[AusNOG] AusCERT Week in Review - Week Ending 30/07/2010 (AUSCERT#20073f686)
Jonathan Levine
jonathan at auscert.org.au
Fri Jul 30 14:50:17 EST 2010
AusCERT Week in Review
30 July 2010
Web Log Entries:
- ----------------
Title: NoScript 2.0 is out
Date: 29 July 2010
URL: http://www.auscert.org.au/13125
Title: Malware variants are exploiting the Windows Shell vulnerability
Date: 28 July 2010
URL: http://www.auscert.org.au/13113
Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2010.0173.2 - UPDATE [Win][UNIX/Linux] OpenLDAP: Multiple
vulnerabilities
Date: 30 July 2010
URL: http://www.auscert.org.au/13081
Title: ASB-2010.0181.2 - UPDATE [Win][UNIX/Linux] Apache HTTPD: Multiple
vulnerabilities
Date: 29 July 2010
URL: http://www.auscert.org.au/13107
Title: ASB-2010.0182.2 - UPDATE [Win][Linux][Mac][OSX] Google Chrome:
Multiple
vulnerabilities
Date: 29 July 2010
URL: http://www.auscert.org.au/13115
Title: ASB-2010.0184 - [UNIX/Linux] GNOME Display Manager prior to 2.20.11:
Access confidential data - Existing account
Date: 29 July 2010
URL: http://www.auscert.org.au/13123
Title: ASB-2010.0183 - [Win] Lotus Notes: Multiple vulnerabilities
Date: 28 July 2010
URL: http://www.auscert.org.au/13116
Title: ASB-2010.0180 - [Win][UNIX/Linux] Firefox: Execute arbitrary
code/commands - Remote with user interaction
Date: 26 July 2010
URL: http://www.auscert.org.au/13104
External Security Bulletins:
- ----------------------------
Title: ESB-2010.0661 - [Debian] openldap: Multiple vulnerabilities
Date: 30 July 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13127
Title: ESB-2010.0660 - [RedHat] java-1.4.2-ibm: Multiple vulnerabilities
Date: 30 July 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/13126
Title: ESB-2010.0659 - [Win][RedHat][Solaris][AIX][SUSE] RSA Federated
Identity Manager: Provide misleading information - Remote with user
interaction
Date: 29 July 2010
OS: Solaris, Windows 2003, Red Hat Linux, SUSE, AIX
URL: http://www.auscert.org.au/13124
Title: ESB-2010.0658 - [Win][VMware ESX][Linux][Solaris][AIX] Symantec
Products: Multiple vulnerabilities
Date: 29 July 2010
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
GNU/Linux, Windows XP, Virtualisation, SUSE, Windows 2000, AIX,
Windows
Vista, Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13122
Title: ESB-2010.0657 - [Win][UNIX/Linux] Safari: Multiple vulnerabilities
Date: 29 July 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13121
Title: ESB-2010.0656 - [AIX] BIND: Provide misleading information -
Remote/unauthenticated
Date: 29 July 2010
OS: AIX
URL: http://www.auscert.org.au/13120
Title: ESB-2010.0655 - [Win][UNIX/Linux] Drupal Third-party modules:
Multiple
vulnerabilities
Date: 29 July 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13119
Title: ESB-2010.0654 - [UNIX/Linux][RedHat] lvm2-cluster: Multiple
vulnerabilities
Date: 29 July 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/13118
Title: ESB-2010.0653 - [Win] HP Insight Control: Access privileged data -
Existing account
Date: 29 July 2010
OS: Windows 2003, HP-UX, Windows XP, Windows 2000, Windows 7, Windows
Vista, Windows Server 2008
URL: http://www.auscert.org.au/13117
Title: ESB-2010.0652 - [UNIX/Linux][Ubuntu] Likewise Open: Reduced security
-
Existing account
Date: 28 July 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/13114
Title: ESB-2010.0651 - [Win][UNIX/Linux][Debian] gnupg2: Execute arbitrary
code/commands - Remote with user interaction
Date: 28 July 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13112
Title: ESB-2010.0650 - [Debian] xulrunner: Multiple vulnerabilities
Date: 28 July 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13111
Title: ESB-2010.0649 - [Win][UNIX/Linux][RedHat] w3m: Provide misleading
information - Remote/unauthenticated
Date: 28 July 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13110
Title: ESB-2010.0648 - [RedHat] JBoss Enterprise Application Platform:
Execute
arbitrary code/commands - Remote with user interaction
Date: 28 July 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/13109
Title: ESB-2010.0647.2 - UPDATE [Win][Linux][HP-UX][Solaris][AIX] IBM
FileNet
P8 Content Manager 4.5.0 and 4.5.1: Reduced security - Existing
account
Date: 29 July 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, AIX,
Windows
2000, SUSE, HP-UX, Windows XP, Ubuntu, Debian GNU/Linux, Windows 7,
Red
Hat Linux, Windows 2003, Solaris
URL: http://www.auscert.org.au/13108
Title: ESB-2010.0646 - [RedHat] seamonkey: Execute arbitrary code/commands -
Remote with user interaction
Date: 26 July 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/13106
Title: ESB-2010.0645 - [RedHat] firefox: Execute arbitrary code/commands -
Remote with user interaction
Date: 26 July 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/13105
Title: ESB-2010.0619.2 - UPDATE [HP-UX] rpc.ttdbserver: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 30 July 2010
OS: HP-UX
URL: http://www.auscert.org.au/13063
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list