AusCERT - Australia's National Computer Emergency Response Team

copyright | disclaimer | privacy | contact

HOME

About AusCERT

Contact Us

Membership

Report Incident

Training

Publications

Sec. Bulletins

Conferences

Certifications

News & Media

Services

National Home

Site Map

Site Help



		AusCERT is the national Computer Emergency Response Team for Australia and a leading CERT in the Asia/Pacific region. As a trusted Australian contact within a worldwide network of computer security experts, we provide computer incident prevention, response and mitigation strategies for members, a national alerting service and an incident reporting scheme.



		AL-2003.17 -- Sendmail prescan() buffer overflow vulnerability - New sendmail buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code (potentially as root) or cause a denial of service. (18/09/2003) AU-2003.014 -- AusCERT Update - Exploit Code Publicly Available For Microsoft Vulnerability MS03-039 - AusCERT advises that working exploit code has now been published for the most recent Microsoft Remote Procedure Call (RPC) vulnerability described in AusCERT ALERT AL-2003.15 , "Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)" (17/09/2003) ESB-2003.0646 -- Sun(sm) Alert Notification -- Security Issue Involving the Solaris sadmind(1M) Daemon - A local or remote unprivileged user may be able to execute arbitrary commands with the permissions of the sadmind(1M) daemon on Solaris systems utilizing the default security level authentication mechanism of AUTH_SYS. (17/09/2003) AL-2003.16 -- Buffer Management Vulnerability in OpenSSH - Sites running OpenSSH prior to 3.7, and any implementations of code derived from OpenSSH prior to 3.7, to evaluate their exposure to this vulnerabilities and to apply the vendor patches, and/or network filters as deemed necessary. (17/09/2003) AL-2003.15 -- Buffer Overrun In RPCSS Service Could Allow Code Execution (824146) - Three newly discovered vulnerabilities in the Windows RPC service could allow remote attackers to execute arbitrary code with Local System privileges. The patch in this bulletin supersedes the patch from the Microsoft bulletin MS03-026. (11/09/2003) More..



		Business Impact Assessment - Blaster revisited - The Blaster and Welchia worms continue to have a sustained impact on many Australian networks. The newest Microsoft RPC vulnerabilities announced early on 11 September 2003 provide the potential for a new round of worm attacks. This time, however, the impact could be more severe - if, as we expect, the time to develop the worm code occurs more quickly than before. (16/09/2003) AusCERT member profile based email - AusCERT members now have the ability to identify areas of interest via their profile. They can then have AusCERT security bulletins matching the profile sent to their nominated email address through the member profile email service. (15/09/2003) Training places available in Perth 7 and 8th October, courses comming up for New Zealand and Adelaide - Network Intrusion Detection Systems (NIDS) and Network Monitoring for System Administrators (NMSA) places are available. (15/09/2003) AL-2003.04 -- Increase in fraudulent activity targeting users of online banking and electronic payment sites - AusCERT has received a significant increase in numbers of reports of scams targeting online banking and electronic payment sites. This AusCERT Alert details these scams and provides some mitigation strategies. (21/08/2003) Protecting your computer from malicious code - This paper provides practical advice for protecting the PC desk top environment from malicious code for home users, SMEs or large organisations. (18/08/2003)



		AU-2003.015 -- AusCERT Update - New email virus/worm "Swen" masquerades as Microsoft Update Users and system administrators should be aware of a new mass-mailer worm that claims to be either the "September 2003, Cumulative Patch" or a qmail delivery failure notice with an executable attachment. ESB-2003.0633 -- CERT Summary CS-2003-03 -- CERT Summary AL-2003.16 -- Buffer Management Vulnerability in OpenSSH Sites running OpenSSH prior to 3.7, and any implementations of code derived from OpenSSH prior to 3.7, to evaluate their exposure to this vulnerabilities and to apply the vendor patches, and/or network filters as deemed necessary. AL-2003.17 -- Sendmail prescan() buffer overflow vulnerability New sendmail buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code (potentially as root) or cause a denial of service. UNIX Security Checklist v2.0 This document details steps to improve the security of Unix Operating Systems. We encourage system administrators to review all sections of this document and if appropriate modify their systems accordingly to fix potential weaknesses. AL-2003.15 -- Buffer Overrun In RPCSS Service Could Allow Code Execution (824146) Three newly discovered vulnerabilities in the Windows RPC service could allow remote attackers to execute arbitrary code with Local System privileges. The patch in this bulletin supersedes the patch from the Microsoft bulletin MS03-026.