[AusNOG] AusCERT Week in Review - Week Ending 16/04/2010 (AUSCERT#20073f686)
Jonathan Levine
jonathan at auscert.org.au
Fri Apr 16 15:01:41 EST 2010
AusCERT Week in Review
16 April 2010
Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2010.0104 - [Win][RedHat][Solaris] Helix Server and Helix Mobile
Server: Execute arbitrary code/commands - Remote/unauthenticated
Date: 16 April 2010
URL: http://www.auscert.org.au/12681
Title: ASB-2010.0102 - [OpenBSD] OpenSSL: Denial of service -
Remote/unauthenticated
Date: 15 April 2010
URL: http://www.auscert.org.au/12674
Title: ASB-2010.0103 - [Win][UNIX/Linux] Atlassian JIRA: Multiple
vulnerabilities
Date: 15 April 2010
URL: http://www.auscert.org.au/12675
Title: ASB-2010.0101 - [Linux][AIX] IBM Director Agent: Increased privileges
-
Existing account
Date: 15 April 2010
URL: http://www.auscert.org.au/12673
Title: ASB-2010.0100.2 - UPDATED ALERT [Win][UNIX/Linux][Solaris] Oracle:
Unknown/unspecified - Remote/unauthenticated
Date: 14 April 2010
URL: http://www.auscert.org.au/12641
Title: ASB-2010.0088.2 - UPDATE [Win] Opera: Execute arbitrary code/commands
-
Remote with user interaction
Date: 13 April 2010
URL: http://www.auscert.org.au/12547
Title: ASB-2010.0099 - ALERT [Win] Microsoft Bulletin Notification - April
Pre-release Announcement: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 13 April 2010
URL: http://www.auscert.org.au/12640
External Security Bulletins:
- ----------------------------
Title: ESB-2010.0374 - [Win] Sun JRE Java Deployment Toolkit: Execute
arbitrary code/commands - Remote with user interaction
Date: 16 April 2010
OS: Windows 2003, Windows 7, Windows XP, Windows 2000, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12680
Title: ESB-2010.0373 - [Win][UNIX/Linux][Ubuntu] irssi: Multiple
vulnerabilities
Date: 16 April 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12679
Title: ESB-2010.0372 - [Linux][Solaris] Sun Java System Communications
Express
6.3: Reduced security - Unknown/unspecified
Date: 16 April 2010
OS: Solaris, Red Hat Linux, SUSE, Other Linux Variants, Ubuntu, Debian
GNU/Linux
URL: http://www.auscert.org.au/12678
Title: ESB-2010.0371 - [Win][Linux][HP-UX][Solaris][OpenSolaris][AIX] Sun
Java
System Directory Server: Reduced security - Remote/unauthenticated
Date: 16 April 2010
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, HP-UX, Windows XP, SUSE, Windows 2000, AIX, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12677
Title: ESB-2010.0370 - [Win][UNIX/Linux][Debian] ejabberd: Denial of service
-
Existing account
Date: 16 April 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12676
Title: ESB-2010.0369 - [SUSE][OpenSUSE] SUSE: Multiple vulnerabilities
Date: 15 April 2010
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/12672
Title: ESB-2010.0368 - [SUSE][OpenSUSE] Mozilla Firefox, Mozilla
Thunderbird,
seamonkey, mozilla-nss: Multiple vulnerabilities
Date: 15 April 2010
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/12671
Title: ESB-2010.0367 - [Win] Cisco Secure Desktop: Execute arbitrary
code/commands - Remote with user interaction
Date: 15 April 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12670
Title: ESB-2010.0366 - [Mac][OSX] Apple: Execute arbitrary code/commands -
Remote with user interaction
Date: 15 April 2010
OS: Mac OS X
URL: http://www.auscert.org.au/12669
Title: ESB-2010.0365 - [RedHat] acroread: Multiple vulnerabilities
Date: 15 April 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12668
Title: ESB-2010.0364 - [UNIX/Linux][RedHat] kdebase: Increased privileges -
Console/physical
Date: 15 April 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12667
Title: ESB-2010.0363 - [Linux][Solaris] Sun Convergence: Reduced security -
Remote/unauthenticated
Date: 14 April 2010
OS: Solaris, Red Hat Linux, SUSE, Other Linux Variants, Ubuntu, Debian
GNU/Linux
URL: http://www.auscert.org.au/12666
Title: ESB-2010.0362 - [Solaris] Oracle E-Business Suite of Sun Cluster:
Reduced security - Existing account
Date: 14 April 2010
OS: Solaris
URL: http://www.auscert.org.au/12665
Title: ESB-2010.0361 - [Solaris][OpenSolaris] Solaris & OpenSolaris: Denial
of
service - Existing account
Date: 14 April 2010
OS: Solaris
URL: http://www.auscert.org.au/12664
Title: ESB-2010.0360 - [Linux][Solaris] Sun Convergence: Reduced security -
Remote/unauthenticated
Date: 14 April 2010
OS: Solaris, Red Hat Linux, SUSE, Other Linux Variants, Ubuntu, Debian
GNU/Linux
URL: http://www.auscert.org.au/12663
Title: ESB-2010.0359 - [Linux][Solaris] Sun Ray Server: Reduced security -
Remote/unauthenticated
Date: 14 April 2010
OS: Solaris, Red Hat Linux, SUSE, Other Linux Variants, Ubuntu, Debian
GNU/Linux
URL: http://www.auscert.org.au/12662
Title: ESB-2010.0358 - [Win][Linux][HP-UX][Solaris] Sun Microsystems:
Execute
arbitrary code/commands - Remote/unauthenticated
Date: 14 April 2010
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12661
Title: ESB-2010.0357 - [Win][Linux][HP-UX][Solaris] Sun Java System Access
Manager: Reduced security - Remote/unauthenticated
Date: 14 April 2010
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
GNU/Linux, HP-UX, Windows XP, SUSE, Windows 2000, Windows Vista,
Other
Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12660
Title: ESB-2010.0356 - [Solaris][OpenSolaris] Trusted Extensions: Reduced
security - Existing account
Date: 14 April 2010
OS: Solaris
URL: http://www.auscert.org.au/12659
Title: ESB-2010.0355 - [Solaris] Sun Management Center: Reduced security -
Remote/unauthenticated
Date: 14 April 2010
OS: Solaris
URL: http://www.auscert.org.au/12658
Title: ESB-2010.0354 - [Solaris][OpenSolaris] kernel: Reduced security -
Existing account
Date: 14 April 2010
OS: Solaris
URL: http://www.auscert.org.au/12657
Title: ESB-2010.0353 - [RedHat] nss_db: Access privileged data - Existing
account
Date: 14 April 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12656
Title: ESB-2010.0352 - [HP-UX] OpenSSL: Multiple vulnerabilities
Date: 14 April 2010
OS: HP-UX
URL: http://www.auscert.org.au/12655
Title: ESB-2010.0351 - [Win][UNIX/Linux] Adobe Reader and Acrobat: Multiple
vulnerabilities
Date: 14 April 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12654
Title: ESB-2010.0350 - [Win] Windows ISATAP: Provide misleading information
-
Remote/unauthenticated
Date: 14 April 2010
OS: Windows Vista, Windows 2003, Windows XP, Windows Server 2008
URL: http://www.auscert.org.au/12653
Title: ESB-2010.0349 - [Win] Microsoft Visio: Execute arbitrary
code/commands
- Remote with user interaction
Date: 14 April 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12652
Title: ESB-2010.0348 - ALERT [Win] Windows Media Player: Execute arbitrary
code/commands - Remote with user interaction
Date: 14 April 2010
OS: Windows XP, Windows 2000
URL: http://www.auscert.org.au/12651
Title: ESB-2010.0347 - ALERT [Win] Microsoft MPEG Layer-3 Codec: Execute
arbitrary code/commands - Remote with user interaction
Date: 14 April 2010
OS: Windows 2003, Windows XP, Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/12650
Title: ESB-2010.0346 - ALERT [Win] Windows Media Services: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 14 April 2010
OS: Windows 2000
URL: http://www.auscert.org.au/12649
Title: ESB-2010.0345 - [Win] Microsoft Exchange and Windows SMTP Service:
Multiple vulnerabilities
Date: 14 April 2010
OS: Windows 2003, Windows XP, Windows Server 2008, Windows 2000
URL: http://www.auscert.org.au/12648
Title: ESB-2010.0344 - [Win] Microsoft Office Publisher: Execute arbitrary
code/commands - Remote with user interaction
Date: 14 April 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12647
Title: ESB-2010.0343 - [Win] VBScript Scripting Engine: Execute arbitrary
code/commands - Remote with user interaction
Date: 14 April 2010
OS: Windows 2003, Windows XP, Windows 2000
URL: http://www.auscert.org.au/12646
Title: ESB-2010.0342 - [Win] Windows Kernel: Multiple vulnerabilities
Date: 14 April 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12645
Title: ESB-2010.0341 - ALERT [Win] SMB Client: Multiple vulnerabilities
Date: 14 April 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12644
Title: ESB-2010.0340 - ALERT [Win] Windows Authenticode Verification:
Execute
arbitrary code/commands - Remote/unauthenticated
Date: 14 April 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12643
Title: ESB-2010.0339 - [Debian] krb5: Denial of service -
Remote/unauthenticated
Date: 13 April 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12642
Title: ESB-2010.0338.2 - UPDATE [Win][VMware ESX][Linux][Mac][OSX] VMWare:
Multiple vulnerabilities
Date: 13 April 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, Windows
2000,
SUSE, Virtualisation, Windows XP, Ubuntu, Debian GNU/Linux, Mac OS X,
Windows 7, Red Hat Linux, Windows 2003
URL: http://www.auscert.org.au/12639
Title: ESB-2010.0337 - [Win][UNIX/Linux][Ubuntu] libclamav6: Denial of
service
- Remote/unauthenticated
Date: 12 April 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12638
Title: ESB-2010.0336 - [Debian] krb5: Denial of service - Existing account
Date: 12 April 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12637
Title: ESB-2010.0335 - [Debian] libpng: Multiple vulnerabilities
Date: 12 April 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12636
Title: ESB-2009.0127 -- [Appliance] -- Certain HP Printers, and HP Digital
Senders, Remote Unauthorized Access to Files
Date: 14 April 2010
URL: http://www.auscert.org.au/10470
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list