[AusNOG] AusCERT Week in Review - Week Ending (11/11/2011) (AUSCERT#20073f686)
Jonathan Levine
jonathan at auscert.org.au
Fri Nov 11 17:12:56 EST 2011
AusCERT Week in Review
11 November 2011
Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2011.0100 - [Win][UNIX/Linux] Mozilla Firefox and Mozilla
Thunderbird: Multiple vulnerabilities
Date: 09 November 2011
URL: http://www.auscert.org.au/15072
Title: ASB-2011.0098.2 - UPDATE ALERT [Win] NJStar Software: Execute
arbitrary
code/commands - Remote/unauthenticated
Date: 08 November 2011
URL: http://www.auscert.org.au/15039
Title: ASB-2011.0099 - [Win][UNIX/Linux] Wireshark: Denial of service -
Remote
with user interaction
Date: 07 November 2011
URL: http://www.auscert.org.au/15051
External Security Bulletins:
- ----------------------------
Title: ESB-2011.1144 - [Win] Symantec Backup Exec System Recovery, System
Recovery, Norton 360 and Norton Ghost: Denial of service - Existing
account
Date: 11 November 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/15090
Title: ESB-2011.1143 - [Win][UNIX/Linux] phpMyAdmin: Read-only data access -
Existing account
Date: 11 November 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15089
Title: ESB-2011.1142 - [Win][Mobile] Microsoft Windows: Provide misleading
information - Remote with user interaction
Date: 11 November 2011
OS: Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/15088
Title: ESB-2011.1141 - [Win][Linux][HP-UX][Solaris] HP Network Node Manager
i:
Cross-site scripting - Remote with user interaction
Date: 11 November 2011
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/15087
Title: ESB-2011.1140 - [Appliance] Time Capsule and Airport Base Station:
Execute arbitrary code/commands - Remote/unauthenticated
Date: 11 November 2011
URL: http://www.auscert.org.au/15086
Title: ESB-2011.1139 - [Apple iOS] iOS: Multiple vulnerabilities
Date: 11 November 2011
OS: Apple iOS
URL: http://www.auscert.org.au/15085
Title: ESB-2011.1138 - ALERT [Appliance] CitectSCADA and Mitsubishi MX4
SCADA:
Execute arbitrary code/commands - Existing account
Date: 10 November 2011
URL: http://www.auscert.org.au/15084
Title: ESB-2011.1137 - [Appliance] Dell KACE K2000 Appliance: Administrator
compromise - Remote/unauthenticated
Date: 10 November 2011
URL: http://www.auscert.org.au/15083
Title: ESB-2011.1136 - [Win] Novell Zenworks: Execute arbitrary
code/commands
- Remote with user interaction
Date: 10 November 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/15082
Title: ESB-2011.1135 - [Win][UNIX/Linux] Drupal third-party modules: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 10 November 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15081
Title: ESB-2011.1134 - [RedHat] nss: Reduced security - Remote with user
interaction
Date: 10 November 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/15080
Title: ESB-2011.1133 - [Win][Linux] HP Integrated Lights-Out: Multiple
vulnerabilities
Date: 10 November 2011
OS: Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux, Ubuntu,
HP-UX, Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/15079
Title: ESB-2011.1132 - [Debian] openssl: Reduced security - Remote with user
interaction
Date: 10 November 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/15078
Title: ESB-2011.1131 - [Debian] iceweasel and iceape: Multiple
vulnerabilities
Date: 10 November 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/15077
Title: ESB-2011.1130 - [Cisco] Cisco TelePresence devices: Root compromise -
Remote/unauthenticated
Date: 10 November 2011
OS: Cisco Products
URL: http://www.auscert.org.au/15076
Title: ESB-2011.1129 - [Win][UNIX/Linux] Apache Tomcat: Increased privileges
-
Existing account
Date: 09 November 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15075
Title: ESB-2011.1128 - [RedHat] firefox, thunderbird, seamonkey,
icedtea-web:
Multiple vulnerabilities
Date: 09 November 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/15074
Title: ESB-2011.1127 - [RedHat] acroread: Multiple vulnerabilities
Date: 09 November 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/15073
Title: ESB-2011.1126 - [OSX] Java: Execute arbitrary code/commands - Remote
with user interaction
Date: 09 November 2011
OS: Mac OS X
URL: http://www.auscert.org.au/15071
Title: ESB-2011.1125 - [Win][OSX] Adobe Shockwave Player: Execute arbitrary
code/commands - Remote with user interaction
Date: 09 November 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Mac
OS X, Windows Server 2008
URL: http://www.auscert.org.au/15070
Title: ESB-2011.1124 - [Win] Microsoft Windows: Increased privileges -
Remote
with user interaction
Date: 09 November 2011
OS: Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/15069
Title: ESB-2011.1123 - [Win] Microsoft Windows: Execute arbitrary
code/commands - Remote with user interaction
Date: 09 November 2011
OS: Windows Vista, Windows Server 2008, Windows 7
URL: http://www.auscert.org.au/15068
Title: ESB-2011.1122 - [Win] Microsoft Windows: Denial of service - Remote
with user interaction
Date: 09 November 2011
OS: Windows 7
URL: http://www.auscert.org.au/15067
Title: ESB-2011.1121 - ALERT [Win] Microsoft Windows: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 09 November 2011
OS: Windows Vista, Windows Server 2008, Windows 7
URL: http://www.auscert.org.au/15065
Title: ESB-2011.1120 - [Debian] postgresql: Reduced security -
Remote/unauthenticated
Date: 08 November 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/15064
Title: ESB-2011.1119 - [Win][UNIX/Linux][Debian] nss: Reduced security -
Unknown/unspecified
Date: 08 November 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15063
Title: ESB-2011.1118 - [Win][UNIX/Linux][Debian] moodle: Cross-site
scripting
- Remote with user interaction
Date: 08 November 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15062
Title: ESB-2011.1117 - [Win][UNIX/Linux][Debian] ffmpeg: Multiple
vulnerabilities
Date: 08 November 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/15061
Title: ESB-2011.1116 - [Win][UNIX/Linux][Mandriva] Gimp: Execute arbitrary
code/commands - Remote with user interaction
Date: 07 November 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15060
Title: ESB-2011.1115 - [SUSE] Apache: Multiple vulnerabilities
Date: 07 November 2011
OS: SUSE
URL: http://www.auscert.org.au/15059
Title: ESB-2011.1114 - [SUSE] pam: Multiple vulnerabilities
Date: 07 November 2011
OS: SUSE
URL: http://www.auscert.org.au/15058
Title: ESB-2011.1113 - [SUSE] popt: Execute arbitrary code/commands -
Existing
account
Date: 07 November 2011
OS: SUSE
URL: http://www.auscert.org.au/15057
Title: ESB-2011.1112 - [AIX] OpenSSL: Multiple vulnerabilities
Date: 07 November 2011
OS: AIX
URL: http://www.auscert.org.au/15056
Title: ESB-2011.1111 - [HP-UX] TCP/IP Services for OpenVMS Running SMTP
Server, POP or IMAP: Multiple vulnerabilities
Date: 07 November 2011
OS: HP-UX
URL: http://www.auscert.org.au/15055
Title: ESB-2011.1110 - [Debian] xen: Multiple vulnerabilities
Date: 07 November 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/15054
Title: ESB-2011.1109 - [Debian] man2hhtml: Cross-site scripting -
Remote/unauthenticated
Date: 07 November 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/15053
Title: ESB-2011.1108 - [Win][UNIX/Linux][Debian] mahara: Multiple
vulnerabilities
Date: 07 November 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/15052
Title: ESB-2011.1107 - [Win] EMC Documentum eRoom: Create arbitrary files -
Existing account
Date: 07 November 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/15050
Title: ESB-2011.1076.2 - UPDATE [Win][Linux][HP-UX][Solaris] HP Network Node
Manager i (NNMi): Access confidential data - Remote/unauthenticated
Date: 11 November 2011
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
GNU/Linux, HP-UX, Windows XP, SUSE, Windows 2000, Windows Vista,
Windows Server 2008, Other Linux Variants, Solaris, Windows 2003, Red
Hat Linux, Windows 7, Debian GNU/Linux, Ubuntu, Windows XP, HP-UX,
SUSE, Windows 2000, Windows Vista, Windows Server 2008, Other Linux
Variants
URL: http://www.auscert.org.au/15015
Title: ESB-2011.0451.2 - UPDATE [Win][Linux][HP-UX][Solaris] HP Network Node
Manager i (NNMi): Unauthorised access - Remote/unauthenticated
Date: 11 November 2011
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
GNU/Linux, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista,
Other
Linux Variants, Windows Server 2008, Solaris, Windows 2003, Red Hat
Linux, Windows 7, Debian GNU/Linux, Ubuntu, Windows XP, HP-UX, SUSE,
Windows 2000, Windows Vista, Windows Server 2008, Other Linux
Variants
URL: http://www.auscert.org.au/14277
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list