[AusNOG] AusCERT Week in Review - Week Ending 11/12/2009 (AUSCERT#20073f686)

Daniel McNamara daniel at auscert.org.au
Fri Dec 11 16:14:42 EST 2009


AusCERT Week in Review

11 December 2009

 

 

AusCERT in the Media:

---------------------

 

Papers, Articles and other documents:

-------------------------------------

Title: Adobe releases Update for Flash Player 

Date:  08 December 2009

URL:   http://www.auscert.org.au/12080

 

Title: Microsoft Patches for December 

Date:  08 December 2009

URL:   http://www.auscert.org.au/12081

 

 

Web Log Entries:

----------------

Title: Governments are tackling malware head on 

Date:  10 December 2009

URL:   http://www.auscert.org.au/12101

 

 

Alerts, Advisories and Updates:

-------------------------------

Title: ASB-2009.1156 - [Win][Linux][HP-UX][Solaris][AIX] IBM HTTP Server:

       Unauthorised access - Remote/unauthenticated 

Date:  09 December 2009

URL:   http://www.auscert.org.au/12086

 

Title: ASB-2009.1157 - [Win][Linux][Solaris][HP Tru64][AIX] InfoSphere

       Information Server 8.1: Cross-site scripting - Remote with user

       interaction 

Date:  09 December 2009

URL:   http://www.auscert.org.au/12087

 

Title: ASB-2009.1155 - ALERT [Win][UNIX/Linux] Adobe Flash Player: Execute

       arbitrary code/commands - Remote with user interaction 

Date:  08 December 2009

URL:   http://www.auscert.org.au/12079

 

Title: ASB-2009.1153.2 - UPDATE [Win] Microsoft Bulletin Notification -

       December Pre-release Announcement 

Date:  08 December 2009

URL:   http://www.auscert.org.au/12066

 

Title: ASB-2009.1154 - [Win][UNIX/Linux] ruby: Execute arbitrary
code/commands

       - Remote with user interaction 

Date:  08 December 2009

URL:   http://www.auscert.org.au/12067

 

 

External Security Bulletins:

----------------------------

Title: ESB-2009.1631 - [RedHat][Solaris][SUSE] Sun Ray Server Software:

       Read-only data access - Remote/unauthenticated 

Date:  11 December 2009

OS:    Solaris, Red Hat Linux, SUSE 

URL:   http://www.auscert.org.au/12100

 

Title: ESB-2009.1630 - [RedHat][Solaris][SUSE] Sun Ray Server Software:

       Execute arbitrary code/commands - Remote/unauthenticated 

Date:  11 December 2009

OS:    Solaris, Red Hat Linux, SUSE 

URL:   http://www.auscert.org.au/12099

 

Title: ESB-2009.1629 - [Win][Linux][HP-UX][Solaris][AIX] CA Service Desk:

       Cross-site scripting - Remote with user interaction 

Date:  11 December 2009

OS:    Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian

       GNU/Linux, HP-UX, Windows XP, SUSE, Windows 2000, AIX, Windows Vista,

       Other Linux Variants, Windows Server 2008 

URL:   http://www.auscert.org.au/12098

 

Title: ESB-2009.1628 - [Linux][Ubuntu] linux-image-2.6.31-16-386: Multiple

       vulnerabilities 

Date:  11 December 2009

OS:    Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux 

URL:   http://www.auscert.org.au/12097

 

Title: ESB-2009.1627 - ALERT [Win][RedHat][HP-UX][Solaris] HP OpenView
Network

       Node Manager: Execute arbitrary code/commands -
Remote/unauthenticated 

Date:  10 December 2009

OS:    Solaris, Windows 2003, Red Hat Linux, Windows XP, HP-UX, Windows
2000,

       Windows 7, Windows Vista, Windows Server 2008 

URL:   http://www.auscert.org.au/12095

 

Title: ESB-2009.1626 - ALERT [Win][RedHat][HP-UX][Solaris] Hewlett-Packard

       Application Recovery Manager: Execute arbitrary code/commands -

       Remote/unauthenticated 

Date:  10 December 2009

OS:    Solaris, Windows 2003, Red Hat Linux, Windows XP, HP-UX, Windows 2000


URL:   http://www.auscert.org.au/12094

 

Title: ESB-2009.1625 - [HP-UX] VRTSweb: Execute arbitrary code/commands -

       Remote/unauthenticated 

Date:  10 December 2009

OS:    HP-UX 

URL:   http://www.auscert.org.au/12093

 

Title: ESB-2009.1624 - ALERT [Win][Linux][RedHat][HP-UX][Solaris][AIX]

       Symantec Multiple Products: Execute arbitrary code/commands -

       Remote/unauthenticated 

Date:  10 December 2009

OS:    Solaris, Windows 2003, Red Hat Linux, Debian GNU/Linux, Ubuntu,
HP-UX,

       SUSE, Windows 2000, AIX, Other Linux Variants 

URL:   http://www.auscert.org.au/12092

 

Title: ESB-2009.1623 - [Linux][Ubuntu] grub2: Unauthorised access -

       Console/physical 

Date:  10 December 2009

OS:    Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux 

URL:   http://www.auscert.org.au/12091

 

Title: ESB-2009.1622 - [RedHat] JBoss Enterprise Application Platform:

       Multiple vulnerabilities 

Date:  10 December 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/12090

 

Title: ESB-2009.1621 - [Linux][RedHat] kvm: Denial of service - Existing

       account 

Date:  10 December 2009

OS:    Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux 

URL:   http://www.auscert.org.au/12089

 

Title: ESB-2009.1620 - [RedHat] flash-plugin: Multiple vulnerabilities 

Date:  10 December 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/12088

 

Title: ESB-2009.1619 - [HP-UX] sendmail: Denial of service -

       Remote/unauthenticated 

Date:  09 December 2009

OS:    HP-UX 

URL:   http://www.auscert.org.au/12085

 

Title: ESB-2009.1618 - [UNIX/Linux][RedHat] libtool: Execute arbitrary

       code/commands - Existing account 

Date:  09 December 2009

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian

       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,

       Other Linux Variants 

URL:   http://www.auscert.org.au/12084

 

Title: ESB-2009.1617 - [Win] Indeo Codec: Execute arbitrary code/commands -

       Remote with user interaction 

Date:  09 December 2009

OS:    Windows 2003, Windows XP, Windows 2000 

URL:   http://www.auscert.org.au/12083

 

Title: ESB-2009.1616 - [Win][RedHat][AIX][SUSE] java-1.5.0-ibm: Multiple

       vulnerabilities 

Date:  09 December 2009

OS:    Red Hat Linux, Windows 2003, Windows 7, Windows XP, SUSE, Windows
2000,

       AIX, Windows Vista, Windows Server 2008 

URL:   http://www.auscert.org.au/12082

 

Title: ESB-2009.1615 - ALERT [Win] Microsoft Project: Execute arbitrary

       code/commands - Remote with user interaction 

Date:  09 December 2009

OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,

       Windows Server 2008 

URL:   http://www.auscert.org.au/12078

 

Title: ESB-2009.1614 - [RedHat] ntp and ntpq: Multiple vulnerabilities 

Date:  09 December 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/12077

 

Title: ESB-2009.1613 - [UNIX/Linux][Debian] ntp: Denial of service -

       Remote/unauthenticated 

Date:  09 December 2009

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian

       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,

       FreeBSD, Other Linux Variants 

URL:   http://www.auscert.org.au/12075

 

Title: ESB-2009.1612 - [Win] WordPad and Office Text Converters: Execute

       arbitrary code/commands - Remote with user interaction 

Date:  09 December 2009

OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,

       Windows Server 2008 

URL:   http://www.auscert.org.au/12076

 

Title: ESB-2009.1611 - ALERT [Win] Internet Explorer: Execute arbitrary

       code/commands - Remote with user interaction 

Date:  08 December 2009

OS:    Windows 7, Windows Server 2008, Windows 2003, Windows 2000, Windows
XP 

URL:   http://www.auscert.org.au/12074

 

Title: ESB-2009.1610 - ALERT [Win] Internet Authentication Service: Multiple

       vulnerabilities 

Date:  09 December 2009

OS:    Windows XP, Windows 2000, Windows Vista, Windows Server 2008 

URL:   http://www.auscert.org.au/12073

 

Title: ESB-2009.1609 - [Win] Active Directory Federation Services (ADFS):

       Multiple vulnerabilities 

Date:  09 December 2009

OS:    Windows 2003, Windows Server 2008 

URL:   http://www.auscert.org.au/12072

 

Title: ESB-2009.1608 - [Win] Local Security Authority Subsystem Service

       (LSASS): Denial of service - Existing account 

Date:  09 December 2009

OS:    Windows 2003, Windows XP, Windows 2000 

URL:   http://www.auscert.org.au/12071

 

Title: ESB-2009.1607 - [Win][RedHat][HP-UX][Solaris] HP OpenView Data

       Protector Application Recovery Manager: Denial of service -

       Remote/unauthenticated 

Date:  08 December 2009

OS:    Solaris, Windows 2003, Red Hat Linux, HP-UX, Windows XP, Windows 2000


URL:   http://www.auscert.org.au/12070

 

Title: ESB-2009.1606 - [Debian] shibboleth: Cross-site scripting -

       Remote/unauthenticated 

Date:  08 December 2009

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/12069

 

Title: ESB-2009.1605 - [RedHat] java-1.4.2-ibm: Multiple vulnerabilities 

Date:  08 December 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/12068

 

Title: ESB-2009.1604 - [UNIX/Linux][RedHat] expat: Denial of service -
Remote

       with user interaction 

Date:  08 December 2009

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian

       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,

       Other Linux Variants 

URL:   http://www.auscert.org.au/12065

 

Title: ESB-2009.1603 - [RedHat] acpid: Increased privileges - Existing
account

Date:  08 December 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/12064

 

Title: ESB-2009.1602 - [OpenSolaris] python: Multiple vulnerabilities 

Date:  07 December 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/12063

 

Title: ESB-2009.1601 - [OpenSolaris] IP Kernel Module: Denial of service -

       Remote/unauthenticated 

Date:  07 December 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/12062

 

Title: ESB-2009.1600 - [UNIX/Linux][Debian] belpic: Unauthorised access -

       Remote/unauthenticated 

Date:  07 December 2009

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian

       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,

       FreeBSD, Other Linux Variants 

URL:   http://www.auscert.org.au/12061

 

 

 

===========================================================================

Australian Computer Emergency Response Team

The University of Queensland

Brisbane

Qld 4072

 

Internet Email: auscert at auscert.org.au

Facsimile:      (07) 3365 7031

Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)

                AusCERT personnel answer during Queensland business hours

                which are GMT+10:00 (AEST).

                On call after hours for member emergencies only.

===========================================================================

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20091211/5adddd76/attachment.html>


More information about the AusNOG mailing list