[AusNOG] AusCERT Week in Review - Week Ending 08/02/2008 (AUSCERT#20073F686)
Richard Billington
richard at auscert.org.au
Fri Feb 8 17:09:35 EST 2008
AusCERT Week in Review
08 February 2008
Papers, Articles and other documents:
- - -------------------------------------
Title: Counter e-Crime Operations Summit 2008
Date: 07 February 2008
URL: http://www.auscert.org.au/8760
Web Log Entries:
- - ----------------
Title: Following the rabbit hole
Date: 07 February 2008
URL: http://www.auscert.org.au/8763
Alerts, Advisories and Updates:
- - -------------------------------
Title: AA-2008.0035 -- [Win][UNIX/Linux] -- WordPress prior to version 2.3.3
allow other users posts to be edited
Date: 08 February 2008
URL: http://www.auscert.org.au/8759
Title: AL-2008.0014 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in
Mozilla Firefox, Thunderbird, and SeaMonkey
Date: 08 February 2008
URL: http://www.auscert.org.au/8761
Title: AA-2008.0027 -- [Win][UNIX/Linux] -- Multiple SQL injection
vulnerabilities in Wordpress plugins
Date: 07 February 2008
URL: http://www.auscert.org.au/8730
Title: AA-2008.0028 -- [Win] -- UltraVNC viewer is vulnerable to a buffer
overflow vulnerability
Date: 07 February 2008
URL: http://www.auscert.org.au/8731
Title: AL-2008.0013 -- [Win][OSX] -- QuickTime 7.4.1 released correcting a
buffer overflow
Date: 07 February 2008
URL: http://www.auscert.org.au/8749
Title: AA-2008.0033 -- [Win][Netware][UNIX/Linux] -- Two vulnerabilities in
Novell ZENworks Patch Management 6.x allow code execution
Date: 07 February 2008
URL: http://www.auscert.org.au/8752
Title: AA-2007.0074 -- [Win][UNIX/Linux] -- New version of OpenSSH fixes X11
cookie fallback
Date: 06 February 2008
URL: http://www.auscert.org.au/8060
Title: AA-2008.0034 -- [Win][UNIX/Linux] -- Mambo and Joomla components - SQL
injection
Date: 06 February 2008
URL: http://www.auscert.org.au/8754
Title: AA-2008.0026 -- [Win][UNIX/Linux] -- Mambo Components - SQL Injection
Date: 06 February 2008
URL: http://www.auscert.org.au/8723
Title: AA-2008.0030 -- [Win] -- Ipswitch WS_FTP Server with SSH has a buffer
overflow vulnerability
Date: 06 February 2008
URL: http://www.auscert.org.au/8736
Title: AA-2008.0031 -- [Win][UNIX/Linux] -- Tripwire Enterprise version 7.0
Cross-site Scripting (XSS) vulnerability
Date: 06 February 2008
URL: http://www.auscert.org.au/8737
Title: AA-2008.0032 -- [Win][UNIX/Linux] -- Mambo and Joomla components - SQL
injection
Date: 05 February 2008
URL: http://www.auscert.org.au/8738
Title: AA-2008.0029 -- [Win][UNIX/Linux] -- Coppermine 1.4.14 and prior has
multiple vulnerabilities
Date: 04 February 2008
URL: http://www.auscert.org.au/8732
External Security Bulletins:
- - ----------------------------
Title: ESB-2008.0133 -- [RedHat] -- firefox seamonkey and thunderbird security
updates
Date: 08 February 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/8762
Title: ESB-2008.0132 -- [Win][UNIX/Linux] -- Adobe Reader 8.1.2 update
addresses a number security vulnerabilities
Date: 08 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8758
Title: ESB-2008.0131 -- [UNIX/Linux] -- KAME project IPv6 IPComp header denial
of service vulnerability
Date: 08 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Cisco Products, Red Hat
Linux, Mac OS X, HP-UX, AIX
URL: http://www.auscert.org.au/8757
Title: ESB-2008.0130 -- [Win][Linux][HP-UX][Solaris][AIX] -- IBM DB2 Universal
Database - Two Vulnerabilities
Date: 08 February 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Red Hat Linux, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/8756
Title: ESB-2008.0129 -- [Win][RedHat][HP-UX][Solaris] -- HP Select Identity
Software, Remote Unauthorized Access
Date: 08 February 2008
OS: Solaris, Windows 2003, Windows 2000, Windows XP, Red Hat Linux, HP-UX,
Windows Vista
URL: http://www.auscert.org.au/8755
Title: ESB-2008.0128 -- [Win][Linux][Solaris] -- Two Vulnerabilities in the
Java Runtime Environment May Independently Allow an Untrusted
Application or Applet to Elevate Privileges
Date: 08 February 2008
OS: Windows Vista, Red Hat Linux, Windows XP, Other Linux Variants, Windows
2000, Windows 2003, Debian GNU/Linux, Ubuntu, Solaris
URL: http://www.auscert.org.au/8753
Title: ESB-2008.0127 -- [Win][UNIX/Linux] -- HP Storage Essentials SRM, Remote
Unauthorized Access
Date: 07 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, IRIX, Windows 2003,
Windows 2000, Other Linux Variants, Windows XP, Red Hat Linux, HP-UX,
AIX, Windows Vista
URL: http://www.auscert.org.au/8751
Title: ESB-2008.0126 -- [Win] -- HP Virtual Rooms Running on Windows, Remote
Execution of Arbitrary Code
Date: 07 February 2008
OS: Windows 2003, Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/8750
Title: ESB-2008.0125 -- [Debian] -- New net-snmp packages fix denial of
service vulnerability
Date: 07 February 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8748
Title: ESB-2008.0124 -- [Win] -- Skypefind Cross Zone Scripting Vulnerability
Date: 06 February 2008
OS: Windows 2003, Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/8747
Title: ESB-2008.0123 -- [AIX] -- AIX OpenSSH creates trusted X11 cookie
instead of untrusted
Date: 06 February 2008
OS: AIX
URL: http://www.auscert.org.au/8746
Title: ESB-2008.0122 -- [Win] -- Yahoo! Music Jukebox multiple vulnerabilities
Date: 08 February 2008
OS: Windows Vista, Windows XP, Windows 2000, Windows 2003
URL: http://www.auscert.org.au/8745
Title: ESB-2008.0121 -- [Win][Linux][HP-UX][Solaris] -- HP OpenView Network
Node Manager (OV NNM) Remote Denial of Service (DoS)
Date: 06 February 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Red Hat Linux, HP-UX, Windows Vista
URL: http://www.auscert.org.au/8744
Title: ESB-2008.0120 -- [Debian] -- New squid packages fix denial of service
Date: 06 February 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8743
Title: ESB-2008.0119 -- [OSX] -- iPhoto 7.1.2 maliciously-crafted photocast
arbitrary code execution
Date: 06 February 2008
OS: Mac OS X
URL: http://www.auscert.org.au/8742
Title: ESB-2008.0118 -- [Win][UNIX/Linux][Debian] -- New python-cherrypy
packages fix denial of service
Date: 06 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8741
Title: ESB-2008.0117 -- [Win][UNIX/Linux][Debian] -- New gnatsweb packages fix
cross-site scripting
Date: 06 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8740
Title: ESB-2008.0116 -- [Debian] -- New poppler packages fix several
vulnerabilities
Date: 06 February 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8739
Title: ESB-2008.0115 -- [Win] -- Aurigma ImageUploader ActiveX control stack
buffer overflows
Date: 05 February 2008
OS: Windows 2003, Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/8735
Title: ESB-2008.0114 -- [Win][UNIX/Linux] -- MPlayer arbitrary pointer
dereference and buffer overflow
Date: 05 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8734
Title: ESB-2008.0113 -- [Win][UNIX/Linux] -- IBM Informix Dynamic Server
Multiple Vulnerabilities
Date: 05 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/8733
Title: ESB-2008.0112 -- [HP-UX] -- HP-UX Running Apache, Remote Execution of
Arbitrary Code
Date: 04 February 2008
OS: HP-UX
URL: http://www.auscert.org.au/8729
Title: ESB-2008.0111 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in
Liferay Portal
Date: 04 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8728
Title: ESB-2008.0110 -- [RedHat] -- Moderate: postgresql security update
Date: 04 February 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/8727
Title: ESB-2008.0106 -- [Win][UNIX/Linux] -- Drupal Comment upload module -
Arbitrary file upload vulnerability
Date: 06 February 2008
OS: Windows Vista, AIX, HP-UX, Red Hat Linux, Windows XP, Other Linux
Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX, Other BSD
Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/8720
Title: ESB-2008.0105 -- [Win][UNIX/Linux] -- Drupal Userpoints module -
Cross-site Request Forgery
Date: 06 February 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other
Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,
Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/8719
Title: ESB-2008.0103 -- [Win][UNIX/Linux] -- Secure Site Drupal module
vulnerability
Date: 06 February 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other
Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,
Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/8715
Title: ESB-2008.0091 -- [AIX] -- Multiple AIX vulnerabilities
Date: 06 February 2008
OS: AIX
URL: http://www.auscert.org.au/8696
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
- -----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBR6vwmyh9+71yA2DNAQJyuAP/aOfJG1u3x69C6Mg5Xw5Ry7oBY2Ci+Nri
uYKErZ99k0Rg54aFmpELtMWOTwCyWtRZjCU5K6Z+oAGe4UuGG1G2Z3FjR+EZooj0
R3Lj+wiDvOwq6pa0MEP1AOR0Ej/LF4lgpZPMKlx7fX2/s443SJekmgtQPKPfmhUT
QvIGh0DeB/Q=
=PwI8
- -----END PGP SIGNATURE-----
------- End of Forwarded Message
More information about the AusNOG
mailing list