[AusNOG] AusCERT Week in Review - Week Ending 24/12/2009 (AUSCERT#20073f686)
Paul Fahey
paul at auscert.org.au
Thu Dec 24 13:51:25 EST 2009
AusCERT Week in Review
24 December 2009
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2009.1170 - [UNIX/Linux] XFS acl: Increased privileges - Existing
account
Date: 24 December 2009
URL: http://www.auscert.org.au/12169
Title: ASB-2009.1168 - [Win][Linux][Solaris] Hitachi Storage Command Suite:
Access privileged data - Remote with user interaction
Date: 23 December 2009
URL: http://www.auscert.org.au/12160
Title: ASB-2009.1169 - [Win][UNIX/Linux] Intel Trusted Execution Technology:
Increased privileges - Remote with user interaction
Date: 23 December 2009
URL: http://www.auscert.org.au/12161
Title: ASB-2009.1163.3 - UPDATE [Win][UNIX/Linux] Horde Application
Framework,
Horde Groupware, Horde Groupware Webmail Edition: Cross-site
scripting
- Remote with user interaction
Date: 22 December 2009
URL: http://www.auscert.org.au/12139
Title: ASB-2009.1165.3 - UPDATE [Win][UNIX/Linux] Wireshark prior to 1.2.5:
Denial of service - Remote/unauthenticated
Date: 22 December 2009
URL: http://www.auscert.org.au/12148
Title: ASB-2009.1167.3 - UPDATE [Appliance] Open Source SIM prior to version
2.1.5-4: Multiple vulnerabilities
Date: 22 December 2009
URL: http://www.auscert.org.au/12151
Title: ASB-2009.1164.2 - UPDATE [Win][Linux][HP-UX][Solaris][AIX] IBM
ClearQuest prior to 7.1.1.: Access privileged data - Remote with user
interaction
Date: 21 December 2009
URL: http://www.auscert.org.au/12141
Title: ASB-2009.1166 - [Win][Netware][Linux][Solaris][AIX] Novell eDirectory
8.8 SP5 prior to Patch2: Cross-site scripting - Remote with user
interaction
Date: 21 December 2009
URL: http://www.auscert.org.au/12150
External Security Bulletins:
----------------------------
Title: ESB-2009.1680 - [Win][UNIX/Linux] FAQ (Drupal third-party module):
Cross-site scripting - Existing account
Date: 24 December 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12168
Title: ESB-2009.1679 - [RedHat] java-1.6.0-ibm: Multiple vulnerabilities
Date: 24 December 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/12167
Title: ESB-2009.1678 - [RedHat] rhev-hypervisor: Denial of service -
Existing
account
Date: 24 December 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/12166
Title: ESB-2009.1677 - [Win][UNIX/Linux][Debian] unbound: Reduced security -
Remote/unauthenticated
Date: 24 December 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12165
Title: ESB-2009.1676 - [Debian] kvm: Denial of service - Existing account
Date: 24 December 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12163
Title: ESB-2009.1675 - [Debian] bind9: Provide misleading information -
Remote/unauthenticated
Date: 24 December 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12162
Title: ESB-2009.1674 - [UNIX/Linux][Mandriva] proftpd: Unauthorised access -
Remote/unauthenticated
Date: 23 December 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12159
Title: ESB-2009.1673 - [SUSE] kernel: Multiple vulnerabilities
Date: 23 December 2009
OS: SUSE
URL: http://www.auscert.org.au/12158
Title: ESB-2009.1672 - [SUSE][OpenSUSE] flash-player: Execute arbitrary
code/commands - Remote with user interaction
Date: 23 December 2009
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/12157
Title: ESB-2009.1671 - [SUSE][OpenSUSE] Mozilla Firefox: Multiple
vulnerabilities
Date: 23 December 2009
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/12156
Title: ESB-2009.1670 - [HP-UX] Apache: Modify arbitrary files - Remote with
user interaction
Date: 23 December 2009
OS: HP-UX
URL: http://www.auscert.org.au/12155
Title: ESB-2009.1669 - [UNIX/Linux][RedHat] condor: Unauthorised access -
Existing account
Date: 22 December 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12154
Title: ESB-2009.1668 - [UNIX/Linux][Mandriva] koffice: Multiple
vulnerabilities
Date: 22 December 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12153
Title: ESB-2009.1667 - [Win][Linux][HP-UX][AIX] IBM SDK for Java:
Unauthorised
access - Remote/unauthenticated
Date: 22 December 2009
OS: Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux, Ubuntu,
Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12152
Title: ESB-2009.1666 - [Win][UNIX/Linux] gtk2: Denial of service - Existing
account
Date: 21 December 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12149
Title: ESB-2009.1665 - [Win][UNIX/Linux] Adobe Flash Media Server 3.5.2 and
prior: Execute arbitrary code/commands - Remote with user interaction
Date: 21 December 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12147
Title: ESB-2009.1664 - [UNIX/Linux][Debian] acpid: Access privileged data -
Remote with user interaction
Date: 21 December 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/12146
Title: ESB-2009.1663 - [UNIX/Linux][Debian] ganeti: Execute arbitrary
code/commands - Existing account
Date: 21 December 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/12145
Title: ESB-2009.1662 - [Win] Citrix: Denial of service - Remote with user
interaction
Date: 18 December 2009
OS: Windows 2003, Windows XP, Virtualisation, Windows 2000, Windows 7,
Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/12142
Title: ESB-2009.1661 - [UNIX/Linux][Mandriva] ffmpeg: Denial of service -
Remote with user interaction
Date: 18 December 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12140
Title: ESB-2009.1656.2 - UPDATE [Win][UNIX/Linux] Drupal: Cross-site
scripting
- Existing account
Date: 22 December 2009
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
2003, Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/12131
Title: ESB-2009.1593.2 - UPDATE [FreeBSD] freebsd-update: Read-only data
access - Existing account
Date: 21 December 2009
OS: FreeBSD
URL: http://www.auscert.org.au/12053
Title: ESB-2009.1391.3 - UPDATE [Solaris][OpenSolaris] Thunderbird: Multiple
vulnerabilities
Date: 18 December 2009
OS: Solaris
URL: http://www.auscert.org.au/11778
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20091224/f7f0333c/attachment.html>
More information about the AusNOG
mailing list