 2008, Red Hat Linux, Mac OS X, Windows Vista
URL: http://www.auscert.org.au/9106
Title: ESB-2008.0371 -- [UNIX/Linux][Debian] -- New libcairo packages fix
arbitrary code execution
Date: 10 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/9105
Title: ESB-2008.0370 -- [Debian] -- New vlc packages fix several
vulnerabilities
Date: 10 April 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9104
Title: ESB-2008.0369 -- [Win][UNIX/Linux] -- Drupal core - Access bypass
Date: 10 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9103
Title: ESB-2008.0368 -- [Debian] -- New pdns-recursor packages fix cache
poisoning vulnerability
Date: 10 April 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9102
Title: ESB-2008.0367 -- [Win][UNIX/Linux] -- APSB08-11 Flash Player update
available to address security vulnerabilities
Date: 09 April 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Other BSD Variants, Windows 2003,
OpenBSD, Windows 2000, FreeBSD, Other Linux Variants, Windows XP,
Server 2008, Red Hat Linux, Mac OS X, Windows Vista
URL: http://www.auscert.org.au/9101
Title: ESB-2008.0366 -- [Win][UNIX/Linux] -- Vulnerability Note VU#162289 gcc
silently discards some wraparound checks
Date: 09 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9100
Title: ESB-2008.0365 -- [Appliance] -- HP Integrity Servers iLO-2 Management
Processors (iLO-2 MP), Denial of Service
Date: 09 April 2008
URL: http://www.auscert.org.au/9099
Title: ESB-2008.0364 -- [Win][UNIX/Linux] -- HP Storage Essentials Software,
Remote Unauthorized Access to Data
Date: 09 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/9098
Title: ESB-2008.0363 -- [Debian] -- New openldap2.3 packages fix denial of
service
Date: 09 April 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9097
Title: ESB-2008.0362 -- [RedHat] -- Moderate: squid security update
Date: 09 April 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9096
Title: ESB-2008.0361 -- [RedHat] -- Critical: flash-plugin security update
Date: 09 April 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9095
Title: ESB-2008.0360 -- [Win] -- MS08-019 Vulnerabilities in Microsoft Visio
Could Allow Remote Code Execution
Date: 09 April 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9094
Title: ESB-2008.0359 -- [Win] -- MS08-025 Vulnerability in Windows Kernel
Could Allow Elevation of Privilege
Date: 09 April 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9093
Title: ESB-2008.0358 -- [Win] -- MS08-020 Vulnerability in DNS Client Could
Allow Spoofing
Date: 09 April 2008
OS: Windows 2003, Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/9092
Title: ESB-2008.0357 -- [Win][UNIX/Linux] -- Vulnerability in OTRS SOAP
interface allows remote access without valid SOAP user
Date: 08 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9085
Title: ESB-2008.0356 -- [Debian] -- New lighttpd packages fix denial of
service
Date: 08 April 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9081
Title: ESB-2008.0355 -- [Linux] -- Webwasher Denial of Service Vulnerability
Date: 07 April 2008
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/9079
Title: ESB-2008.0354 -- [Appliance] -- HP USB Floppy Drive Key (Option) for
ProLiant Servers, Local Virus Infection
Date: 07 April 2008
URL: http://www.auscert.org.au/9077
Title: ESB-2008.0353 -- [Win] -- Computer Associates Alert Notification
Service Multiple RPC Buffer Overflow Vulnerabilities
Date: 07 April 2008
OS: Windows 2003, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9076
Title: ESB-2008.0352 -- [UNIX/Linux][Debian] -- New alsaplayer packages fix
arbitrary code execution
Date: 07 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/9075
Title: ESB-2008.0351 -- [UNIX/Linux][Debian] -- New mapserver packages fix
multiple vulnerabilities
Date: 07 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/9074
Title: ESB-2008.0068 -- [Appliance] -- Vulnerability in UPnP
Date: 08 April 2008
URL: http://www.auscert.org.au/8667
Title: ESB-2008.0034 -- [Win][HP-UX][Solaris][AIX] -- HP OpenView Operations
(OVO) Agents Running Shared Trace Service, Remote Arbitrary Code
Execution
Date: 09 April 2008
OS: AIX, HP-UX, Windows 2000, Windows 2003, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/8612
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list