[AusNOG] AusCERT Week in Review - Week Ending 09/04/09 (AUSCERT#20073f686)
Jonathan Levine
jonathan at auscert.org.au
Thu Apr 9 16:57:33 EST 2009
Alerts, Advisories and Updates:
-------------------------------
Title: AA-2009.0085 -- [Linux] -- Linux kernel: Denial of Service
Date: 08 April 2009
URL: http://www.auscert.org.au/10775
Title: AA-2009.0086 -- [Win] -- FortiClient: Execute Arbitrary Code/Commands
Date: 08 April 2009
URL: http://www.auscert.org.au/10785
Title: AA-2009.0084 -- [Win][HP-UX][Solaris] -- Hitachi JP1/Cm2/Network Node
Manager: Denial of Service
Date: 07 April 2009
URL: http://www.auscert.org.au/10774
Title: AA-2009.0082 -- [Win][UNIX/Linux] -- ClamAV: Denial of Service
Date: 06 April 2009
URL: http://www.auscert.org.au/10760
Title: AL-2009.0024 -- [Win][VMware ESX][Linux][Mac][OSX] -- VMware products
-
Multiple vulnerabilities
Date: 06 April 2009
URL: http://www.auscert.org.au/10763
Title: AA-2009.0083 -- [Win][UNIX/Linux] -- IBM DB2: Denial of Service
Date: 06 April 2009
URL: http://www.auscert.org.au/10764
Title: AA-2009.0074 -- [Win] -- [Windows Services for UNIX, Subsystem for
UNIX-based Applications]: Execute Arbitrary Code
Date: 03 April 2009
URL: http://www.auscert.org.au/10736
Title: AA-2009.0079 -- [Appliance] -- Ingate Firewall and Ingate SIParator:
Administrator Compromise
Date: 03 April 2009
URL: http://www.auscert.org.au/10754
Title: AA-2009.0081 -- [Win][Mac][OSX] -- PowerPoint: Execute Arbitrary
Code/Commands
Date: 03 April 2009
URL: http://www.auscert.org.au/10759
Title: AA-2009.0080 -- [Win][Linux][HP-UX][Solaris][AIX] -- IBM DB2 Content
Manager: Reduced Security
Date: 03 April 2009
URL: http://www.auscert.org.au/10758
External Security Bulletins:
----------------------------
Title: ESB-2009.0342 -- [UNIX/Linux][Debian] -- krb5: Multiple
Vulnerabilities
Date: 09 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10791
Title: ESB-2009.0341 -- [Solaris] -- Kerberos 'Mech' Libraries: Multiple
Vulnerabilities
Date: 09 April 2009
OS: Solaris
URL: http://www.auscert.org.au/10790
Title: ESB-2009.0340 -- [Solaris] -- XScreenSaver: Access Confidential Data
Date: 09 April 2009
OS: Solaris
URL: http://www.auscert.org.au/10789
Title: ESB-2009.0339 -- [Solaris][RedHat] -- Sun Java System Calendar Server
6.3: Cross-Site Scripting
Date: 09 April 2009
OS: Solaris, Red Hat Linux
URL: http://www.auscert.org.au/10788
Title: ESB-2009.0338 -- [UNIX/Linux][Debian] -- horde3: Multiple
Vulnerabilities
Date: 09 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10787
Title: ESB-2009.0337 -- [Appliance] -- Cisco ASA and Cisco PIX: Multiple
Vulnerabilities
Date: 09 April 2009
OS: Cisco Products
URL: http://www.auscert.org.au/10786
Title: ESB-2009.0336 -- [UNIX/Linux] -- Xpdf: Execute Arbitrary
Code/Commands
Date: 08 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10784
Title: ESB-2009.0335 -- [UNIX/Linux] -- Eye of GNOME: Execute Arbitrary
Code/Commands
Date: 08 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX,
AIX
URL: http://www.auscert.org.au/10783
Title: ESB-2009.0334 -- [HP-UX] -- PAM Kerberos: Increased Privileges
Date: 08 April 2009
OS: HP-UX
URL: http://www.auscert.org.au/10782
Title: ESB-2009.0333 -- [RedHat][Solaris] -- Sun Java System Calendar Server
6.3: Denial of Service
Date: 08 April 2009
OS: Solaris, Red Hat Linux
URL: http://www.auscert.org.au/10781
Title: ESB-2009.0332 -- [SUSE] -- IBM Java 1.4.2 and 6: Multiple
vulnerabilities
Date: 08 April 2009
OS: Other Linux Variants
URL: http://www.auscert.org.au/10780
Title: ESB-2009.0331 -- [RedHat] -- krb5 security update: Denial of service
Date: 08 April 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10779
Title: ESB-2009.0330 -- [RedHat] -- krb5: Denial of service
Date: 08 April 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10778
Title: ESB-2009.0329 -- [RedHat] -- java-1.6.0-openjdk: Execute arbitrary
code
Date: 08 April 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10777
Title: ESB-2009.0328 -- [Linux][RedHat] -- device-mapper-multipath: Execute
arbitrary code
Date: 08 April 2009
OS: Red Hat Linux, Other Linux Variants, Debian GNU/Linux, Ubuntu
URL: http://www.auscert.org.au/10776
Title: ESB-2009.0327 -- [Win][Netware] -- Novell Client/NetIdentity Agent:
Remote Arbitrary Pointer Dereference Code Execution Vulnerability
Date: 07 April 2009
OS: Windows 2003, Windows 2000, Windows XP, Novell Netware
URL: http://www.auscert.org.au/10773
Title: ESB-2009.0326 -- [SUSE] -- SUSE Security Summary Report
Date: 07 April 2009
OS: Other Linux Variants
URL: http://www.auscert.org.au/10772
Title: ESB-2009.0325 -- [RedHat] -- gstreamer-plugins-base: Execute
Arbitrary
Code/Commands
Date: 07 April 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10771
Title: ESB-2009.0324 -- [Debian] -- Openssl: new packages fix denial of
service
Date: 07 April 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10770
Title: ESB-2009.0323 -- [RedHat] -- php: Execute Arbitrary Code/Commands
Date: 07 April 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10769
Title: ESB-2009.0322 -- [UNIX/Linux] -- Gnumeric: local execution of code
Date: 06 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10768
Title: ESB-2009.0321 -- [SUSE] -- SUSE: Linux kernel: Multiple
vulnerabilities
Date: 06 April 2009
OS: Other Linux Variants
URL: http://www.auscert.org.au/10767
Title: ESB-2009.0320 -- [SUSE] -- Java: Multiple vulnerabilities
Date: 06 April 2009
OS: Other Linux Variants
URL: http://www.auscert.org.au/10766
Title: ESB-2009.0319 -- [Win][UNIX/Linux][Debian] -- New moodle packages fix
file disclosure
Date: 06 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,
HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/10765
Title: ESB-2009.0318 -- [UNIX/Linux] -- Asterisk - SIP responses expose
valid
usernames
Date: 06 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10762
Title: ESB-2009.0317 -- [UNIX/Linux] -- Suse: Update for Multiple Packages
Date: 03 April 2009
OS: HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,
HP-UX, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,
AIX
URL: http://www.auscert.org.au/10757
Title: ESB-2009.0316 -- [Win] -- Citrix Presentation Server: Credential
Handling Weakness
Date: 03 April 2009
OS: Windows 2003, Windows 2000, Windows XP, Windows Server 2008, Windows
Vista
URL: http://www.auscert.org.au/10756
Title: ESB-2009.0315 -- [Win][UNIX/Linux] -- Trillian: buffer overflow
vulnerability
Date: 03 April 2009
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows Server
2008, Windows XP, Other Linux Variants, FreeBSD, Windows 2000,
OpenBSD,
Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/10755
Title: ESB-2009.0314 -- [Win][UNIX/Linux] -- Bugzilla: "attachment.cgi"
Cross-Site Request Forgery Vulnerability
Date: 03 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,
HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/10753
Title: ESB-2009.0313 -- [Appliance] -- SES SIP Server: Input Validation
Vulnerabilities
Date: 03 April 2009
URL: http://www.auscert.org.au/10751
Title: ESB-2009.0312 -- [Debian] -- icu: Cross-Site Scripting
Date: 03 April 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10750
Title: ESB-2009.0311 -- [Win][UNIX/Linux] -- SAPgui EAI WebViewer3D: ActiveX
control stack buffer overflow
Date: 03 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,
HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/10749
Title: ESB-2009.0308 -- [Solaris] -- Sun Calendar Express Web Server:
Multiple
vulnerabilities
Date: 03 April 2009
OS: Solaris
URL: http://www.auscert.org.au/10743
Title: ESB-2009.0305 -- [Solaris] -- dircmp (1) shell script - may Allow
Overwriting of Arbitrary Files
Date: 03 April 2009
OS: Solaris
URL: http://www.auscert.org.au/10737
Title: ESB-2009.0272 -- [Win][Linux][HP-UX][Solaris] -- HP OpenView Network
Node Manager (OV NNM), Remote Execution of Arbitrary Code
Date: 07 April 2009
OS: Windows Vista, HP-UX, Red Hat Linux, Windows Server 2008, Windows XP,
Other Linux Variants, Windows 2000, Windows 2003, Debian GNU/Linux,
Ubuntu, Solaris
URL: http://www.auscert.org.au/10683
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090409/0dc80346/attachment.html>
More information about the AusNOG
mailing list