intro

News Global	Latest Exploits, Vulnerabilities and Advisories.
UCN-2003-09-18-1: US-CERT goes online UCN-2003-09-17: Open SSH problems. Rumours. UCN-2003-09-16: The Blaster and Welchia worms continue to have a sustained impact on many Australian networks. UCN-2003-09-15-1: US specific cert to work in conjunction with Cert.org. Shows need for geographic focus to Certs. UCN-2003-09-15-2: Whitehouse selects Symantec chief as head of homeland security. UCN-2003-09-12: Copy protected CDs launched on market. UCN-2003-05-23: SANS-FBI Top 20 Vulnerabilities v3.23	UKCERT Ref-date	Description	MITRE Candidate Number
	UCE-2003-09-21-3	Debian SSH fix download	CAN-2003-0693
	UCE-2003-09-21-2	Remote exploit for netris version 0.5 on RedHat 8.0
	UCE-2003-09-21-1	Local root exploit for hztty 2.0	CAN-2003-0783
	UCE-2003-09-20-9	New ipmasq packages fix insecure packet filtering rules	CAN78-2003-05
	UCE-2003-09-20-8	Microsoft:How Verisign's SiteFinder service breaks Windows networking utilities
	UCE-2003-09-20-7	SuSE Security Announcement: sendmail, sendmail-tls (SuSE-SA:2003:040)	CAN-2003-0694
	UCE-2003-09-20-6	Multiple Security Issues in Netup UTM
	UCE-2003-09-20-5	Microsoft::How VeriSign's SiteFinder service breaks Outlook Express
	UCE-2003-09-20-4	MicrosoftThe Analysis of RPC Long Filename Heap Overflow AND a Way to Write Universal Heap Overflow of Windows
	UCE-2003-09-20-3	LSH: Buffer overrun and remote root compromise in lshd
	UCE-2003-09-20-2	KDM:New kdebase packages fix multiple vulnerabilites in KDM
	UCE-2003-09-20-1	myPHPnuke 1.8.8:Vulnrability in myPHPnuke 1.8.8
	UCE-2003-09-19-5	kde:Conectiva Security Announcement -
	UCE-2003-09-19-4	Community Wizard:Admin Access Vulnerability in Community Wizard
	UCE-2003-09-19-3	[Advisory] Powerslave 4.3 Information Leak Vuln.
	UCE-2003-09-19-2	Microsoft:Wave of fake Official Microsoft Advisory
	UCE-2003-09-19-1	Linux:uninitialized buffer in midnight commander
	UCE-2003-09-18-8	The Plug and Play Web Server v1.0002c dos
	UCE-2003-09-18-7	The Plug and Play Web Server v1.0002c scripting
	UCE-2003-09-18-6	Remote Pine exploit for versions 4.56 and below	CAN-2003-0720
	UCE-2003-09-18-5	Remote Windows exploit for RPC DCOM	CAN-2003-0528
	UCE-2003-09-18-4	LSH exploit
	UCE-2003-09-18-3	Solaris sadmind exploit
	UCE-2003-09-18-2	MySQL Buffer Overflow	CAN-2003-0780
	UCE-2003-09-18-1	DB2 Buffer Overflow
	UCE-2003-09-17-5	Sendmail vulnerability (additional)	CAN-2003-0694
	UCE-2003-09-17-4	OpenSSH Vulnerability	CAN-2003-0693
	UCE-2003-09-17-3	KDM vulnerabilities	CAN-2003-0690 CAN-2003-0692
	UCE-2003-09-17-2	Engarde Linux Open SSH Buffer Overflow	CAN-2003-0693
	UCE-2003-09-17-1	New RPC windows exploit software in circulation
	UCE-2003-09-16-1	pine 4.56 and earlier Buffer Overflow
	UCE-2003-09-15-11	SCO open server bug
	UCE-2003-09-15-10	Minihttpserver 1.x Host Engine Flaws
	UCE-2003-09-15-9	Expect worm for the new RPC Windows vulnerability	(http://isc.sans.org/diary.html?date=2003-09-11)
	UCE-2003-09-15-8	Eudora 6.0 attachment problem
	UCE-2003-09-15-7	MYSQL fix
	UCE-2003-09-15-6	IE Vulnerabilities Serious	CAN-2003-0531 CAN-2003-0532 CAN-2003-0344
	UCE-2003-09-15-5	Real Networks Helix Server Buffer Overflow TCP port 554
	UCE-2003-09-15-4	New Trojan horse advisories from Symantec
	UCE-2003-09-15-3	New Trojan horse advisories from Symantec
	UCE-2003-09-15-2	New rollup security fix for XP?
	UCE-2003-09-15-1	Suse fix
	Virus Hoaxes can be seen at http://www.datafellows.com/virus-info/hoax/
News UK	What's new at UKCERT
UCN-2003-09-19: New Safebuy assurance scheme UCN-2003-09-18-2: New UK Spamming laws UCN-2003-09-15-3: Downtime Costs European Firms 5.2 Billion Euros Per Year UCN-2003-09-15-4: British Firms Being hit by Instant Messaging Anarchy. UCN-2003-09-11: British duo face TK Worm charges	16.09.03 New at UKCERTwe have a new email newlsetter called UKCERT-Full-Disclosure as well as the exploit section which has many code examples. Under development at UKCERT we have a forum with login facility for next week as well as a new search facility. BS7799 resource with "FREE" (GNU) interpretative documentation on its way soon.
Top Links globally	Top Links for UK (not ranked )
http://www.sans.org http://www.cert.org/ http://www.securityfocus.com/ http://www.auscert.org.au/ http://www.foundstone.com http://news.ists.dartmouth.edu/today snews.html#internal11560 http://archives.neohapsis.com http://securityresponse.symantec.com/ http://www.cisecurity.org/ http://www.itsecurity.com/defaultie5.htm http://www.linuxsecurity.com/	http://www.uniras.gov.uk/ http://www.mod.uk/cert/ http://www.bcs-issg.org.uk/ http://www.cesg.gov.uk/index.cfm http://www.ja.net/CERT/cert.html http://www.cl.cam.ac.uk/users/rja14/ http://www.hpl.hp.com/conferences/isc03/ http://www.isg.rhul.ac.uk/ http://www.isaca.org.uk/ http://www.ukresilience.info/virus.htm http://www.terena.nl/tech/task-forces/tf-csirt/
elaw	CERTs Worldwide
California law could change global business. Canadian tech company ecommerce patent enforced in Australia.	Global- CERT™ US- USCERT Australia- AusCERT UK- UKCERT - You are here now. Canada- CanCERT Japan- JPCERT Hong Kong- HKCERT Sector specific US certs. --Energy --NASA --Military Sector specific UK certs. --Academic --Military --Governmental contact webmaster @ ukcert.org.uk to add new ones		CERT-China CERT-Croatia CERT-France CERT-Germany CERT-Italy CERT-Denmark CERT-Finland CERT-Korea CERT-Lithuania CERT-Mexico CERT-Netherland CERT-Norway CERT-Poland CERT-Russia CERT-Slovenia CERT-Spain CERT-Sweden CERT-Switzerland Other European based Teams - CSIRTs

All text is available under the terms of the GNU Free Documentation License.