[AusNOG] AusCERT Week in Review - Week Ending 08/08/2008 (AUSCERT#20073F686)
Richard Billington
richard at auscert.org.au
Fri Aug 8 16:03:04 EST 2008
AusCERT Week in Review
08 August 2008
AusCERT in the Media:
- - ---------------------
Heading to the US? Be careful what's hiding in your digital luggage!
Hydrapinion, Australia
Aug 3, 2008
http://www.hydrapinion.com/index.php/work/2008/08/04/heading-to-the-us-be-careful-what-s-hidi
Alerts, Advisories and Updates:
- - -------------------------------
Title: AA-2008.0168 -- [Win][UNIX/Linux] -- A cross-site scripting
vulnerability has been found in Apache httpd mod_proxy_ftp
Date: 07 August 2008
URL: http://www.auscert.org.au/9688
Title: AA-2008.0167 -- [Appliance] -- F5 Networks have released an update to
FirePass to prevent a denial of service (DoS) vulnerability
Date: 06 August 2008
URL: http://www.auscert.org.au/9683
Title: AA-2008.0166 -- [Win][UNIX/Linux] -- BEA WebLogic Server and WebLogic
Express are vulnerable to a Cross Site Scripting vulnerability
Date: 05 August 2008
URL: http://www.auscert.org.au/9681
Title: AA-2008.0164 -- [Win] -- Grisoft AVG remote denial of service flaw
Date: 04 August 2008
URL: http://www.auscert.org.au/9648
Title: AU-2008.0017 -- AusCERT Update - [UNIX/Linux] - BIND -P2 releases now
available
Date: 04 August 2008
URL: http://www.auscert.org.au/9675
External Security Bulletins:
- - ----------------------------
Title: ESB-2008.0783 -- [Solaris] -- Security Vulnerability in Solaris
snoop(1M) when Displaying SMB Traffic
Date: 07 August 2008
OS: Solaris
URL: http://www.auscert.org.au/9687
Title: ESB-2008.0782 -- [Solaris] -- Security Vulnerability in Firmware for
Netra T5220 Systems May Allow a Denial of Service (DoS)
Date: 07 August 2008
OS: Solaris
URL: http://www.auscert.org.au/9686
Title: ESB-2008.0781 -- [Solaris] -- Security Vulnerabilities in the Solaris
Priority Inherited pthread mutex API May Result in a Denial of Service
(DoS) Condition
Date: 07 August 2008
OS: Solaris
URL: http://www.auscert.org.au/9685
Title: ESB-2008.0780 -- [HP-UX] -- HP-UX Using libc, Remote Denial of Service
(DoS)
Date: 07 August 2008
OS: HP-UX
URL: http://www.auscert.org.au/9684
Title: ESB-2008.0779 -- [Win][UNIX/Linux][RedHat] -- Moderate: JBoss
Enterprise Application Platform 4.3.0CP01 and 4.2.0.CP03 security
update
Date: 06 August 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9682
Title: ESB-2008.0778 -- [Win] -- Sun xVM VirtualBox Privilege Escalation
Vulnerability
Date: 05 August 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9680
Title: ESB-2008.0777 -- [Win][UNIX/Linux][Debian] -- New opensc packages fix
smart card vulnerability
Date: 05 August 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9679
Title: ESB-2008.0776 -- [RedHat] -- Important: kernel security and bug fix
update
Date: 05 August 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9678
Title: ESB-2008.0775 -- [Win][UNIX/Linux] -- Blackboard Academic Suite
multiple scripts cross-site request forgery
Date: 04 August 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9677
Title: ESB-2008.0774 -- [Win][UNIX/Linux] -- Python: Multiple vulnerabilities
Date: 04 August 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/9676
Title: ESB-2008.0773 -- [Win] -- CA ARCserve Backup for Laptops and Desktops
Server LGServer Service Vulnerability
Date: 04 August 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9674
Title: ESB-2008.0772 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in
Apache Tomcat
Date: 04 August 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/9673
Title: ESB-2008.0771 -- [Solaris] -- A Security Vulnerability in the namefs
Kernel module may result in Arbitrary Code Execution or a Denial of
Service
Date: 06 August 2008
OS: Solaris
URL: http://www.auscert.org.au/9672
Title: ESB-2008.0770 -- [Solaris] -- Multiple Security Vulnerabilities in the
Adobe Reader may lead to Execution of Arbitrary Code and Overwrite
Arbitrary Files
Date: 04 August 2008
OS: Solaris
URL: http://www.auscert.org.au/9671
Title: ESB-2008.0769 -- [AIX] -- AIX named DNS Cache Poisoning Vulnerability
Date: 04 August 2008
OS: AIX
URL: http://www.auscert.org.au/9670
Title: ESB-2008.0768 -- [Debian] -- New cupsys packages fix arbitrary code
execution
Date: 04 August 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9669
Title: ESB-2008.0767 -- [Win][UNIX/Linux][Debian] -- New httrack packages fix
arbitrary code execution
Date: 04 August 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9668
Title: ESB-2008.0766 -- [Linux] -- Multiple vulnerabilities in Ingres Database
for Linux
Date: 04 August 2008
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/9667
Title: ESB-2008.0763 -- [Solaris] -- A Security Vulnerability in picld(1M) May
Allow a Denial of Service to System Monitoring and System Services
Date: 04 August 2008
OS: Solaris
URL: http://www.auscert.org.au/9663
Title: ESB-2008.0759 -- [Win][Linux][HP-UX][Solaris][AIX] -- Security
Vulnerability in Sun Java System Web Server 7.0 plugin for Sun N1
Service Provisioning System (SPS)
Date: 04 August 2008
OS: Windows Vista, AIX, HP-UX, Red Hat Linux, Server 2008, Windows XP,
Other Linux Variants, Windows 2000, Windows 2003, Debian GNU/Linux,
Ubuntu, Solaris
URL: http://www.auscert.org.au/9659
Title: ESB-2008.0751 -- [Win][UNIX/Linux] -- phpMyAdmin security announcement
PMASA-2008-6
Date: 06 August 2008
OS: Windows Vista, AIX, HP-UX, Red Hat Linux, Server 2008, Windows XP,
Other Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003,
IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX,
Solaris
URL: http://www.auscert.org.au/9650
Title: ESB-2008.0715 -- [HP-UX] -- HP-UX Running BIND, Remote DNS Cache
Poisoning
Date: 07 August 2008
OS: HP-UX
URL: http://www.auscert.org.au/9601
Title: ESB-2008.0679 -- [Solaris] -- Multiple Security Vulnerabilities in the
Solaris X Server Extensions may lead to a Denial of Service (DoS)
condition or allow Execution of Arbitrary Code
Date: 06 August 2008
OS: Solaris
URL: http://www.auscert.org.au/9555
Title: ESB-2008.0651 -- [Solaris] -- Multiple Security Vulnerabilities in the
Adobe Reader may lead to Execution of Arbitrary Code
Date: 04 August 2008
OS: Solaris
URL: http://www.auscert.org.au/9512
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list