Current Activity Calendar

	October 2007
Su	M	Tu	W	Th	F	Sa
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

Please click on a date above to see current activity for that day.

October 19, 2007 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*October 19*	Mozilla Releases Security Advisories to Address Multiple Vulnerabilities
*October 19*	Active Exploitation of a Vulnerability in RealPlayer
*October 18*	Oracle Releases October Critical Patch Update
*October 17*	Cisco Releases Security Advisories to Address Several Vulnerabilities
*October 12*	OpenSSL Security Advisory
*October 12*	Microsoft Updates Security Bulletin MS05-004
*October 11*	CA BrightStor ARCserve Backup Vulnerabilities

Mozilla Releases Security Advisories to Address Multiple Vulnerabilities

added October 19, 2007 at 08:13 am | updated October 19, 2007 at 03:10 pm

Mozilla has released Security Advisories to address several vulnerabilities in Firefox, Thunderbird, and SeaMonkey. These vulnerabilities may allow an attacker to hide the window title bar, execute arbitrary code or commands, or access arbitrary information on an affected system.

More information regarding these vulnerabilities can be found in the Vulnerability Notes Database.

US-CERT encourages users to upgrade to the latest versions as described in the Security Advisories.

Active Exploitation of a Vulnerability in RealPlayer

added October 19, 2007 at 10:29 am

US-CERT is aware of active exploitation of a buffer overflow vulnerability in RealPlayer. This vulnerability affects RealPlayer version 9 and later, and may allow an attacker to execute arbitrary code on an affected system.

Until a fix becomes available, US-CERT recommends that users disable ActiveX as described in the Securing Your Web Browser document to help mitigate the security risk.

US-CERT will continue to investigate and provide additional information as it becomes available.

Oracle Releases October Critical Patch Update

added October 17, 2007 at 09:24 am | updated October 18, 2007 at 12:32 pm

Oracle has released their October Critical Patch Update (CPU) to address 51 vulnerabilities across several products. This CPU contains twenty-eight security fixes for Oracle Database; eleven for Oracle Application Server; seven for Oracle Collaboration Suite; eight for Oracle E-Business Suite; two for Oracle Enterprise Manager; two for Oracle PeopleSoft Enterprise PeopleTools; and one for PeopleSoft Enterprise Human Capital Management.

More information regarding these vulnerabilities can be found in Technical Cyber Security Alert TA07-290A.

US-CERT strongly encourages users to review the October CPU and follow best-practice security policies to determine which updates to apply.

Cisco Releases Security Advisories to Address Several Vulnerabilities

added October 17, 2007 at 02:36 pm

Cisco has released four Security Advisories to address several vulnerabilities in its Firewall Services Module, PIX, Adaptive Security Appliance, Unified Communications Manager, and Unified Communications Web-based Management products.

Cisco Security Advisory: Multiple Vulnerabilities in Firewall Services Module addresses three vulnerabilities that may allow an attacker to bypass network access control list entries or cause a denial-of-service condition.

Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and ASA Appliances addresses two vulnerabilities that may allow an attacker to cause a denial-of-service condition.

Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities addresses two vulnerabilities that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.

Cisco Security Advisory: Cisco Unified Communications Web-based Management Vulnerability addresses a vulnerability that may allow any Microsoft Windows Active Directory domain defined user to obtain unauthorized privilege levels.

US-CERT strongly encourages administrators to review the above Cisco Security Advisories and follow best-practice security policies to determine what updates and workarounds should be applied.

OpenSSL Security Advisory

added October 12, 2007 at 02:16 pm

OpenSSL has released a security advisory to address two vulnerabilities in OpenSSL. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code on an affected system, other impacts are unknown at this time.

More information regarding this vulnerability can be found in the OpenSSL security advisory.

US-CERT strongly encourages users to review the OpenSSL security advisory and follow best-practice security policies to determine what updates should be applied.

Microsoft Updates Security Bulletin MS05-004

added October 10, 2007 at 01:33 pm | updated October 12, 2007 at 09:46 am

Microsoft has released an update to Security Bulletin MS05-004 adding Windows Server 2003 Service Pack 2 and Windows Vista to the affected software. This ASP .NET path validation vulnerability may allow a remote, unauthenticated attacker to gain access to secure website content by using a specially crafted URL.

More information regarding this vulnerability can be found in Vulnerability Note VU#283646.

US-CERT recommends users update to the latest version of .NET Framework.

CA BrightStor ARCserve Backup Vulnerabilities

added October 11, 2007 at 03:44 pm

US-CERT is aware of multiple vulnerabilities that affect CA BrightStor ARCserve Backup. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code, escalate privileges or cause a denial-of-service condition.

More information regarding these vulnerabilities can be found in the CA BrightStor ARCserve Backup Security Notice.

US-CERT recommends that users apply vendor supplied patches to help mitigate the security risks.

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory