[AusNOG] AusCERT Week in Review - Week Ending 2/7/2010 (AUSCERT#20073f686)

Matthew Braid mdb at auscert.org.au
Fri Jul 2 15:22:15 EST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

AusCERT Week in Review
02 July 2010

AusCERT in the Media:
- ---------------------

Papers, Articles and other documents:
- -------------------------------------

Web Log Entries:
- ----------------

Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2010.0157.2 - UPDATE [Win][UNIX/Linux] libpng: Multiple
       vulnerabilities 
Date:  01 July 2010
URL:   http://www.auscert.org.au/13001

Title: ASB-2010.0159 - [Win][UNIX/Linux] Shibboleth 1.3: Reduced security -
       Unknown/unspecified 
Date:  30 June 2010
URL:   http://www.auscert.org.au/13011

Title: ASB-2010.0160 - [Win][UNIX/Linux] MySQL 5.1.47 and prior: Denial of
       service - Existing account 
Date:  30 June 2010
URL:   http://www.auscert.org.au/13012

Title: ASB-2010.0158 - [VMware ESX] Trend Micro Interscan Web Security Virtual
       Appliance 5.0: Unauthorised access - Existing account 
Date:  29 June 2010
URL:   http://www.auscert.org.au/13008

Title: ASB-2010.0154 - [Win][UNIX/Linux] Firefox: Reduced security -
       Unknown/unspecified 
Date:  28 June 2010
URL:   http://www.auscert.org.au/12973

Title: ASB-2010.0155 - [Win][UNIX/Linux] DotNetNuke prior to 5.4.3: Access
       privileged data - Remote with user interaction 
Date:  28 June 2010
URL:   http://www.auscert.org.au/12988

Title: ASB-2010.0156 - [Win][Linux][Mac][OSX] Google Chrome: Multiple
       vulnerabilities 
Date:  28 June 2010
URL:   http://www.auscert.org.au/12994

External Security Bulletins:
- ----------------------------
Title: ESB-2010.0590 - [UNIX/Linux][SUSE][OpenSUSE] samba: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  02 July 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/13021

Title: ESB-2010.0589 - [SUSE] java-1_6_0-ibm: Multiple vulnerabilities 
Date:  02 July 2010
OS:    SUSE 
URL:   http://www.auscert.org.au/13020

Title: ESB-2010.0588 - [Win][UNIX/Linux][Debian] wireshark: Multiple
       vulnerabilities 
Date:  02 July 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13019

Title: ESB-2010.0587 - [RedHat] perl-Archive-Tar: Overwrite arbitrary files -
       Remote with user interaction 
Date:  02 July 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13018

Title: ESB-2010.0586 - [RedHat] kernel: Multiple vulnerabilities 
Date:  02 July 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13017

Title: ESB-2010.0585 - [RedHat] acroread: Multiple vulnerabilities 
Date:  01 July 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13014

Title: ESB-2010.0584 - [Win] Citrix XenServer: Denial of service - Remote with
       user interaction 
Date:  30 June 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/13013

Title: ESB-2010.0583 - [Win][UNIX/Linux] Adobe Reader and Adobe Acrobat:
       Multiple vulnerabilities 
Date:  30 June 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13010

Title: ESB-2010.0582 - [Win][Linux] F-Secure Policy Manager Server 8.00, 8.10
       and 8.11: Cross-site scripting - Remote with user interaction 
Date:  29 June 2010
OS:    Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux,
       Windows XP, SUSE, Windows 2000, Windows Vista, Windows Server 2008,
       Other Linux Variants 
URL:   http://www.auscert.org.au/13007

Title: ESB-2010.0581.2 - UPDATE [Win][Linux][HP-UX][Solaris][AIX] IBM FileNet
       P8: Administrator compromise - Remote/unauthenticated 
Date:  01 July 2010
OS:    Windows Server 2008, Other Linux Variants, Windows Vista, AIX, Windows
       2000, SUSE, HP-UX, Windows XP, Ubuntu, Debian GNU/Linux, Windows 7, Red
       Hat Linux, Windows 2003, Solaris 
URL:   http://www.auscert.org.au/12999

Title: ESB-2010.0580 - [Cisco] Cisco ASA prior to 8.1(2): Provide misleading
       information - Remote with user interaction 
Date:  29 June 2010
OS:    Cisco Products 
URL:   http://www.auscert.org.au/12998

Title: ESB-2010.0579 - [Win][UNIX/Linux] libTIFF: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  29 June 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12997

Title: ESB-2010.0578 - [Win] Atlassian JIRA prior to 4.1.2: Cross-site
       scripting - Remote with user interaction 
Date:  28 June 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/12995

Title: ESB-2010.0577 - [Appliance] Avaya Products: Denial of service -
       Remote/unauthenticated 
Date:  28 June 2010
URL:   http://www.auscert.org.au/12990

Title: ESB-2010.0576 - [Win][UNIX/Linux] Bugzilla: Multiple vulnerabilities 
Date:  28 June 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12986

Title: ESB-2010.0575 - [Win][UNIX/Linux] Views (Drupal third-party module):
       Administrator compromise - Existing account 
Date:  28 June 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12985

Title: ESB-2010.0574 - [Win] Symantec Appstream and Symantec Workspace
       Streaming: Create arbitrary files - Remote with user interaction 
Date:  28 June 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/12978

Title: ESB-2010.0573 - [Win][UNIX/Linux][Debian] kvirc: Multiple
       vulnerabilities 
Date:  28 June 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12975

Title: ESB-2010.0572 - [UNIX/Linux][Debian] xulrunner: Multiple
       vulnerabilities 
Date:  28 June 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/12974

Title: ESB-2010.0571 - [VMware ESX] VMware ESX 3.5: Multiple vulnerabilities 
Date:  28 June 2010
OS:    Virtualisation 
URL:   http://www.auscert.org.au/12972

Title: ESB-2010.0190.2 - UPDATE [Solaris][OpenSolaris] xntpd(1M): Denial of
       service - Remote/unauthenticated 
Date:  02 July 2010
OS:    Solaris 
URL:   http://www.auscert.org.au/12439

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFMLXeH/iFOrG6YcBERA1wIAKC6/6NMoea8p7KQx4e7hnAk3qcnrACg3UJ6
zqb3X8LqnHws4bx2BzbWUQE=
=7GjX
-----END PGP SIGNATURE-----



More information about the AusNOG mailing list