Current Activity Calendar

	May 2008
Su	M	Tu	W	Th	F	Sa
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

Please click on a date above to see current activity for that day.

May 15, 2008 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*May 15*	United States Tax Court Spear-Phishing Attack
*May 15*	Debian and Ubuntu OpenSSL and OpenSSH Vulnerabilities
*May 14*	Cisco Releases Security Advisories
*May 13*	Microsoft Releases May Security Bulletin
*May 9*	Mozilla Releases Thunderbird 2.0.0.14
*May 8*	Microsoft Releases Advance Notification for May Security Bulletin
*May 7*	Microsoft Releases Windows XP Service Pack 3
*May 6*	PHP 5.2.6 Released
*May 5*	Common Data Format Buffer Overflow Vulnerability
*April 28*	WordPress Vulnerabilities

United States Tax Court Spear-Phishing Attack

added May 15, 2008 at 03:15 pm

US-CERT is aware of public reports of a spear-phishing attack circulating via email messages that claim to be petitions from the US Tax Court. These messages appear to be legitimate because they may contain very specific information about the message recipient. The message requests that the user follow a link to download additional information about the petition, but if a user clicks on this link, malicious code may be installed on the system.

US-CERT encourages users to do the following to help mitigate the risk:

Review the alert posted by the United States Tax Court regarding this issue.
Do not follow unsolicited web links received in email messages.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
Install anti-virus software and keep virus signature files up to date.

Debian and Ubuntu OpenSSL and OpenSSH Vulnerabilities

added May 15, 2008 at 08:38 am | updated May 15, 2008 at 11:02 am

Debian and Ubuntu have released multiple security advisories to address vulnerabilities in their OpenSSL package and other cryptographic application packages that rely on it. These vulnerabilities are due to weaknesses in the random number generator that is used to create SSL and SSH cryptographic keys. As a result of the vulnerability, the keys generated using the flawed OpenSSL package may be weak. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to conduct brute force attacks and obtain sensitive information. These vulnerabilities may affect any Debian-based systems, such as Ubuntu, and may indirectly affect other systems if these weak keys have been imported into them.

US-CERT encourages users to review the following advisories and apply any necessary workarounds or updates:

Debian Security Advisory DSA-1571-1
Debian Security Advisory DSA-1576-1
Ubuntu Security Notice USN-612-1
Ubuntu Security Notice USN-612-2
Ubuntu Security Notice USN-612-3
Ubuntu Security Notice USN-612-4
Ubuntu Security Notice USN-612-5
Ubuntu Security Notice USN-612-6

Additional information about these vulnerabilities is available in the Vulnerability Notes Database.

US-CERT will provide more information as it becomes available.

Cisco Releases Security Advisories

added May 14, 2008 at 12:45 pm

Cisco has released three security advisories to address vulnerabilities in Cisco Unified Communications Manager, Unified Presence, and the Content Switching Module. These vulnerabilities may allow an attacker to cause a denial-of-service condition on the affected system.

US-CERT encourages users to review the following Cisco Security Advisories and apply any necessary updates or workarounds:

Cisco Unified Communications Manager Denial of Service Vulnerabilities - cisco-sa-20080514-cucmdos
Cisco Unified Presence Denial of Service Vulnerabilities - cisco-sa-20080514-cup
Cisco Content Switching Module Memory Leak Vulnerability - cisco-sa-20080514-csm

Microsoft Releases May Security Bulletin

added May 13, 2008 at 01:51 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Live OneCare, Antigen, Windows Defender, and Forefront Security as part of the Microsoft Security Bulletin Summary for May 2008. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Mozilla Releases Thunderbird 2.0.0.14

added May 9, 2008 at 09:11 am

Mozilla has released Thunderbird 2.0.0.14 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to escalate privileges or execute arbitrary code.

US-CERT encourages users to review Mozilla Foundation Security Advisories 2008-14 and 2008-15 and to update to Thunderbird 2.0.0.14.

Microsoft Releases Advance Notification for May Security Bulletin

added May 8, 2008 at 03:06 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that its May release cycle will contain four bulletins, three of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows and Office. The notification also states that there will be one Important bulletin for Windows Live OneCare, Antigen, Defender, and Forefront Security. Release of these bulletins is scheduled for Tuesday, May 12.

US-CERT will provide additional information as it becomes available.

Microsoft Releases Windows XP Service Pack 3

added May 7, 2008 at 08:24 am

Microsoft has released Service Pack 3 for Windows XP. Service Pack 3 includes multiple Hotfixes and security updates and is available through Automatic Updates and Windows Update.

Users should note that Windows XP SP3 does not include Internet Explorer 7, however it does include updates to both IE 6 and IE 7, and will update whichever version is currently installed.

US-CERT encourages users to review the release notes for Service Pack 3 for Windows XP and apply any necessary updates.

PHP 5.2.6 Released

added May 6, 2008 at 09:03 am

PHP has released version 5.2.6 to address multiple vulnerabilities. These vulnerabilities include

an error in FastCGI SAPI which may result stack-based buffer overflow
an integer overflow in printf()
an error in init_request_info(), which may result in a buffer overflow
an error in cURL, which may result in safe_mode bypass
improper handling of input passed to escapeshellcmd()
a boundary error in the bundled version of the PCRE library

These vulnerabilities may allow an attacker to execute arbitrary code, bypass security restrictions, or cause a denial-of-service condition.

US-CERT encourages users to review the PHP 5.2.6 Release Announcement and update to version 5.2.6.

Common Data Format Buffer Overflow Vulnerability

added May 5, 2008 at 04:04 pm

NASA has issued an advisory regarding a vulnerability in Common Data Format (CDF) version 3.2 and earlier. This vulnerability is due to a buffer overflow condition in the handling of specially-crafted CDF files. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.

US-CERT encourages users to review the NASA advisory and update to CDF 3.2.1 to help mitigate the risk.

US-CERT will provide additional information as it becomes available.

WordPress Vulnerabilities

added April 28, 2008 at 01:50 pm

WordPress has released version 2.5.1 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to bypass security restrictions or conduct a cross-site scripting attack.

US-CERT encourages users to review the WordPress 2.5.1 release notes and apply any necessary updates.

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory