[AusNOG] AusCERT Week in Review - Week Ending 29/02/2008 (AUSCERT#20073F686)
Zane Jarvis
zane at auscert.org.au
Fri Feb 29 17:34:43 EST 2008
AusCERT Week in Review
29 February 2008
Greetings,
Fraud Fortnight continues...
As a part of the Australasian Consumer Fraud Taskforce Campaign, AusCERT has
updated a set of Powerpoint slides.
These slides are general advice on how to mitigate the risk of being a victim of
fraud, identity theft and malicious code.
The slides can be found on our website here:
http://www.auscert.org.au/6891
Please feel free to give feedback on these slides.
And in an email we received from ACCC:
The ACCC has just released a brand new edition of its very popular The little
black book of scams.
The little black book of scams highlights a variety of popular scams that
regularly target Australian consumers and small business in areas such as
fake lotteries, internet shopping, mobile phones, online banking, employment
and investment opportunities. It also offers consumers tips on how to protect
themselves from scams, what they can do to minimise damage if they do get
scammed and how they can report a scam.
You can ring the ACCC's Infocentre on 1300 302 502 to request your free copy
of The little black book of scams or you can download it here from the ACCC
website.
Conference News
This week AusCERT opened registrations for the AusCERT2008. Along with this the
draft program has been released. The tutorials are still to be finalised. You can
find more details and register at the website.
http://conference.auscert.org.au/conf2008/
Also just confirmed, Scott Charney who is the Corporate Vice President, Trustworthy
Computing of Microsoft has been confirmed as a speaker. The program has not yet
been updated with this information.
Regards,
Zane Jarvis, Computer Security Analyst | Hotline: +61 7 3365 4417
AusCERT, Australia's national CERT | Fax: +61 7 3365 7031
The University of Queensland | WWW: www.auscert.org.au
QLD 4072 Australia | Email: auscert at auscert.org.au
AusCERT in the Media:
- - ---------------------
Papers, Articles and other documents:
- - -------------------------------------
Title: Filtering AusCERT Bulletins
Date: 29/02/2008
URL: http://www.auscert.org.au/8901
Title: Practical Computer Security slides
Date: 27 February 2008
URL: http://www.auscert.org.au/6891
Web Log Entries:
- - ----------------
Title: Conferences, Campaigns and Papers
Date: 29/02/2008
URL: http://www.auscert.org.au/8892
Title: Fraud Fortnight
Date: 24 February 2008
URL: http://www.auscert.org.au/8859
Alerts, Advisories and Updates:
- - -------------------------------
Title: AA-2008.0058 -- [OpenBSD] -- OpenBSD 4.1 and 4.2 Vulnerable to Denial
of Service
Date: 29 February 2008
URL: http://www.auscert.org.au/8883
Title: AA-2008.0059 -- [Win][UNIX/Linux] -- TikiWiki 1.9.10.1 Released Fixing
a Cross-site Scripting Vulnerability
Date: 29 February 2008
URL: http://www.auscert.org.au/8884
Title: AA-2008.0060 -- [Win] -- Trend Micro OfficeScan Vulnerable to Buffer
Overflows and Denial of Service
Date: 29 February 2008
URL: http://www.auscert.org.au/8900
Title: AA-2008.0052 -- [Win] -- Vulnerability in Novell iPrint Client for
Windows ActiveX Control
Date: 27 February 2008
URL: http://www.auscert.org.au/8869
Title: AA-2008.0057 -- [Win] -- Double-Take for Windows vulnerable to Denial
of Service and Information Disclosure
Date: 27 February 2008
URL: http://www.auscert.org.au/8880
Title: AA-2008.0046 -- [Win][UNIX/Linux] -- Mambo and Joomla components - SQL
injections
Date: 26 February 2008
URL: http://www.auscert.org.au/8826
Title: AA-2008.0053 -- [Win] -- Multiple buffer overflows exist in the Windows
RPC components for IBM Informix Storage Manager (ISM)
Date: 26 February 2008
URL: http://www.auscert.org.au/8876
Title: AA-2008.0054 -- [Win][UNIX/Linux] -- Joomla! 1.0.15 released correcting
a security vulnerability
Date: 26 February 2008
URL: http://www.auscert.org.au/8877
Title: AA-2008.0055 -- [Win][UNIX/Linux] -- Dokeos 1.8.4 multiple SQL
Injection and Cross Site Scripting (XSS) vulnerabilities
Date: 26 February 2008
URL: http://www.auscert.org.au/8878
Title: AA-2008.0056 -- [Win][Linux][Solaris][AIX] -- IBM Lotus Quickplace 7.0
and IBM Lotus Quickr 8.0 vulnerable to Cross-site Scripting (XSS)
Date: 26 February 2008
URL: http://www.auscert.org.au/8879
Title: AA-2008.0051 -- [Win][UNIX/Linux] -- New version of Netscape Navigator
Fixes Security Vulnerabilities
Date: 25 February 2008
URL: http://www.auscert.org.au/8866
External Security Bulletins:
- - ----------------------------
Title: ESB-2007.1018 -- [Win] -- HP Quick Launch Button (QLB) Running on
Windows, Remote Execution of Arbitrary Code, Gain Privileged Access
Date: 24 February 2008
OS: Windows Vista, Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/8514
Title: ESB-2008.0226 -- [NetBSD] -- IPsec in IPv6 Denial of Service
Date: 29 February 2008
OS: Other BSD Variants
URL: http://www.auscert.org.au/8899
Title: ESB-2008.0225 -- [NetBSD] -- file(1) Integer overflow
Date: 29 February 2008
OS: Other BSD Variants
URL: http://www.auscert.org.au/8898
Title: ESB-2008.0224 -- [NetBSD] -- Endianness issue in fast_ipsec(4)
Date: 29 February 2008
OS: Other BSD Variants
URL: http://www.auscert.org.au/8897
Title: ESB-2008.0223 -- [Win][UNIX/Linux] -- Multiple problems in Wireshark
(formerly Ethereal) versions 0.6.0 to 0.99.7
Date: 29 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8896
Title: ESB-2008.0222 -- [AIX] -- AIX X server multiple vulnerabilities
Date: 29 February 2008
OS: AIX
URL: http://www.auscert.org.au/8895
Title: ESB-2008.0221 -- [AIX] -- AIX libc inet_network buffer overflow
Date: 29 February 2008
OS: AIX
URL: http://www.auscert.org.au/8894
Title: ESB-2008.0220 -- [Win] -- Multiple vulnerabilities in the Backup Exec
11d and 12.0 for Windows Servers scheduler
Date: 29 February 2008
OS: Windows 2003, Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/8893
Title: ESB-2008.0219 -- [RedHat] -- Moderate: gd security update
Date: 29 February 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/8891
Title: ESB-2008.0218 -- [UNIX/Linux][RedHat] -- Moderate: netpbm security
update
Date: 29 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8890
Title: ESB-2008.0217 -- [RedHat] -- Moderate: dbus security update
Date: 28 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8889
Title: ESB-2008.0216 -- [RedHat] -- Important: ghostscript security update
Date: 28 February 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/8888
Title: ESB-2008.0215 -- [Win][UNIX/Linux] -- Drupal Core - Multiple cross site
scripting vulnerabilities
Date: 28 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8887
Title: ESB-2008.0214 -- [UNIX/Linux][Debian] -- New ghostscript packages fix
arbitrary code execution
Date: 28 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8886
Title: ESB-2008.0213 -- [Win][UNIX/Linux] -- VLC media player chunk context
validation error
Date: 28 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8885
Title: ESB-2008.0212 -- [Win][UNIX/Linux] -- Mozilla Thunderbird MIME
External-Body Heap Overflow Vulnerability
Date: 27 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8882
Title: ESB-2008.0211 -- [Win][Linux][Solaris][AIX] -- Symantec Scan Engine
5.1.2 RAR File Denial of Service and Buffer Overflow Vulnerabilities
Date: 27 February 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Red Hat Linux, AIX
URL: http://www.auscert.org.au/8881
Title: ESB-2008.0210 -- [UNIX/Linux] -- OpenCA allows Cross site request
forgery (XSRF)
Date: 26 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/8875
Title: ESB-2008.0209 -- [Solaris] -- Security Vulnerability May Allow Firewall
Compromise or Creation of Denial of Service (DoS) Condition
Date: 26 February 2008
OS: Solaris
URL: http://www.auscert.org.au/8874
Title: ESB-2008.0208 -- [UNIX/Linux][Debian] -- New koffice packages fix
multiple vulnerabilities
Date: 26 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8873
Title: ESB-2008.0207 -- [RedHat] -- Important: cups security update
Date: 26 February 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/8872
Title: ESB-2008.0206 -- [Debian] -- New diatheke packages fix arbirary shell
command execution
Date: 26 February 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8871
Title: ESB-2008.0205 -- [Solaris] -- Security Vulnerability in the Solaris 10
DTrace Dynamic Tracing Framework May Allow Unauthorized Kernel Level
Tracing
Date: 27 February 2008
OS: Solaris
URL: http://www.auscert.org.au/8868
Title: ESB-2008.0204 -- [Solaris] -- Two Security Vulnerabilities Exist Within
the cpc(3CPC) Sub-System of the Solaris Kernel
Date: 27 February 2008
OS: Solaris
URL: http://www.auscert.org.au/8867
Title: ESB-2008.0203 -- [Solaris] -- Security Vulnerability in Solaris 10 Perl
5.8
Date: 25 February 2008
OS: Solaris
URL: http://www.auscert.org.au/8865
Title: ESB-2008.0202 -- [Win] -- Critical Windows based VMware Workstation,
VMware Player, and VMware ACE Alert
Date: 27 February 2008
OS: Windows Vista, Windows XP, Windows 2000, Windows 2003
URL: http://www.auscert.org.au/8864
Title: ESB-2008.0201 -- [RedHat] -- Critical: acroread security update
Date: 25 February 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/8863
Title: ESB-2008.0200 -- [Debian] -- New turba2 packages fix permission testing
Date: 25 February 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8862
Title: ESB-2008.0199 -- [Debian] -- New iceape packages fix several
vulnerabilities
Date: 25 February 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8861
Title: ESB-2008.0198 -- [Debian] -- New alsa-driver packages fix kernel memory
leak
Date: 25 February 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8860
Title: ESB-2008.0197 -- [Debian] -- New Linux kernel 2.6.8 and 2.4.27 packages
fix several issues
Date: 25 February 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8858
Title: ESB-2008.0187 -- [RedHat] -- Moderate: tk security update
Date: 25 February 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/8847
Title: ESB-2008.0174 -- [Win][UNIX/Linux] -- BEA Systems release 21 security
advisories for multiple products
Date: 26 February 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other
Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,
Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/8830
Title: ESB-2008.0164 -- [Win][Linux] -- F-Secure - Specially crafted CAB and
RAR archives can bypass antivirus scanning
Date: 26 February 2008
OS: Windows Vista, Red Hat Linux, Windows XP, Other Linux Variants, Windows
2000, Windows 2003, Debian GNU/Linux, Ubuntu
URL: http://www.auscert.org.au/8818
Title: ESB-2008.0133 -- [RedHat] -- firefox seamonkey and thunderbird security
updates
Date: 29 February 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/8762
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
- -----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBR8emnCh9+71yA2DNAQIxnwQAlK8oYk3loSRP/iHRBx+xZqd+6s8OtzOi
yQL60lonqG3bAzyx0hrYqLa0nfUIyuTUB0YfJcJcMCH6Z+fbEPngBbgb62+LobP9
6lKSAgVrO7NeeK68J2S8kdjmGP5B08+WaAgll7DwLfxlIjpjB0F8IfRU57O4uV95
n8q1vO8QkQU=
=vHFv
- -----END PGP SIGNATURE-----
------- End of Forwarded Message
More information about the AusNOG
mailing list