[AusNOG] AusCERT Week in Review - Week Ending 09/04/2010 (AUSCERT#20073f686)

Patrick Mannion patrick at auscert.org.au
Fri Apr 9 15:22:15 EST 2010



Papers, Articles and other documents:
-------------------------------------
Title: AusCERT2010 ISP Workshop 
Date:  09 April 2010
URL:   http://www.auscert.org.au/12634


Web Log Entries:
----------------


Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2010.0059.2 - UPDATE [Linux] Linux Kernel 2.6: Denial of service -
       Remote/unauthenticated 
Date:  07 April 2010
URL:   http://www.auscert.org.au/12434

Title: ASB-2010.0098 - [Win][RedHat][AIX][SUSE] IBM WEBi: Multiple
       vulnerabilities 
Date:  07 April 2010
URL:   http://www.auscert.org.au/12630

Title: ASB-2010.0083.2 - UPDATE [Win] Google Chrome: Multiple vulnerabilities 
Date:  06 April 2010
URL:   http://www.auscert.org.au/12535

Title: ASB-2010.0093.2 - UPDATE [Win][UNIX/Linux] Firefox 3.5.8 and prior:
       Multiple vulnerabilities 
Date:  06 April 2010
URL:   http://www.auscert.org.au/12599

Title: ASB-2010.0095 - [Win][UNIX/Linux] Firefox 3.6.2 and prior : Execute
       arbitrary code/commands - Remote/unauthenticated 
Date:  06 April 2010
URL:   http://www.auscert.org.au/12616

Title: ASB-2010.0096 - [Win][SUSE] Novell ZENworks: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  06 April 2010
URL:   http://www.auscert.org.au/12619

Title: ASB-2010.0097 - [Win][Linux] Intel Active Management Technology (Intel
       AMT) Software Development Kit (SDK): Execute arbitrary code/commands -
       Remote/unauthenticated 
Date:  06 April 2010
URL:   http://www.auscert.org.au/12620


External Security Bulletins:
----------------------------
Title: ESB-2010.0334 - [Win][UNIX/Linux] Views (Drupal third-party module):
       Execute arbitrary code/commands - Remote/unauthenticated 
Date:  08 April 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/12633

Title: ESB-2010.0333 - [Win][UNIX/Linux] NextGEN Gallery Wordpress Plugin:
       Cross-site scripting - Remote/unauthenticated 
Date:  08 April 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12632

Title: ESB-2010.0332 - [SUSE][OpenSUSE] SUSE: Multiple vulnerabilities 
Date:  08 April 2010
OS:    Other Linux Variants, SUSE 
URL:   http://www.auscert.org.au/12631

Title: ESB-2010.0331 - [RedHat] krb5: Denial of service - Existing account 
Date:  07 April 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12629

Title: ESB-2010.0330 - [RedHat] kernel: Denial of service -
       Remote/unauthenticated 
Date:  07 April 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12628

Title: ESB-2010.0329.2 - UPDATE [Win] Virtual PC: Unauthorised access -
       Existing account 
Date:  07 April 2010
OS:    Windows Server 2008, Windows Vista, Windows 7, Windows 2000,
       Virtualisation, Windows XP, Windows 2003 
URL:   http://www.auscert.org.au/12627

Title: ESB-2010.0328 - [UNIX/Linux] kadmind: Denial of service - Existing
       account 
Date:  07 April 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/12626

Title: ESB-2010.0327 - [Win] Foxit Reader: Execute arbitrary code/commands -
       Remote/unauthenticated 
Date:  07 April 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/12625

Title: ESB-2010.0326 - [SUSE] openssl: Multiple vulnerabilities 
Date:  07 April 2010
OS:    SUSE 
URL:   http://www.auscert.org.au/12624

Title: ESB-2010.0325 - [Win] XOsoft: Multiple vulnerabilities 
Date:  07 April 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/12623

Title: ESB-2010.0324 - [UNIX/Linux][Debian] mahara: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  07 April 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/12622

Title: ESB-2010.0323 - [Netware] Novell Netware NWFTPD: Execute arbitrary
       code/commands - Existing account 
Date:  06 April 2010
OS:    Novell Netware 
URL:   http://www.auscert.org.au/12621

Title: ESB-2010.0322 - [Win][Linux][Solaris][AIX] WebSphere Application
       Server: Multiple vulnerabilities 
Date:  06 April 2010
OS:    Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
       GNU/Linux, Windows XP, SUSE, Windows 2000, AIX, Windows Vista, Windows
       Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/12618

Title: ESB-2010.0321 - [Appliance] Avaya: Execute arbitrary code/commands -
       Remote/unauthenticated 
Date:  06 April 2010
URL:   http://www.auscert.org.au/12617

Title: ESB-2010.0320 - [Win][UNIX/Linux] Shibboleth 2 IdP: Cross-site
       scripting - Remote/unauthenticated 
Date:  06 April 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/12615

Title: ESB-2010.0319 - [UNIX/Linux][Ubuntu] libnss-db: Increased privileges -
       Existing account 
Date:  06 April 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/12614

Title: ESB-2010.0318 - [UNIX/Linux][Debian] imlib2: Execute arbitrary
       code/commands - Existing account 
Date:  06 April 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/12613

Title: ESB-2010.0317 - [Debian] xpdf: Multiple vulnerabilities 
Date:  06 April 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12612

Title: ESB-2010.0316 - [Debian] xulrunner: Multiple vulnerabilities 
Date:  06 April 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12611

Title: ESB-2010.0315 - [Debian] netpbm-free: Execute arbitrary code/commands -
       Remote with user interaction 
Date:  06 April 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12610

Title: ESB-2010.0314 - [VMware ESX] VMWare: Multiple vulnerabilities 
Date:  06 April 2010
OS:    Virtualisation 
URL:   http://www.auscert.org.au/12609

Title: ESB-2010.0313.2 - UPDATE [Win][UNIX/Linux][RedHat] java-1.6.0-sun:
       Multiple vulnerabilities 
Date:  06 April 2010
OS:    Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD, AIX,
       OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
       Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
       2003, Solaris, HP Tru64 UNIX, IRIX 
URL:   http://www.auscert.org.au/12606

Title: ESB-2010.0312.2 - UPDATE [Win][UNIX/Linux] Drupal: Cross-site scripting
       - Remote/unauthenticated 
Date:  09 April 2010
OS:    Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD, AIX,
       OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
       Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
       2003, Solaris, HP Tru64 UNIX, IRIX 
URL:   http://www.auscert.org.au/12605

Title: ESB-2010.0283.2 - UPDATE [Win][Linux][HP-UX][Solaris][AIX] HP SOA
       Registry Foundation: Multiple vulnerabilities 
Date:  06 April 2010
OS:    Windows Server 2008, Other Linux Variants, Windows Vista, AIX, Windows
       2000, SUSE, HP-UX, Windows XP, Ubuntu, Debian GNU/Linux, Windows 7, Red
       Hat Linux, Windows 2003, Solaris 
URL:   http://www.auscert.org.au/12574



===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================






More information about the AusNOG mailing list