Report an Incident

If you are a CNI organisation and you have encountered or suspect a cyber threat, please complete and return an Incident Reporting Form.

All incident reports provided to the CCIP are treated in the strictest of confidence. Please see our Confidentiality Charter for more details. Read More


New at CCIP

Current e-Bulletin The CCIP e-Bulletin provides a snapshot of security related news
Read More


New Zealand Government Website

February 2005

The following table includes the Vulnerability Alerts for the month.
Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.
Reference Description Date
Secunia
phpWebSite Announcement Image Upload Vulnerability
28/02/05
TrendMicro
Vulnerability in VSAPI ARJ parsing could allow Remote Code execution
25/02/05
Cisco
ACNS Denial of Service and Default Admin Password Vulnerabilities
25/02/05
redhat
update for imap
25/02/05
Gentoo
update for cyrus-imapd
25/02/05
idefense
two vulnerabilities in cURL/libcURL
24/02/05
Apple
Apple Mac OS X update for Java
24/02/05
phpBB
Manipulation of data, Exposure of sensitive information
23/02/05
Ubuntulinux
GNU Enscript vulnerabilities
23/02/05
Gentoo
PuTTY: Remote code execution
23/02/05
Gentoo
GProFTPD: gprostats format string vulnerability
23/02/05
redhat
htdig security update
18/02/05
redhat
ImageMagick security update
18/02/05
redhat
kdegraphics security update
18/02/05
redhat
gpdf security update
18/02/05
Debian
emacs21 -- format string
18/02/05
ubuntu
lesstif1-1 vulnerabilities
18/02/05
Hewlett-Packard
HP Web-enabled Management Software Remote Buffer Overflow
17/02/05
Gentoo
lighttpd: Script source disclosure
17/02/05
Gentoo
Emacs, XEmacs: Format string vulnerabilities in movemail
17/02/05
Mandrake
Updated emacs/xemacs packages fix vulnerability
17/02/05
ubuntu
Linux kernel vulnerabilities
17/02/05
KDE
Buffer overflow in fliccd of kdeedu/kstars/indi
17/02/05
Debian
postgresql -- buffer overflows
17/02/05
AusCERT/redhat
redhat Enterprise Linux -- Multiple updates fix security issues
17/02/05
redhat
xpdf security update
17/02/05
redhat
alsa-lib security update
17/02/05
redhat
php security update
17/02/05
SGI
Advanced Linux Environment Multiple Updates
15/02/05
SGI
Advanced Linux Environment update for less/xpdf
15/02/05
Hewlett-Packard
HP-UX ftpd remote privileged access
14/02/05
Hewlett-Packard
HP-UX BIND 9.2.0 remote Denial of Service (DoS)
14/02/05
SCO
OpenServer 5.0.6 OpenServer 5.0.7 : enable command line buffer overflows
14/02/05
iDEFENSE
BrightStor ARCserve Backup r11.1
14/02/05
Debian
New netkit-rwho packages fix denial of service
14/02/05
Debian
Update for mailman
14/02/05
Debian
Update for evolution
14/02/05
redhat
Updated Squid package fixes security issues
14/02/05
redhat
Updated Squirrelmail package fixes security issues
14/02/05
redhat
Updated xemacs packages fix security issue
14/02/05
redhat
Updated emacs packages fix security issue
14/02/05
redhat
Updated mod_python package fixes security issue
14/02/05
redhat
Updated kdelibs and kdebase packages correct security issues
14/02/05
redhat
Updated mailman packages fix security vulnerability
14/02/05
F-Secure
Code execution vulnerability in ARJ-archive handling
11/02/05
UNIRAS/AusCERT
AWStats remote command execution vulnerability
10/02/05
Symantec
Symantec UPX Parsing Engine Heap Overflow
10/02/05
Microsoft
Vulnerability in SMTP Could Allow Remote Code Execution (885881) - Update
09/02/05
Microsoft
Microsoft Security Bulletin Summary for February, 2005
09/02/05
Debian
php3 -- several vulnerabilities
08/02/05
Gentoo
OpenMotif: Multiple vulnerabilities in libXpm
08/02/05
Secunia
Mozilla / Firefox / Camino IDN Spoofing Security Issue - other browsers also affected
08/02/05
SuSE
Updates for Multiple Packages
08/02/05
Hewlett-Packard
Tru64 Unix Mozilla Application Suite 1.7.3 Remote Denial of Service
07/02/05
Hewlett-Packard
HP-UX CIFS Server (Samba) remote code execution, Denial of Service (DoS)
07/02/05
UNIRAS
February 2005 Microsoft Security Response Centre Bulletin Release Notification
07/02/05
Python
SimpleXMLRPCServer.py allows unrestricted traversal
07/02/05
Sun
Security Vulnerability in Samba(7) Versions Prior to 3.0.10 May Allow Unauthorized Root Privileges
07/02/05
Gentoo
Update for enscript
04/02/05
Eudora
System Compromise Vulnerabilities
04/02/05
Mambo
Global Variables Security Bypass Vulnerability
04/02/05
Debian
update for prozilla
03/02/05
Debian
update for squirrelmail
03/02/05
Redhat
DoS, System access
03/02/05
Cisco
Default SNMP Community Strings in Cisco IP/V
03/02/05
Secunia
Fedora update for openssl096b
02/02/05
Gentoo
update for clamav
02/02/05
Squid
Oversized Reply Header Handling Security Issue
02/02/05
AusCERT
IBM Security Advisory -- Remotely exploitable vulnerability in NIS
01/02/05
Gentoo
TikiWiki: Arbitrary command execution
01/02/05
Hewlett-Packard
HP VirtualVault / Webproxy Apache Vulnerabilities
01/02/05
Mozilla
Firefox / Mozilla / Thunderbird Multiple Vulnerabilities
01/02/05

What we Do

The Centre for Critical Infrastructure Protection (CCIP) is dedicated to improving the protection of New Zealand's Critical National Infrastructure (CNI) from cyber threats.
The CCIP has three main rolesThey are:
  • To provide 24/7 watch and warning advice to owner/operators of our national CI and New Zealand Government departments;
  • Analysis and investigation of cyber attacks; and
  • To work with CI organisations and other sectors both nationally and internationally to improve the awareness and understanding of cyber security.