Home > Products and services > CSIRTUK advisories > Advisories archive > July 2007

The Sun(SM) Alert Weekly Summary Report, a newsletter that provides a weekly listing of newly released and updated Sun Alert Notifications

Description of a number of Red Hat Security advisories

This patch is for a security issue found in GMS 1.0. This patch can update either GMS 1.0 and GMS 1.0 DST code.

Details of several IBM AIX security advisories

Details of several Mandriva security advisories

Description of a number of some vulnerabilities in CA products.

The Sun(SM) Alert Weekly Summary Report, a newsletter that provides a weekly listing of newly released and updated Sun Alert Notifications

The default access control lists (acls) are not being correctly set, as a result, anyone can make recursive queries and/or query the cache contents. In addition, the DNS query id generation is vulnerable to cryptographic analysis which provides a 1 in 8 chance of guessing the next query id for 50% of the query ids. This can be used to perform cache poisoning by an attacker.

Details of several Red Hat security advisories

Details of several Debian security advisories

The Cisco Wide Area Application Services (WAAS) software contains a denial of service (DoS) vulnerability that may cause some devices that run WAAS software (WAE appliance and NM-WAE-502 module) to stop processing all types of traffic, including data traffic and management traffic. This condition may occur if a device running WAAS software is configured for Edge Services, which utilizes Common Internet File System (CIFS) optimization and receives a flood of TCP SYN packets on port 139 or 445.

Some versions of Sun JSSE do not properly handle certain Transport Layer Security (TLS) or Secure Sockets Layer (SSL) handshake requests. A device running an affected JSSE version will experience excessive CPU usage, which may affect normal device operation and result in a denial of service (DoS) condition.

This advisory describes the function of CSIRTUK (CPNI Combined Security Incident Response Team), how its community can report security incidents and the new method of distributing security advisories using RSS Feeds.  

---

The Mozilla web browser and derived products contain several vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code on an affected system.

Errors handling corrupt tar files in libarchive

Remote exploitation of multiple buffer overflow vulnerabilities in Computer Associates International Inc Threat Manager allows attackers to execute arbitrary code with SYSTEM privileges

Remote exploitation of a denial of service vulnerability within version 5.1.0.2 of IBM Tivoli Provisioning Manager for OS Deployment allows attackers to deny service to all product functionality

Details of security advisories: Trend Micro OfficeScan Management Console Authorization Bypass Vulnerability Trend Micro OfficeScan Session Cookie Buffer Overflow Vulnerability

Details of vulnerabilities in hdf5, openoffice, wireshark, perl-Net-DNS and x11-server

A newsletter that provides you with a weekly listing of newly released and updated Sun Alert Notifications

Details of Red Hat security vulnerabilities in tomcat and httpd

Oracle has released a Critical Patch Update for multiple security vulnerabilities and non-security fixes.

Two vulnerabilities have been identified in the Symantec Decomposer component used to decompose some types of archive content while scanning for malicious content.

Computer Associates Alert Notification Server is used by several CA products, including eTrust Integrated Threat Management, to provide notifications to console users.