[AusNOG] AusCERT Week in Review - Week Ending 05/09/2008 (AUSCERT#20073f686)
Paul Fahey
paul at auscert.org.au
Fri Sep 5 16:18:50 EST 2008
Alerts, Advisories and Updates:
-------------------------------
Title: AL-2008.0092 -- [Win] -- Microsoft Bulletin Notification - September
Prerelease Announcement
Date: 05 September 2008
URL: http://www.auscert.org.au/9797
Title: AA-2008.0186 -- [Win] -- Multiple buffer overflow vulnerabilities in
Novell iPrint Client
Date: 05 September 2008
URL: http://www.auscert.org.au/9798
Title: AA-2008.0187 -- [Win][UNIX/Linux] -- Denial of Service vulnerability
reported in Wireshark
Date: 05 September 2008
URL: http://www.auscert.org.au/9799
Title: AA-2008.0188 -- [Win] -- Denial of Service vulnerability reported in
Bind for Windows
Date: 05 September 2008
URL: http://www.auscert.org.au/9800
Title: AA-2008.0184 -- [Win][UNIX/Linux] -- Denial of Service vulnerability
reported in Ruby on Rails
Date: 04 September 2008
URL: http://www.auscert.org.au/9794
Title: AA-2008.0185 -- [UNIX/Linux] -- Denial of Service vulnerability
reported in ClamAV
Date: 04 September 2008
URL: http://www.auscert.org.au/9795
Title: AA-2008.0182 -- [Linux] -- Denial of Service Vulnerability Reported in
Postfix on Linux
Date: 03 September 2008
URL: http://www.auscert.org.au/9785
Title: AA-2008.0183 -- [UNIX] -- Cross-Site scripting vulnerability reported
in IBM HTTP Server for Websphere on z/os
Date: 03 September 2008
URL: http://www.auscert.org.au/9786
Title: AA-2008.0180 -- [Win][Netware][Linux][Solaris][AIX] -- Novell
eDirectory SP3 released
Date: 02 September 2008
URL: http://www.auscert.org.au/9780
Title: AA-2008.0181 -- [Win][Netware][UNIX/Linux] -- Vulnerability reported in
Novell User Application and Identity Manager Role Based Provisioning
Module
Date: 02 September 2008
URL: http://www.auscert.org.au/9781
Title: AA-2008.0178 -- [UNIX/Linux] -- Privilege escalation vulnerability in
Samba
Date: 01 September 2008
URL: http://www.auscert.org.au/9776
Title: AA-2008.0179 -- [Win][Linux][HP-UX][Solaris][AIX] -- Multiple
vulnerabilities in IBM DB2
Date: 01 September 2008
URL: http://www.auscert.org.au/9777
External Security Bulletins:
----------------------------
Title: ESB-2007.0960 -- [Solaris] -- Security Vulnerabilities in libtiff(3)
May Allow Denial of Service (DoS) or Privilege Elevation
Date: 04 September 2008
OS: Solaris
URL: http://www.auscert.org.au/8430
Title: ESB-2008.0857 -- [UNIX/Linux] -- dnsmasq: Denial of Service and DNS
spoofing
Date: 05 September 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/9796
Title: ESB-2008.0856 -- [AIX] -- AIX swcons file ownership/permission
vulnerability.
Date: 04 September 2008
OS: AIX
URL: http://www.auscert.org.au/9793
Title: ESB-2008.0855 -- [FreeBSD] -- Remote kernel panics on IPv6 connections
Date: 04 September 2008
OS: FreeBSD
URL: http://www.auscert.org.au/9792
Title: ESB-2008.0854 -- [FreeBSD] -- nmount(2) local arbitrary code execution
Date: 04 September 2008
OS: FreeBSD
URL: http://www.auscert.org.au/9791
Title: ESB-2008.0853 -- [FreeBSD] -- amd64 swapgs local privilege escalation
Date: 04 September 2008
OS: FreeBSD
URL: http://www.auscert.org.au/9790
Title: ESB-2008.0852 -- [Cisco] -- Remote Access VPN and SIP Vulnerabilities
in Cisco PIX and Cisco ASA
Date: 04 September 2008
OS: Cisco Products
URL: http://www.auscert.org.au/9789
Title: ESB-2008.0851 -- [Cisco] -- Cisco Secure ACS Denial Of Service
Vulnerability
Date: 04 September 2008
OS: Cisco Products
URL: http://www.auscert.org.au/9788
Title: ESB-2008.0850 -- [Win][Linux][HP-UX][Solaris] -- HP OpenView Network
Node Manager (OV NNM), Remote Denial of Service (DoS)
Date: 03 September 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, Windows
Vista
URL: http://www.auscert.org.au/9783
Title: ESB-2008.0849 -- [HP-UX] -- HP-UX Running Netscape / Red Hat Directory
Server, Remote Cross Site Scripting (XSS) or Remote Denial of Service
(DoS)
Date: 03 September 2008
OS: HP-UX
URL: http://www.auscert.org.au/9782
Title: ESB-2008.0848 -- [Win][UNIX/Linux][Debian] -- New wordnet packages fix
arbitrary code execution
Date: 02 September 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9779
Title: ESB-2008.0847 -- [UNIX/Linux][Debian] -- New slash packages fix
multiple vulnerabilities
Date: 02 September 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/9778
Title: ESB-2008.0846 -- [Win][VMware ESX][Linux] -- Updates to VMware
Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX
address information disclosure, privilege escalation and other security
issues
Date: 01 September 2008
OS: Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
Variants, Windows XP, Virtualisation, Server 2008, Red Hat Linux,
Windows Vista
URL: http://www.auscert.org.au/9775
Title: ESB-2008.0845 -- [Solaris] -- Installing Patches 136936-04/-05 on SPARC
Enterprise T5140 and T5240 systems may lead to Regression and Booting
Issues
Date: 01 September 2008
OS: Solaris
URL: http://www.auscert.org.au/9774
Title: ESB-2008.0844 -- [Solaris] -- A Regression in the Secure Shell Daemon
(sshd(1M)) Breaks X11 Forwarding Functionality on IPv4 Only Systems
Date: 01 September 2008
OS: Solaris
URL: http://www.auscert.org.au/9773
Title: ESB-2008.0842 -- [Solaris] -- Covert Channel Security Vulnerability in
the Solaris Kernel
Date: 04 September 2008
OS: Solaris
URL: http://www.auscert.org.au/9769
Title: ESB-2008.0832 -- [Solaris] -- Security Vulnerability in Solaris 10 NFS
Remote Procedure Calls (RPCs) May Allow a Denial of Service (DoS) or
Data Integrity Issues for Non-Global Zones
Date: 01 September 2008
OS: Solaris
URL: http://www.auscert.org.au/9759
Title: ESB-2008.0827 -- [Win][UNIX/Linux] -- DoS vulnerability in REXML
Date: 01 September 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/9754
Title: ESB-2008.0825 -- [Solaris] -- A Security Vulnerability in the Solaris
NFS Kernel Module May Lead to a System Panic, Resulting in a Denial of
Service (DoS)
Date: 01 September 2008
OS: Solaris
URL: http://www.auscert.org.au/9752
Title: ESB-2008.0819 -- [NetBSD] -- NetBSD malformed ICMPv6 MLD query crash
Date: 05 September 2008
OS: Other BSD Variants
URL: http://www.auscert.org.au/9745
Title: ESB-2008.0797 -- [VMware ESX] -- Updated ESX packages for OpenSSL,
net-snmp, perl
Date: 01 September 2008
OS: Virtualisation
URL: http://www.auscert.org.au/9713
Title: ESB-2008.0777 -- [Win][UNIX/Linux] -- New opensc packages fix smart
card vulnerability
Date: 01 September 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/9679
Title: ESB-2008.0747 -- [VMware ESX] -- Updated ESX packages address several
security issues
Date: 01 September 2008
OS: Virtualisation
URL: http://www.auscert.org.au/9645
Title: ESB-2008.0623 -- [VMware ESX] -- Updated Tomcat and Java JRE packages
for VMware ESX 3.5
Date: 01 September 2008
OS: Virtualisation
URL: http://www.auscert.org.au/9463
Title: ESB-2008.0611 -- [UNIX/Linux][Debian] -- New mt-daapd packages fix
several vulnerabilities
Date: 01 September 2008
OS: AIX, HP-UX, Red Hat Linux, Other Linux Variants, FreeBSD, OpenBSD,
IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX,
Solaris
URL: http://www.auscert.org.au/9446
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list