[AusNOG] AusCERT Week in Review - Week Ending 10/07/2009 (AUSCERT#20073f686)

Patrick Mannion patrick at auscert.org.au
Fri Jul 10 16:38:00 EST 2009


AusCERT Week in Review
10 July 2009

Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2009.1010 - [Win][Linux][HP-UX][AIX] IBM Websphere Application
       Server: Unauthorised access - Remote/unauthenticated 
Date:  10 July 2009
URL:   http://www.auscert.org.au/11282

Title: ASB-2009.1007 - [Win][Linux][AIX] IBM Websphere Application Server 6.1
       before 6.1.0.25: Reduced security - Remote/unauthenticated 
Date:  08 July 2009
URL:   http://www.auscert.org.au/11272

Title: ASB-2009.1008 - [Win][UNIX/Linux] Ruby on Rails: Unauthorised access -
       Remote/unauthenticated 
Date:  08 July 2009
URL:   http://www.auscert.org.au/11275

Title: ASB-2009.1009 - [UNIX/Linux] kvm: Denial of service - Existing account 
Date:  08 July 2009
URL:   http://www.auscert.org.au/11276

Title: ASB-2009.1004.3 - UPDATED ALERT [Win] Microsoft video streaming ActiveX
       control: Execute arbitrary code/commands - Remote/unauthenticated 
Date:  07 July 2009
URL:   http://www.auscert.org.au/11265

Title: ASB-2009.1005 - [Win][UNIX/Linux] FCKeditor: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  07 July 2009
URL:   http://www.auscert.org.au/11266

Title: ASB-2009.1006.2 - UPDATE [Win][UNIX/Linux] Tivoli Identity Manager:
       Execute arbitrary code/commands - Remote with user interaction 
Date:  07 July 2009
URL:   http://www.auscert.org.au/11270

Title: AA-2009.0058 -- [Win][UNIX/Linux] -- ModSecurity 2.5.9 Released 
Date:  06 July 2009
URL:   http://www.auscert.org.au/10643

Title: ASB-2009.1002 - [Win][UNIX/Linux] Joomla! 1.5.11 and prior: Multiple
       vulnerabilities 
Date:  06 July 2009
URL:   http://www.auscert.org.au/11258

Title: ASB-2009.1003 - [Cisco] Cisco Adaptive Security Appliances Firmware
       (ASA): Multiple vulnerabilities 
Date:  06 July 2009
URL:   http://www.auscert.org.au/11264


External Security Bulletins:
----------------------------
Title: ESB-2009.1037 - [OpenSolaris] OpenSolaris: Denial of service - Existing
       account 
Date:  10 July 2009
OS:    Solaris 
URL:   http://www.auscert.org.au/11283

Title: ESB-2009.1036 - [Win][UNIX/Linux][RedHat] httpd: Multiple
       vulnerabilities 
Date:  10 July 2009
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
       Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
       OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
       Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/11281

Title: ESB-2009.1035 - [Win][UNIX/Linux] WordPress: Multiple vulnerabilities 
Date:  09 July 2009
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
       Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
       OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
       Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/11280

Title: ESB-2009.1034 - [Win][Mac][OSX] Safari: Multiple vulnerabilities 
Date:  09 July 2009
OS:    Windows Vista, Mac OS X, Windows XP 
URL:   http://www.auscert.org.au/11279

Title: ESB-2009.1033 - [Win][UNIX/Linux] Nodequeue (third-party Drupal
       module): Read-only data access - Remote/unauthenticated 
Date:  09 July 2009
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
       Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
       OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
       Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/11278

Title: ESB-2009.1032 - [NetBSD] OpenSSL: Multiple vulnerabilities 
Date:  09 July 2009
OS:    Other BSD Variants 
URL:   http://www.auscert.org.au/11277

Title: ESB-2009.1031 - [Linux] Linux 2.6 kernel: Multiple vulnerabilities 
Date:  08 July 2009
OS:    Red Hat Linux, Other Linux Variants, Debian GNU/Linux, Ubuntu 
URL:   http://www.auscert.org.au/11274

Title: ESB-2009.1030 - [Win][UNIX/Linux][Debian] ocsinventory-agent: Execute
       arbitrary code/commands - Existing account 
Date:  08 July 2009
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
       Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
       OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
       Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/11273

Title: ESB-2009.1029 - [UNIX/Linux] Libtiff: Denial of service - Remote with
       user interaction 
Date:  07 July 2009
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, HP-UX, Other BSD Variants,
       OpenBSD, AIX, FreeBSD, Mac OS X, Other Linux Variants, Ubuntu, Debian
       GNU/Linux 
URL:   http://www.auscert.org.au/11271

Title: ESB-2009.1028 - Lightweight Availability Collection Tool: Modify
       Arbitrary Files - Existing Account 
Date:  07 July 2009
OS:    Solaris 
URL:   http://www.auscert.org.au/11269

Title: ESB-2009.1027 - [Win][UNIX/Linux][Debian] ipplan: Cross-site scripting
       - Remote with user interaction 
Date:  07 July 2009
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
       Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
       OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
       Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/11268

Title: ESB-2009.1026 - [RedHat] JBoss Enterprise Application Platform:
       Multiple vulnerabilities 
Date:  07 July 2009
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/11267

Title: ESB-2009.1025.2 - UPDATE [Debian] nagios2, nagios3: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  06 July 2009
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/11261

Title: ESB-2009.1024 - [UNIX/Linux][Debian] eggdrop: Multiple vulnerabilities 
Date:  06 July 2009
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, HP-UX, Other BSD Variants,
       OpenBSD, AIX, FreeBSD, Mac OS X, Other Linux Variants, Ubuntu, Debian
       GNU/Linux 
URL:   http://www.auscert.org.au/11260

Title: ESB-2009.1023 - [Win][Mac][OSX] Timbuktu Pro: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  06 July 2009
OS:    Windows Vista, Windows 2003, Mac OS X, Windows Server 2008, Windows XP,
       Windows 2000 
URL:   http://www.auscert.org.au/11259

Title: ESB-2009.1022 - [NetBSD] OpenSSH: Access privileged data -
       Remote/unauthenticated 
Date:  06 July 2009
OS:    Other BSD Variants 
URL:   http://www.auscert.org.au/11257

Title: ESB-2009.1020.2 - UPDATE [Solaris][OpenSolaris] Solaris Network File
       System Version 4 (NFSv4): Modify arbitrary files -
       Remote/unauthenticated 
Date:  06 July 2009
OS:    Solaris 
URL:   http://www.auscert.org.au/11254

Title: ESB-2009.1019.2 - UPDATE [Solaris][OpenSolaris] Solaris Kernel udp(7p):
       Denial of service - Remote/unauthenticated 
Date:  06 July 2009
OS:    Solaris 
URL:   http://www.auscert.org.au/11253

Title: ESB-2009.1008.2 - UPDATE [Win][UNIX/Linux] Drupal core: Multiple
       vulnerabilities 
Date:  10 July 2009
OS:    Other Linux Variants, Windows Server 2008, FreeBSD, Windows Vista, AIX,
       Windows 2000, OpenBSD, Other BSD Variants, Windows XP, HP-UX, Debian
       GNU/Linux, Ubuntu, Mac OS X, Windows 2003, Red Hat Linux, HP Tru64
       UNIX, Solaris, IRIX 
URL:   http://www.auscert.org.au/11242

Title: ESB-2009.0127 -- [Win][UNIX/Linux] -- HP Storage Essentials SRM, Remote
       Unauthorized Access 
Date:  07 July 2009
OS:    Windows Vista, AIX, HP-UX, Red Hat Linux, Windows XP, Other Linux
       Variants, Windows 2000, Windows 2003, IRIX, Debian GNU/Linux, Ubuntu,
       HP Tru64 UNIX, Solaris 
URL:   http://www.auscert.org.au/8751

Title: ESB-2009.0127 -- [Appliance] -- Certain HP Printers, and HP Digital
       Senders, Remote Unauthorized Access to Files 
Date:  06 July 2009
URL:   http://www.auscert.org.au/10470



===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================






More information about the AusNOG mailing list