[AusNOG] AusCERT Week in Review - Week Ending 11/03/2011 (AUSCERT#20073F686)
Richard Billington
richard at auscert.org.au
Fri Mar 11 14:58:06 EST 2011
Greetings All,
A quick reminder that Early Bird registrations close on the 18th of April
2011 for AusCERT2011: The 10th Annual AusCERT Information Security
Conference, 15th-20th May 2011.
http://conference.auscert.org.au/conf2011/registration.html
Also - if you are a user of the AMPBE mail, please check your category
selection as we occasionally update this.
Have a great weekend, and we hope to see you there in May!
Regards,
The AusCERT Team
AusCERT Week in Review
11 March 2011
Alerts, Advisories and Updates:
- - -------------------------------
Title: ASB-2011.0021 - [Win][UNIX/Linux] Wireshark: Multiple vulnerabilities
Date: 10 March 2011
URL: http://www.auscert.org.au/14093
External Security Bulletins:
- - ----------------------------
Title: ESB-2010.1105.3 - UPDATE [VMware ESX] VMware ESX 3.5: Multiple
vulnerabilities
Date: 09 March 2011
OS: Virtualisation
URL: http://www.auscert.org.au/13685
Title: ESB-2011.0292 - [RedHat] openldap: Multiple vulnerabilities
Date: 11 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14101
Title: ESB-2011.0291 - [UNIX/Linux][RedHat] openldap: Increased privileges -
Remote/unauthenticated
Date: 11 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/14100
Title: ESB-2011.0290 - [RedHat] qemu-kvm: Unauthorised access -
Remote/unauthenticated
Date: 11 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14099
Title: ESB-2011.0289 - [RedHat] kernel-rt: Multiple vulnerabilities
Date: 11 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14098
Title: ESB-2011.0288 - [Debian] chromium-browser: Multiple vulnerabilities
Date: 11 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14097
Title: ESB-2011.0287 - [Debian] webkit: Multiple vulnerabilities
Date: 11 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14096
Title: ESB-2011.0286 - [Debian] icedove: Multiple vulnerabilities
Date: 11 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14095
Title: ESB-2011.0285 - [Debian] iceweasel: Multiple vulnerabilities
Date: 11 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14094
Title: ESB-2011.0284 - [UNIX/Linux][Debian] proftpd-dfsg: Denial of service -
Remote/unauthenticated
Date: 10 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/14092
Title: ESB-2011.0283 - [UNIX/Linux][RedHat] vsftpd: Denial of service -
Remote/unauthenticated
Date: 10 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/14091
Title: ESB-2011.0282 - [Win][UNIX/Linux][RedHat] tomcat5: Denial of service -
Remote/unauthenticated
Date: 10 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14090
Title: ESB-2011.0281 - [RedHat] tomcat6: Denial of service -
Remote/unauthenticated
Date: 10 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14089
Title: ESB-2011.0280 - [RedHat] JBoss Enterprise Portal Platform 4.3.CP06 and
5.1.0: Denial of service - Remote/unauthenticated
Date: 10 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14088
Title: ESB-2011.0279 - [RedHat] JBoss Enterprise SOA Platform 4.3.CP04 and
5.0.2: Denial of service - Remote/unauthenticated
Date: 10 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14087
Title: ESB-2011.0278 - [RedHat] scsi-target-utils: Denial of service -
Remote/unauthenticated
Date: 10 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14086
Title: ESB-2011.0277 - [Apple iOS] Apple TV: Multiple vulnerabilities
Date: 10 March 2011
OS: Apple iOS
URL: http://www.auscert.org.au/14085
Title: ESB-2011.0276 - [Apple iOS] Apple iOS: Multiple vulnerabilities
Date: 10 March 2011
OS: Apple iOS
URL: http://www.auscert.org.au/14084
Title: ESB-2011.0275 - [Win][Mac][OSX] Safari: Multiple vulnerabilities
Date: 10 March 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008, Mac OS X
URL: http://www.auscert.org.au/14083
Title: ESB-2011.0274 - [Mac][OSX] Java: Multiple vulnerabilities
Date: 09 March 2011
OS: Mac OS X
URL: http://www.auscert.org.au/14082
Title: ESB-2011.0273 - [Win][UNIX/Linux] STARTTLS: Provide misleading
information - Remote/unauthenticated
Date: 09 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14081
Title: ESB-2011.0272 - [Win][Linux][HP-UX][Solaris] HP OpenView Network Node
Manager: Denial of service - Remote/unauthenticated
Date: 09 March 2011
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14080
Title: ESB-2011.0271 - [SUSE] kernel: Multiple vulnerabilities
Date: 09 March 2011
OS: SUSE
URL: http://www.auscert.org.au/14079
Title: ESB-2011.0270 - [VMware ESX] VMware ESX and VMware ESXi: Multiple
vulnerabilities
Date: 09 March 2011
OS: Virtualisation
URL: http://www.auscert.org.au/14078
Title: ESB-2011.0269 - [NetBSD] kernel: Denial of service - Existing account
Date: 09 March 2011
OS: Other BSD Variants
URL: http://www.auscert.org.au/14077
Title: ESB-2011.0268 - [NetBSD] OpenSSL: Multiple vulnerabilities
Date: 09 March 2011
OS: Other BSD Variants
URL: http://www.auscert.org.au/14076
Title: ESB-2011.0267 - [Linux][RedHat] kernel: Denial of service -
Remote/unauthenticated
Date: 09 March 2011
OS: Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/14075
Title: ESB-2011.0266 - [RedHat] subversion: Denial of service -
Remote/unauthenticated
Date: 09 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14074
Title: ESB-2011.0265 - ALERT [Win] Windows Remote Desktop Client: Execute
arbitrary code/commands - Remote with user interaction
Date: 09 March 2011
OS: Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/14073
Title: ESB-2011.0264 - ALERT [Win] Microsoft Groove: Execute arbitrary
code/commands - Remote with user interaction
Date: 09 March 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/14072
Title: ESB-2011.0263 - ALERT [Win] Windows Media: Execute arbitrary
code/commands - Remote with user interaction
Date: 09 March 2011
OS: Windows 7, Windows Server 2008, Windows Vista, Windows XP
URL: http://www.auscert.org.au/14071
Title: ESB-2011.0262 - [SUSE][OpenSUSE] acroread: Execute arbitrary
code/commands - Remote with user interaction
Date: 08 March 2011
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/14070
Title: ESB-2011.0261 - [RedHat] logwatch: Root compromise - Existing account
Date: 08 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14069
Title: ESB-2011.0260 - [Win][Linux][HP-UX][Solaris][AIX] FileNet Content
Manager: Increased privileges - Remote/unauthenticated
Date: 07 March 2011
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14067
Title: ESB-2011.0259 - [Win][Linux][HP-UX][Solaris][AIX] CICS Transaction
Gateway: Denial of service - Remote/unauthenticated
Date: 07 March 2011
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14068
Title: ESB-2011.0258 - [Debian] isc-dhcp: Denial of service -
Remote/unauthenticated
Date: 07 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14066
Title: ESB-2011.0257 - [Debian] nbd: Execute arbitrary code/commands - Remote
with user interaction
Date: 07 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14065
Title: ESB-2011.0256 - [Debian] logwatch: Root compromise - Existing account
Date: 07 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14064
Title: ESB-2011.0255 - [Win][UNIX/Linux][Debian] subversion: Denial of service
- Remote/unauthenticated
Date: 07 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14063
Title: ESB-2011.0167.2 - UPDATE [VMware ESX] VMware ESX, ESXi, vCenter Server
and vCenter Update Manager: Multiple vulnerabilities
Date: 09 March 2011
OS: Virtualisation
URL: http://www.auscert.org.au/13966
Title: ESB-2011.0147.2 - UPDATE [Win][Linux] HP Power Manager (HPPM):
Cross-site request forgery - Remote with user interaction
Date: 11 March 2011
OS: Windows Server 2008, Other Linux Variants, Windows Vista, Windows 2000,
SUSE, Windows XP, HP-UX, Ubuntu, Debian GNU/Linux, Windows 7, Red Hat
Linux, Windows 2003
URL: http://www.auscert.org.au/13942
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list