[AusNOG] AusCERT Week in Review - Week Ending 12/12/2008 (AUSCERT#20073F686)
Richard Billington
richard at auscert.org.au
Fri Dec 12 18:36:29 EST 2008
AusCERT Week in Review
12 December 2008
AusCERT in the Media:
- - ---------------------
Your PC Could Crash This Weekend Thanks To Microsoft
Smart House, Australia
12 hours ago
http://www.smarthouse.com.au/Home_Office/Industry/R3D6S4T4
AFP issues safe shopping online guide
Inside Retailing, Australia
Dec 9, 2008
http://www.insideretailing.com.au/articles-page.aspx?articleType=ArticleView&articleId=4244
Christmas shoppers head to online traders
Courier Mail, Australia
Dec 9, 2008
http://www.news.com.au/couriermail/story/0,23739,24774269-23272,00.html
Online grocery shopping yet to take off in Australia
IBTimes Australia, Australia
Dec 8, 2008
http://au.ibtimes.com/articles/20081209/online-grocery-shopping-yet-take-off-australia.htm
ID theft is just one mouse click away
Sydney Morning Herald, Australia
Dec 6, 2008
http://www.smh.com.au/articles/2008/12/06/1228257386313.html
Cybercriminals need to be punished
iT News, Australia
Dec 5, 2008
http://www.itnews.com.au/News/90564,cybercriminals-need-to-be-punished.aspx
Papers, Articles and other documents:
- - -------------------------------------
Title: Call for presentations and tutorials for AusCERT2009
Date: 07 December 2008
URL: http://www.auscert.org.au/5392
Alerts, Advisories and Updates:
- - -------------------------------
Title: AL-2008.0116 -- [Win][UNIX/Linux] -- Symantec Backup Exec
Authentication Bypass and Potential Buffer Overflow
Date: 12 December 2008
URL: http://www.auscert.org.au/10104
Title: AA-2008.0251 -- [Win][UNIX/Linux] -- An update has been released for
IBM WebSphere Application Server
Date: 12 December 2008
URL: http://www.auscert.org.au/10161
Title: AL-2008.0121 -- [Win][Mac][OSX] -- MS08-072 - Critical -
Vulnerabilities in Microsoft Office Word Could Allow Remote Code
Execution
Date: 12 December 2008
URL: http://www.auscert.org.au/10171
Title: AL-2008.0126 -- [Win] -- A serious vulnerability has been identified in
Microsoft Internet Explorer
Date: 12 December 2008
URL: http://www.auscert.org.au/10198
Title: AA-2008.0254 -- [UNIX/Linux] -- A vulnerability has been identified in
Avaya Products Net-SNMP
Date: 12 December 2008
URL: http://www.auscert.org.au/10201
Title: AA-2008.0255 -- [UNIX/Linux] -- A number of vulnerabilities have been
identified in CUPS as used by Avaya Messaging Storage Server
Date: 12 December 2008
URL: http://www.auscert.org.au/10202
Title: AA-2008.0256 -- [Win] -- A vulnerability has been identified in Cain &
Abel 4.9.23 and 4.9.24
Date: 12 December 2008
URL: http://www.auscert.org.au/10206
Title: AA-2008.0257 -- [UNIX/Linux] -- A vulnerability has been identified in
Asterisk Open Source and Asterisk Business Edition
Date: 12 December 2008
URL: http://www.auscert.org.au/10207
Title: AU-2008.0023 -- AusCERT Update - [Win] - A serious vulnerability has
been identified in Microsoft Internet Explorer
Date: 11 December 2008
URL: http://www.auscert.org.au/10203
Title: AL-2008.0127 -- [Win] -- A vulnerability has been identified in CA
ARCServe Backup
Date: 11 December 2008
URL: http://www.auscert.org.au/10204
Title: AL-2008.0128 -- [Win][Mac][OSX] -- A vulnerability has been identified
in Apple QuickTime Player and Apple iTunes
Date: 11 December 2008
URL: http://www.auscert.org.au/10205
Title: AL-2008.0093 -- [Win] -- MS08-052 - Vulnerabilities in GDI+ Could Allow
Remote Code Execution
Date: 11 December 2008
URL: http://www.auscert.org.au/9814
Title: AL-2008.0125 -- [Win] -- A vulnerability has been identified in
Microsoft Windows WordPad Text Converter
Date: 10 December 2008
URL: http://www.auscert.org.au/10193
Title: AA-2008.0253 -- [Win][UNIX/Linux] -- A vulnerability has been
identified in PHP 5.2.7.
Date: 10 December 2008
URL: http://www.auscert.org.au/10186
Title: AL-2008.0119 -- [Win] -- MS08-070 - Critical - Vulnerabilities in
Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow
Remote Code Execution
Date: 09 December 2008
URL: http://www.auscert.org.au/10169
Title: AL-2008.0120 -- [Win] -- MS08-071 - Critical - Vulnerabilities in GDI
Could Allow Remote Code Execution
Date: 09 December 2008
URL: http://www.auscert.org.au/10170
Title: AL-2008.0122 -- [Win] -- MS08-073 - Critical - Cumulative Security
Update for Internet Explorer
Date: 09 December 2008
URL: http://www.auscert.org.au/10172
Title: AL-2008.0123 -- [Win][Mac][OSX] -- MS08-074 - Critical -
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code
Execution
Date: 09 December 2008
URL: http://www.auscert.org.au/10173
Title: AL-2008.0124 -- [Win] -- MS08-075 - Critical - Vulnerabilities in
Windows Search Could Allow Remote Code Execution
Date: 09 December 2008
URL: http://www.auscert.org.au/10174
Title: AA-2008.0246 -- [Win][UNIX/Linux] -- An update has been released for
TikiWiki
Date: 09 December 2008
URL: http://www.auscert.org.au/10151
Title: AA-2008.0250 -- [IBM HMC] -- A vulnerability has been identified in IBM
HMC
Date: 09 December 2008
URL: http://www.auscert.org.au/10160
Title: AU-2008.0021 -- AusCERT Update - [Win][UNIX/Linux] - An update has been
released for TikiWiki
Date: 09 December 2008
URL: http://www.auscert.org.au/10165
Title: AA-2008.0252 -- [Win][UNIX/Linux] -- An update has been released for
TWiki
Date: 09 December 2008
URL: http://www.auscert.org.au/10166
Title: AL-2008.0118 -- [Win] -- Microsoft Bulletin Notification - December
Prerelease Announcement
Date: 08 December 2008
URL: http://www.auscert.org.au/10167
Title: AU-2008.0022 -- AusCERT Update - [Win] - Microsoft Bulletin
Notification - December Prerelease Announcement
Date: 08 December 2008
URL: http://www.auscert.org.au/10168
Title: AA-2008.0247 -- [Netware] -- A vulnerability has been identified in
Novell NetWare 6.5
Date: 08 December 2008
URL: http://www.auscert.org.au/10152
Title: AA-2008.0248 -- [Win][Linux][HP-UX][Solaris][AIX] -- A number of
vulnerabilities exist in IBM Rational ClearQuest prior to version 7.1
Date: 08 December 2008
URL: http://www.auscert.org.au/10153
Title: AA-2008.0249 -- [Win][Linux][HP-UX][Solaris][AIX] -- A number of
vulnerabilities exist in IBM Rational ClearCase prior to versions
7.0.0.4 and 7.0.1.3
Date: 08 December 2008
URL: http://www.auscert.org.au/10154
External Security Bulletins:
- - ----------------------------
Title: ESB-2008.1117 -- [Linux][Solaris] -- Security Vulnerability Related to
Sun Java System Portal Server May Allow Information Disclosure
Date: 12 December 2008
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/10200
Title: ESB-2008.1116 -- [Solaris] -- Insecure Temporary File Creation Security
Vulnerability in Sun xVM VirtualBox
Date: 12 December 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,
Mac OS X
URL: http://www.auscert.org.au/10199
Title: ESB-2008.1115 -- [Win][UNIX/Linux] -- Archive::Tar: Directory traversal
vulnerability
Date: 11 December 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/10197
Title: ESB-2008.1114 -- [Ubuntu] -- GnuTLS regression
Date: 11 December 2008
OS: Ubuntu
URL: http://www.auscert.org.au/10196
Title: ESB-2008.1113 -- [UNIX/Linux][Debian] -- New lcms packages fix multiple
vulnerabilities
Date: 11 December 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10195
Title: ESB-2008.1112 -- [UNIX/Linux][Ubuntu] -- Vinagre vulnerability
Date: 11 December 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10194
Title: ESB-2008.1111 -- [Win][UNIX/Linux] -- Multiple vulnerabilities and
weaknesses were discovered in Drupal
Date: 11 December 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/10192
Title: ESB-2008.1110 -- [HP-UX] -- HP-UX Running DCE, Remote Denial of Service
(DoS)
Date: 11 December 2008
OS: HP-UX
URL: http://www.auscert.org.au/10191
Title: ESB-2008.1109 -- [Win][UNIX/Linux] -- BMC PatrolAgent Version Logging
Format String Vulnerability
Date: 10 December 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, FreeBSD, Other Linux Variants, Windows XP,
Server 2008, Red Hat Linux, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/10188
Title: ESB-2008.1108 -- [Win] -- MS08-077 - Important - Vulnerability in
Microsoft Office SharePoint Server Could Cause Elevation of Privilege
Date: 09 December 2008
OS: Server 2008, Windows Vista, Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/10176
Title: ESB-2008.1107 -- [Win] -- MS08-076 - Important - Vulnerabilities in
Windows Media Components Could Allow Remote Code Execution
Date: 10 December 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/10175
Title: ESB-2008.1106 -- [Linux][Solaris] -- Security Vulnerabilities in Sun
Ray Server Software and Sun Ray Windows Connector May Compromise the
Sun Ray Administration Password
Date: 09 December 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/10164
Title: ESB-2008.1105 -- [Solaris] -- A Security Vulnerability in Solaris
Secure Shell (SSH) May Expose Some Plain Text From Encrypted Traffic
Date: 09 December 2008
OS: Solaris
URL: http://www.auscert.org.au/10163
Title: ESB-2008.1104 -- [Solaris] -- A Security Vulnerability in the OpenSSL
PKCS#11 Engine May Result in Denial of Service (DoS) Due to a Corrupted
Session Cache
Date: 12 December 2008
OS: Solaris
URL: http://www.auscert.org.au/10162
Title: ESB-2008.1103 -- [Win] -- A vulnerability has been identified in HP
OpenView Reporter and HP Reporter
Date: 09 December 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/10159
Title: ESB-2008.1102 -- [Win][Linux][HP-UX][Solaris][AIX] -- A vulnerability
has been identified in HP OpenView Performance Agent and HP Performance
Agent
Date: 09 December 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/10158
Title: ESB-2008.1101 -- [Win][UNIX/Linux][Debian] -- New streamripper packages
fix potential code execution
Date: 09 December 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/10157
Title: ESB-2008.1100 -- [Win] -- Multiple vulnerabilities in Linksys WVC54GC
wireless video camera
Date: 09 December 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/10156
Title: ESB-2008.1099 -- [RedHat] -- Low: tomcat security update for Red Hat
Network Satellite Server
Date: 09 December 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/10155
Title: ESB-2008.1098 -- [UNIX/Linux][Debian] -- New squirrelmail packages fix
cross site scripting
Date: 08 December 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/10150
Title: ESB-2008.1097 -- [Win] -- Multiple vulnerabilities identified in
Trillian versions prior to 3.1.12.0
Date: 12 December 2008
OS: Windows Vista, Windows XP, Windows 2000, Windows 2003
URL: http://www.auscert.org.au/10149
Title: ESB-2008.1090 -- [Win][UNIX/Linux] -- Sun Releases Updates for Java
Runtime Environment (JRE) and Java SE Development Kit (JDK)
Date: 08 December 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/10140
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list