[AusNOG] AusCERT Week in Review - Week Ending 4/12/2009 (AUSCERT#20073f686)
Daniel McNamara
daniel at auscert.org.au
Fri Dec 4 16:15:41 EST 2009
AusCERT Week in Review
04 December 2009
AusCERT in the Media:
---------------------
Papers, Articles and other documents:
-------------------------------------
Title: Australian Paliament House of Representatives' cybercrime enquiry
Date: 29 November 2009
URL: http://www.auscert.org.au/12024
Title: Senate Select Committee enquiry into the National Broadband Network
Date: 29 November 2009
URL: http://www.auscert.org.au/12025
Web Log Entries:
----------------
Title: Clientless SSL VPN products break web browser domain-based security
models
Date: 02 December 2009
URL: http://www.auscert.org.au/12043
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2009.1152 - [Win][Linux][HP-UX][Solaris][AIX] IBM DB2: Execute
arbitrary code/commands - Existing account
Date: 03 December 2009
URL: http://www.auscert.org.au/12045
Title: ASB-2009.1148 - ALERT [FreeBSD] FreeBSD: Root compromise - Existing
account
Date: 02 December 2009
URL: http://www.auscert.org.au/12033
Title: ASB-2009.1149 - [Win][Netware][Linux][Solaris][AIX] Novell
eDirectory:
Execute arbitrary code/commands - Remote/unauthenticated
Date: 02 December 2009
URL: http://www.auscert.org.au/12035
Title: ASB-2009.1150 - [Appliance] BIG-IP: Unauthorised access -
Remote/unauthenticated
Date: 02 December 2009
URL: http://www.auscert.org.au/12036
Title: ASB-2009.1151 - [Win] BlackBerry Enterprise Server: Execute arbitrary
code/commands - Remote with user interaction
Date: 02 December 2009
URL: http://www.auscert.org.au/12037
Title: ASB-2009.1147 - [Win][UNIX/Linux] Ruby on Rails: Cross-site scripting
-
Remote with user interaction
Date: 01 December 2009
URL: http://www.auscert.org.au/12032
Title: ASB-2009.1146 - [Win][UNIX/Linux] DotNetNuke: Cross-site scripting -
Remote/unauthenticated
Date: 30 November 2009
URL: http://www.auscert.org.au/12023
External Security Bulletins:
----------------------------
Title: ESB-2009.1599 - [UNIX/Linux][Mandriva] zsh: Denial of service -
Existing account
Date: 04 December 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12059
Title: ESB-2009.1598 - [Linux][Ubuntu] qemu-kvm: Denial of service -
Remote/unauthenticated
Date: 04 December 2009
OS: Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/12058
Title: ESB-2009.1597 - [Solaris] libexpat: Denial of service - Remote with
user interaction
Date: 04 December 2009
OS: Solaris
URL: http://www.auscert.org.au/12057
Title: ESB-2009.1596 - [Solaris][OpenSolaris] wget: Unauthorised access -
Remote with user interaction
Date: 04 December 2009
OS: Solaris
URL: http://www.auscert.org.au/12056
Title: ESB-2009.1595 - [Solaris][OpenSolaris] gtar: Multiple vulnerabilities
Date: 04 December 2009
OS: Solaris
URL: http://www.auscert.org.au/12055
Title: ESB-2009.1594 - [Solaris] libxml2: Multiple vulnerabilities
Date: 04 December 2009
OS: Solaris
URL: http://www.auscert.org.au/12054
Title: ESB-2009.1593 - [FreeBSD] freebsd-update: Read-only data access -
Existing account
Date: 04 December 2009
OS: FreeBSD
URL: http://www.auscert.org.au/12053
Title: ESB-2009.1592 - [FreeBSD] rtld: Root compromise - Existing account
Date: 04 December 2009
OS: FreeBSD
URL: http://www.auscert.org.au/12052
Title: ESB-2009.1591 - [FreeBSD] ssl: Unauthorised access - Remote with user
interaction
Date: 04 December 2009
OS: FreeBSD
URL: http://www.auscert.org.au/12051
Title: ESB-2009.1590 - [UNIX/Linux][Debian] gforge: Denial of service -
Existing account
Date: 04 December 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/12050
Title: ESB-2009.1589 - [Win][UNIX/Linux][Debian] Request Tracker 3 (RT3):
Unauthorised access - Remote with user interaction
Date: 04 December 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12049
Title: ESB-2009.1588 - [RedHat] kernel-rt: Multiple vulnerabilities
Date: 04 December 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/12048
Title: ESB-2009.1587 - [Mac][OSX] Java: Multiple vulnerabilities
Date: 04 December 2009
OS: Mac OS X
URL: http://www.auscert.org.au/12047
Title: ESB-2009.1586 - [Solaris][OpenSolaris] apache2: Multiple
vulnerabilities
Date: 03 December 2009
OS: Solaris
URL: http://www.auscert.org.au/12046
Title: ESB-2009.1585 - [Debian] openldap: Provide misleading information -
Remote/unauthenticated
Date: 03 December 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12044
Title: ESB-2009.1584 - [Win][RedHat][HP-UX][Solaris][OpenSolaris] sun-nss:
Unauthorised access - Remote/unauthenticated
Date: 03 December 2009
OS: Solaris, Red Hat Linux, Windows 2003, HP-UX, Windows XP, Windows
2000,
Windows 7, Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/12042
Title: ESB-2009.1583 - [Linux][Solaris] Sun Java System Portal Server:
Execute
arbitrary code/commands - Remote with user interaction
Date: 03 December 2009
OS: Solaris, Red Hat Linux, SUSE, Other Linux Variants, Ubuntu, Debian
GNU/Linux
URL: http://www.auscert.org.au/12041
Title: ESB-2009.1582 - [UNIX] NonStop Kernel: Execute arbitrary
code/commands
- Existing account
Date: 03 December 2009
OS: IRIX, HP Tru64 UNIX, Solaris, HP-UX, Other BSD Variants, OpenBSD,
AIX,
FreeBSD
URL: http://www.auscert.org.au/12040
Title: ESB-2009.1581 - [SUSE][OpenSUSE] kernel: Multiple vulnerabilities
Date: 03 December 2009
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/12039
Title: ESB-2009.1580 - [SUSE][OpenSUSE] bind: Provide misleading information
-
Remote/unauthenticated
Date: 03 December 2009
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/12038
Title: ESB-2009.1579 - [UNIX/Linux] Asterisk: Denial of service -
Remote/unauthenticated
Date: 02 December 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12034
Title: ESB-2009.1578 - [HP-UX] OpenSSL: Denial of service -
Remote/unauthenticated
Date: 01 December 2009
OS: HP-UX
URL: http://www.auscert.org.au/12031
Title: ESB-2009.1577 - [RedHat] bind: Provide misleading information -
Remote/unauthenticated
Date: 01 December 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/12030
Title: ESB-2009.1576 - [UNIX/Linux][RedHat] dstat: Execute arbitrary
code/commands - Remote with user interaction
Date: 01 December 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12029
Title: ESB-2009.1575 - [RedHat] mod_jk: Unauthorised access - Existing
account
Date: 01 December 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/12028
Title: ESB-2009.1574 - [RedHat] tomcat: Multiple vulnerabilities
Date: 01 December 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/12027
Title: ESB-2009.1573 - [RedHat] xerces-j2: Denial of service - Remote with
user interaction
Date: 01 December 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/12026
Title: ESB-2009.1572 - [Debian] wireshark: Multiple vulnerabilities
Date: 30 November 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12022
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20091204/2c9291be/attachment.html>
More information about the AusNOG
mailing list