[AusNOG] AusCERT Week in Review - Week Ending 21/01/2011 (AUSCERT#20073f686)
Zane Jarvis
zane at auscert.org.au
Fri Jan 21 18:12:36 EST 2011
AusCERT Week in Review
21 January 2011
AusCERT in the Media:
- ---------------------
Papers, Articles and other documents:
- -------------------------------------
Web Log Entries:
- ----------------
Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2011.0007 - [Win][Linux][HP-UX][Solaris][AIX] IBM Websphere
Portal
6.0.1.1: Access confidential data - Remote with user interaction
Date: 21 January 2011
URL: http://www.auscert.org.au/13858
Title: ASB-2011.0006.3 - UPDATE [Linux][HP-UX][Solaris][AIX] IBM Tivoli
Access
Manager for eBusiness: Access confidential data -
Remote/unauthenticated
Date: 20 January 2011
URL: http://www.auscert.org.au/13849
Title: ASB-2011.0004.2 - UPDATE [Win][Linux][OSX] Google Chrome prior to
8.0.552.237: Multiple vulnerabilities
Date: 17 January 2011
URL: http://www.auscert.org.au/13825
External Security Bulletins:
- ----------------------------
Title: ESB-2011.0073 - [HP-UX] Kerberos: Increased privileges -
Remote/unauthenticated
Date: 21 January 2011
OS: HP-UX
URL: http://www.auscert.org.au/13861
Title: ESB-2011.0072 - [Win] Citrix Provisioning Services: Administrator
compromise - Remote/unauthenticated
Date: 21 January 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/13860
Title: ESB-2011.0071 - [Win][Solaris] Oracle Business Intelligence: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 21 January 2011
OS: Solaris, Windows 2003, Windows XP, Windows 2000, Windows 7, Windows
Vista, Windows Server 2008
URL: http://www.auscert.org.au/13859
Title: ESB-2011.0070 - [RedHat] java-1.5.0-ibm: Reduced security -
Unknown/unspecified
Date: 21 January 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13857
Title: ESB-2011.0069 - [Linux][RedHat] libuser: Unauthorised access -
Remote/unauthenticated
Date: 21 January 2011
OS: Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/13856
Title: ESB-2011.0068 - [Debian] dbus: Denial of service - Existing account
Date: 21 January 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13855
Title: ESB-2011.0067 - [Win][UNIX/Linux] Janrain Engage (Drupal third-party
module): Cross-site scripting - Remote with user interaction
Date: 20 January 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13854
Title: ESB-2011.0066 - [Linux][Ubuntu] FUSE and util-linux: Denial of
service
- Existing account
Date: 20 January 2011
OS: Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/13853
Title: ESB-2011.0065 - [Win][Linux][HP-UX][Solaris] HP OpenView Storage Data
Protector: Execute arbitrary code/commands - Remote/unauthenticated
Date: 20 January 2011
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13852
Title: ESB-2011.0064 - [Cisco] Cisco ASA 5500 series: Multiple
vulnerabilities
Date: 20 January 2011
OS: Cisco Products
URL: http://www.auscert.org.au/13851
Title: ESB-2011.0063 - [UNIX/Linux] libpng: Execute arbitrary code/commands
-
Remote with user interaction
Date: 19 January 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/13850
Title: ESB-2011.0062 - [Win][Linux][Solaris] Oracle Beehive: Execute
arbitrary
code/commands - Remote/unauthenticated
Date: 19 January 2011
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/13848
Title: ESB-2011.0061 - [Win][Linux][HP-UX][Solaris][AIX] Oracle GoldenGate
Veridata Server: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 19 January 2011
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
GNU/Linux, HP-UX, Windows XP, SUSE, Windows 2000, AIX, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13847
Title: ESB-2011.0060 - ALERT [Win][Linux][HP-UX][Solaris][AIX] Oracle
Database
11g: Execute arbitrary code/commands - Remote/unauthenticated
Date: 19 January 2011
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
GNU/Linux, HP-UX, Windows XP, SUSE, Windows 2000, AIX, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13846
Title: ESB-2011.0059 - [Linux][HP-UX][Solaris][AIX] Oracle Audit Vault:
Execute arbitrary code/commands - Remote/unauthenticated
Date: 19 January 2011
OS: Solaris, Red Hat Linux, HP-UX, SUSE, AIX, Other Linux Variants,
Debian
GNU/Linux, Ubuntu
URL: http://www.auscert.org.au/13845
Title: ESB-2011.0058 - [Linux] Oracle Real User Experience Insight: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 19 January 2011
OS: Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/13844
Title: ESB-2011.0057 - [UNIX/Linux][Ubuntu] D-Bus: Denial of service -
Existing account
Date: 19 January 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/13843
Title: ESB-2011.0056.2 - UPDATE [UNIX/Linux] Asterisk: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 21 January 2011
OS: Other Linux Variants, FreeBSD, AIX, OpenBSD, SUSE, Other BSD
Variants,
HP-UX, Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Solaris, HP
Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/13842
Title: ESB-2011.0055 - [Win][UNIX/Linux][Debian] tor: Execute arbitrary
code/commands - Remote with user interaction
Date: 19 January 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13841
Title: ESB-2011.0054 - [RedHat] mysql: Denial of service - Existing account
Date: 19 January 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13840
Title: ESB-2011.0053 - [Linux][RedHat] kernel: Denial of service -
Remote/unauthenticated
Date: 19 January 2011
OS: Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/13839
Title: ESB-2011.0052 - [RedHat] kernel: Multiple vulnerabilities
Date: 19 January 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13838
Title: ESB-2011.0051 - [Linux][RedHat] hplip: Execute arbitrary
code/commands
- Remote/unauthenticated
Date: 19 January 2011
OS: Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/13837
Title: ESB-2011.0050 - [RedHat] exim: Root compromise - Existing account
Date: 19 January 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13836
Title: ESB-2011.0049 - [RedHat] java-1.4.2-ibm: Multiple vulnerabilities
Date: 19 January 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13835
Title: ESB-2011.0048 - [SUSE] kernel: Multiple vulnerabilities
Date: 17 January 2011
OS: SUSE
URL: http://www.auscert.org.au/13834
Title: ESB-2011.0047 - ALERT [Appliance] Citrix Access Gateway: Root
compromise - Remote/unauthenticated
Date: 17 January 2011
URL: http://www.auscert.org.au/13833
Title: ESB-2011.0046 - [Debian] mysql-dfsg-5.0: Denial of service - Existing
account
Date: 17 January 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13832
Title: ESB-2011.0045 - [Linux][BSD][Debian][Solaris] pimd: Reduced security
-
Existing account
Date: 17 January 2011
OS: Solaris, Red Hat Linux, Other BSD Variants, SUSE, OpenBSD, FreeBSD,
Other Linux Variants, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/13831
Title: ESB-2011.0044 - [Win][UNIX/Linux][Debian] mydms: Read-only data
access
- Remote/unauthenticated
Date: 17 January 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13830
Title: ESB-2011.0043 - [Debian] libsmi: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 17 January 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13829
Title: ESB-2011.0042 - [Debian] wireshark: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 17 January 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13828
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list