[AusNOG] AusCERT Week in Review - Week Ending 24/12/2010 (AUSCERT#20073f686)

Jonathan Levine jonathan at auscert.org.au
Fri Dec 24 14:25:43 EST 2010 

AusCERT Week in Review
24 December 2010

Papers, Articles and other documents:
- -------------------------------------
Title: AusCERT incident response metrics
Date:  22 December 2010
URL:   http://www.auscert.org.au/13760

Web Log Entries:
- ----------------
Title: Something to think about... 
Date:  23 December 2010
URL:   http://www.auscert.org.au/13769

Title: Update to ASB-2010.0254
Date:  21 December 2010
URL:   http://www.auscert.org.au/13759

Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2010.0253.2 - UPDATE [Win][Linux][Mac][OSX] Google Chrome prior
to
       8.0.552.224: Multiple vulnerabilities
Date:  22 December 2010
URL:   http://www.auscert.org.au/13753

Title: ASB-2010.0254 - ALERT [Win] Not applicable: Execute arbitrary
       code/commands - Remote with user interaction
Date:  21 December 2010
URL:   http://www.auscert.org.au/13757

Title: ASB-2010.0252 - [Win][UNIX/Linux] Opera prior to version 11: Provide
       misleading information - Remote with user interaction
Date:  20 December 2010
URL:   http://www.auscert.org.au/13752

External Security Bulletins:
- ----------------------------
Title: ESB-2010.1179 - [SUSE][OpenSUSE] SUSE: Multiple vulnerabilities
Date:  24 December 2010
OS:    Other Linux Variants, SUSE 
URL:   http://www.auscert.org.au/13772

Title: ESB-2010.1178 - [Win][UNIX/Linux] Image (Drupal third-party module):
       Cross-site scripting - Remote with user interaction
Date:  24 December 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13771

Title: ESB-2010.1177 - [Win] Microsoft WMI Administrative Tools: Execute
       arbitrary code/commands - Remote with user interaction
Date:  24 December 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/13770

Title: ESB-2010.1176 - ALERT [Win] Microsoft Internet Explorer: Execute
       arbitrary code/commands - Remote with user interaction
Date:  23 December 2010
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL:   http://www.auscert.org.au/13768

Title: ESB-2010.1175 - [Win][UNIX/Linux] oEmbed (Drupal third-party module):
       Unauthorised access - Remote/unauthenticated
Date:  23 December 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13767

Title: ESB-2010.1174.2 - UPDATE [Win] Microsoft IIS 7.5.7600.16385 and
prior:
       Execute arbitrary code/commands - Remote/unauthenticated
Date:  24 December 2010
OS:    Windows Server 2008, Windows Vista, Windows 7, Windows 2000, Windows
       XP, Windows 2003 
URL:   http://www.auscert.org.au/13766

Title: ESB-2010.1173 - [VMware ESX] VMware ESXi 4.1 Update Installer:
       Unauthorised access - Remote/unauthenticated
Date:  22 December 2010
OS:    Virtualisation 
URL:   http://www.auscert.org.au/13765

Title: ESB-2010.1172 - [UNIX/Linux][RedHat] git: Cross-site scripting -
Remote
       with user interaction
Date:  22 December 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/13764

Title: ESB-2010.1171 - [RedHat] mod_auth_mysql: Modify arbitrary files -
       Remote/unauthenticated
Date:  22 December 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13763

Title: ESB-2010.1170 - [Win][UNIX/Linux][Debian] tor: Execute arbitrary
       code/commands - Remote/unauthenticated
Date:  22 December 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13762

Title: ESB-2010.1169 - [Debian] xpdf: Execute arbitrary code/commands -
Remote
       with user interaction
Date:  22 December 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/13761

Title: ESB-2010.1168.2 - UPDATE [Win][Linux] HP StorageWorks Storage
       Mirroring: Execute arbitrary code/commands - Remote/unauthenticated
Date:  24 December 2010
OS:    Windows Server 2008, Other Linux Variants, Windows Vista, Windows
2000,
       SUSE, Windows XP, Ubuntu, Debian GNU/Linux, Windows 7, Red Hat Linux,
       Windows 2003 
URL:   http://www.auscert.org.au/13758

Title: ESB-2010.1167 - [RedHat] bind: Denial of service -
       Remote/unauthenticated
Date:  21 December 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13756

Title: ESB-2010.1166 - [RedHat] libvpx: Execute arbitrary code/commands -
       Remote with user interaction
Date:  21 December 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13754

Title: ESB-2010.1165 - [RedHat] kvm: Access privileged data - Existing
account
Date:  21 December 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13755

Title: ESB-2010.1164 - [SUSE] java-1_4_2-ibm and IBMJava2-JRE: Multiple
       vulnerabilities
Date:  20 December 2010
OS:    SUSE 
URL:   http://www.auscert.org.au/13751

Title: ESB-2010.1163 - [Debian] Upcoming changes to Debian advisory format
Date:  20 December 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/13750

Title: ESB-2010.1161.2 - UPDATE [Win][UNIX/Linux] Drupal third-party
modules:
       Cross-site request forgery - Remote with user interaction
Date:  24 December 2010
OS:    Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,
       OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
       Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
       2003, Solaris, HP Tru64 UNIX, IRIX 
URL:   http://www.auscert.org.au/13747

===========================================================================
Australian Computer Emergency Response Team The University of Queensland
Brisbane Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

More information about the AusNOG mailing list