[AusNOG] AusCERT Week in Review - Week Ending 20/06/2008 (AUSCERT#20073f686)
Paul Fahey
paul at auscert.org.au
Fri Jun 20 15:19:14 EST 2008
AusCERT in the Media:
---------------------
Beijing Olympics? Paranoia will protect your data
ZDNet.com.au, Australia
1 hour ago
http://www.zdnet.com.au/blogs/securifythis/soa/Beijing-Olympics-Paranoia-will-pr
otect-your-data/0,139033343,339289982,00.htm
New protection for online banking users
NEWS.com.au, Australia
Jun 17, 2008
http://australianit.news.com.au/articles/0,7204,23883819%5E15306,00.html
McAfee CEO: Adware is killing antivirus blacklisting
ZDNet Asia, Asia
Jun 15, 2008
http://www.zdnetasia.com/news/security/0,39044215,62042651,00.htm
Home computers hacking risk
Courier Mail, Australia
Jun 15, 2008
http://www.news.com.au/couriermail/comments/0,23836,23868125-8362,00.html
Internet fraud has taken a sinister new turn
Courier Mail, Australia
Jun 15, 2008
http://www.news.com.au/couriermail/story/0,23739,23866896-27197,00.html
Papers, Articles and other documents:
-------------------------------------
Web Log Entries:
----------------
Title: Zero day Firefox vulnerability
Date: 19 June 2008
URL: http://www.auscert.org.au/9484
Title: Accepting Certificates
Date: 18 June 2008
URL: http://www.auscert.org.au/9466
Title: Port Scanning increase
Date: 18 June 2008
URL: http://www.auscert.org.au/9471
Alerts, Advisories and Updates:
-------------------------------
Title: AL-2008.0074 -- [Win] -- Vulnerability in Bluetooth Stack Could Allow
Remote Code Execution (951376)
Date: 20 June 2008
URL: http://www.auscert.org.au/9423
Title: AA-2008.0134 -- [Win][UNIX/Linux] -- Vulnerability Reported in
vBulletin
Date: 20 June 2008
URL: http://www.auscert.org.au/9464
Title: AU-2008.0011 -- AusCERT Update - [Win][UNIX/Linux] - Vulnerability
Reported in vBulletin
Date: 20 June 2008
URL: http://www.auscert.org.au/9491
Title: AU-2008.0012 -- AusCERT Update - [Win] - Re-release of Microsoft
Bluetooth Patch for XP SP2/SP3 Users
Date: 20 June 2008
URL: http://www.auscert.org.au/9493
Title: AA-2008.0130 -- [Win][UNIX/Linux] -- Opera 9.5 Released
Date: 19 June 2008
URL: http://www.auscert.org.au/9454
Title: AA-2008.0140 -- [Appliance][Solaris] -- Avaya CMS and IR - Security
Vulnerability in inet_network() Library Routine May Allow Denial of
Service (DoS) to Applications (Sun 238493)
Date: 19 June 2008
URL: http://www.auscert.org.au/9486
Title: AA-2008.0137 -- [Win][UNIX/Linux] -- Firefox 3 Released
Date: 19 June 2008
URL: http://www.auscert.org.au/9473
Title: AA-2008.0139 -- [Win][UNIX/Linux] -- ClamAV Denial Of Service
Date: 19 June 2008
URL: http://www.auscert.org.au/9481
Title: AU-2008.0010 -- AusCERT Update - [Win][UNIX/Linux] - Firefox 3 Released
Date: 19 June 2008
URL: http://www.auscert.org.au/9485
Title: AA-2008.0135 -- [Appliance] -- F5 Networks - BIG-IP v9.3.1
Authentication Bypass in SNMP
Date: 18 June 2008
URL: http://www.auscert.org.au/9468
Title: AA-2008.0136 -- [UNIX/Linux] -- fetchmail - Denial of Service
vulnerabilities
Date: 18 June 2008
URL: http://www.auscert.org.au/9472
Title: AA-2008.0138 -- [Win] -- Novell GroupWise Messenger multiple
vulnerabilities
Date: 18 June 2008
URL: http://www.auscert.org.au/9474
Title: AA-2008.0132 -- [Win] -- XChat 2.8.7c Released for Windows
Date: 17 June 2008
URL: http://www.auscert.org.au/9461
Title: AA-2008.0133 -- [Win][UNIX/Linux] -- Multiple Vulnerabilities Reported
in Horde Applications
Date: 17 June 2008
URL: http://www.auscert.org.au/9462
Title: AL-2008.0047 -- [Win][UNIX/Linux] -- Oracle Critical Patch Update
Pre-Release Notification
Date: 16 June 2008
URL: http://www.auscert.org.au/9124
Title: AA-2008.0131 -- [Win][UNIX/Linux] -- Apache HTTP Server 2.2.9 Released
Date: 16 June 2008
URL: http://www.auscert.org.au/9455
External Security Bulletins:
----------------------------
Title: ESB-2008.0638 -- [Solaris] -- Solaris MPT(7D) patch May Cause Loss of
Devices in NetBackup
Date: 20 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9490
Title: ESB-2008.0637 -- [Solaris] -- Multiple Security Vulnerabilities in the
FreeType2 library for Printer Font Binary (PFB) or TrueType Font (TTF)
format font files may lead to a Denial of Service (DoS) or allow
Execution of Arbitrary Code
Date: 20 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9489
Title: ESB-2008.0636 -- [UNIX/Linux][Debian] -- New libtk-img packages fix
arbitrary code execution
Date: 20 June 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/9488
Title: ESB-2008.0635 -- [Win] -- Safari v3.1.2 for Windows
Date: 20 June 2008
OS: Windows 2003, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9487
Title: ESB-2008.0634 -- [Solaris] -- A Security Vulnerability in Sun Java
System Calendar Server May Allow Denial of Service (DoS) When Access
Logging is Enabled
Date: 19 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9483
Title: ESB-2008.0633 -- [Win][UNIX/Linux][OSX] -- Drupal Third Party Modules -
Multiple Vulnerabilities
Date: 19 June 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9482
Title: ESB-2008.0632 -- [Win][Netware] -- CA ARCserve Discovery Service -
Denial of Service Vulnerability
Date: 19 June 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Novell Netware,
Windows Vista
URL: http://www.auscert.org.au/9480
Title: ESB-2008.0631 -- [Win][UNIX/Linux][OSX] -- Update to Flex 3 to address
potential cross-site scripting vulnerability
Date: 19 June 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Other BSD Variants, Windows 2003,
OpenBSD, Windows 2000, FreeBSD, Other Linux Variants, Windows XP,
Server 2008, Red Hat Linux, Mac OS X, Windows Vista
URL: http://www.auscert.org.au/9479
Title: ESB-2008.0630 -- [Win][Cisco] -- Deterministic Network Enhancer
privilege escalation vulnerability
Date: 19 June 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Cisco Products,
Windows Vista
URL: http://www.auscert.org.au/9478
Title: ESB-2008.0629 -- [Win] -- Novell iPrint Client ActiveX control stack
buffer overflows
Date: 19 June 2008
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Server 2008,
Windows NT 4, Windows Vista, Windows ME
URL: http://www.auscert.org.au/9477
Title: ESB-2008.0628 -- [Win] -- Symantec Altiris Notification Server Agent
GUI Local Elevation of Privilege
Date: 19 June 2008
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Server 2008,
Windows NT 4, Windows Vista, Windows ME
URL: http://www.auscert.org.au/9476
Title: ESB-2008.0627 -- [Cisco] -- Cisco Intrusion Prevention System Jumbo
Frame Denial of Service
Date: 19 June 2008
OS: Cisco Products
URL: http://www.auscert.org.au/9475
Title: ESB-2008.0626 -- [Appliance][Solaris] -- Collecting Support Data On
Certain Arrays May Cause One or Both Array Controllers to Reboot
Date: 18 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9469
Title: ESB-2008.0625 -- [Win][Appliance] -- HP Storage Management Appliance
(SMA), Microsoft Patch Applicability MS08-030 to MS08-036
Date: 18 June 2008
OS: Windows 2000
URL: http://www.auscert.org.au/9467
Title: ESB-2008.0624 -- [RedHat] -- Important: perl security update
Date: 18 June 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9465
Title: ESB-2008.0623 -- [VMware ESX] -- Updated Tomcat and Java JRE packages
for VMware ESX 3.5
Date: 17 June 2008
OS: Virtualisation
URL: http://www.auscert.org.au/9463
Title: ESB-2008.0622 -- [Solaris] -- SNMPv3 Authentication Bypass
Vulnerability in snmpd
Date: 16 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9460
Title: ESB-2008.0621 -- [Solaris] -- A Security Vulnerability in IP Multicast
Filter processing of Sockets may lead to a system panic or possible
execution of Arbitrary Code
Date: 20 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9459
Title: ESB-2008.0620 -- [Solaris] -- Multiple security vulnerabilities in the
Solaris X Server Extensions may lead to a Denial of Service (DoS)
condition or allow Execution of Arbitrary Code
Date: 16 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9458
Title: ESB-2008.0619 -- [Solaris] -- Denial of Service (DoS) Vulnerability in
the Solaris e1000g(7D) Gigabit Ethernet Driver
Date: 20 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9457
Title: ESB-2008.0618 -- [Solaris] -- Solaris 10 Patches Cause ARP to
Erroneously Detect Duplicate Network Address Which Leaves the Affected
Interface in an Unusable State
Date: 16 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9456
Title: ESB-2008.0614 -- [Solaris] -- Kernel Security Vulnerability on Solaris
Systems Using the Sun UltraSPARC T2 and UltraSPARC T2+ Processors May
Allow Denial of Service (DoS)
Date: 20 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9449
Title: ESB-2008.0612 -- [Solaris] -- Solaris 10 Event Port Implementation May
Lead to a System Panic
Date: 20 June 2008
OS: Solaris
URL: http://www.auscert.org.au/9447
Title: ESB-2008.0609 -- [Win] -- Cumulative Security Update of ActiveX Kill
Bits
Date: 16 June 2008
OS: Windows Vista, Server 2008, Windows XP, Windows 2000, Windows 2003
URL: http://www.auscert.org.au/9444
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list