[AusNOG] AusCERT Week in Review - Week Ending 17/04/2009 (AUSCERT#20073f686)
Paul Fahey
paul at auscert.org.au
Fri Apr 17 15:24:11 EST 2009
Alerts, Advisories and Updates:
-------------------------------
Title: AA-2009.0094 -- [Win][Linux] -- Novell Teaming: Multiple
Vulnerabilities
Date: 17 April 2009
URL: http://www.auscert.org.au/10833
Title: AA-2009.0096 -- [Win][Linux][Solaris][AIX] -- BlackBerry Enterprise
Server: Execute Arbitray Code
Date: 17 April 2009
URL: http://www.auscert.org.au/10843
Title: AU-2009.0016 -- AusCERT Update - [Solaris] - OpenSSL: Provide
Misleading Information
Date: 17 April 2009
URL: http://www.auscert.org.au/10847
Title: AL-2009.0034 -- [Win][Appliance] -- Microsoft Whale Intelligent
Application Gateway: Execute Arbitrary Code
Date: 17 April 2009
URL: http://www.auscert.org.au/10848
Title: AA-2009.0097 -- [Appliance] -- IBM BladeCenter Advanced Management
Module - Multiple Vulnerabilities
Date: 17 April 2009
URL: http://www.auscert.org.au/10849
Title: AA-2009.0098 -- [Win][UNIX/Linux] -- DotNetNuke: Cross-site Scripting
Date: 17 April 2009
URL: http://www.auscert.org.au/10851
Title: AL-2009.0027 -- [Win][UNIX/Linux] -- Oracle Critical Patch Update
Pre-release Announcement for April 2009
Date: 16 April 2009
URL: http://www.auscert.org.au/10800
Title: AA-2009.0091 -- [Win] -- PHP for Windows: Multiple Vulnerabilities
Date: 16 April 2009
URL: http://www.auscert.org.au/10826
Title: AA-2009.0092 -- [Linux][AIX] -- IBM Rational ClearCase: Access
Confidential Data
Date: 16 April 2009
URL: http://www.auscert.org.au/10830
Title: AA-2009.0093 -- [Appliance] -- Avaya Communication Manager and SIP
Enablement Services: Multiple Vulnerabilities
Date: 16 April 2009
URL: http://www.auscert.org.au/10832
Title: AA-2009.0095 -- [UNIX/Linux] -- pam_ssh: Reduced Security
Date: 16 April 2009
URL: http://www.auscert.org.au/10834
Title: AL-2009.0028 -- [Win] -- Wordpad and Office Text Converters: Execute
Arbitrary Code
Date: 15 April 2009
URL: http://www.auscert.org.au/10810
Title: AL-2009.0029 -- [Win] -- Windows HTTP Services: Execute Arbitrary Code
Date: 15 April 2009
URL: http://www.auscert.org.au/10811
Title: AL-2009.0030 -- [Win] -- Microsoft DirectX: Execute Arbitrary Code
Date: 15 April 2009
URL: http://www.auscert.org.au/10812
Title: AL-2009.0031 -- [Win] -- Internet Explorer: Execute Arbitrary Code
Date: 15 April 2009
URL: http://www.auscert.org.au/10813
Title: AL-2009.0032 -- [Win][Mac][OSX] -- Microsoft Office Excel: Execute
Arbitrary Code
Date: 15 April 2009
URL: http://www.auscert.org.au/10814
Title: AL-2009.0033 -- [Win][UNIX/Linux] -- phpMyAdmin: Execute Arbitrary Code
Date: 15 April 2009
URL: http://www.auscert.org.au/10819
Title: AA-2009.0089 -- [Win][Linux][Solaris][AIX] -- IBM Lotus Domino: Denial
of Service
Date: 15 April 2009
URL: http://www.auscert.org.au/10823
Title: AA-2009.0090 -- [Win][UNIX/Linux] -- Joomla!: Multiple Vulnerabilities
Date: 15 April 2009
URL: http://www.auscert.org.au/10824
Title: AL-2009.0026 -- [Win][Mac][OSX] -- Microsoft Bulletin Notification -
April Pre-release Announcement
Date: 14 April 2009
URL: http://www.auscert.org.au/10799
Title: AU-2009.0015 -- AusCERT Update - [Win][UNIX/Linux] - SeaMonkey:
Multiple Vulnerabilities
Date: 14 April 2009
URL: http://www.auscert.org.au/10809
Title: AL-2009.0025 -- [Win][VMware ESX][Linux][Mac][OSX] -- VMware: Execute
Arbitrary Code
Date: 14 April 2009
URL: http://www.auscert.org.au/10798
External Security Bulletins:
----------------------------
Title: ESB-2009.0377 -- [Debian] -- cups: Execute Arbitrary Code
Date: 17 April 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10850
Title: ESB-2009.0376 -- [Win][Linux][HP-UX][Solaris] -- Sun Java System
Directory Server: Multiple Vulnerabilities
Date: 17 April 2009
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows Server 2008, Red Hat Linux, HP-UX
URL: http://www.auscert.org.au/10846
Title: ESB-2009.0375 -- [SUSE] -- kernel: Multiple Vulnerabilities
Date: 17 April 2009
OS: Other Linux Variants
URL: http://www.auscert.org.au/10845
Title: ESB-2009.0374 -- [Linux] -- udev: Root Compromise
Date: 17 April 2009
OS: Other Linux Variants
URL: http://www.auscert.org.au/10844
Title: ESB-2009.0373 -- [UNIX/Linux][RedHat] -- kdegraphics: Execute Arbitrary
Code
Date: 17 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10842
Title: ESB-2009.0372 -- [UNIX/Linux][RedHat] -- xpdf: Execute Arbitrary Code
Date: 17 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10841
Title: ESB-2009.0371 -- [UNIX/Linux][RedHat] -- cups: Execute Arbitrary Code
Date: 17 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10840
Title: ESB-2009.0370 -- [RedHat] -- udev: Root Compromise
Date: 17 April 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10839
Title: ESB-2009.0369 -- [Debian] -- udev: Root Compromise
Date: 17 April 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10838
Title: ESB-2009.0368 -- [Solaris] -- Adobe Reader: Execute Arbitrary Code
Date: 16 April 2009
OS: Solaris
URL: http://www.auscert.org.au/10837
Title: ESB-2009.0367 -- [Win][UNIX/Linux] -- F-PROT Antivirus: Denial of
Service
Date: 16 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Windows Server 2008, Red Hat Linux, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/10836
Title: ESB-2009.0366 -- [Linux] -- Wicd: Access Privileged Data
Date: 16 April 2009
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/10835
Title: ESB-2009.0365 -- [Linux][Ubuntu] -- udev: Root Compromise
Date: 16 April 2009
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/10831
Title: ESB-2009.0364 -- [Debian] -- ClamAV: Denial of Service
Date: 16 April 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10829
Title: ESB-2009.0363 -- [Win] -- EMC RepliStor: Execute Arbitrary Code
Date: 16 April 2009
OS: Windows 2003, Windows 2000, Windows XP, Windows Server 2008, Windows
Vista
URL: http://www.auscert.org.au/10828
Title: ESB-2009.0362 -- [Win][UNIX/Linux] -- Drupal third-party modules:
Cross-site Scripting
Date: 16 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,
HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/10827
Title: ESB-2009.0361 -- [AIX] -- IBM AIX: Root Compromise
Date: 16 April 2009
OS: AIX
URL: http://www.auscert.org.au/10825
Title: ESB-2009.0360 -- [Win][UNIX/Linux][Ubuntu] -- ClamAV: Denial of Service
Date: 15 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,
HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/10822
Title: ESB-2009.0359 -- [UNIX/Linux] -- Ntp: Execute Arbitrary Code/Commands
Date: 15 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10821
Title: ESB-2009.0358 -- [UNIX/Linux][RedHat] -- PHP: Multiple Vulnerabilities
Date: 15 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10820
Title: ESB-2009.0357 -- [UNIX/Linux][RedHat] -- Ghostscript: Execute Arbitrary
Code/Commands
Date: 15 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10818
Title: ESB-2009.0356 -- [Win] -- Windows SearchPath: Increased Privileges
Date: 15 April 2009
OS: Windows 2003, Windows 2000, Windows XP, Windows Server 2008, Windows
Vista
URL: http://www.auscert.org.au/10817
Title: ESB-2009.0355 -- [Win] -- Microsoft ISA Server and Forefront Threat
Management Gateway: Denial of Service
Date: 15 April 2009
OS: Windows 2003, Windows 2000, Windows Server 2008
URL: http://www.auscert.org.au/10816
Title: ESB-2009.0354 -- [Win] -- Microsoft Windows: Increased Privileges
Date: 15 April 2009
OS: Windows 2003, Windows 2000, Windows XP, Windows Server 2008, Windows
Vista
URL: http://www.auscert.org.au/10815
Title: ESB-2009.0353 -- [Win][UNIX/Linux] -- mod_perl: Execute Arbitrary Code
Date: 14 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,
HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/10808
Title: ESB-2009.0352 -- [Win][UNIX/Linux] -- Wireshark: Multiple
Vulnerabilities
Date: 14 April 2009
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows Server
2008, Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/10807
Title: ESB-2009.0351 -- [Win] -- HP ProCurve Manager and HP ProCurve Manager
Plus: Inappropriate Access
Date: 14 April 2009
OS: Windows XP
URL: http://www.auscert.org.au/10806
Title: ESB-2009.0350 -- [Win] -- HP OpenView Performance Agent and HP
Performance Agent: Execute Arbitrary Code
Date: 14 April 2009
OS: Windows 2003, Windows 2000, Windows XP, Windows Server 2008, Windows
Vista
URL: http://www.auscert.org.au/10805
Title: ESB-2009.0349 -- [UNIX/Linux][Debian] -- Imp4: Cross-site Scripting
Date: 14 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/10804
Title: ESB-2009.0348 -- [Debian] -- OpenJDK: Multiple Vulnerabilities
Date: 14 April 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10803
Title: ESB-2009.0347 -- [UNIX/Linux][Debian] -- Openafs: Root Compromise
Date: 14 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/10802
Title: ESB-2009.0346 -- [UNIX/Linux][Debian] -- Roundup: Privilege Escalation
Date: 14 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/10801
Title: ESB-2009.0340 -- [Solaris] -- XScreenSaver: Access Confidential Data
Date: 15 April 2009
OS: Solaris
URL: http://www.auscert.org.au/10789
Title: ESB-2009.0110 -- [Solaris] -- Security Vulnerability in OpenSSL due to
Improper Usage of Signature
Date: 17 April 2009
OS: Solaris
URL: http://www.auscert.org.au/10444
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list