[AusNOG] AusCERT Week in Review - Week Ending 15/01/2010 (AUSCERT#20073F686)

Matthew Braid mdb at auscert.org.au
Fri Jan 15 16:26:27 EST 2010


AusCERT Week in Review
15 January 2010

AusCERT in the Media:
---------------------

Papers, Articles and other documents:
-------------------------------------

Web Log Entries:
----------------

Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2010.0013 - [Win][UNIX/Linux] Multiple HTTP servers: Multiple
       vulnerabilities 
Date:  15 January 2010
URL:   http://www.auscert.org.au/12241

Title: ASB-2010.0014 - [Win][UNIX/Linux] Zend Framework: Multiple
       vulnerabilities 
Date:  15 January 2010
URL:   http://www.auscert.org.au/12242

Title: AL-2009.0043 -- [Win] -- HP DDMI: Inappropriate access 
Date:  14 January 2010
URL:   http://www.auscert.org.au/11103

Title: ASB-2010.0012 - [Win] Panda Products: Administrator compromise -
       Existing account 
Date:  13 January 2010
URL:   http://www.auscert.org.au/12218

Title: ASB-2010.0009 - [Win] Microsoft Windows: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  12 January 2010
URL:   http://www.auscert.org.au/12210

Title: ASB-2010.0010 - ALERT [Win][UNIX/Linux] Oracle: Unknown/unspecified -
       Remote/unauthenticated 
Date:  12 January 2010
URL:   http://www.auscert.org.au/12211

Title: ASB-2010.0011 - [Win][UNIX/Linux] IBM Lotus iNotes: Multiple
       vulnerabilities 
Date:  12 January 2010
URL:   http://www.auscert.org.au/12213

Title: ASB-2010.0006 - [Win][UNIX/Linux] Ruby: Execute arbitrary code/commands
       - Remote with user interaction 
Date:  11 January 2010
URL:   http://www.auscert.org.au/12207

Title: ASB-2010.0007 - [Win][Mac][OSX] Adobe Illustrator CS4 (14.0.0): Execute
       arbitrary code/commands - Remote with user interaction 
Date:  11 January 2010
URL:   http://www.auscert.org.au/12208

Title: ASB-2010.0008 - [Win][UNIX/Linux] Pidgin: Access confidential data -
       Remote/unauthenticated 
Date:  11 January 2010
URL:   http://www.auscert.org.au/12209

External Security Bulletins:
----------------------------
Title: ESB-2010.0047 - [Win][UNIX/Linux] Bibliography (third-party module):
       Cross-site scripting - Existing account 
Date:  15 January 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12243

Title: ESB-2010.0046 - [RedHat] pidgin: Access confidential data -
       Remote/unauthenticated 
Date:  15 January 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12240

Title: ESB-2010.0045 - [RedHat] IBM Java: Multiple vulnerabilities 
Date:  15 January 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12239

Title: ESB-2010.0044 - ALERT [Win] Microsoft: Execute arbitrary code/commands
       - Remote with user interaction 
Date:  15 January 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/12238

Title: ESB-2010.0043 - [Solaris] Solaris Kerberos Crypto Library: Execute
       arbitrary code/commands - Remote/unauthenticated 
Date:  14 January 2010
OS:    Solaris 
URL:   http://www.auscert.org.au/12237

Title: ESB-2010.0042 - [Linux][Ubuntu] network-manager-gnome: Unauthorised
       access - Remote/unauthenticated 
Date:  14 January 2010
OS:    Red Hat Linux, SUSE, Other Linux Variants, Ubuntu, Debian GNU/Linux 
URL:   http://www.auscert.org.au/12236

Title: ESB-2010.0041 - [SUSE][OpenSUSE] Multiple products: Multiple
       vulnerabilities 
Date:  14 January 2010
OS:    Other Linux Variants, SUSE 
URL:   http://www.auscert.org.au/12235

Title: ESB-2010.0040 - [Win][UNIX/Linux] Drupal: Cross-site scripting - Remote
       with user interaction 
Date:  14 January 2010
OS:    Ubuntu, Mac OS X, Windows 7, Windows 2003, Red Hat Linux, Solaris, HP
       Tru64 UNIX, IRIX, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12234

Title: ESB-2010.0039 - [AIX] OpenSSL: Unauthorised access -
       Remote/unauthenticated 
Date:  14 January 2010
OS:    AIX 
URL:   http://www.auscert.org.au/12233

Title: ESB-2010.0038 - [Linux][Mandriva] bash: Provide misleading information
       - Existing account 
Date:  14 January 2010
OS:    Debian GNU/Linux, Ubuntu, Other Linux Variants, SUSE, Red Hat Linux 
URL:   http://www.auscert.org.au/12232

Title: ESB-2010.0037 - [Win] HP Web Jetadmin: Unauthorised access -
       Remote/unauthenticated 
Date:  14 January 2010
OS:    Windows 2003, HP-UX, Windows XP, Windows 2000, Windows 7, Windows
       Vista, Windows Server 2008 
URL:   http://www.auscert.org.au/12230

Title: ESB-2010.0036 - [NetBSD] OpenSSL TLS: Unauthorised access -
       Remote/unauthenticated 
Date:  14 January 2010
OS:    Other BSD Variants 
URL:   http://www.auscert.org.au/12229

Title: ESB-2010.0035 - [NetBSD] VFS: Denial of service - Existing account 
Date:  14 January 2010
OS:    Other BSD Variants 
URL:   http://www.auscert.org.au/12228

Title: ESB-2010.0034 - [Win][UNIX/Linux][Debian] openssl: Denial of service -
       Remote/unauthenticated 
Date:  14 January 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12227

Title: ESB-2010.0033 - [RedHat] acroread: Execute arbitrary code/commands -
       Remote with user interaction 
Date:  14 January 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12226

Title: ESB-2010.0032 - [UNIX/Linux][RedHat] gcc and gcc4: Execute arbitrary
       code/commands - Existing account 
Date:  14 January 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/12225

Title: ESB-2010.0031 - [RedHat] php: Multiple vulnerabilities 
Date:  14 January 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12224

Title: ESB-2010.0030 - [SUSE] IBM Java: Multiple vulnerabilities 
Date:  14 January 2010
OS:    SUSE 
URL:   http://www.auscert.org.au/12223

Title: ESB-2010.0029.2 - UPDATE [Solaris] Solaris Trusted Extensions:
       Increased privileges - Existing account 
Date:  15 January 2010
OS:    Solaris 
URL:   http://www.auscert.org.au/12222

Title: ESB-2010.0028.2 - UPDATE [Win][UNIX/Linux] Sun Java System Identity
       Manager: Administrator compromise - Remote/unauthenticated 
Date:  15 January 2010
OS:    Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD, AIX,
       OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
       Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
       2003, Solaris, HP Tru64 UNIX, IRIX 
URL:   http://www.auscert.org.au/12221

Title: ESB-2010.0028 - [Win][UNIX/Linux] Sun Java System Identity Manager:
       Administrator compromise - Remote/unauthenticated 
Date:  13 January 2010
URL:   http://www.auscert.org.au/12231

Title: ESB-2010.0027 - ALERT [Win][UNIX/Linux] Adobe Reader and Acrobat:
       Multiple vulnerabilities 
Date:  13 January 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/12220

Title: ESB-2010.0026.3 - UPDATED ALERT [Win][UNIX/Linux] Oracle Products:
       Multiple vulnerabilities 
Date:  14 January 2010
OS:    Windows Server 2008, Other Linux Variants, Windows Vista, AIX, Windows
       2000, SUSE, HP-UX, Windows XP, Ubuntu, Debian GNU/Linux, Mac OS X,
       Windows 7, Red Hat Linux, Windows 2003, Solaris, HP Tru64 UNIX 
URL:   http://www.auscert.org.au/12219

Title: ESB-2010.0025 - [RedHat] krb5: Execute arbitrary code/commands -
       Remote/unauthenticated 
Date:  13 January 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12217

Title: ESB-2010.0024 - ALERT [Win] Embedded OpenType Font Engine: Execute
       arbitrary code/commands - Remote with user interaction 
Date:  13 January 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/12216

Title: ESB-2010.0023 - [Debian] krb5: Execute arbitrary code/commands -
       Remote/unauthenticated 
Date:  13 January 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12215

Title: ESB-2010.0022 - ALERT [UNIX/Linux] MIT Kerberos 5: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  13 January 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/12214

Title: ESB-2010.0021 - [UNIX/Linux][Mandriva] squidGuard: Multiple
       vulnerabilities 
Date:  12 January 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/12212

Title: ESB-2010.0020 - [Win][Linux][HP-UX][Solaris] Sun Microsystems: Provide
       misleading information - Remote/unauthenticated 
Date:  11 January 2010
OS:    Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
       Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista, Windows
       Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/12206

Title: ESB-2010.0019 - ALERT [Win][Netware][RedHat][SUSE] Novell iManager:
       Execute arbitrary code/commands - Remote/unauthenticated 
Date:  11 January 2010
OS:    Windows 2003, Windows XP, SUSE, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008, Novell Netware 
URL:   http://www.auscert.org.au/12205

Title: ESB-2010.0018 - [Debian] pdns-recursor: Multiple vulnerabilities 
Date:  11 January 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12204

Title: ESB-2010.0017 - ALERT [Juniper] CCIRC: Denial of service -
       Remote/unauthenticated 
Date:  11 January 2010
URL:   http://www.auscert.org.au/12203

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================



More information about the AusNOG mailing list