[AusNOG] AusCERT Week in Review - Week Ending 20/02/2009 (AUSCERT#20073f686)

Fri Feb 20 16:08:20 EST 2009

Alerts, Advisories and Updates:

-------------------------------

Title: AA-2009.0019 -- [Win][UNIX/Linux] -- Multiple vulnerabilities
reported

       in Wireshark 

Date:  20 February 2009

URL:   http://www.auscert.org.au/10495

Title: AA-2009.0020 -- [Win] -- Access bypass vulnerability reported in
Trend

       Micro Interscan Web Security Suite 

Date:  20 February 2009

URL:   http://www.auscert.org.au/10496

Title: AA-2009.0034 -- [Linux] -- Linux Kernel 2.6.28.5 corrects a security

       vulnerability 

Date:  20 February 2009

URL:   http://www.auscert.org.au/10529

Title: AA-2009.0035 -- [Win][UNIX/Linux] -- Security vulnerability corrected

       in Ruby - Revision 22440 

Date:  20 February 2009

URL:   http://www.auscert.org.au/10530

Title: AA-2009.0031 -- [Win] -- Code execution vulnerability reported in

       FeedDemon 

Date:  19 February 2009

URL:   http://www.auscert.org.au/10523

Title: AA-2009.0032 -- [Win][UNIX/Linux] -- Security updates released for

       Symantec Veritas NetBackup 

Date:  19 February 2009

URL:   http://www.auscert.org.au/10524

Title: AA-2009.0033 -- [Win][UNIX/Linux] -- Security Updates released for

       UltraVNC and TightVnc 

Date:  19 February 2009

URL:   http://www.auscert.org.au/10525

Title: AA-2008.0211 -- [Win][Appliance] -- Vulnerabilities in multiple Avaya

       products 

Date:  18 February 2009

URL:   http://www.auscert.org.au/9959

Title: AL-2009.0013 -- [Win] -- MS09-003 - Vulnerabilities in Microsoft

       Exchange Could Allow Remote Code Execution 

Date:  18 February 2009

URL:   http://www.auscert.org.au/10478

Title: AA-2009.0025 -- [Win][UNIX/Linux] -- MySQL Community Server 5.0.77

       released 

Date:  18 February 2009

URL:   http://www.auscert.org.au/10515

Title: AU-2009.0009 -- AusCERT Update - [Win] - Updated - MS09-003 -

       Vulnerabilities in Microsoft Exchange Could Allow Remote Code
Execution

Date:  18 February 2009

URL:   http://www.auscert.org.au/10516

Title: AA-2009.0026 -- [Win][UNIX/Linux] -- Information disclosure

       vulnerability in IBM WebSphere Message Broker 

Date:  18 February 2009

URL:   http://www.auscert.org.au/10517

Title: AA-2009.0027 -- [Win][UNIX/Linux] -- Code execution vulnerability

       corrected in ffmpeg 

Date:  18 February 2009

URL:   http://www.auscert.org.au/10519

Title: AA-2009.0028 -- [UNIX/Linux] -- Patch released for libvirt to correct

       privilege escalation vulnerability 

Date:  18 February 2009

URL:   http://www.auscert.org.au/10520

Title: AA-2009.0029 -- [UNIX/Linux] -- A vulnerability identified in
evolution

       may allow for Man in the Middle (MITM) attacks 

Date:  18 February 2009

URL:   http://www.auscert.org.au/10521

Title: AA-2009.0030 -- [Linux] -- Local Denial of Service (DoS)
vulnerability

       corrected in the Linux Kernel 

Date:  18 February 2009

URL:   http://www.auscert.org.au/10522

Title: AA-2009.0023 -- [Win][UNIX/Linux] -- Security updates available for
IBM

       WebSphere Application Server 

Date:  17 February 2009

URL:   http://www.auscert.org.au/10513

Title: AA-2009.0024 -- [UNIX/Linux] -- ProFTPD 1.3.2 released 

Date:  17 February 2009

URL:   http://www.auscert.org.au/10514

Title: AA-2009.0021 -- [Win][UNIX/Linux] -- Multiple vulnerabilities
reported

       in Bugzilla 

Date:  16 February 2009

URL:   http://www.auscert.org.au/10503

Title: AA-2009.0022 -- [Win] -- Two remote code execution vulnerabilities in

       RealPlayer 11 

Date:  16 February 2009

URL:   http://www.auscert.org.au/10510

External Security Bulletins:

----------------------------

Title: ESB-2008.0445 -- [HP-UX] -- HP-UX running WBEM Services, Remote

       Execution of Arbitrary Code, Gain Extended Privileges 

Date:  16 February 2009

OS:    HP-UX 

URL:   http://www.auscert.org.au/9205

Title: ESB-2009.0161 -- [Solaris] -- The Name Service Caching Daemon

       (nscd(1M)) Does Not Cache Hosts for Cluster Nodes After Installing

       Patch 120011-14 (SPARC) or 120012-14 (x86) 

Date:  20 February 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10528

Title: ESB-2009.0160 -- [RedHat] -- Important: cups security update 

Date:  20 February 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10527

Title: ESB-2009.0159 -- [RedHat] -- Moderate: imap security update 

Date:  20 February 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10526

Title: ESB-2009.0158 -- [UNIX/Linux][Ubuntu] -- fglrx-installer
vulnerability 

Date:  18 February 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,

       HP-UX, AIX 

URL:   http://www.auscert.org.au/10518

Title: ESB-2009.0157 -- [FreeBSD] -- telnetd code execution vulnerability 

Date:  17 February 2009

OS:    FreeBSD 

URL:   http://www.auscert.org.au/10512

Title: ESB-2009.0156 -- [Win] -- GE Fanuc Proficy HMI/SCADA iFIX uses
insecure

       authentication techniques 

Date:  17 February 2009

OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista 

URL:   http://www.auscert.org.au/10511

Title: ESB-2009.0155 -- [HP-UX] -- HP-UX Running Apache Web Server Suite,

       Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution

       of Arbitrary Code, Cross-Site Request Forgery (CSRF) 

Date:  16 February 2009

OS:    HP-UX 

URL:   http://www.auscert.org.au/10509

Title: ESB-2009.0154 -- [Win][Linux][HP-UX][Solaris][AIX] -- A Security

       Vulnerability in the Sun Java System Server, Related to the Directory

       Proxy Server, May Lead to a Denial of Service (DoS) Condition 

Date:  20 February 2009

OS:    Windows Vista, AIX, HP-UX, Red Hat Linux, Server 2008, Windows XP,

       Other Linux Variants, Windows 2000, Windows 2003, Debian GNU/Linux,

       Ubuntu, Solaris 

URL:   http://www.auscert.org.au/10507

Title: ESB-2009.0153 -- [Solaris] -- A Security Vulnerability in the Solaris

       Kerberos PAM Module May Allow Use of a User Specified Kerberos

       Configuration File, Leading to Escalation of Privileges 

Date:  16 February 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10506

Title: ESB-2009.0152 -- [Win][UNIX/Linux][Debian] -- New websvn packages fix

       information leak 

Date:  16 February 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10505

Title: ESB-2009.0151 -- [Win][UNIX/Linux][Debian] -- New moodle packages fix

       several vulnerabilities 

Date:  16 February 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10504

Title: ESB-2009.0146 -- [AIX] -- AIX at information disclosure vulnerability

Date:  17 February 2009

OS:    AIX 

URL:   http://www.auscert.org.au/10497

Title: ESB-2009.0143 -- [Win][Linux][HP-UX][Solaris][AIX] -- A Security

       Vulnerability in Sun Java System Directory Server May Allow Specific

       Requests to Crash the Directory Server Causing a Denial of Service

       (DoS) 

Date:  18 February 2009

OS:    Windows Vista, AIX, HP-UX, Red Hat Linux, Server 2008, Windows XP,

       Other Linux Variants, Windows 2000, Windows 2003, Debian GNU/Linux,

       Ubuntu, Solaris 

URL:   http://www.auscert.org.au/10490

Title: ESB-2009.0127 -- [Appliance] -- Certain HP Printers, and HP Digital

       Senders, Remote Unauthorized Access to Files 

Date:  17 February 2009

URL:   http://www.auscert.org.au/10470

Title: ESB-2009.0127 -- [Win][UNIX/Linux] -- HP Storage Essentials SRM,
Remote

       Unauthorized Access 

Date:  16 February 2009

OS:    Windows Vista, AIX, HP-UX, Red Hat Linux, Windows XP, Other Linux

       Variants, Windows 2000, Windows 2003, IRIX, Debian GNU/Linux, Ubuntu,

       HP Tru64 UNIX, Solaris 

URL:   http://www.auscert.org.au/8751

Title: ESB-2009.0126 -- [Win][UNIX/Linux][HP-UX][Solaris] -- HP OpenView

       Network Node Manager (OV NNM), Remote Execution of Arbitrary Code 

Date:  18 February 2009

OS:    Windows Vista, HP-UX, Red Hat Linux, Server 2008, Windows XP, Other

       Linux Variants, Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu,

       Solaris 

URL:   http://www.auscert.org.au/10469

Title: ESB-2009.0110 -- [Solaris] -- Security Vulnerability in OpenSSL due
to

       Improper Usage of Signature 

Date:  20 February 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10444

Title: ESB-2009.0098 -- [Solaris] -- Security Vulnerability in Solaris BIND

       named(1M) due to Incorrect DNSSEC Signature Verification 

Date:  16 February 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10428

===========================================================================

Australian Computer Emergency Response Team

The University of Queensland

Brisbane

Qld 4072

Internet Email: auscert at auscert.org.au

Facsimile:      (07) 3365 7031

Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)

                AusCERT personnel answer during Queensland business hours

                which are GMT+10:00 (AEST).

                On call after hours for member emergencies only.

===========================================================================

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090220/c23adf65/attachment.html>