Report an Incident

If you are a CNI organisation and you have encountered or suspect a cyber threat, please complete and return an Incident Reporting Form.

All incident reports provided to the CCIP are treated in the strictest of confidence. Please see our Confidentiality Charter for more details. Read More

New at CCIP

Current e-Bulletin The CCIP e-Bulletin provides a snapshot of security related news
Read More

Centre for Critical Infrastructure Protection

Home | Vulnerabilities | Vulnerability Alert Archives | February 2005

February 2005

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.

Reference	Description	Date
Secunia	phpWebSite Announcement Image Upload Vulnerability	28/02/05
TrendMicro	Vulnerability in VSAPI ARJ parsing could allow Remote Code execution	25/02/05
Cisco	ACNS Denial of Service and Default Admin Password Vulnerabilities	25/02/05
redhat	update for imap	25/02/05
Gentoo	update for cyrus-imapd	25/02/05
idefense	two vulnerabilities in cURL/libcURL	24/02/05
Apple	Apple Mac OS X update for Java	24/02/05
phpBB	Manipulation of data, Exposure of sensitive information	23/02/05
Ubuntulinux	GNU Enscript vulnerabilities	23/02/05
Gentoo	PuTTY: Remote code execution	23/02/05
Gentoo	GProFTPD: gprostats format string vulnerability	23/02/05
redhat	htdig security update	18/02/05
redhat	ImageMagick security update	18/02/05
redhat	kdegraphics security update	18/02/05
redhat	gpdf security update	18/02/05
Debian	emacs21 -- format string	18/02/05
ubuntu	lesstif1-1 vulnerabilities	18/02/05
Hewlett-Packard	HP Web-enabled Management Software Remote Buffer Overflow	17/02/05
Gentoo	lighttpd: Script source disclosure	17/02/05
Gentoo	Emacs, XEmacs: Format string vulnerabilities in movemail	17/02/05
Mandrake	Updated emacs/xemacs packages fix vulnerability	17/02/05
ubuntu	Linux kernel vulnerabilities	17/02/05
KDE	Buffer overflow in fliccd of kdeedu/kstars/indi	17/02/05
Debian	postgresql -- buffer overflows	17/02/05
AusCERT/redhat	redhat Enterprise Linux -- Multiple updates fix security issues	17/02/05
redhat	xpdf security update	17/02/05
redhat	alsa-lib security update	17/02/05
redhat	php security update	17/02/05
SGI	Advanced Linux Environment Multiple Updates	15/02/05
SGI	Advanced Linux Environment update for less/xpdf	15/02/05
Hewlett-Packard	HP-UX ftpd remote privileged access	14/02/05
Hewlett-Packard	HP-UX BIND 9.2.0 remote Denial of Service (DoS)	14/02/05
SCO	OpenServer 5.0.6 OpenServer 5.0.7 : enable command line buffer overflows	14/02/05
iDEFENSE	BrightStor ARCserve Backup r11.1	14/02/05
Debian	New netkit-rwho packages fix denial of service	14/02/05
Debian	Update for mailman	14/02/05
Debian	Update for evolution	14/02/05
redhat	Updated Squid package fixes security issues	14/02/05
redhat	Updated Squirrelmail package fixes security issues	14/02/05
redhat	Updated xemacs packages fix security issue	14/02/05
redhat	Updated emacs packages fix security issue	14/02/05
redhat	Updated mod_python package fixes security issue	14/02/05
redhat	Updated kdelibs and kdebase packages correct security issues	14/02/05
redhat	Updated mailman packages fix security vulnerability	14/02/05
F-Secure	Code execution vulnerability in ARJ-archive handling	11/02/05
UNIRAS/AusCERT	AWStats remote command execution vulnerability	10/02/05
Symantec	Symantec UPX Parsing Engine Heap Overflow	10/02/05
Microsoft	Vulnerability in SMTP Could Allow Remote Code Execution (885881) - Update	09/02/05
Microsoft	Microsoft Security Bulletin Summary for February, 2005	09/02/05
Debian	php3 -- several vulnerabilities	08/02/05
Gentoo	OpenMotif: Multiple vulnerabilities in libXpm	08/02/05
Secunia	Mozilla / Firefox / Camino IDN Spoofing Security Issue - other browsers also affected	08/02/05
SuSE	Updates for Multiple Packages	08/02/05
Hewlett-Packard	Tru64 Unix Mozilla Application Suite 1.7.3 Remote Denial of Service	07/02/05
Hewlett-Packard	HP-UX CIFS Server (Samba) remote code execution, Denial of Service (DoS)	07/02/05
UNIRAS	February 2005 Microsoft Security Response Centre Bulletin Release Notification	07/02/05
Python	SimpleXMLRPCServer.py allows unrestricted traversal	07/02/05
Sun	Security Vulnerability in Samba(7) Versions Prior to 3.0.10 May Allow Unauthorized Root Privileges	07/02/05
Gentoo	Update for enscript	04/02/05
Eudora	System Compromise Vulnerabilities	04/02/05
Mambo	Global Variables Security Bypass Vulnerability	04/02/05
Debian	update for prozilla	03/02/05
Debian	update for squirrelmail	03/02/05
Redhat	DoS, System access	03/02/05
Cisco	Default SNMP Community Strings in Cisco IP/V	03/02/05
Secunia	Fedora update for openssl096b	02/02/05
Gentoo	update for clamav	02/02/05
Squid	Oversized Reply Header Handling Security Issue	02/02/05
AusCERT	IBM Security Advisory -- Remotely exploitable vulnerability in NIS	01/02/05
Gentoo	TikiWiki: Arbitrary command execution	01/02/05
Hewlett-Packard	HP VirtualVault / Webproxy Apache Vulnerabilities	01/02/05
Mozilla	Firefox / Mozilla / Thunderbird Multiple Vulnerabilities	01/02/05

What we Do

The Centre for Critical Infrastructure Protection (CCIP) is dedicated to improving the protection of New Zealand's Critical National Infrastructure (CNI) from cyber threats.
The CCIP has three main rolesThey are:

To provide 24/7 watch and warning advice to owner/operators of our national CI and New Zealand Government departments;
Analysis and investigation of cyber attacks; and
To work with CI organisations and other sectors both nationally and internationally to improve the awareness and understanding of cyber security.