[AusNOG] AusCERT Week in Review - Week Ending 26/02/2010 (AUSCERT#20073F686)
Jonathan Levine
jonathan at auscert.org.au
Fri Feb 26 16:09:44 EST 2010
AusCERT Week in Review
26 February 2010
Papers, Articles and other documents:
- -------------------------------------
Title: National Information Technology Alert Service and National IT
Incident
Reporting Scheme
Date: 24 February 2010
URL: http://www.auscert.org.au/12453
Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2010.0060 - [Appliance] Blue Coat SGOS 4, SGOS 5, Packetshaper
and
ProxyClient: Provide misleading information - Remote/unauthenticated
Date: 25 February 2010
URL: http://www.auscert.org.au/12450
Title: ASB-2010.0061.2 - UPDATE [Win][Linux][HP-UX][Solaris][AIX] IBM
Websphere Portal Portlet Palette: Cross-site scripting -
Remote/unauthenticated
Date: 25 February 2010
URL: http://www.auscert.org.au/12451
Title: ASB-2010.0062 - [Win][UNIX/Linux] ActivePerl: Denial of service -
Remote with user interaction
Date: 25 February 2010
URL: http://www.auscert.org.au/12452
Title: ASB-2010.0063 - [Win][UNIX/Linux] Typo3 4.2.11 and prior: Access
privileged data - Existing account
Date: 25 February 2010
URL: http://www.auscert.org.au/12454
Title: ASB-2010.0058 - [Win][UNIX/Linux] IBM Tivoli Identity Manager 5.1:
Multiple vulnerabilities
Date: 23 February 2010
URL: http://www.auscert.org.au/12433
Title: ASB-2010.0059 - [Linux] Linux Kernel 2.6: Denial of service -
Remote/unauthenticated
Date: 23 February 2010
URL: http://www.auscert.org.au/12434
External Security Bulletins:
- ----------------------------
Title: ESB-2010.0203 - [Win][Linux][HP-UX][Solaris][AIX] IBM Websphere
Portal
Server and Lotus Web Content Management: Cross-site scripting -
Remote
with user interaction
Date: 26 February 2010
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12458
Title: ESB-2010.0202.2 - UPDATE [Solaris] Sun Java System Directory Server:
Denial of service - Remote/unauthenticated
Date: 26 February 2010
OS: Solaris
URL: http://www.auscert.org.au/12457
Title: ESB-2010.0201 - [UNIX/Linux] KDE 4.4.0: Unauthorised access -
Console/physical
Date: 25 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12456
Title: ESB-2010.0200 - [Win][UNIX/Linux] iTweak Upload (Drupal third-party
module): Cross-site scripting - Existing account
Date: 25 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12455
Title: ESB-2010.0199 - [UNIX/Linux] cronie: Increased privileges - Remote
with
user interaction
Date: 25 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12449
Title: ESB-2010.0198 - [Appliance] Avaya CMS and Avaya IR: Multiple
vulnerabilities
Date: 25 February 2010
URL: http://www.auscert.org.au/12448
Title: ESB-2010.0197 - [Appliance] Avaya Multiple Products: Execute
arbitrary
code/commands - Remote with user interaction
Date: 25 February 2010
URL: http://www.auscert.org.au/12447
Title: ESB-2010.0196 - [Win][UNIX/Linux] Weekly Archive by Node Type (Drupal
third-party module): Unauthorised access - Remote/unauthenticated
Date: 25 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12446
Title: ESB-2010.0195 - [Win] Adobe Download Manager: Execute arbitrary
code/commands - Remote with user interaction
Date: 24 February 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12445
Title: ESB-2010.0194 - [Win][HP-UX][Solaris] CA eHealth Performance Manager:
Cross-site scripting - Remote with user interaction
Date: 24 February 2010
OS: Solaris, Windows 2003, HP-UX, Windows XP, Windows 2000, Windows 7,
Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/12443
Title: ESB-2010.0193 - [Win][Linux][Solaris] EMC HomeBase Server: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 24 February 2010
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/12442
Title: ESB-2010.0192 - [Win][RedHat] Symantec IM Manager: Cross-site
scripting
- Remote with user interaction
Date: 24 February 2010
OS: Windows 2003, Red Hat Linux, Windows XP, Windows 2000, Windows 7,
Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/12441
Title: ESB-2010.0191 - [Win][UNIX/Linux] Content Distribution (Drupal
third-party module): Modify arbitrary files - Remote with user
interaction
Date: 24 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12440
Title: ESB-2010.0190 - [Solaris][OpenSolaris] xntpd(1M): Denial of service -
Remote/unauthenticated
Date: 24 February 2010
OS: Solaris
URL: http://www.auscert.org.au/12439
Title: ESB-2010.0189 - [SUSE][OpenSUSE] Multiple products: Multiple
vulnerabilities
Date: 24 February 2010
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/12438
Title: ESB-2010.0188.2 - UPDATE [Win][UNIX/Linux] CA Service Desk:
Cross-site
scripting - Remote with user interaction
Date: 24 February 2010
OS: Windows 2000, OpenBSD, SUSE, Other BSD Variants, Windows XP, HP-UX,
Debian GNU/Linux, Ubuntu, Mac OS X, Windows 7, Windows 2003, Red Hat
Linux, Solaris, HP Tru64 UNIX, IRIX, AIX, FreeBSD, Windows Vista,
Other
Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12437
Title: ESB-2010.0187 - [RedHat] JBoss Enterprise Web Server: Multiple
vulnerabilities
Date: 24 February 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12436
Title: ESB-2010.0186 - [Debian] linux-2.6: Multiple vulnerabilities
Date: 23 February 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12435
Title: ESB-2010.0185 - [Win] Symantec AntiVirus and Client Security: Denial
of
service - Remote with user interaction
Date: 22 February 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12432
Title: ESB-2010.0184 - [Win] Symantec AntiVirus, Client Security and
Endpoint
Protection: Reduced security - Existing account
Date: 22 February 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12431
Title: ESB-2010.0183 - [Debian] polipo: Denial of service -
Remote/unauthenticated
Date: 22 February 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12430
Title: ESB-2010.0182 - [Debian] php5: Multiple vulnerabilities
Date: 22 February 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12429
Title: ESB-2010.0181 - [RedHat] rhev-hypervisor: Multiple vulnerabilities
Date: 22 February 2010
OS: Red Hat Linux, Virtualisation
URL: http://www.auscert.org.au/12428
Title: ESB-2010.0180.2 - UPDATE [UNIX/Linux] Asterisk: Modify arbitrary
files
- Remote with user interaction
Date: 24 February 2010
OS: Other Linux Variants, FreeBSD, AIX, OpenBSD, SUSE, Other BSD
Variants,
HP-UX, Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Solaris, HP
Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/12427
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list