[AusNOG] AusCERT Week in Review - Week Ending 07/11/2008 (AUSCERT#20073F686)

Jonathan Levine jonathan at auscert.org.au
Fri Nov 7 16:51:54 EST 2008


AusCERT Week in Review

07 November 2008

 

AusCERT in the Media:

- ---------------------

Community warned over local scams

Eyre Peninsula Tribune, Australia

Nov 4, 2008

http://eyrepeninsula.yourguide.com.au/news/local/news/general/community-warn
ed-over-local-scams/1352924.aspx

 

Real-life internet scammers dissected

ZDNet.com.au, Australia

Nov 4, 2008

http://www.zdnet.com.au/insight/security/soa/Real-life-internet-scammers-dis
sected/0,139023764,339292871,00.htm

 

Computer Security Day 2008 (Australia)

Seguí la Flecha, Argentina

Nov 4, 2008

http://www.seguilaflecha.com/news_26057_Computer-Security-Day-2008-(Australi
a).html

 

Papers, Articles and other documents:

- -------------------------------------

 

Web Log Entries:

- ----------------

Title: Obama new President and new malware

Date:  05 November 2008

URL:   http://www.auscert.org.au/10038

 

Alerts, Advisories and Updates:

- -------------------------------

Title: AA-2008.0228 -- [Win][UNIX/Linux] -- A vulnerability has been

       identified in VLC media player versions 0.5.0 through to 0.9.5. 

Date:  07 November 2008

URL:   http://www.auscert.org.au/10049

 

Title: AA-2008.0226 -- [Win][UNIX/Linux] -- A vulnerability has been

       identified in Novell Access Manager

Date:  06 November 2008

URL:   http://www.auscert.org.au/10042

 

Title: AA-2008.0227 -- [UNIX/Linux] -- A vulnerability exists in Nagios
prior

       to version 3.0.5

Date:  06 November 2008

URL:   http://www.auscert.org.au/10043

 

Title: AA-2008.0225 -- [Linux] -- A number of vulnerabilities have been

       identified in the 2.6 Linux kernel

Date:  05 November 2008

URL:   http://www.auscert.org.au/10041

 

Title: AL-2008.0111 -- [Win][Linux][Solaris][OSX] -- Security Update
available

       for Adobe Reader 8 and Acrobat 8

Date:  04 November 2008

URL:   http://www.auscert.org.au/10033

 

Title: AA-2008.0168 -- [Win][UNIX/Linux] -- A cross-site scripting

       vulnerability has been found in Apache httpd mod_proxy_ftp

Date:  03 November 2008

URL:   http://www.auscert.org.au/9688

 

External Security Bulletins:

- ----------------------------

Title: ESB-2008.1028 -- [Win][Linux][Solaris][OSX] -- Flash Player update

       available to address security vulnerabilities

Date:  07 November 2008

OS:    Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other

       Linux Variants, Windows XP, Red Hat Linux, Mac OS X, Windows Vista 

URL:   http://www.auscert.org.au/10048

 

Title: ESB-2008.1027 -- [Debian] -- New mysql-dfsg-5.0 packages fix

       authorization bypass

Date:  07 November 2008

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/10047

 

Title: ESB-2008.1026 -- [Solaris] -- A Security Vulnerability in the Sun

       System Firmware on Certain SPARC Systems May Allow Unauthorized Data

       Access

Date:  07 November 2008

OS:    Solaris 

URL:   http://www.auscert.org.au/10046

 

Title: ESB-2008.1025 -- [Tru64] -- HP Tru64 UNIX running AdvFS "showfile"

       command, Local Gain Extended Privileges

Date:  07 November 2008

OS:    HP Tru64 UNIX 

URL:   http://www.auscert.org.au/10045

 

Title: ESB-2008.1024 -- [Win][Linux][Solaris][AIX][OSX] -- Update available

       for potential ColdFusion 8 privilege escalation issue

Date:  07 November 2008

OS:    Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other

       Linux Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10044

 

Title: ESB-2008.1023 -- [Win][UNIX/Linux] -- A cross site scripting

       vulnerability has been identified in CCK (Drupal third-party module)

Date:  06 November 2008

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10040

 

Title: ESB-2008.1022 -- [Appliance][Cisco] -- Cisco VLAN Trunking Protocol

       Vulnerability

Date:  06 November 2008

OS:    Cisco Products 

URL:   http://www.auscert.org.au/10039

 

Title: ESB-2008.1021 -- [RedHat] -- Important: openoffice.org security
update

Date:  06 November 2008

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10037

 

Title: ESB-2008.1020 -- [HP-UX] -- HP System Management Homepage (SMH) for

       HP-UX, Local Unauthorized Access

Date:  05 November 2008

OS:    HP-UX 

URL:   http://www.auscert.org.au/10036

 

Title: ESB-2008.1019 -- [HP-UX] -- HP-UX Running Xserver, Remote Execution
of

       Arbitrary Code

Date:  05 November 2008

OS:    HP-UX 

URL:   http://www.auscert.org.au/10035

 

Title: ESB-2008.1018 -- [RedHat] -- Important: kernel security and bug fix

       update

Date:  05 November 2008

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10034

 

Title: ESB-2008.1017 -- [Win][UNIX/Linux] -- Shibboleth IdP 2.0

       UsernamePassword Login Handler Vulnerable to Cross-site Request
Attack

Date:  04 November 2008

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10032

 

Title: ESB-2008.1016 -- [UNIX/Linux][RedHat] -- Important: net-snmp security

       update

Date:  04 November 2008

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,

       HP-UX, AIX 

URL:   http://www.auscert.org.au/10031

 

Title: ESB-2008.1015 -- [Linux][HP-UX][Solaris] -- Oracle WebLogic Apache

       Connector

Date:  03 November 2008

OS:    Solaris, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat
Linux,

       HP-UX 

URL:   http://www.auscert.org.au/10030

 

Title: ESB-2008.1014 -- [VMware ESX] -- Updated ESX packages for libxml2,

       ucd-snmp, libtiff

Date:  03 November 2008

OS:    Virtualisation 

URL:   http://www.auscert.org.au/10029

 

Title: ESB-2008.1011 -- [Win][Mac][OSX] -- Adobe PageMaker Key Strings Stack

       Buffer Overflow

Date:  04 November 2008

OS:    Windows Vista, Mac OS X, Server 2008, Windows XP, Windows 2000,
Windows

       2003 

URL:   http://www.auscert.org.au/10023

 

Title: ESB-2008.0846 -- [Win][VMware ESX][Linux] -- Updates to VMware

       Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX

       address information disclosure, privilege escalation and other
security

       issues

Date:  03 November 2008

OS:    Windows Vista, Red Hat Linux, Server 2008, Virtualisation, Windows
XP,

       Other Linux Variants, Windows 2000, Windows 2003, Debian GNU/Linux,

       Ubuntu 

URL:   http://www.auscert.org.au/9775

 

Title: ESB-2008.0747 -- [VMware ESX] -- Updated ESX packages address several

       security issues

Date:  03 November 2008

OS:    Virtualisation 

URL:   http://www.auscert.org.au/9645

 

===========================================================================

Australian Computer Emergency Response Team The University of Queensland
Brisbane Qld 4072

 

Internet Email: auscert at auscert.org.au

Facsimile:      (07) 3365 7031

Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)

                AusCERT personnel answer during Queensland business hours

                which are GMT+10:00 (AEST).

                On call after hours for member emergencies only.

===========================================================================

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20081107/4c6fa8aa/attachment.html>


More information about the AusNOG mailing list