[AusNOG] AusCERT Week in Review - Week Ending 02/05/2007 (AUSCERT#20073f686)
Zane Jarvis
zane at auscert.org.au
Fri May 2 17:37:26 EST 2008
AusCERT in the Media:
- - ---------------------
Tumbleweed to unveil FTP analyzer at <b>AUSCERT</b> 2008
iTWire, Australia
2 hours ago
http://www.itwire.com/content/view/17969/1064/
Papers, Articles and other documents:
- - -------------------------------------
Web Log Entries:
- - ----------------
Title: Signing up to sign out
Date: 02 May 2008
URL: http://www.auscert.org.au/9221
Alerts, Advisories and Updates:
- - -------------------------------
Title: AL-2008.0050 -- [Win][UNIX/Linux] -- New Firefox, Thunderbird and
Seamonkey Versions Fix JavaScript Engine Vulnerability
Date: 02 May 2008
URL: http://www.auscert.org.au/9139
Title: AU-2008.0008 -- AusCERT Update - [Win][UNIX/Linux] - New Firefox,
Thunderbird and Seamonkey Versions Fix JavaScript Engine Vulnerability
Date: 02 May 2008
URL: http://www.auscert.org.au/9220
Title: AA-2008.0096 -- [FreeBSD] -- FreeBSD multiple packages updated
Date: 01 May 2008
URL: http://www.auscert.org.au/9191
Title: AA-2008.0097 -- [Win] -- Zune Software ActiveX Control - Arbitrary file
modification
Date: 01 May 2008
URL: http://www.auscert.org.au/9206
Title: AA-2008.0098 -- [Win] -- RealTek HD Audio Codec Driver Local Privilege
Escalation
Date: 01 May 2008
URL: http://www.auscert.org.au/9210
Title: AA-2008.0099 -- [Win][Linux][HP-UX][Solaris][AIX] -- IBM DB2 - Multiple
vulnerabilities
Date: 01 May 2008
URL: http://www.auscert.org.au/9211
Title: AA-2008.0100 -- [Linux] -- A vulnerability has been found in
login-utils/login.c of util-linux-ng
Date: 01 May 2008
URL: http://www.auscert.org.au/9212
Title: AA-2008.0080 -- [Win][UNIX/Linux] -- VLC Media Player multiple
vulnerabilities
Date: 30 April 2008
URL: http://www.auscert.org.au/9080
Title: AL-2008.0053 -- [Win] -- Intel Centrino Wireless Driver Malformed Frame
Remote Code Execution
Date: 28 April 2008
URL: http://www.auscert.org.au/9183
External Security Bulletins:
- - ----------------------------
Title: ESB-2008.0455 -- [Win][UNIX/Linux] -- cPanel XSRF vulnerabilities
Date: 02 May 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9219
Title: ESB-2008.0454 -- [UNIX/Linux][Appliance] -- Multiple vendors' BGP
implementations do not properly handle UPDATE messages
Date: 02 May 2008
OS: Ubuntu, Debian GNU/Linux, Other BSD Variants, OpenBSD, FreeBSD, Other
Linux Variants, Cisco Products, Red Hat Linux, AIX
URL: http://www.auscert.org.au/9218
Title: ESB-2008.0453 -- [Win] -- Akamai Download Manager Arbitrary Program
Execution Vulnerability
Date: 02 May 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9217
Title: ESB-2008.0452 -- [Debian] -- New wordpress packages fix several
vulnerabilities
Date: 02 May 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9216
Title: ESB-2008.0451 -- [Linux][Debian] -- New Linux 2.6.18 packages fix
several vulnerabilities
Date: 02 May 2008
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/9215
Title: ESB-2008.0450 -- [Solaris] -- Solaris 10 patches 128306-03 and
128307-03 may disable SVM Mirrored Root Systems
Date: 02 May 2008
OS: Solaris
URL: http://www.auscert.org.au/9214
Title: ESB-2008.0449 -- [NetBSD] -- NetBSD 2.x End of Life
Date: 01 May 2008
OS: Other BSD Variants
URL: http://www.auscert.org.au/9213
Title: ESB-2008.0448 -- [Win] -- Unauthenticated Stack Overflow in SNMPc
Date: 01 May 2008
OS: Windows 2003, Windows 2000, Windows XP, Windows NT 4, Windows Vista
URL: http://www.auscert.org.au/9209
Title: ESB-2008.0447 -- [Debian] -- New asterisk packages fix denial of
service
Date: 01 May 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9208
Title: ESB-2008.0446 -- [RedHat] -- Moderate: thunderbird security update
Date: 01 May 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9207
Title: ESB-2008.0445 -- [HP-UX] -- HP-UX running WBEM Services, Remote
Execution of Arbitrary Code, Gain Extended Privileges
Date: 30 April 2008
OS: HP-UX
URL: http://www.auscert.org.au/9205
Title: ESB-2008.0444 -- [Appliance] -- Motorola Surfboard cable modem
cross-site request forgery vulnerability
Date: 30 April 2008
URL: http://www.auscert.org.au/9204
Title: ESB-2008.0443 -- [UNIX/Linux] -- KDE - start_kdeinit multiple
vulnerabilities
Date: 30 April 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Other BSD Variants, OpenBSD,
FreeBSD, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/9203
Title: ESB-2008.0442 -- [UNIX/Linux] -- KDE - KHTML PNG Loader Buffer Overflow
Date: 30 April 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Other BSD Variants, OpenBSD,
FreeBSD, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/9202
Title: ESB-2008.0441 -- [Solaris] -- Cross Site Scripting (XSS)
Vulnerabilities in the Apache 1.3 and 2.0 "mod_imap" and "mod_status"
Modules
Date: 30 April 2008
OS: Solaris
URL: http://www.auscert.org.au/9201
Title: ESB-2008.0440 -- [Solaris] -- Security Vulnerability for ODF Text
Documents Containing XForms in StarOffice 8/StarSuite 8
Date: 30 April 2008
OS: Solaris
URL: http://www.auscert.org.au/9200
Title: ESB-2008.0439 -- [Solaris] -- Manipulated EMF Files May Lead to Heap
Overflows and Arbitrary Code Execution
Date: 30 April 2008
OS: Solaris
URL: http://www.auscert.org.au/9199
Title: ESB-2008.0438 -- [Solaris] -- Security Vulnerability With Quattro Pro
Files in StarOffice 8/StarSuite 8
Date: 30 April 2008
OS: Solaris
URL: http://www.auscert.org.au/9198
Title: ESB-2008.0437 -- [Solaris] -- Security Vulnerability for OLE Files in
StarOffice 7 and 8, StarSuite 7 and 8
Date: 30 April 2008
OS: Solaris
URL: http://www.auscert.org.au/9197
Title: ESB-2008.0436 -- [Win][Linux][HP-UX][Solaris] -- Cross-site Scripting
(XSS) Vulnerability in the Sun Java System Access Manager
Administration Console
Date: 30 April 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, Windows
Vista
URL: http://www.auscert.org.au/9196
Title: ESB-2008.0435 -- [Win][Linux][HP-UX][Solaris] -- Security Vulnerability
in Sun Java System Directory Proxy Server May Grant Unauthorized
Administrative Access
Date: 30 April 2008
OS: Windows Vista, HP-UX, Red Hat Linux, Server 2008, Windows XP, Other
Linux Variants, Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu,
Solaris
URL: http://www.auscert.org.au/9195
Title: ESB-2008.0434 -- [Win][UNIX/Linux] -- Wordpress 2.5 Cookie Integrity
Protection Vulnerability
Date: 30 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/9194
Title: ESB-2008.0433 -- [Win] -- Microsoft HeartbeatCtl ActiveX control buffer
overflow
Date: 30 April 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9193
Title: ESB-2008.0432 -- [Win] -- Multiple Antivirus and Firewalls -
Insufficient argument validation of hooked SSDT functions
Date: 29 April 2008
OS: Server 2008, Windows Vista, Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/9192
Title: ESB-2008.0431 -- [RedHat] -- Moderate: java-1.6.0-bea security update
Date: 29 April 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9190
Title: ESB-2008.0430 -- [RedHat] -- Moderate: java-1.5.0-bea security update
Date: 29 April 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9189
Title: ESB-2008.0429 -- [RedHat] -- Moderate: java-1.4.2-bea security update
Date: 29 April 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9188
Title: ESB-2008.0428 -- [RedHat] -- Moderate: tomcat security update
Date: 29 April 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9187
Title: ESB-2008.0427 -- [Debian] -- New iceape packages fix arbitrary code
execution
Date: 29 April 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9186
Title: ESB-2008.0426 -- [Linux][Debian] -- New ldm packages fix information
disclosure
Date: 29 April 2008
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/9185
Title: ESB-2008.0425 -- [Win][UNIX/Linux][Debian] -- New kronolith2 packages
fix cross site scripting
Date: 30 April 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/9184
Title: ESB-2008.0424 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in
Wireshark
Date: 28 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, FreeBSD, Other Linux Variants, Windows XP,
Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/9182
Title: ESB-2008.0423 -- [Win] -- Photoshop Album Starter Edition 3.2 possible
execution of arbitrary code
Date: 28 April 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9180
Title: ESB-2008.0422 -- [Win] -- HP Software Update HPeDiag Running on Windows
Execute Arbitrary code
Date: 28 April 2008
OS: Windows 2003, Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/9179
Title: ESB-2008.0421 -- [Win][UNIX/Linux][Debian] -- New phpgedview packages
fix cross site scripting
Date: 28 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/9178
Title: ESB-2008.0420 -- [Win][UNIX/Linux][Debian] -- New xulrunner packages
fix arbitrary code execution
Date: 28 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9177
Title: ESB-2008.0419 -- [Win][UNIX/Linux][Debian] -- New phpmyadmin packages
fix several vulnerabilities
Date: 28 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9176
Title: ESB-2008.0418 -- [UNIX/Linux][Debian] -- New perl packages fix denial
of service
Date: 28 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/9175
Title: ESB-2008.0417 -- [Win][UNIX/Linux] -- Multiple Vulnerabilities in
Drupal third party modules
Date: 30 April 2008
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008, Other Linux Variants,
FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX, Other BSD Variants,
Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/9173
Title: ESB-2008.0415 -- [UNIX/Linux] -- Asterisk Project Security Advisory -
AST-2008-006
Date: 30 April 2008
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64
UNIX, Solaris
URL: http://www.auscert.org.au/9171
Title: ESB-2008.0327 -- [Debian] -- New iceape packages fix several
vulnerabilities
Date: 28 April 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9038
Title: ESB-2008.0286 -- [Win][Linux] -- Updated VMware Workstation, VMware
Player, VMware Server, VMware ACE, and VMware Fusion resolve critical
security issues
Date: 28 April 2008
OS: Windows Vista, Red Hat Linux, Windows XP, Other Linux Variants, Windows
2000, Windows 2003, Debian GNU/Linux, Ubuntu
URL: http://www.auscert.org.au/8979
Title: ESB-2008.0143 -- [Solaris] -- Sun Fire T1000/T2000 and Netra T2000 With
Firmware 6.5.11 May Experience Continuous Console EFT Errors
Date: 30 April 2008
OS: Solaris
URL: http://www.auscert.org.au/8776
Title: ESB-2008.0139 -- [UNIX/Linux][Debian] -- New wml packages fix denial of
service
Date: 28 April 2008
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64
UNIX, Solaris
URL: http://www.auscert.org.au/8772
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list