[AusNOG] AusCERT Week in Review - Week Ending 19/12/2008 (AUSCERT#20073F686)

Fri Dec 19 17:47:01 EST 2008


AusCERT in the Media:
- - ---------------------
Researchers Hone in On 'Dropzones' for Stolen Credentials
Dark Reading, NY 
8 hours ago
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212501236

Hundreds of Stolen Data Dumps Found
Washington Post, United States 
10 hours ago
http://feeds.voices.washingtonpost.com/click.phdo?i=9914ff30c685c53648965cd4adecd98c

Keyloggers under the microscope
Current IT news from heise online, UK 
11 hours ago
http://www.heise-online.co.uk/news/Keyloggers-under-the-microscope--/112288

Microsoft Responds To Explorer Problems
Smart House, Australia 
Dec 17, 2008
http://www.smarthouse.com.au/Content_And_Downloads/Industry/B5L8R9F2

Flaw in Microsoft Internet Explorer exposes threat
Merinews, India 
Dec 17, 2008
http://www.merinews.com/catFull.jsp?articleID=153228

Avoid using IE if possible: <b>AusCERT</b>
ZDNet.com.au, Australia 
Dec 15, 2008
http://www.zdnet.com.au/news/security/soa/Avoid-using-IE-if-possible-AusCERT/0,130061744,339293853,00.htm

USB Device Nightmare Becomes Reality
Campus Technology, CA 
Dec 12, 2008
http://campustechnology.com/Articles/2008/12/USB-Device-Nightmare-Becomes-Reality.aspx


Papers, Articles and other documents:
- - -------------------------------------


Web Log Entries:
- - ----------------


Alerts, Advisories and Updates:
- - -------------------------------
Title: AA-2008.0257 -- [UNIX/Linux] -- A vulnerability has been identified in
       Asterisk Open Source and Asterisk Business Edition 
Date:  19 December 2008
URL:   http://www.auscert.org.au/10207

Title: AU-2008.0025 -- AusCERT Update - [Solaris] - Security Vulnerabilities
       in the Apache 2.0 "mod_proxy_http" and "mod_proxy_ftp" Modules may Lead
       to Denial of Service (DoS) or Cross Site Scripting (XSS) 
Date:  19 December 2008
URL:   http://www.auscert.org.au/10249

Title: AL-2008.0125 -- [Win] -- A vulnerability has been identified in
       Microsoft Windows WordPad Text Converter 
Date:  18 December 2008
URL:   http://www.auscert.org.au/10193

Title: AL-2008.0131 -- [Win] -- Security Update for Internet Explorer -
       MS08-078 - Critical 
Date:  18 December 2008
URL:   http://www.auscert.org.au/10239

Title: AA-2008.0263 -- [Win][UNIX/Linux] -- A number of vulnerabilities have
       been identified in Opera prior to version 9.63 
Date:  18 December 2008
URL:   http://www.auscert.org.au/10245

Title: AU-2008.0024 -- AusCERT Update - [Win] - A vulnerability has been
       identified in Microsoft Windows WordPad Text Converter 
Date:  17 December 2008
URL:   http://www.auscert.org.au/10244

Title: AA-2008.0262 -- [Win] -- A vulnerability has been identified in Hitachi
       JP1/Integrated Management. 
Date:  17 December 2008
URL:   http://www.auscert.org.au/10236

Title: AL-2008.0129 -- [Win][UNIX/Linux] -- A number of vulnerabilities have
       been identified in Mozilla Firefox, SeaMonkey and Thunderbird 
Date:  17 December 2008
URL:   http://www.auscert.org.au/10237

Title: AL-2008.0130 -- [Win] -- Microsoft prerelease announcement of out of
       band patch for critical Internet Explorer vulnerability 
Date:  17 December 2008
URL:   http://www.auscert.org.au/10238

Title: AA-2008.0259 -- [Win][UNIX/Linux] -- phpBB version 3.0.4 has been
       released correcting two vulnerabilities 
Date:  16 December 2008
URL:   http://www.auscert.org.au/10221

Title: AA-2008.0260 -- [Win] -- An SQL injection vulnerability has been found
       in Citrix Broadcast Server 
Date:  16 December 2008
URL:   http://www.auscert.org.au/10222

Title: AA-2008.0261 -- [Win][Linux][Solaris][AIX] -- Various Tivoli products
       do not correctly authenticate users who attempt to run SOAP commands 
Date:  16 December 2008
URL:   http://www.auscert.org.au/10224

Title: AA-2008.0223 -- [Win][UNIX/Linux] -- Opera version 9.62 released fixing
       several vulnerabilities 
Date:  15 December 2008
URL:   http://www.auscert.org.au/10026

Title: AA-2008.0258 -- [Win][UNIX/Linux] -- Multiple problems in Wireshark
       versions 0.99.7 to 1.0.4 
Date:  15 December 2008
URL:   http://www.auscert.org.au/10214


External Security Bulletins:
- - ----------------------------
Title: ESB-2008.1147 -- [Win][UNIX/Linux] -- A vulnerability has been
       identified in phpMyAdmin 
Date:  19 December 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/10254

Title: ESB-2008.1146 -- [Linux] -- Security update available for Linux Flash
       Player 10.0.12.36 and Linux Flash Player 9.0.151.0 
Date:  19 December 2008
OS:    Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux 
URL:   http://www.auscert.org.au/10253

Title: ESB-2008.1145 -- [UNIX/Linux][Ubuntu] -- Avahi vulnerabilities 
Date:  19 December 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/10252

Title: ESB-2008.1144 -- [Linux][Ubuntu] -- shadow vulnerability 
Date:  19 December 2008
OS:    Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux 
URL:   http://www.auscert.org.au/10251

Title: ESB-2008.1143 -- [UNIX/Linux][Ubuntu] -- libvirt vulnerability 
Date:  19 December 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/10250

Title: ESB-2008.1142 -- [Solaris] -- Security Vulnerability in Solaris IP
       Tunnel Parameter Processing May Lead to a System Panic or Possible
       Execution of Arbitrary Code by Unprivileged Users 
Date:  19 December 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/10248

Title: ESB-2008.1141 -- [RedHat] -- Important: java-1.6.0-bea, java-1.5.0-bea
       and java-1.4.2-bea security update 
Date:  19 December 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/10247

Title: ESB-2008.1140 -- [Win][Linux][Solaris] -- Security Vulnerability in the
       Sun Java Web Console May Allow Unauthorized Redirection 
Date:  18 December 2008
OS:    Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
       Linux Variants, Windows XP, Server 2008, Red Hat Linux, Windows Vista 
URL:   http://www.auscert.org.au/10246

Title: ESB-2008.1139 -- [Win][UNIX/Linux] -- A vulnerability has been
       identified in Views (Drupal module) 
Date:  18 December 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, AIX, Windows
       Vista 
URL:   http://www.auscert.org.au/10243

Title: ESB-2008.1138 -- [Win][UNIX/Linux] -- A vulnerability has been
       identified in Services (Drupal third-party module) 
Date:  18 December 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/10242

Title: ESB-2008.1137 -- [RedHat] -- Important: kernel security and bug fix
       update 
Date:  18 December 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/10241

Title: ESB-2008.1136 -- [RedHat] -- Critical: firefox and seamonkey security
       update 
Date:  18 December 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/10240

Title: ESB-2008.1135 -- [Win][UNIX/Linux] -- Multiple vulnerabilities
       identified in Sun Java JDK and JRE as used by Avaya 
Date:  17 December 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/10235

Title: ESB-2008.1134 -- [UNIX/Linux] -- SUSE Security Summary Report
       SUSE-SR:2008:028 
Date:  17 December 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/10234

Title: ESB-2008.1133 -- [Solaris] -- A Security Vulnerability in IPv4
       Forwarding may Allow a Remote User to Panic the System 
Date:  17 December 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/10233

Title: ESB-2008.1132 -- [Win][Linux] -- Buffer Overflow Vulnerabilities in Sun
       Java Wireless Toolkit for CLDC may Allow an Application to Escalate
       Privileges 
Date:  17 December 2008
OS:    Ubuntu, Debian GNU/Linux, Windows 2003, Other Linux Variants, Windows
       XP, Server 2008, Red Hat Linux, Windows Vista 
URL:   http://www.auscert.org.au/10232

Title: ESB-2008.1131 -- [Solaris] -- Security Vulnerabilities in the Apache
       2.0 "mod_proxy_http" and "mod_proxy_ftp" Modules may Lead to Denial of
       Service (DoS) or Cross Site Scripting (XSS) 
Date:  19 December 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/10231

Title: ESB-2008.1130 -- [Win][UNIX/Linux] -- JasPer: User-assisted execution
       of arbitrary code 
Date:  17 December 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/10230

Title: ESB-2008.1129 -- [RedHat] -- Important: kernel security and bug fix
       update 
Date:  17 December 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/10229

Title: ESB-2008.1128 -- [Debian] -- New Linux 2.6.18 packages fix several
       vulnerabilities 
Date:  16 December 2008
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/10220

Title: ESB-2008.1127 -- [RedHat] -- Moderate: enscript security update 
Date:  16 December 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/10219

Title: ESB-2008.1126 -- [Win][UNIX/Linux][RedHat] -- Moderate: pidgin security
       and bug fix update 
Date:  16 December 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/10218

Title: ESB-2008.1125 -- [UNIX/Linux][RedHat] -- Moderate: cups security update
Date:  16 December 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/10217

Title: ESB-2008.1124 -- [RedHat] -- Moderate: cups security update 
Date:  16 December 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/10216

Title: ESB-2008.1123 -- [Mac][OSX] -- Security Update 2008-008 / Mac OS X
       v10.5.6 
Date:  16 December 2008
OS:    Mac OS X 
URL:   http://www.auscert.org.au/10215

Title: ESB-2008.1122 -- [Solaris] -- An IP(7P) Spoofing Security Vulnerability
       in Mid-range Sun Fire Server's Firmware May Allow Unauthorized Access
       to System Controllers 
Date:  15 December 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/10213

Title: ESB-2008.1121 -- [Solaris] -- A Security Vulnerability in the
       Management of Solaris Kerberos (see kerberos(5)) may Lead to a User
       Denial of Service (DoS) Attack 
Date:  15 December 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/10212

Title: ESB-2008.1120 -- [UNIX/Linux][Solaris] -- Security Vulnerability in the
       X Inter Client Exchange Library (libICE) Shipped With Solaris May Allow
       a Denial of Service (DoS) 
Date:  15 December 2008
OS:    HP Tru64 UNIX, Solaris, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL:   http://www.auscert.org.au/10211

Title: ESB-2008.1119 -- [Win][UNIX/Linux][Debian] -- New no-ip packages fix
       arbitrary code execution 
Date:  15 December 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/10210

Title: ESB-2008.1118 -- [Win][UNIX/Linux][Debian] -- New uw-imap packages fix
       multiple vulnerabilities 
Date:  15 December 2008
OS:    Solaris, HP Tru64 UNIX, Windows 98/98SE, Ubuntu, Debian GNU/Linux,
       Other BSD Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD,
       Other Linux Variants, Windows XP, Server 2008, Red Hat Linux, Windows
       NT 4, Mac OS X, HP-UX, AIX, Windows Vista, Windows ME 
URL:   http://www.auscert.org.au/10209

Title: ESB-2008.0865 -- [Win][UNIX/Linux][Mac][OSX] -- Information disclosure
       vulnerability in Apache Tomcat 
Date:  19 December 2008
OS:    Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
       Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
       Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
       Tru64 UNIX, Solaris 
URL:   http://www.auscert.org.au/9820


===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================