[AusNOG] AusCERT Week in Review - Week Ending 27/11/2009 (AUSCERT#20073f686)

Paul Fahey paul at auscert.org.au
Fri Nov 27 16:38:56 EST 2009


Alerts, Advisories and Updates:

-------------------------------

Title: ASB-2009.1143 - [OpenBSD] OpenSSL: Unauthorised access -

       Remote/unauthenticated 

Date:  27 November 2009

URL:   http://www.auscert.org.au/12018

 

Title: ASB-2009.1144 - [Win][Linux][HP-UX][Solaris][AIX] IBM DB2 9.7:

       Increased privileges - Existing account 

Date:  27 November 2009

URL:   http://www.auscert.org.au/12019

 

Title: ASB-2009.1145 - [Appliance] Ingate Firewall and SIParator: Multiple

       vulnerabilities 

Date:  27 November 2009

URL:   http://www.auscert.org.au/12020

 

Title: ASB-2009.1138.2 - UPDATE [UNIX/Linux] Dovecot: Unauthorised access -

       Existing account 

Date:  25 November 2009

URL:   http://www.auscert.org.au/11994

 

Title: ASB-2009.1141.2 - UPDATE [Win][UNIX/Linux] Opera: Multiple

       vulnerabilities 

Date:  25 November 2009

URL:   http://www.auscert.org.au/12002

 

Title: ASB-2009.1142 - [Win][UNIX/Linux] WP-Cumulus (WordPress Plugin):

       Cross-site scripting - Remote/unauthenticated 

Date:  25 November 2009

URL:   http://www.auscert.org.au/12009

 

Title: ASB-2009.1136.2 - UPDATE [Win][UNIX/Linux] PHP 5.3.1: Multiple

       vulnerabilities 

Date:  24 November 2009

URL:   http://www.auscert.org.au/11987

 

Title: ASB-2009.1139.2 - UPDATE [Win][Linux] IBM Rational Software Architect
:

       Cross-site scripting - Remote/unauthenticated 

Date:  24 November 2009

URL:   http://www.auscert.org.au/11995

 

Title: ASB-2009.1134.2 - UPDATE [UNIX/Linux] libexif: Denial of service -

       Remote with user interaction 

Date:  23 November 2009

URL:   http://www.auscert.org.au/11961

 

Title: ASB-2009.1137 - [Win][UNIX/Linux] MySQL Community Server: Provide

       misleading information - Remote/unauthenticated 

Date:  23 November 2009

URL:   http://www.auscert.org.au/11993

 

Title: ASB-2009.1140 - [UNIX/Linux] PEAR Mail: Execute arbitrary
code/commands

       - Remote/unauthenticated 

Date:  23 November 2009

URL:   http://www.auscert.org.au/11996

 

 

External Security Bulletins:

----------------------------

Title: ESB-2009.1571 - [Win] Symantec: Execute arbitrary code/commands -

       Remote with user interaction 

Date:  26 November 2009

OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,

       Windows Server 2008 

URL:   http://www.auscert.org.au/12017

 

Title: ESB-2009.1570 - [Solaris][OpenSolaris] LDAP client configuration
cache

       daemon: Denial of service - Existing account 

Date:  26 November 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/12016

 

Title: ESB-2009.1569 - [Solaris][OpenSolaris] BIND: Provide misleading

       information - Remote/unauthenticated 

Date:  26 November 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/12015

 

Title: ESB-2009.1568 - [HP-UX] OpenSSL: Unauthorised access -

       Remote/unauthenticated 

Date:  26 November 2009

OS:    HP-UX 

URL:   http://www.auscert.org.au/12014

 

Title: ESB-2009.1567 - [Debian] php5: Multiple vulnerabilities 

Date:  26 November 2009

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/12013

 

Title: ESB-2009.1566 - [Debian] poppler: Multiple vulnerabilities 

Date:  26 November 2009

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/12012

 

Title: ESB-2009.1565 - [UNIX/Linux][RedHat] kdelibs: Execute arbitrary

       code/commands - Remote with user interaction 

Date:  25 November 2009

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian

       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,

       Other Linux Variants 

URL:   http://www.auscert.org.au/12007

 

Title: ESB-2009.1564.2 - UPDATE [Solaris][OpenSolaris] Solaris sshd: Denial
of

       service - Remote/unauthenticated 

Date:  27 November 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/12006

 

Title: ESB-2009.1563 - [Debian] libvorbis: Multiple vulnerabilities 

Date:  25 November 2009

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/12005

 

Title: ESB-2009.1562 - [UNIX/Linux][SUSE][OpenSUSE] SUSE packages: Multiple

       vulnerabilities 

Date:  25 November 2009

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian

       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,

       Other Linux Variants 

URL:   http://www.auscert.org.au/12004

 

Title: ESB-2009.1561 - [Win][UNIX/Linux] BIND: Provide misleading
information

       - Remote/unauthenticated 

Date:  25 November 2009

OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,

       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD

       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,

       Windows Server 2008, Other Linux Variants 

URL:   http://www.auscert.org.au/12003

 

Title: ESB-2009.1560 - [Win][OSX] Autodesk Maya: Execute arbitrary

       code/commands - Remote with user interaction 

Date:  24 November 2009

OS:    Windows XP, Windows Vista, Mac OS X 

URL:   http://www.auscert.org.au/12001

 

Title: ESB-2009.1559 - [Win] Autodesk 3DS Max: Execute arbitrary
code/commands

       - Remote with user interaction 

Date:  24 November 2009

OS:    Windows Vista, Windows XP 

URL:   http://www.auscert.org.au/12000

 

Title: ESB-2009.1558 - [Win][Linux] Autodesk SoftImage: Execute arbitrary

       code/commands - Remote with user interaction 

Date:  24 November 2009

OS:    Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux,

       Windows XP, SUSE, Windows 2000, Windows Vista, Windows Server 2008,

       Other Linux Variants 

URL:   http://www.auscert.org.au/11999

 

Title: ESB-2009.1557 - ALERT [Win] Internet Explorer: Execute arbitrary

       code/commands - Remote with user interaction 

Date:  23 November 2009

OS:    Windows Server 2008, Windows Vista, Windows 2003, Windows 2000,
Windows

       XP 

URL:   http://www.auscert.org.au/11998

 

Title: ESB-2009.1556 - [Debian] php-mail: Execute arbitrary code/commands -

       Remote/unauthenticated 

Date:  24 November 2009

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/11997

 

Title: ESB-2009.1555 - [Solaris][OpenSolaris] Transport Layer Security and

       Secure Sockets Layer 3.0: Unauthorised access -
Remote/unauthenticated 

Date:  23 November 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/11992

 

Title: ESB-2009.1554 - [Win] HP Operations Manager: Unauthorised access -

       Remote/unauthenticated 

Date:  23 November 2009

OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,

       Windows Server 2008 

URL:   http://www.auscert.org.au/11991

 

Title: ESB-2009.1553 - [Win][VMware ESX][Linux] VMware vCenter, ESX, vMA:

       Multiple vulnerabilities 

Date:  23 November 2009

OS:    Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux,

       Windows XP, Virtualisation, SUSE, Windows 2000, Windows Vista,
Windows

       Server 2008, Other Linux Variants 

URL:   http://www.auscert.org.au/11990

 

Title: ESB-2009.1552 - [UNIX/Linux][Debian] gforge: Cross-site scripting -

       Remote/unauthenticated 

Date:  23 November 2009

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian

       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,

       FreeBSD, Other Linux Variants 

URL:   http://www.auscert.org.au/11989

 

Title: ESB-2009.1548.2 - UPDATE [Win][UNIX/Linux] Drupal: Multiple

       vulnerabilities 

Date:  24 November 2009

OS:    Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,

       OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,

       Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows

       2003, Solaris, HP Tru64 UNIX, IRIX 

URL:   http://www.auscert.org.au/11982

 

Title: ESB-2009.1522.2 - UPDATE [Win][UNIX/Linux] Drupal: Multiple

       vulnerabilities 

Date:  23 November 2009

OS:    Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,

       OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,

       Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows

       2003, Solaris, HP Tru64 UNIX, IRIX 

URL:   http://www.auscert.org.au/11944

 

Title: ESB-2009.1430.2 - UPDATE [VMware ESX] VMware ESX: Multiple

       vulnerabilities 

Date:  23 November 2009

OS:    Virtualisation 

URL:   http://www.auscert.org.au/11820

 

Title: ESB-2009.0696 -- [Win][Netware][Linux] -- HP Data Protector Express:

       Execute Arbitrary Code 

Date:  25 November 2009

OS:    Novell Netware, Red Hat Linux, Windows XP, Other Linux Variants,

       Windows 2000, Windows 2003 

URL:   http://www.auscert.org.au/10989

 

Title: ESB-2009.0583 -- [UNIX/Linux][Debian] -- gforge: Cross-site Scripting


Date:  25 November 2009

OS:    AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,

       OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64

       UNIX, Solaris 

URL:   http://www.auscert.org.au/11167

 

Title: ESB-2009.0167 -- [Win][VMware ESX][Linux] -- VirtualCenter Update 4
and

       ESX patch update Tomcat to version 5.5.27 

Date:  23 November 2009

OS:    Windows Vista, Red Hat Linux, Windows Server 2008, Virtualisation,

       Windows XP, Other Linux Variants, Windows 2000, Windows 2003, Debian

       GNU/Linux, Ubuntu 

URL:   http://www.auscert.org.au/10543

 

 

 

===========================================================================

Australian Computer Emergency Response Team

The University of Queensland

Brisbane

Qld 4072

 

Internet Email: auscert at auscert.org.au

Facsimile:      (07) 3365 7031

Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)

                AusCERT personnel answer during Queensland business hours

                which are GMT+10:00 (AEST).

                On call after hours for member emergencies only.

===========================================================================

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20091127/88a61461/attachment.html>


More information about the AusNOG mailing list