[AusNOG] AusCERT Week in Review - Week Ending 25/01/2008 (AUSCERT#20073F686)
Richard Billington
richard at auscert.org.au
Fri Jan 25 18:17:08 EST 2008
AusCERT Week in Review
25 January 2008
Web Log Entries:
- - ----------------
Title: Slow and steady winning the spam race
Date: 21 January 2008
URL: http://www.auscert.org.au/8678
Alerts, Advisories and Updates:
- - -------------------------------
Title: AA-2008.0015 -- [Win] -- Winamp 5.52 fixes stack buffer overflow
vulnerability
Date: 25 January 2008
URL: http://www.auscert.org.au/8681
Title: AA-2008.0016 -- [Win][UNIX/Linux] -- A Cross Site Scripting (XSS)
vulnerability has been reported in cPanel
Date: 25 January 2008
URL: http://www.auscert.org.au/8684
Title: AA-2008.0018 -- [Win][UNIX/Linux] -- Sun has released Java SE 6 update
4
Date: 25 January 2008
URL: http://www.auscert.org.au/8697
Title: AA-2008.0019 -- [Win] -- A directory traversal vulnerability in
BitDefender Update Server
Date: 25 January 2008
URL: http://www.auscert.org.au/8698
Title: AA-2008.0020 -- [OpenBSD] -- OpenBSD 4.2 denial of service (kernel
panic) vulnerability
Date: 25 January 2008
URL: http://www.auscert.org.au/8699
Title: AA-2008.0021 -- [Win] -- IBM WebSphere Business Modeler security bypass
Date: 25 January 2008
URL: http://www.auscert.org.au/8700
Title: AA-2008.0017 -- [symbian] -- SymbianOS worm spreading over mobile phone
networks
Date: 23 January 2008
URL: http://www.auscert.org.au/8685
Title: AL-2008.0008 -- [Win][UNIX/Linux] -- Oracle Critical Patch Update - 26
vulnerabilities in Oracle
Date: 22 January 2008
URL: http://www.auscert.org.au/8649
Title: AL-2008.0010 -- [Win] -- ZDI-08-002: Citrix Presentation Server IMA
Service Heap Overflow
Date: 22 January 2008
URL: http://www.auscert.org.au/8674
Title: AL-2008.0011 -- [Win][Netware][UNIX/Linux] -- Radiator 4.0 released
fixing Denial of Service vulnerability
Date: 22 January 2008
URL: http://www.auscert.org.au/8682
External Security Bulletins:
- - ----------------------------
Title: ESB-2008.0737 -- [Win][Linux][HP-UX][Solaris] -- Installation of Sun
Java System Access Manager 7.1 on Sun Java System Application Server
9.1 or 8.x May Compromise Application Server Security
Date: 22 January 2008
OS: HP-UX, Red Hat Linux, Windows XP, Windows 2000, Windows 2003, Solaris
URL: http://www.auscert.org.au/8141
Title: ESB-2008.0091 -- [AIX] -- Multiple AIX vulnerabilities
Date: 25 January 2008
OS: AIX
URL: http://www.auscert.org.au/8696
Title: ESB-2008.0090 -- [Win][UNIX/Linux] -- IBM Tivoli PMfOSD HTTP Request
Method Buffer Overflow Vulnerability
Date: 25 January 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8695
Title: ESB-2008.0089 -- [AIX] -- IBM AIX pioout BSS Buffer Overflow
Vulnerability
Date: 25 January 2008
OS: AIX
URL: http://www.auscert.org.au/8694
Title: ESB-2008.0088 -- [UNIX/Linux] -- Updated gFTP packages fix
vulnerabilities
Date: 24 January 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/8693
Title: ESB-2008.0087 -- [Win][UNIX/Linux] -- Workflow and Archive Drupal
modules - cross site scripting
Date: 24 January 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/8692
Title: ESB-2008.0086 -- [Appliance][Cisco] -- Default Passwords in the
Application Velocity System
Date: 24 January 2008
OS: Cisco Products
URL: http://www.auscert.org.au/8691
Title: ESB-2008.0085 -- [Appliance][Cisco] -- Cisco PIX and ASA Time-to-Live
Vulnerability
Date: 24 January 2008
OS: Cisco Products
URL: http://www.auscert.org.au/8690
Title: ESB-2008.0084 -- [HP-UX] -- HP-UX Running ARPA Transport, Remote Denial
of Service (DoS)
Date: 24 January 2008
OS: HP-UX
URL: http://www.auscert.org.au/8689
Title: ESB-2008.0083 -- [Linux][RedHat] -- Important: kernel security and bug
fix update
Date: 24 January 2008
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/8688
Title: ESB-2008.0082 -- [Debian] -- New exiv2 packages fix arbitrary code
execution
Date: 24 January 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8687
Title: ESB-2008.0081 -- [Debian] -- New php5 packages fix regression
Date: 24 January 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8686
Title: ESB-2008.0080 -- [Win] -- CORE FORCE Kernel Buffer Overflow
Date: 23 January 2008
OS: Windows 2003, Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/8683
Title: ESB-2008.0079 -- [UNIX/Linux][Debian] -- New scponly packages fix
arbitrary code execution
Date: 22 January 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8680
Title: ESB-2008.0078 -- [Debian] -- New xine-lib packages fix arbitrary code
execution
Date: 22 January 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8679
Title: ESB-2008.0077 -- [Debian] -- New libvorbis packages fix several
vulnerabilities
Date: 22 January 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8677
Title: ESB-2008.0076 -- [RedHat] -- Moderate: wireshark security update
Date: 22 January 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/8676
Title: ESB-2008.0075 -- [RedHat] -- Moderate: httpd security update
Date: 22 January 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/8675
Title: ESB-2008.0074 -- [Win][Netware][UNIX/Linux] -- Apache HTTP Server
2.2.8, 2.0.63, 1.3.41 released fixing multiple vulnerabilities
Date: 21 January 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Red Hat Linux, Mac OS X, Novell Netware, HP-UX, AIX
URL: http://www.auscert.org.au/8673
Title: ESB-2008.0073 -- [Debian] -- New horde3 packages fix denial of service
Date: 21 January 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8672
Title: ESB-2008.0072 -- [Win][UNIX/Linux][Debian] -- New flac packages fix
arbitrary code execution
Date: 21 January 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8671
Title: ESB-2008.0071 -- [Win][UNIX/Linux][Debian] -- New tomcat5.5 packages
fix several vulnerabilities
Date: 21 January 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8670
Title: ESB-2008.0070 -- [Win][UNIX/Linux] -- New mantis packages fix several
vulnerabilities
Date: 21 January 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Red Hat Linux, Mac OS X, HP-UX, AIX
URL: http://www.auscert.org.au/8669
Title: ESB-2008.0069 -- [Solaris] -- Multiple vulnerabilities in the Solaris X
Window System may allow Arbitrary Code Execution, Denial of Service or
Information Disclosure
Date: 23 January 2008
OS: Solaris
URL: http://www.auscert.org.au/8668
Title: ESB-2008.0065 -- [Debian] -- New xorg-server packages fix several
vulnerabilities
Date: 23 January 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8661
Title: ESB-2008.0063 -- [UNIX/Linux][RedHat] -- Important: xorg-x11 security
update
Date: 21 January 2008
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64
UNIX, Solaris
URL: http://www.auscert.org.au/8659
Title: ESB-2008.0023 -- [VMware ESX] -- Moderate OpenPegasus PAM
Authentication Buffer, Overflow and updated service console packages
Date: 23 January 2008
OS: Virtualisation
URL: http://www.auscert.org.au/8597
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list