[AusNOG] AusCERT Week in Review - Week Ending 11/12/2009 (AUSCERT#20073f686)
Daniel McNamara
daniel at auscert.org.au
Fri Dec 11 16:14:42 EST 2009
AusCERT Week in Review
11 December 2009
AusCERT in the Media:
---------------------
Papers, Articles and other documents:
-------------------------------------
Title: Adobe releases Update for Flash Player
Date: 08 December 2009
URL: http://www.auscert.org.au/12080
Title: Microsoft Patches for December
Date: 08 December 2009
URL: http://www.auscert.org.au/12081
Web Log Entries:
----------------
Title: Governments are tackling malware head on
Date: 10 December 2009
URL: http://www.auscert.org.au/12101
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2009.1156 - [Win][Linux][HP-UX][Solaris][AIX] IBM HTTP Server:
Unauthorised access - Remote/unauthenticated
Date: 09 December 2009
URL: http://www.auscert.org.au/12086
Title: ASB-2009.1157 - [Win][Linux][Solaris][HP Tru64][AIX] InfoSphere
Information Server 8.1: Cross-site scripting - Remote with user
interaction
Date: 09 December 2009
URL: http://www.auscert.org.au/12087
Title: ASB-2009.1155 - ALERT [Win][UNIX/Linux] Adobe Flash Player: Execute
arbitrary code/commands - Remote with user interaction
Date: 08 December 2009
URL: http://www.auscert.org.au/12079
Title: ASB-2009.1153.2 - UPDATE [Win] Microsoft Bulletin Notification -
December Pre-release Announcement
Date: 08 December 2009
URL: http://www.auscert.org.au/12066
Title: ASB-2009.1154 - [Win][UNIX/Linux] ruby: Execute arbitrary
code/commands
- Remote with user interaction
Date: 08 December 2009
URL: http://www.auscert.org.au/12067
External Security Bulletins:
----------------------------
Title: ESB-2009.1631 - [RedHat][Solaris][SUSE] Sun Ray Server Software:
Read-only data access - Remote/unauthenticated
Date: 11 December 2009
OS: Solaris, Red Hat Linux, SUSE
URL: http://www.auscert.org.au/12100
Title: ESB-2009.1630 - [RedHat][Solaris][SUSE] Sun Ray Server Software:
Execute arbitrary code/commands - Remote/unauthenticated
Date: 11 December 2009
OS: Solaris, Red Hat Linux, SUSE
URL: http://www.auscert.org.au/12099
Title: ESB-2009.1629 - [Win][Linux][HP-UX][Solaris][AIX] CA Service Desk:
Cross-site scripting - Remote with user interaction
Date: 11 December 2009
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
GNU/Linux, HP-UX, Windows XP, SUSE, Windows 2000, AIX, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12098
Title: ESB-2009.1628 - [Linux][Ubuntu] linux-image-2.6.31-16-386: Multiple
vulnerabilities
Date: 11 December 2009
OS: Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/12097
Title: ESB-2009.1627 - ALERT [Win][RedHat][HP-UX][Solaris] HP OpenView
Network
Node Manager: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 10 December 2009
OS: Solaris, Windows 2003, Red Hat Linux, Windows XP, HP-UX, Windows
2000,
Windows 7, Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/12095
Title: ESB-2009.1626 - ALERT [Win][RedHat][HP-UX][Solaris] Hewlett-Packard
Application Recovery Manager: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 10 December 2009
OS: Solaris, Windows 2003, Red Hat Linux, Windows XP, HP-UX, Windows 2000
URL: http://www.auscert.org.au/12094
Title: ESB-2009.1625 - [HP-UX] VRTSweb: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 10 December 2009
OS: HP-UX
URL: http://www.auscert.org.au/12093
Title: ESB-2009.1624 - ALERT [Win][Linux][RedHat][HP-UX][Solaris][AIX]
Symantec Multiple Products: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 10 December 2009
OS: Solaris, Windows 2003, Red Hat Linux, Debian GNU/Linux, Ubuntu,
HP-UX,
SUSE, Windows 2000, AIX, Other Linux Variants
URL: http://www.auscert.org.au/12092
Title: ESB-2009.1623 - [Linux][Ubuntu] grub2: Unauthorised access -
Console/physical
Date: 10 December 2009
OS: Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/12091
Title: ESB-2009.1622 - [RedHat] JBoss Enterprise Application Platform:
Multiple vulnerabilities
Date: 10 December 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/12090
Title: ESB-2009.1621 - [Linux][RedHat] kvm: Denial of service - Existing
account
Date: 10 December 2009
OS: Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/12089
Title: ESB-2009.1620 - [RedHat] flash-plugin: Multiple vulnerabilities
Date: 10 December 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/12088
Title: ESB-2009.1619 - [HP-UX] sendmail: Denial of service -
Remote/unauthenticated
Date: 09 December 2009
OS: HP-UX
URL: http://www.auscert.org.au/12085
Title: ESB-2009.1618 - [UNIX/Linux][RedHat] libtool: Execute arbitrary
code/commands - Existing account
Date: 09 December 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12084
Title: ESB-2009.1617 - [Win] Indeo Codec: Execute arbitrary code/commands -
Remote with user interaction
Date: 09 December 2009
OS: Windows 2003, Windows XP, Windows 2000
URL: http://www.auscert.org.au/12083
Title: ESB-2009.1616 - [Win][RedHat][AIX][SUSE] java-1.5.0-ibm: Multiple
vulnerabilities
Date: 09 December 2009
OS: Red Hat Linux, Windows 2003, Windows 7, Windows XP, SUSE, Windows
2000,
AIX, Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/12082
Title: ESB-2009.1615 - ALERT [Win] Microsoft Project: Execute arbitrary
code/commands - Remote with user interaction
Date: 09 December 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12078
Title: ESB-2009.1614 - [RedHat] ntp and ntpq: Multiple vulnerabilities
Date: 09 December 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/12077
Title: ESB-2009.1613 - [UNIX/Linux][Debian] ntp: Denial of service -
Remote/unauthenticated
Date: 09 December 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/12075
Title: ESB-2009.1612 - [Win] WordPad and Office Text Converters: Execute
arbitrary code/commands - Remote with user interaction
Date: 09 December 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12076
Title: ESB-2009.1611 - ALERT [Win] Internet Explorer: Execute arbitrary
code/commands - Remote with user interaction
Date: 08 December 2009
OS: Windows 7, Windows Server 2008, Windows 2003, Windows 2000, Windows
XP
URL: http://www.auscert.org.au/12074
Title: ESB-2009.1610 - ALERT [Win] Internet Authentication Service: Multiple
vulnerabilities
Date: 09 December 2009
OS: Windows XP, Windows 2000, Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/12073
Title: ESB-2009.1609 - [Win] Active Directory Federation Services (ADFS):
Multiple vulnerabilities
Date: 09 December 2009
OS: Windows 2003, Windows Server 2008
URL: http://www.auscert.org.au/12072
Title: ESB-2009.1608 - [Win] Local Security Authority Subsystem Service
(LSASS): Denial of service - Existing account
Date: 09 December 2009
OS: Windows 2003, Windows XP, Windows 2000
URL: http://www.auscert.org.au/12071
Title: ESB-2009.1607 - [Win][RedHat][HP-UX][Solaris] HP OpenView Data
Protector Application Recovery Manager: Denial of service -
Remote/unauthenticated
Date: 08 December 2009
OS: Solaris, Windows 2003, Red Hat Linux, HP-UX, Windows XP, Windows 2000
URL: http://www.auscert.org.au/12070
Title: ESB-2009.1606 - [Debian] shibboleth: Cross-site scripting -
Remote/unauthenticated
Date: 08 December 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12069
Title: ESB-2009.1605 - [RedHat] java-1.4.2-ibm: Multiple vulnerabilities
Date: 08 December 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/12068
Title: ESB-2009.1604 - [UNIX/Linux][RedHat] expat: Denial of service -
Remote
with user interaction
Date: 08 December 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12065
Title: ESB-2009.1603 - [RedHat] acpid: Increased privileges - Existing
account
Date: 08 December 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/12064
Title: ESB-2009.1602 - [OpenSolaris] python: Multiple vulnerabilities
Date: 07 December 2009
OS: Solaris
URL: http://www.auscert.org.au/12063
Title: ESB-2009.1601 - [OpenSolaris] IP Kernel Module: Denial of service -
Remote/unauthenticated
Date: 07 December 2009
OS: Solaris
URL: http://www.auscert.org.au/12062
Title: ESB-2009.1600 - [UNIX/Linux][Debian] belpic: Unauthorised access -
Remote/unauthenticated
Date: 07 December 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/12061
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20091211/5adddd76/attachment.html>
More information about the AusNOG
mailing list