Cisco's half yearly flood of advisories, updates to Mozilla software and Kiwicon

Date: 26 September 2008 Original URL: http://www.auscert.org.au/render.html?cid=7066&it=9906 Greetings, This week saw Cisco's bi-annual patch cycle roll around with an avalanche of advisories. The majority of vulnerabilities in IOS resulted in a Denial of Service. Many of these vulnerabilities were in the specialised components or the handling of some of the less common protocols (such as NAT Skinny Call Control Protocol). However, there was such a spread of these, that I'm guessing almost any organisation with Cisco kit would be affected in one way or another. In addition to IOS, Cisco also announced a DoS vulnerability in the Session Initiation Protocol handling of the Unified Communications Manager. Mozilla also released updated versions of Firefox and SeaMonkey to correct several vulnerabilities. We are still waiting on the updates for Thunderbird (which is also affected by many of these). Beyond this, we didn't see any major incidents beyond a few compromised web servers serving up malware, some reports of XSS vulnerabilities on Australian web sites and some other compromised systems (joining botnets and scanning). If you have some incidents that you consider out of the ordinary, please let us know! This weekend Kiwicon is being held in Victoria University in Wellington. A few AusCERT staff have made the trip across the Tasman to check it out. So keep an eye out for them if you're there. Regards, Rob