[AusNOG] AusCERT Week in Review - Week Ending 13/11/2009 (AUSCERT#20073f686)
Paul Fahey
paul at auscert.org.au
Fri Nov 13 18:07:53 EST 2009
AusCERT Week in Review
13 November 2009
Papers, Articles and other documents:
-------------------------------------
Title: The risks borne by one are shared by all - web site compromises
Date: 11 November 2009
URL: http://www.auscert.org.au/11941
Title: Apple Safari 4.0.4 is out
Date: 11 November 2009
URL: http://www.auscert.org.au/11946
Title: Microsoft patches for November
Date: 10 November 2009
URL: http://www.auscert.org.au/11935
Title: Apple OS X updates
Date: 09 November 2009
URL: http://www.auscert.org.au/11924
Web Log Entries:
----------------
Title: SMB 0day vulnerability made public
Date: 12 November 2009
URL: http://www.auscert.org.au/11954
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2009.1126.2 - UPDATE [Win] Google Chrome: Multiple
vulnerabilities
Date: 13 November 2009
URL: http://www.auscert.org.au/11911
Title: ASB-2009.1130.2 - UPDATE [Appliance] IBM BladeCenter Advanced
Management Module: Reduced security - Existing account
Date: 13 November 2009
URL: http://www.auscert.org.au/11945
Title: ASB-2009.1132 - [Win][UNIX/Linux] WordPress: Execute arbitrary
code/commands - Existing account
Date: 13 November 2009
URL: http://www.auscert.org.au/11951
Title: ASB-2009.1133 - [Appliance] McAfee Intrushield NSM: Multiple
vulnerabilities
Date: 13 November 2009
URL: http://www.auscert.org.au/11953
Title: ASB-2009.1131 - [Win][OSX] Citrix Online Plug-in and Citrix Receiver:
Provide misleading information - Remote/unauthenticated
Date: 12 November 2009
URL: http://www.auscert.org.au/11947
Title: ASB-2009.1129 - [Win][OSX] Microsoft Bulletin Notification - November
Pre-release Announcement
Date: 10 November 2009
URL: http://www.auscert.org.au/11920
Title: ASB-2009.1121.2 - UPDATE [Win][Linux][Solaris] Sun Java: Multiple
vulnerabilities
Date: 09 November 2009
URL: http://www.auscert.org.au/11881
Title: ASB-2009.1125.2 - UPDATED ALERT [Win][UNIX/Linux] OpenSSL:
Unauthorised
access - Remote/unauthenticated
Date: 09 November 2009
URL: http://www.auscert.org.au/11909
Title: ASB-2009.1127 - [OpenBSD] OpenBSD kernel: Denial of service -
Existing
account
Date: 09 November 2009
URL: http://www.auscert.org.au/11912
Title: ASB-2009.1128 - [Appliance] Citrix Network Appliances: Denial of
service - Remote/unauthenticated
Date: 09 November 2009
URL: http://www.auscert.org.au/11913
External Security Bulletins:
----------------------------
Title: ESB-2009.1526 - [SUSE] kernel: Multiple vulnerabilities
Date: 13 November 2009
OS: SUSE
URL: http://www.auscert.org.au/11952
Title: ESB-2009.1525 - [Win][UNIX/Linux][Ubuntu] OpenLDAP: Provide
misleading
information - Remote/unauthenticated
Date: 13 November 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/11950
Title: ESB-2009.1524 - [Ubuntu] Firefox and Xulrunner: Denial of service -
Remote/unauthenticated
Date: 13 November 2009
OS: Ubuntu
URL: http://www.auscert.org.au/11949
Title: ESB-2009.1523 - [RedHat] java-1.6.0-ibm: Multiple vulnerabilities
Date: 13 November 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11948
Title: ESB-2009.1522 - [Win][UNIX/Linux] Drupal Third Party Modules:
Multiple
Vulnerabilities
Date: 12 November 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/11944
Title: ESB-2009.1521 - [Solaris][OpenSolaris] pidgin: Denial of service -
Remote/unauthenticated
Date: 12 November 2009
OS: Solaris
URL: http://www.auscert.org.au/11943
Title: ESB-2009.1520 - [OpenSolaris] Common Unix Printing System (CUPS):
Cross-site scripting - Remote/unauthenticated
Date: 12 November 2009
OS: Solaris
URL: http://www.auscert.org.au/11942
Title: ESB-2009.1519 - [OpenSolaris] OpenSolaris: Denial of service -
Existing
account
Date: 12 November 2009
OS: Solaris
URL: http://www.auscert.org.au/11940
Title: ESB-2009.1518 - [SUSE] kernel: Multiple vulnerabilities
Date: 12 November 2009
OS: SUSE
URL: http://www.auscert.org.au/11939
Title: ESB-2009.1517 - [HP NonStop] HP NonStop Server: Unauthorised access -
Remote/unauthenticated
Date: 12 November 2009
OS: HP-UX
URL: http://www.auscert.org.au/11938
Title: ESB-2009.1516 - [Win][OSX] Safari: Multiple vulnerabilities
Date: 12 November 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Mac
OS X, Windows Server 2008
URL: http://www.auscert.org.au/11937
Title: ESB-2009.1515 - [RedHat] httpd: Multiple vulnerabilities
Date: 12 November 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11936
Title: ESB-2009.1514 - [UNIX/Linux][Ubuntu] libqt4-webkit: Multiple
vulnerabilities
Date: 11 November 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/11934
Title: ESB-2009.1513 - [SUSE][OpenSUSE] SUSE: Multiple vulnerabilities
Date: 11 November 2009
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/11933
Title: ESB-2009.1512 - [Win][UNIX/Linux][RedHat] 4Suite: Denial of service -
Remote with user interaction
Date: 11 November 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD Variants,
SUSE,
Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD, Windows Server
2008, Other Linux Variants
URL: http://www.auscert.org.au/11932
Title: ESB-2009.1511 - [RedHat] java-1.5.0-sun: Multiple vulnerabilities
Date: 11 November 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11931
Title: ESB-2009.1510 - [Win][OSX] Microsoft Office Word : Execute arbitrary
code/commands - Remote with user interaction
Date: 11 November 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows Vista, Mac OS X,
Windows Server 2008
URL: http://www.auscert.org.au/11930
Title: ESB-2009.1509 - [Win][OSX] Microsoft Office Excel: Execute arbitrary
code/commands - Remote with user interaction
Date: 11 November 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows Vista, Mac OS X,
Windows Server 2008
URL: http://www.auscert.org.au/11929
Title: ESB-2009.1508 - [Win] Active Directory : Denial of service -
Remote/unauthenticated
Date: 11 November 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows Server 2008
URL: http://www.auscert.org.au/11928
Title: ESB-2009.1507 - [Win] Windows Kernel-Mode Drivers: Multiple
vulnerabilities
Date: 11 November 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/11927
Title: ESB-2009.1506 - ALERT [Win] License Logging Server: Administrator
compromise - Remote/unauthenticated
Date: 11 November 2009
OS: Windows 2000
URL: http://www.auscert.org.au/11926
Title: ESB-2009.1505 - ALERT [Win] Web Services on Devices API:
Administrator
compromise - Remote/unauthenticated
Date: 11 November 2009
OS: Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/11925
Title: ESB-2009.1504 - [Win] Apache Tomcat: Reduced security - Existing
account
Date: 10 November 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/11923
Title: ESB-2009.1503 - [HP-UX] Java: Multiple vulnerabilities
Date: 10 November 2009
OS: HP-UX
URL: http://www.auscert.org.au/11922
Title: ESB-2009.1502 - [UNIX/Linux][Debian] cups: Cross-site scripting -
Remote/unauthenticated
Date: 10 November 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/11921
Title: ESB-2009.1501 - [Cisco] Cisco: Multiple Vulnerabilities
Date: 10 November 2009
OS: Cisco Products
URL: http://www.auscert.org.au/11919
Title: ESB-2009.1500 - [OSX] Mac OS X: Multiple vulnerabilities
Date: 10 November 2009
OS: Mac OS X
URL: http://www.auscert.org.au/11918
Title: ESB-2009.1499 - [RedHat] tomcat: Multiple vulnerabilities
Date: 10 November 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11917
Title: ESB-2009.1498 - [Win][UNIX/Linux][RedHat] libvorbis: Execute
arbitrary
code/commands - Remote with user interaction
Date: 10 November 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
SUSE,
OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11916
Title: ESB-2009.1497 - [RedHat] java-1.6.0-sun: Multiple vulnerabilities
Date: 10 November 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11915
Title: ESB-2009.1496 - [RedHat] Red Hat Enterprise Linux 3: Reduced security
-
Existing account
Date: 10 November 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11914
Title: ESB-2009.1495 - [Solaris][OpenSolaris] mod_perl2: Multiple
vulnerabilities
Date: 09 November 2009
OS: Solaris
URL: http://www.auscert.org.au/11910
Title: ESB-2009.1494 - [Debian] pidgin: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 09 November 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11908
Title: ESB-2009.1493 - [Win][UNIX/Linux][Debian] nspr: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 09 November 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD Variants,
SUSE,
OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11907
Title: ESB-2009.1492 - [Debian] drupal6: Multiple vulnerabilities
Date: 09 November 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11906
Title: ESB-2009.1489.2 - UPDATE [OpenSolaris] OpenSolaris: Denial of service
-
Existing account
Date: 09 November 2009
OS: Solaris
URL: http://www.auscert.org.au/11901
Title: ESB-2009.1487.2 - UPDATE [UNIX/Linux] Asterisk: Multiple
vulnerabilities
Date: 11 November 2009
OS: Other Linux Variants, FreeBSD, AIX, OpenBSD, SUSE, Other BSD
Variants,
HP-UX, Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Solaris, HP
Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/11899
Title: ESB-2009.1482.2 - UPDATE [Win][UNIX/Linux] Drupal: Multiple
vulnerabilities
Date: 10 November 2009
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Windows 2003,
Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/11892
Title: ESB-2009.1481.2 - UPDATE [AIX] PowerHA Cluster Management: Modify
arbitrary files - Remote/unauthenticated
Date: 09 November 2009
OS: AIX
URL: http://www.auscert.org.au/11891
Title: ESB-2009.1478.2 - UPDATE [Solaris] Sun Virtual Desktop
Infrastructure:
Unauthorised access - Existing account
Date: 10 November 2009
OS: Solaris
URL: http://www.auscert.org.au/11888
Title: ESB-2009.1469.3 - UPDATE [Win][Netware][Linux][Solaris][AIX] Novell
eDirectory: Denial of service - Remote/unauthenticated
Date: 13 November 2009
OS: Other Linux Variants, Windows Server 2008, Windows Vista, AIX,
Windows
2000, SUSE, Windows XP, Ubuntu, Debian GNU/Linux, Novell Netware, Red
Hat Linux, Windows 2003, Solaris
URL: http://www.auscert.org.au/11875
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20091113/89ac7f67/attachment.html>
More information about the AusNOG
mailing list