[AusNOG] AusCERT Week in Review - Week Ending 05/09/2008 (AUSCERT#20073f686)

Paul Fahey paul at auscert.org.au
Fri Sep 5 16:18:50 EST 2008


Alerts, Advisories and Updates:
-------------------------------
Title: AL-2008.0092 -- [Win] -- Microsoft Bulletin Notification - September
       Prerelease Announcement 
Date:  05 September 2008
URL:   http://www.auscert.org.au/9797

Title: AA-2008.0186 -- [Win] -- Multiple buffer overflow vulnerabilities in
       Novell iPrint Client 
Date:  05 September 2008
URL:   http://www.auscert.org.au/9798

Title: AA-2008.0187 -- [Win][UNIX/Linux] -- Denial of Service vulnerability
       reported in Wireshark 
Date:  05 September 2008
URL:   http://www.auscert.org.au/9799

Title: AA-2008.0188 -- [Win] -- Denial of Service vulnerability reported in
       Bind for Windows 
Date:  05 September 2008
URL:   http://www.auscert.org.au/9800

Title: AA-2008.0184 -- [Win][UNIX/Linux] -- Denial of Service vulnerability
       reported in Ruby on Rails 
Date:  04 September 2008
URL:   http://www.auscert.org.au/9794

Title: AA-2008.0185 -- [UNIX/Linux] -- Denial of Service vulnerability
       reported in ClamAV 
Date:  04 September 2008
URL:   http://www.auscert.org.au/9795

Title: AA-2008.0182 -- [Linux] -- Denial of Service Vulnerability Reported in
       Postfix on Linux 
Date:  03 September 2008
URL:   http://www.auscert.org.au/9785

Title: AA-2008.0183 -- [UNIX] -- Cross-Site scripting vulnerability reported
       in IBM HTTP Server for Websphere on z/os 
Date:  03 September 2008
URL:   http://www.auscert.org.au/9786

Title: AA-2008.0180 -- [Win][Netware][Linux][Solaris][AIX] -- Novell
       eDirectory SP3 released 
Date:  02 September 2008
URL:   http://www.auscert.org.au/9780

Title: AA-2008.0181 -- [Win][Netware][UNIX/Linux] -- Vulnerability reported in
       Novell User Application and Identity Manager Role Based Provisioning
       Module 
Date:  02 September 2008
URL:   http://www.auscert.org.au/9781

Title: AA-2008.0178 -- [UNIX/Linux] -- Privilege escalation vulnerability in
       Samba 
Date:  01 September 2008
URL:   http://www.auscert.org.au/9776

Title: AA-2008.0179 -- [Win][Linux][HP-UX][Solaris][AIX] -- Multiple
       vulnerabilities in IBM DB2 
Date:  01 September 2008
URL:   http://www.auscert.org.au/9777


External Security Bulletins:
----------------------------
Title: ESB-2007.0960 -- [Solaris] -- Security Vulnerabilities in libtiff(3)
       May Allow Denial of Service (DoS) or Privilege Elevation 
Date:  04 September 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/8430

Title: ESB-2008.0857 -- [UNIX/Linux] -- dnsmasq: Denial of Service and DNS
       spoofing 
Date:  05 September 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL:   http://www.auscert.org.au/9796

Title: ESB-2008.0856 -- [AIX] -- AIX swcons file ownership/permission
       vulnerability. 
Date:  04 September 2008
OS:    AIX 
URL:   http://www.auscert.org.au/9793

Title: ESB-2008.0855 -- [FreeBSD] -- Remote kernel panics on IPv6 connections 
Date:  04 September 2008
OS:    FreeBSD 
URL:   http://www.auscert.org.au/9792

Title: ESB-2008.0854 -- [FreeBSD] -- nmount(2) local arbitrary code execution 
Date:  04 September 2008
OS:    FreeBSD 
URL:   http://www.auscert.org.au/9791

Title: ESB-2008.0853 -- [FreeBSD] -- amd64 swapgs local privilege escalation 
Date:  04 September 2008
OS:    FreeBSD 
URL:   http://www.auscert.org.au/9790

Title: ESB-2008.0852 -- [Cisco] -- Remote Access VPN and SIP Vulnerabilities
       in Cisco PIX and Cisco ASA 
Date:  04 September 2008
OS:    Cisco Products 
URL:   http://www.auscert.org.au/9789

Title: ESB-2008.0851 -- [Cisco] -- Cisco Secure ACS Denial Of Service
       Vulnerability 
Date:  04 September 2008
OS:    Cisco Products 
URL:   http://www.auscert.org.au/9788

Title: ESB-2008.0850 -- [Win][Linux][HP-UX][Solaris] -- HP OpenView Network
       Node Manager (OV NNM), Remote Denial of Service (DoS) 
Date:  03 September 2008
OS:    Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
       Linux Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, Windows
       Vista 
URL:   http://www.auscert.org.au/9783

Title: ESB-2008.0849 -- [HP-UX] -- HP-UX Running Netscape / Red Hat Directory
       Server, Remote Cross Site Scripting (XSS) or Remote Denial of Service
       (DoS) 
Date:  03 September 2008
OS:    HP-UX 
URL:   http://www.auscert.org.au/9782

Title: ESB-2008.0848 -- [Win][UNIX/Linux][Debian] -- New wordnet packages fix
       arbitrary code execution 
Date:  02 September 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/9779

Title: ESB-2008.0847 -- [UNIX/Linux][Debian] -- New slash packages fix
       multiple vulnerabilities 
Date:  02 September 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/9778

Title: ESB-2008.0846 -- [Win][VMware ESX][Linux] -- Updates to VMware
       Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX
       address information disclosure, privilege escalation and other security
       issues 
Date:  01 September 2008
OS:    Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
       Variants, Windows XP, Virtualisation, Server 2008, Red Hat Linux,
       Windows Vista 
URL:   http://www.auscert.org.au/9775

Title: ESB-2008.0845 -- [Solaris] -- Installing Patches 136936-04/-05 on SPARC
       Enterprise T5140 and T5240 systems may lead to Regression and Booting
       Issues 
Date:  01 September 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9774

Title: ESB-2008.0844 -- [Solaris] -- A Regression in the Secure Shell Daemon
       (sshd(1M)) Breaks X11 Forwarding Functionality on IPv4 Only Systems 
Date:  01 September 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9773

Title: ESB-2008.0842 -- [Solaris] -- Covert Channel Security Vulnerability in
       the Solaris Kernel 
Date:  04 September 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9769

Title: ESB-2008.0832 -- [Solaris] -- Security Vulnerability in Solaris 10 NFS
       Remote Procedure Calls (RPCs) May Allow a Denial of Service (DoS) or
       Data Integrity Issues for Non-Global Zones 
Date:  01 September 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9759

Title: ESB-2008.0827 -- [Win][UNIX/Linux] -- DoS vulnerability in REXML 
Date:  01 September 2008
OS:    Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
       Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
       Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
       Tru64 UNIX, Solaris 
URL:   http://www.auscert.org.au/9754

Title: ESB-2008.0825 -- [Solaris] -- A Security Vulnerability in the Solaris
       NFS Kernel Module May Lead to a System Panic, Resulting in a Denial of
       Service (DoS) 
Date:  01 September 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9752

Title: ESB-2008.0819 -- [NetBSD] -- NetBSD malformed ICMPv6 MLD query crash 
Date:  05 September 2008
OS:    Other BSD Variants 
URL:   http://www.auscert.org.au/9745

Title: ESB-2008.0797 -- [VMware ESX] -- Updated ESX packages for OpenSSL,
       net-snmp, perl 
Date:  01 September 2008
OS:    Virtualisation 
URL:   http://www.auscert.org.au/9713

Title: ESB-2008.0777 -- [Win][UNIX/Linux] -- New opensc packages fix smart
       card vulnerability 
Date:  01 September 2008
OS:    Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
       Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
       Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
       Tru64 UNIX, Solaris 
URL:   http://www.auscert.org.au/9679

Title: ESB-2008.0747 -- [VMware ESX] -- Updated ESX packages address several
       security issues 
Date:  01 September 2008
OS:    Virtualisation 
URL:   http://www.auscert.org.au/9645

Title: ESB-2008.0623 -- [VMware ESX] -- Updated Tomcat and Java JRE packages
       for VMware ESX 3.5 
Date:  01 September 2008
OS:    Virtualisation 
URL:   http://www.auscert.org.au/9463

Title: ESB-2008.0611 -- [UNIX/Linux][Debian] -- New mt-daapd packages fix
       several vulnerabilities 
Date:  01 September 2008
OS:    AIX, HP-UX, Red Hat Linux, Other Linux Variants, FreeBSD, OpenBSD,
       IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX,
       Solaris 
URL:   http://www.auscert.org.au/9446

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================



More information about the AusNOG mailing list