[AusNOG] AusCERT Week in Review - Week Ending 07/11/2008 (AUSCERT#20073F686)
Jonathan Levine
j.levine at uq.edu.au
Fri Nov 7 16:37:29 EST 2008
AusCERT Week in Review
07 November 2008
AusCERT in the Media:
- ---------------------
Community warned over local scams
Eyre Peninsula Tribune, Australia
Nov 4, 2008
http://eyrepeninsula.yourguide.com.au/news/local/news/general/community-warned-over-local-scams/1352924.aspx
Real-life internet scammers dissected
ZDNet.com.au, Australia
Nov 4, 2008
http://www.zdnet.com.au/insight/security/soa/Real-life-internet-scammers-dissected/0,139023764,339292871,00.htm
Computer Security Day 2008 (Australia)
Seguí la Flecha, Argentina
Nov 4, 2008
http://www.seguilaflecha.com/news_26057_Computer-Security-Day-2008-(Australia).html
Papers, Articles and other documents:
- -------------------------------------
Web Log Entries:
- ----------------
Title: Obama new President and new malware
Date: 05 November 2008
URL: http://www.auscert.org.au/10038
Alerts, Advisories and Updates:
- -------------------------------
Title: AA-2008.0228 -- [Win][UNIX/Linux] -- A vulnerability has been
identified in VLC media player versions 0.5.0 through to 0.9.5.
Date: 07 November 2008
URL: http://www.auscert.org.au/10049
Title: AA-2008.0226 -- [Win][UNIX/Linux] -- A vulnerability has been
identified in Novell Access Manager
Date: 06 November 2008
URL: http://www.auscert.org.au/10042
Title: AA-2008.0227 -- [UNIX/Linux] -- A vulnerability exists in Nagios prior
to version 3.0.5
Date: 06 November 2008
URL: http://www.auscert.org.au/10043
Title: AA-2008.0225 -- [Linux] -- A number of vulnerabilities have been
identified in the 2.6 Linux kernel
Date: 05 November 2008
URL: http://www.auscert.org.au/10041
Title: AL-2008.0111 -- [Win][Linux][Solaris][OSX] -- Security Update available
for Adobe Reader 8 and Acrobat 8
Date: 04 November 2008
URL: http://www.auscert.org.au/10033
Title: AA-2008.0168 -- [Win][UNIX/Linux] -- A cross-site scripting
vulnerability has been found in Apache httpd mod_proxy_ftp
Date: 03 November 2008
URL: http://www.auscert.org.au/9688
External Security Bulletins:
- ----------------------------
Title: ESB-2008.1028 -- [Win][Linux][Solaris][OSX] -- Flash Player update
available to address security vulnerabilities
Date: 07 November 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Red Hat Linux, Mac OS X, Windows Vista
URL: http://www.auscert.org.au/10048
Title: ESB-2008.1027 -- [Debian] -- New mysql-dfsg-5.0 packages fix
authorization bypass
Date: 07 November 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10047
Title: ESB-2008.1026 -- [Solaris] -- A Security Vulnerability in the Sun
System Firmware on Certain SPARC Systems May Allow Unauthorized Data
Access
Date: 07 November 2008
OS: Solaris
URL: http://www.auscert.org.au/10046
Title: ESB-2008.1025 -- [Tru64] -- HP Tru64 UNIX running AdvFS "showfile"
command, Local Gain Extended Privileges
Date: 07 November 2008
OS: HP Tru64 UNIX
URL: http://www.auscert.org.au/10045
Title: ESB-2008.1024 -- [Win][Linux][Solaris][AIX][OSX] -- Update available
for potential ColdFusion 8 privilege escalation issue
Date: 07 November 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, AIX,
Windows Vista
URL: http://www.auscert.org.au/10044
Title: ESB-2008.1023 -- [Win][UNIX/Linux] -- A cross site scripting
vulnerability has been identified in CCK (Drupal third-party module)
Date: 06 November 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/10040
Title: ESB-2008.1022 -- [Appliance][Cisco] -- Cisco VLAN Trunking Protocol
Vulnerability
Date: 06 November 2008
OS: Cisco Products
URL: http://www.auscert.org.au/10039
Title: ESB-2008.1021 -- [RedHat] -- Important: openoffice.org security update
Date: 06 November 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/10037
Title: ESB-2008.1020 -- [HP-UX] -- HP System Management Homepage (SMH) for
HP-UX, Local Unauthorized Access
Date: 05 November 2008
OS: HP-UX
URL: http://www.auscert.org.au/10036
Title: ESB-2008.1019 -- [HP-UX] -- HP-UX Running Xserver, Remote Execution of
Arbitrary Code
Date: 05 November 2008
OS: HP-UX
URL: http://www.auscert.org.au/10035
Title: ESB-2008.1018 -- [RedHat] -- Important: kernel security and bug fix
update
Date: 05 November 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/10034
Title: ESB-2008.1017 -- [Win][UNIX/Linux] -- Shibboleth IdP 2.0
UsernamePassword Login Handler Vulnerable to Cross-site Request Attack
Date: 04 November 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/10032
Title: ESB-2008.1016 -- [UNIX/Linux][RedHat] -- Important: net-snmp security
update
Date: 04 November 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10031
Title: ESB-2008.1015 -- [Linux][HP-UX][Solaris] -- Oracle WebLogic Apache
Connector
Date: 03 November 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,
HP-UX
URL: http://www.auscert.org.au/10030
Title: ESB-2008.1014 -- [VMware ESX] -- Updated ESX packages for libxml2,
ucd-snmp, libtiff
Date: 03 November 2008
OS: Virtualisation
URL: http://www.auscert.org.au/10029
Title: ESB-2008.1011 -- [Win][Mac][OSX] -- Adobe PageMaker Key Strings Stack
Buffer Overflow
Date: 04 November 2008
OS: Windows Vista, Mac OS X, Server 2008, Windows XP, Windows 2000, Windows
2003
URL: http://www.auscert.org.au/10023
Title: ESB-2008.0846 -- [Win][VMware ESX][Linux] -- Updates to VMware
Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX
address information disclosure, privilege escalation and other security
issues
Date: 03 November 2008
OS: Windows Vista, Red Hat Linux, Server 2008, Virtualisation, Windows XP,
Other Linux Variants, Windows 2000, Windows 2003, Debian GNU/Linux,
Ubuntu
URL: http://www.auscert.org.au/9775
Title: ESB-2008.0747 -- [VMware ESX] -- Updated ESX packages address several
security issues
Date: 03 November 2008
OS: Virtualisation
URL: http://www.auscert.org.au/9645
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list