AusCERT - AusCERT Week in Review for 3rd December 2010

HOME

About AusCERT

Membership

PKI Services

Training

Publications

Sec. Bulletins

Conferences

News & Media

Services

Web Log

Site Map

Site Help

Member login

AusCERT Week in Review for 3rd December 2010

Date: 03 December 2010

Click here for printable version

As we get closer to the silly season, in contrast to the last couple of slow weeks it seems there's been no shortage of vulnerabilities being discovered this week. Some items of note this week include:

- First up, MIT made an announcement regarding multiple vulnerabilities in kerberos, and new versions being released to correct these issues.

- Cisco released a bulletin regarding a vulnerability in its ASA 5500 Series, PIX 500 Series and VPN 3000 Series Concentrators, which could potentially allow for man-in-the-middle attacks to occur.

- A vulnerability was found in McAfee's VirusScan Enterprise 8.5i when scanning documents hosted on remote shares which could allow for malicious code execution.

- Three new vulnerabilities have been found in BIND, which has caused ISC to release a number of new versions.

- The most interesting item of note this week, is the compromise of ProFTPD's ftp distribution server. A backdoor was inserted into a distribution of ProFTPD which could allow for a root compromise of affected systems. [5]

Have a great weekend!
Jonathan