[AusNOG] AusCERT Week in Review - Week Ending 18/09/2009 (AUSCERT#20073f686)
Daniel McNamara
daniel at auscert.org.au
Fri Sep 18 15:20:25 EST 2009
Greetings all,
In an interesting followup to last weeks release of Firefox 3.5.3 it was
shown that quite a large number of users are running outdated versions of
Flash. A new feature in Firefox 3.5.3 was a helper component which checked
the users Flash plugin version and informed them that they may wish to
upgrade to avoid security issues. It seems this feature is working quite
well and Mozilla have provided the metric to prove it. [1]
Chrome 3 was released this week which fixed some minor issues but was mostly
a feature update. As promising as Chrome is looking so far it's still
missing a lot of features we would like to see such as the ability to
disable JavaScript easily or better still allow/disallow on a per site basis
ala the NoScript addon for Firefox. [2]
In the server world there is talk of a local privilege escalation issue in
NetBSD which has been documented, assigned a CVE and even had a video made
showing how it's done. So far there has been no response on the NetBSD site
on this issue. [3]
Last, but certainly not least, an exploit targeting the unpatched execute
arbitrary code flaw in SMB that Microsoft advised about last week has been
released. Given the potential for this to be used in a worm this would be a
good time to ensure that you prevent SMB access from untrusted machines.
Learning lessons from the Conficker worm there is also a good argument for
limiting SMB access for trusted machines as well. [4,5]
Have a good weekend,
Daniel
[1] Helping People Upgrade Flash
http://blog.mozilla.com/metrics/2009/09/16/helping-people-upgrade-flash/
[2] ASB-2009.1085
https://www.auscert.org.au/render.html?it=11648
[3] Iret #GP on pre-commit handling failure: the NetBSD case (CVE-2009-2793)
http://www.cr0.org/misc/CVE-2009-2793.txt
[4] ESB-2009.1269.2
http://www.auscert.org.au/render.html?it=11608
[5] SMB2 remote exploit released
http://isc.sans.org/diary.html?storyid=7141
--
AusCERT Week in Review
18 September 2009
AusCERT in the Media:
---------------------
Papers, Articles and other documents:
-------------------------------------
Title: The Internet Industry Association (IIA) has released a draft
eSecurity
code - public responses invited.
Date: 17 September 2009
URL: http://www.auscert.org.au/11658
Title: AusCERT Certificate Service Project Update - September 2009
Date: 14 September 2009
URL: http://www.auscert.org.au/11634
Web Log Entries:
----------------
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2009.1083.2 - UPDATE [Win][UNIX/Linux] PostgreSQL: Multiple
vulnerabilities
Date: 18 September 2009
URL: http://www.auscert.org.au/11641
Title: ASB-2009.1086 - [Win][UNIX/Linux] wireshark: Denial of service -
Remote
with user interaction
Date: 17 September 2009
URL: http://www.auscert.org.au/11654
Title: ASB-2009.1087 - [Win][Netware][SUSE] Novell GroupWise: Cross-site
scripting - Remote/unauthenticated
Date: 17 September 2009
URL: http://www.auscert.org.au/11655
Title: ASB-2009.1088 - [Win][UNIX/Linux] Bugzilla: Multiple vulnerabilities
Date: 17 September 2009
URL: http://www.auscert.org.au/11656
Title: ASB-2009.1085 - [Win] Google Chrome: Cross-site scripting - Remote
with
user interaction
Date: 16 September 2009
URL: http://www.auscert.org.au/11648
Title: ASB-2009.1082 - [Win][UNIX/Linux] Horde Application
Framework/Groupware: Execute arbitrary code/commands - Remote with
user
interaction
Date: 15 September 2009
URL: http://www.auscert.org.au/11640
Title: ASB-2009.1084 - [Win][UNIX/Linux] IBM Tivoli Identity Manager:
Cross-site scripting - Remote with user interaction
Date: 15 September 2009
URL: http://www.auscert.org.au/11642
Title: ASB-2009.1081 - [Win][Linux][HP-UX][Solaris][AIX] IBM HTTP Server:
Denial of service - Remote/unauthenticated
Date: 14 September 2009
URL: http://www.auscert.org.au/11633
External Security Bulletins:
----------------------------
Title: ESB-2009.1303 - [RedHat] freeradius: Denial of service -
Remote/unauthenticated
Date: 18 September 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11659
Title: ESB-2009.1302 - [Solaris][OpenSolaris] Solaris IPv6 Networking Stack:
Denial of service - Remote/unauthenticated
Date: 17 September 2009
OS: Solaris
URL: http://www.auscert.org.au/11657
Title: ESB-2009.1301 - [Solaris][OpenSolaris] pidgin: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 17 September 2009
OS: Solaris
URL: http://www.auscert.org.au/11653
Title: ESB-2009.1300 - [Win][Linux][Solaris][OpenSolaris][Mac][OSX]
StarOffice/StarSuite: Execute arbitrary code/commands - Remote with
user interaction
Date: 17 September 2009
OS: Solaris, Red Hat Linux, Windows 2003, Mac OS X, Debian GNU/Linux,
Ubuntu, Windows XP, SUSE, Windows 2000, Windows Vista, Windows Server
2008, Other Linux Variants
URL: http://www.auscert.org.au/11652
Title: ESB-2009.1299 - [Win][UNIX/Linux] Drupal third-party modules:
Multiple
Vulnerabilities
Date: 17 September 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
SUSE,
OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11651
Title: ESB-2009.1298 - [Win][UNIX/Linux] Drupal core: Cross-site request
forgery - Existing account
Date: 17 September 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
SUSE,
OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11650
Title: ESB-2009.1297 - [Debian] icu: Cross-site scripting -
Remote/unauthenticated
Date: 17 September 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11649
Title: ESB-2009.1296 - [SUSE] Multiple products: Multiple vulnerabilities
Date: 16 September 2009
OS: SUSE
URL: http://www.auscert.org.au/11647
Title: ESB-2009.1295 - [HP-UX] bootpd: Denial of service -
Remote/unauthenticated
Date: 16 September 2009
OS: HP-UX
URL: http://www.auscert.org.au/11646
Title: ESB-2009.1294 - [Debian] Ruby on rails: Cross-site scripting -
Remote/unauthenticated
Date: 16 September 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11645
Title: ESB-2009.1293 - [Debian] openssl: Reduced security - Remote with user
interaction
Date: 16 September 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11644
Title: ESB-2009.1292 - [RedHat] kernel: Multiple vulnerabilities
Date: 16 September 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11643
Title: ESB-2009.1291 - [Debian] iceweasel: Multiple vulnerabilities
Date: 15 September 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11639
Title: ESB-2009.1290 - [Debian] xulrunner: Multiple vulnerabilities
Date: 15 September 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11638
Title: ESB-2009.1289 - [Win][UNIX/Linux][Debian] nginx: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 15 September 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD Variants,
SUSE,
OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11637
Title: ESB-2009.1288 - [UNIX/Linux][Debian] nagios2: Cross-site scripting -
Remote/unauthenticated
Date: 15 September 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/11636
Title: ESB-2009.1287 - [Appliance][Mac][OSX] Xsan: Read-only data access -
Remote with user interaction
Date: 15 September 2009
OS: Mac OS X
URL: http://www.auscert.org.au/11635
Title: ESB-2009.1286 - [UNIX/Linux] htmldoc: Execute arbitrary code/commands
-
Remote with user interaction
Date: 14 September 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/11632
Title: ESB-2009.1285 - [Debian] devscripts: Reduced security - Existing
account
Date: 14 September 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11631
Title: ESB-2009.1284 - [Solaris][OpenSolaris] TCP: Denial of service -
Remote/unauthenticated
Date: 14 September 2009
OS: Solaris
URL: http://www.auscert.org.au/11630
Title: ESB-2009.1283 - [Solaris][OpenSolaris] w(1) Utility: Execute
arbitrary
code/commands - Existing account
Date: 14 September 2009
OS: Solaris
URL: http://www.auscert.org.au/11629
Title: ESB-2009.1282 - [Solaris][OpenSolaris] lx branded zones: Denial of
service - Existing account
Date: 14 September 2009
OS: Solaris
URL: http://www.auscert.org.au/11628
Title: ESB-2009.1253.2 - UPDATE [Win] Sun Java System Web Server: Access
privileged data - Remote/unauthenticated
Date: 14 September 2009
OS: Windows Server 2008, Windows Vista, Windows 2000, Windows XP, Windows
2003, Solaris
URL: http://www.auscert.org.au/11584
Title: ESB-2009.0620 -- [Solaris][OpenSolaris] -- Solaris Ghostscript
(GS(1)):
Execute Arbitrary Code
Date: 15 September 2009
OS: Solaris
URL: http://www.auscert.org.au/11226
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090918/14c79c34/attachment.html>
More information about the AusNOG
mailing list