[AusNOG] AusCERT Week in Review - Week Ending 09/05/2008 (AUSCERT#20073f686)
Zane Jarvis
zane at auscert.org.au
Fri May 9 16:09:47 EST 2008
AusCERT Week in Review
09 May 2008
AusCERT in the Media:
---------------------
Law Reform Commission readies information privacy dossier
Computerworld, Norway
3 hours ago
http://news.idg.no/cw/art.cfm?id=CB320D81-17A4-0F78-3195C9E1D7AAE6E5
Papers, Articles and other documents:
-------------------------------------
Web Log Entries:
----------------
Title: One vulnerability, hundreds of thousands of compromises.
Date: 09 May 2008
URL: http://www.auscert.org.au/9254
Alerts, Advisories and Updates:
-------------------------------
Title: AA-2008.0101 -- [Win][UNIX/Linux] -- PHP 5.2.6 released correcting
multiple vulnerabilities
Date: 09 May 2008
URL: http://www.auscert.org.au/9230
Title: AA-2008.0102 -- [Win] -- Microsoft XP Service Pack 3 is now available
Date: 09 May 2008
URL: http://www.auscert.org.au/9248
Title: AL-2008.0054 -- [Win][UNIX/Linux] -- Adobe Reader and Acrobat -
Multiple vulnerabilities
Date: 08 May 2008
URL: http://www.auscert.org.au/9239
Title: AL-2008.0048 -- [VMware ESX] -- Moderate Updated Service Console
packages pcre, net-snmp, and OpenPegasus
Date: 06 May 2008
URL: http://www.auscert.org.au/9131
External Security Bulletins:
----------------------------
Title: ESB-2008.0482 -- [Win] -- Multimedia PC Client - Potential
Vulnerability Due to Buffer Overflow
Date: 09 May 2008
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Server 2008,
Windows NT 4, Windows Vista, Windows ME
URL: http://www.auscert.org.au/9251
Title: ESB-2008.0481 -- [UNIX/Linux] -- eGroupWare: Multiple vulnerabilities
Date: 09 May 2008
URL: http://www.auscert.org.au/9250
Title: ESB-2008.0480 -- [NetBSD] -- OpenSSL Multiple issues
Date: 09 May 2008
OS: Other BSD Variants
URL: http://www.auscert.org.au/9249
Title: ESB-2008.0479 -- [Win][UNIX/Linux][Solaris] -- Cross-Site Scripting
Vulnerability in Sun Java System Web Server Search Module
Date: 09 May 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Other BSD Variants, Windows 2003,
OpenBSD, Windows 2000, FreeBSD, Other Linux Variants, Windows XP,
Server 2008, Red Hat Linux, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/9247
Title: ESB-2008.0478 -- [RedHat] -- Important: gpdf security update
Date: 09 May 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9246
Title: ESB-2008.0477 -- [Solaris] -- Security Vulnerabilities in the Tcl GUI
Toolkit Library may lead to arbitrary code execution or Denial of
Service (DoS)
Date: 08 May 2008
OS: Solaris
URL: http://www.auscert.org.au/9245
Title: ESB-2008.0476 -- [Linux][Solaris] -- A Security Vulnerability in Sun
Ray Kiosk Mode 4.0 May Allow Escalation of Privileges
Date: 09 May 2008
OS: Red Hat Linux, Other Linux Variants, Debian GNU/Linux, Ubuntu, Solaris
URL: http://www.auscert.org.au/9244
Title: ESB-2008.0475 -- [Win][UNIX/Linux] -- JSP Source Code Disclosure
Vulnerability Affects Sun Java System Application Server and Web Server
Date: 08 May 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9243
Title: ESB-2008.0474 -- [Solaris] -- Security Vulnerability in the TCP
Implementation of Solaris Systems May Allow a Denial of Service When
Accepting New Connections While Undergoing a TCP "SYN Flood" Attack
Date: 08 May 2008
OS: Solaris
URL: http://www.auscert.org.au/9242
Title: ESB-2008.0473 -- [UNIX/Linux] -- rdesktop Multiple Vulnerabilities
Date: 08 May 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/9241
Title: ESB-2008.0472 -- [HP-UX] -- HP-UX Running LDAP-UX, Local Unauthorized
Access
Date: 08 May 2008
OS: HP-UX
URL: http://www.auscert.org.au/9240
Title: ESB-2008.0471 -- [Linux][RedHat] -- Important: kernel security and bug
fix update
Date: 08 May 2008
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/9238
Title: ESB-2008.0470 -- [Linux][RedHat] -- Important: kernel security and bug
fix update
Date: 08 May 2008
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/9237
Title: ESB-2008.0469 -- [Linux][RedHat] -- Important: kernel security and bug
fix update
Date: 08 May 2008
OS: Red Hat Linux, Other Linux Variants, Debian GNU/Linux, Ubuntu
URL: http://www.auscert.org.au/9236
Title: ESB-2008.0468 -- [Win][UNIX/Linux] -- Bugzilla - Multiple Security
Vulnerabilities
Date: 09 May 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/9235
Title: ESB-2008.0467 -- [HP-UX] -- HP-UX Running Netscape Directory Server
(NDS), Local Gain Extended Privileges
Date: 07 May 2008
OS: HP-UX
URL: http://www.auscert.org.au/9234
Title: ESB-2008.0466 -- [HP-UX] -- HP-UX running Apache with PHP, Remote
Denial of Service (DoS), Gain Extended Privileges
Date: 07 May 2008
OS: HP-UX
URL: http://www.auscert.org.au/9233
Title: ESB-2008.0465 -- [Solaris] -- Security Vulnerability in Solaris SSH May
Allow Unauthorized Access to X11 Sessions
Date: 07 May 2008
OS: Solaris
URL: http://www.auscert.org.au/9232
Title: ESB-2008.0464 -- [UNIX/Linux][Debian] -- New kazehakase packages fix
execution of arbitrary code
Date: 07 May 2008
OS: Ubuntu, Debian GNU/Linux, Other BSD Variants, OpenBSD, FreeBSD, Other
Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/9231
Title: ESB-2008.0463 -- [Win] -- Wonderware SuiteLink Denial of Service
vulnerability
Date: 06 May 2008
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Server 2008,
Windows NT 4, Windows Vista, Windows ME
URL: http://www.auscert.org.au/9229
Title: ESB-2008.0462 -- [Win][UNIX/Linux][Debian] -- New cacti packages fix
multiple vulnerabilities
Date: 07 May 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/9228
Title: ESB-2008.0461 -- [Win][UNIX/Linux][Debian] -- New b2evolution packages
fix cross site scripting
Date: 06 May 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/9227
Title: ESB-2008.0460 -- [Win][UNIX/Linux][Debian] -- New blender packages fix
arbitrary code execution
Date: 06 May 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9226
Title: ESB-2008.0459 -- [Solaris] -- Installing a Kernel patch or certain
Solaris Trusted Extensions patches may cause desktop login failures for
systems configured with Solaris Trusted Extensions enabled
Date: 05 May 2008
OS: Solaris
URL: http://www.auscert.org.au/9225
Title: ESB-2008.0458 -- [Solaris] -- Multiple Security Vulnerabilities in
Solaris 10 Involving the SCTP Protocol May Result in a Panic and Denial
of Service (DoS)
Date: 07 May 2008
OS: Solaris
URL: http://www.auscert.org.au/9224
Title: ESB-2008.0457 -- [Solaris] -- Security Vulnerability in Solaris 10
Trusted Extensions Labeled Networking Related to Data Transfer Between
Labeled Zones
Date: 05 May 2008
OS: Solaris
URL: http://www.auscert.org.au/9223
Title: ESB-2008.0456 -- [Debian] -- New cpio packages fix denial of service
Date: 05 May 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9222
Title: ESB-2008.0455 -- [Win][UNIX/Linux] -- cPanel XSRF vulnerabilities
Date: 05 May 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/9219
Title: ESB-2008.0441 -- [Solaris] -- Cross Site Scripting (XSS)
Vulnerabilities in the Apache 1.3 and 2.0 "mod_imap" and "mod_status"
Modules
Date: 07 May 2008
OS: Solaris
URL: http://www.auscert.org.au/9201
Title: ESB-2008.0434 -- [Win][UNIX/Linux] -- Wordpress 2.5 Cookie Integrity
Protection Vulnerability
Date: 09 May 2008
OS: Windows Vista, AIX, HP-UX, Red Hat Linux, Server 2008, Windows XP,
Other Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003,
IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX,
Solaris
URL: http://www.auscert.org.au/9194
Title: ESB-2008.0412 -- [UNIX/Linux][Debian] -- New roundup packages fix
cross-site scripting vulnerability
Date: 07 May 2008
OS: HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD, OpenBSD,
IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, Solaris
URL: http://www.auscert.org.au/9168
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list