[AusNOG] AusCERT Week in Review - Week Ending 14/08/2009 (AUSCERT#20073f686)
Jonathan Levine
jonathan at auscert.org.au
Fri Aug 14 16:22:03 EST 2009
AusCERT Week in Review
14 August 2009
Web Log Entries:
- ----------------
Title: Microsoft ATL vulnerability impacts developers
Date: 13 August 2009
URL: http://www.auscert.org.au/11487
Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2009.1049.2 - UPDATE [Win][UNIX/Linux] WordPress prior to 2.8.4:
Denial of service - Remote/unauthenticated
Date: 14 August 2009
URL: http://www.auscert.org.au/11488
Title: ASB-2009.1048 - [Win][UNIX/Linux] GnuTLS prior to 2.8.2: Provide
misleading information - Remote with user interaction
Date: 13 August 2009
URL: http://www.auscert.org.au/11486
Title: ASB-2009.1047 - [UNIX/Linux] Asterisk Open Source, Asterisk Business
Edition & s800i Asterisk Appliance: Denial of service -
Remote/unauthenticated
Date: 11 August 2009
URL: http://www.auscert.org.au/11471
Title: ASB-2009.1046 - [Netware] Novell NetWare DNS Server: Read-only data
access - Remote/unauthenticated
Date: 11 August 2009
URL: http://www.auscert.org.au/11470
Title: ASB-2009.1044 - [Win][UNIX/Linux] PHP prior to version 5.2.10: Denial
of service - Remote with user interaction
Date: 10 August 2009
URL: http://www.auscert.org.au/11460
Title: ASB-2009.1045 - [Win][UNIX/Linux] Apache 2.2.12 and prior: Denial of
service - Remote/unauthenticated
Date: 10 August 2009
URL: http://www.auscert.org.au/11461
External Security Bulletins:
- ----------------------------
Title: ESB-2009.1189 - [Linux] Insight Control Suite For Linux: Multiple
vulnerabilities
Date: 14 August 2009
OS: Red Hat Linux, HP-UX, SUSE, Other Linux Variants, Debian GNU/Linux,
Ubuntu
URL: http://www.auscert.org.au/11492
Title: ESB-2009.1188 - [Debian] libxml: Multiple vulnerabilities
Date: 14 August 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11491
Title: ESB-2009.1187 - [RedHat] kernel: Multiple vulnerabilities
Date: 14 August 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11490
Title: ESB-2009.1186 - [Win][UNIX/Linux][RedHat] curl: Provide misleading
information - Remote/unauthenticated
Date: 14 August 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
SUSE,
OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11489
Title: ESB-2009.1185 - [Mac][OSX] BIND: Denial of service -
Remote/unauthenticated
Date: 13 August 2009
OS: Mac OS X
URL: http://www.auscert.org.au/11485
Title: ESB-2009.1184 - [RedHat] nspr and nss: Multiple vulnerabilities
Date: 13 August 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11484
Title: ESB-2009.1183 - [HP Tru64] HP Internet Express: Access privileged
data
- Remote/unauthenticated
Date: 13 August 2009
OS: HP Tru64 UNIX
URL: http://www.auscert.org.au/11483
Title: ESB-2009.1182 - [Debian] Ruby 1.8 & Ruby 1.9: Multiple
vulnerabilities
Date: 13 August 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11482
Title: ESB-2009.1181 - [Win][Mac][OSX] Safari: Multiple vulnerabilities
Date: 12 August 2009
OS: Windows Vista, Windows XP, Mac OS X
URL: http://www.auscert.org.au/11481
Title: ESB-2009.1180 - [Win] Telnet: Execute arbitrary code/commands -
Remote
with user interaction
Date: 12 August 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/11480
Title: ESB-2009.1179 - [Win] Microsoft .NET Framework : Denial of service -
Remote/unauthenticated
Date: 12 August 2009
OS: Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/11479
Title: ESB-2009.1178 - [Win] Windows Message Queuing Service (MSMQ): Execute
arbitrary code/commands - Existing account
Date: 12 August 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/11478
Title: ESB-2009.1177 - [Win] Workstation Service: Execute arbitrary
code/commands - Existing account
Date: 12 August 2009
OS: Windows Vista, Windows 2003, Windows XP, Windows Server 2008
URL: http://www.auscert.org.au/11477
Title: ESB-2009.1176 - ALERT [Win] Microsoft Active Template Library:
Execute
arbitrary code/commands - Remote with user interaction
Date: 12 August 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/11476
Title: ESB-2009.1175 - ALERT [Win] Windows Media File Processing: Execute
arbitrary code/commands - Remote with user interaction
Date: 12 August 2009
OS: Windows Vista, Windows 2003, Windows XP, Windows Server 2008
URL: http://www.auscert.org.au/11475
Title: ESB-2009.1174 - ALERT [Win] WINS: Administrator compromise -
Remote/unauthenticated
Date: 12 August 2009
OS: Windows 2003, Windows 2000
URL: http://www.auscert.org.au/11474
Title: ESB-2009.1173 - ALERT [Win][Mac][OSX] Microsoft Remote Desktop
Connection: Execute arbitrary code/commands - Remote with user
interaction
Date: 12 August 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows Vista, Mac OS X,
Windows Server 2008
URL: http://www.auscert.org.au/11473
Title: ESB-2009.1172 - ALERT [Win] Microsoft Office Web Components: Execute
arbitrary code/commands - Remote with user interaction
Date: 12 August 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/11472
Title: ESB-2009.1171 - [Win][Linux][HP-UX][Solaris][AIX] Sun Java System
Access Manager Policy Agent 2.2: Multiple vulnerabilities
Date: 11 August 2009
OS: Solaris, Windows 2003, Red Hat Linux, HP-UX, Windows XP, SUSE,
Windows
2000, AIX, Windows Vista, Windows Server 2008, Other Linux Variants,
Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/11469
Title: ESB-2009.1170 - [HP-UX] ttrace(2): Denial of service - Existing
account
Date: 11 August 2009
OS: HP-UX
URL: http://www.auscert.org.au/11468
Title: ESB-2009.1169 - [RedHat] libxml and libxml2: Multiple vulnerabilities
Date: 11 August 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11467
Title: ESB-2009.1168 - [RedHat] Apache httpd: Multiple vulnerabilities
Date: 11 August 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11466
Title: ESB-2009.1167 - [RedHat] apr and apr-util: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 11 August 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11465
Title: ESB-2009.1166 - [RedHat] subversion: Execute arbitrary code/commands
-
Existing account
Date: 11 August 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11464
Title: ESB-2009.1165.2 - UPDATE [Win][UNIX/Linux][Debian] libxml2: Multiple
vulnerabilities
Date: 13 August 2009
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Windows 2003,
Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/11463
Title: ESB-2009.1164 - [Debian] imagemagick: Multiple vulnerabilities
Date: 11 August 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11462
Title: ESB-2009.1163 - [Win][Linux][HP-UX][Solaris][AIX] EMC Replication
Manager Client: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 10 August 2009
OS: Solaris, Red Hat Linux, Windows 2003, HP-UX, SUSE, Windows 2000, AIX,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/11459
Title: ESB-2009.1162 - [Win] CA Unicenter Products: Cross-site scripting -
Remote with user interaction
Date: 10 August 2009
OS: Windows Vista, Windows 2003, Windows Server 2008, Windows XP, Windows
2000
URL: http://www.auscert.org.au/11458
Title: ESB-2009.1161 - [Win] CA Data Transport Services: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 10 August 2009
OS: Windows Vista, Windows 2003, Windows Server 2008, Windows XP, Windows
2000
URL: http://www.auscert.org.au/11457
Title: ESB-2009.1160 - [SUSE][OpenSUSE] Sun Java 1.5 and Sun Java 1.6:
Execute
arbitrary code/commands - Remote with user interaction
Date: 10 August 2009
OS: SUSE
URL: http://www.auscert.org.au/11456
Title: ESB-2009.1159 - [UNIX/Linux][Debian] camlimages: Execute arbitrary
code/commands - Remote with user interaction
Date: 10 August 2009
OS: IRIX, Solaris, HP Tru64 UNIX, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/11455
Title: ESB-2009.1158 - [Debian] mantis: Unauthorised access - Existing
account
Date: 10 August 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11454
Title: ESB-2009.1157 - [Win][UNIX/Linux][Debian] subversion: Execute
arbitrary
code/commands - Existing account
Date: 10 August 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
SUSE,
OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11453
Title: ESB-2009.1156 - [Debian] apr, apr-util: Execute arbitrary
code/commands
- Remote/unauthenticated
Date: 10 August 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/11452
Title: ESB-2009.1155 - [UNIX/Linux][Debian] memcached: Root compromise -
Remote/unauthenticated
Date: 10 August 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/11451
Title: ESB-2009.1154 - [Debian] fetchmail: Provide misleading information -
Remote with user interaction
Date: 10 August 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11450
Title: ESB-2009.1153 - [Debian] squid3: Denial of Service -
Remote/unauthenticated
Date: 10 August 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11449
Title: ESB-2009.1152 - [HP NonStop] HP NonStop Servers with Telco CLIMs:
Execute arbitrary code/commands - Remote/unauthenticated
Date: 10 August 2009
URL: http://www.auscert.org.au/11448
Title: ESB-2009.1151 - [HP Tru64] BIND: Denial of service -
Remote/unauthenticated
Date: 10 August 2009
OS: HP Tru64 UNIX, HP-UX
URL: http://www.auscert.org.au/11447
Title: ESB-2009.1146.2 - UPDATE [Win][Linux][Solaris][Mac][OSX] Sun
VirtualBox: Denial of service - Existing account
Date: 10 August 2009
OS: Windows Server 2008, Other Linux Variants, Windows Vista, Windows
2000,
SUSE, Windows XP, Debian GNU/Linux, Ubuntu, Mac OS X, Windows 2003,
Red
Hat Linux, Solaris
URL: http://www.auscert.org.au/11441
Title: ESB-2009.1145.2 - UPDATE [Win][Linux][HP-UX][Solaris] Sun Java System
Access Manager and OpenSSO Enterprise: Unauthorised access -
Remote/unauthenticated
Date: 10 August 2009
OS: Debian GNU/Linux, Ubuntu, Other Linux Variants, Windows Server 2008,
Windows Vista, Windows 2000, SUSE, HP-UX, Windows XP, Windows 2003,
Red
Hat Linux, Solaris
URL: http://www.auscert.org.au/11440
Title: ESB-2009.1143.2 - UPDATE [Solaris][OpenSolaris] XScreenSaver: Access
privileged data - Console/physical
Date: 10 August 2009
OS: Solaris
URL: http://www.auscert.org.au/11438
Title: ESB-2009.1132.4 - UPDATED ALERT [Win][Linux][Solaris] Sun Java:
Multiple vulnerabilities
Date: 11 August 2009
OS: Debian GNU/Linux, Ubuntu, Other Linux Variants, Windows Server 2008,
Windows Vista, Windows 2000, SUSE, Windows XP, Windows 2003, Red Hat
Linux, Solaris
URL: http://www.auscert.org.au/11425
Title: ESB-2009.1087.2 - UPDATE [HP-UX] XNTP 3.5: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 13 August 2009
OS: HP-UX
URL: http://www.auscert.org.au/11353
Title: ESB-2009.0598 -- [NetBSD] -- PF firewall: Denial of Service
Date: 14 August 2009
OS: Other BSD Variants
URL: http://www.auscert.org.au/11195
Title: ESB-2009.0592 -- [AIX] -- AIX libtt.a rpc.ttdbserver: Execute
Arbitrary
Code
Date: 11 August 2009
OS: AIX
URL: http://www.auscert.org.au/11185
More information about the AusNOG
mailing list