[AusNOG] AusCERT Week in Review - Week Ending 06/06/2008 (AUSCERT#20073f686)
Paul Fahey
paul at auscert.org.au
Fri Jun 6 15:49:53 EST 2008
Alerts, Advisories and Updates:
-------------------------------
Title: AA-2008.0112 -- [Appliance] -- Authentication Bypass Reported in Citrix
Access Gateway
Date: 06 June 2008
URL: http://www.auscert.org.au/9298
Title: AA-2008.0125 -- [UNIX/Linux] -- ikiwiki 2.48 released correcting
multiple vulnerabilities
Date: 06 June 2008
URL: http://www.auscert.org.au/9389
Title: AL-2008.0071 -- [Win] -- Microsoft Bulletin Notification - June
Prerelease Announcement
Date: 06 June 2008
URL: http://www.auscert.org.au/9410
Title: AA-2008.0126 -- [Win][UNIX/Linux] -- Unspecified security vulnerability
in IBM Websphere Application Server.
Date: 06 June 2008
URL: http://www.auscert.org.au/9412
Title: AL-2008.0048 -- [VMware ESX] -- Moderate Updated Service Console
packages pcre, net-snmp, and OpenPegasus
Date: 05 June 2008
URL: http://www.auscert.org.au/9131
Title: AL-2008.0066 -- [Cisco] -- Multiple Vulnerabilities in Cisco PIX and
Cisco ASA
Date: 05 June 2008
URL: http://www.auscert.org.au/9398
Title: AL-2008.0067 -- [Win][VMware ESX][Linux] -- Patches available for
critical VMware vulnerabilities
Date: 05 June 2008
URL: http://www.auscert.org.au/9399
Title: AL-2008.0068 -- [Win] -- Skype File URI Security Bypass Code Execution
Vulnerability
Date: 05 June 2008
URL: http://www.auscert.org.au/9404
Title: AL-2008.0069 -- [Win][Linux][HP-UX][Solaris][AIX] -- Multiple Critical
Vulnerabilities in Sun Java System Active Server Pages
Date: 05 June 2008
URL: http://www.auscert.org.au/9405
Title: AL-2008.0070 -- [Win] -- HP Instant Support HPISDataManager.dll Running
on Windows, Remote Execution of Arbitrary Code
Date: 05 June 2008
URL: http://www.auscert.org.au/9408
Title: AA-2008.0102 -- [Win] -- Microsoft XP Service Pack 3 is now available
Date: 03 June 2008
URL: http://www.auscert.org.au/9248
Title: AU-2008.0009 -- AusCERT Update - [Win] - Microsoft XP Service Pack 3
Includes Vulnerable Flash Player
Date: 03 June 2008
URL: http://www.auscert.org.au/9388
Title: AA-2008.0121 -- [UNIX/Linux] -- New mambo release corrects several
vulnerabilities
Date: 02 June 2008
URL: http://www.auscert.org.au/9357
External Security Bulletins:
----------------------------
Title: ESB-2008.0588 -- [Solaris] -- Security Vulnerability in inet_network()
Library Routine May Allow Denial of Service (DoS) to Applications
Date: 06 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9411
Title: ESB-2008.0587 -- [UNIX/Linux] -- Asterisk - Remote crash vulnerability
in ooh323 channel driver
Date: 06 June 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/9409
Title: ESB-2008.0586 -- [Solaris] -- Security Vulnerability in Solaris 10
Service Tag Registry May Allow Denial of Service
Date: 05 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9407
Title: ESB-2008.0585 -- [Win] -- Multiple Vulnerabilities in CA ETrust Secure
Content Manager Gateway
Date: 05 June 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9406
Title: ESB-2008.0584 -- [Win] -- Kaspersky Internet Security IOCTL Stack Based
Buffer Overflow Vulnerability
Date: 05 June 2008
OS: Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/9403
Title: ESB-2008.0583 -- [UNIX/Linux][RedHat] -- Important: evolution security
update
Date: 05 June 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/9402
Title: ESB-2008.0582 -- [RedHat] -- Moderate: cups security update
Date: 05 June 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9401
Title: ESB-2008.0581 -- [Solaris] -- rpc.ypupdated(1M) may allow execution of
Arbitrary Code when run in Insecure Mode
Date: 04 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9397
Title: ESB-2008.0580 -- [Solaris] -- Multiple Security Vulnerabilities in
Flash Player for Solaris
Date: 04 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9396
Title: ESB-2008.0579 -- [Win][UNIX/Linux] -- Asterisk - Remote Crash
Vulnerability in SIP channel driver when run in pedantic mode
Date: 04 June 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/9395
Title: ESB-2008.0578 -- [Win] -- HP StorageWorks Storage Mirroring Software
Remote Execution of Arbitrary Code
Date: 06 June 2008
OS: Windows Vista, Windows XP, Windows 2000, Windows 2003
URL: http://www.auscert.org.au/9394
Title: ESB-2008.0577 -- [RedHat] -- Red Hat Enterprise Linux 2.1 - 1-Year End
Of Life Notice
Date: 04 June 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9393
Title: ESB-2008.0576 -- [FreeBSD] -- FreeBSD 5.5, FreeBSD 6.1, and FreeBSD 6.2
end-of-life notification
Date: 04 June 2008
OS: FreeBSD
URL: http://www.auscert.org.au/9392
Title: ESB-2008.0575 -- [Win][UNIX/Linux] -- Tomcat host-manager XSS
vulnerability
Date: 04 June 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/9391
Title: ESB-2008.0574 -- [Debian] -- New libvorbis packages fix several
vulnerabilities
Date: 04 June 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9390
Title: ESB-2008.0573 -- [Solaris] -- Small Appending Writes May Result in Data
Loss in Sun/Solaris Cluster 3.1 or 3.2 Filesystem
Date: 03 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9386
Title: ESB-2008.0572 -- [Win] -- Creative Software AutoUpdate Engine ActiveX
stack buffer overflow
Date: 02 June 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9384
Title: ESB-2008.0571 -- [Win][UNIX/Linux] -- BIND 9.5.0 released
Date: 02 June 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX
URL: http://www.auscert.org.au/9383
Title: ESB-2008.0570 -- [Solaris] -- Two Security Vulnerabilities in samba(7)
WINS Server Daemon (nmbd) May Allow Execution of Arbitrary Code or Lead
to a Denial of Service (DoS) Condition
Date: 02 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9382
Title: ESB-2008.0569 -- [Solaris] -- A Security Vulnerability in the Solaris
crontab(1) utility may allow execution of Arbitrary Code
Date: 06 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9381
Title: ESB-2008.0568 -- [Solaris] -- A Security Vulnerability in samba(7)
Domain logons may allow execution of Arbitrary code with Root
privileges
Date: 02 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9380
Title: ESB-2008.0567 -- [Solaris] -- On Solaris 10 the "nxge" Driver for
Specific Ethernet Cards May Report Excessive and Spurious Errors
Date: 02 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9379
Title: ESB-2008.0566 -- [Solaris] -- A Security Vulnerability in the Sun
Cluster Global File System
Date: 06 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9378
Title: ESB-2008.0565 -- [Solaris] -- On Systems Running Solaris Cluster 3.2,
"scdpmd" May Leak Memory and Render the System Unusable When
"reboot_on_path_failure" Property is Enabled
Date: 02 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9377
Title: ESB-2008.0564 -- [Debian] -- New samba packages fix arbitrary code
execution
Date: 02 June 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9375
Title: ESB-2008.0563 -- [Win][Linux] -- Updates to VMware Workstation, VMware
Player, VMware ACE, VMware Fusion resolve critical security issues
Date: 02 June 2008
OS: Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Windows Vista
URL: http://www.auscert.org.au/9374
Title: ESB-2008.0562 -- [Win] -- Symantec Backup Exec System Recovery Manager
- Directory Traversal Vulnerability
Date: 06 June 2008
OS: Windows 2000, Windows 2003
URL: http://www.auscert.org.au/9371
Title: ESB-2008.0554 -- [Debian] -- New Linux 2.6.18 packages fix several
vulnerabilities
Date: 02 June 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9359
Title: ESB-2008.0541 -- [Win][Linux][HP-UX][Solaris][AIX] -- Cross-Site
Scripting Vulnerability in the Sun Java System Web Server Advanced
Search Mechanism
Date: 06 June 2008
OS: AIX, HP-UX, Red Hat Linux, Windows XP, Windows 2000, Windows 2003,
Solaris
URL: http://www.auscert.org.au/9341
Title: ESB-2008.0532 -- [Win] -- IBM Lotus Sametime Community Services
Multiplexer Stack Overflow Vulnerability
Date: 03 June 2008
OS: Windows Vista, Server 2008, Windows XP, Windows 2000, Windows 2003
URL: http://www.auscert.org.au/9331
Title: ESB-2008.0408 -- [UNIX/Linux][Debian] -- New ikiwiki packages fix
cross-site request forgery
Date: 02 June 2008
OS: HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD, OpenBSD,
IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, Solaris
URL: http://www.auscert.org.au/9161
Regards,
-- Paul Fahey --
Computer Security Analyst | Hotline: +61 7 3365 4417
Australian Computer Emergency Response Team | Direct: +61 7 3365 4036
(AusCERT) | Fax: +61 7 3365 7031
The University of Queensland | WWW: www.auscert.org.au
Qld 4072 Australia | Email: auscert at auscert.org.au
More information about the AusNOG
mailing list