[AusNOG] AusCERT Week in Review - Week Ending 02/01/2009 (AUSCERT#20073f686)

Paul Fahey paul at auscert.org.au
Fri Jan 2 17:48:31 EST 2009


Alerts, Advisories and Updates:
-------------------------------
Title: AA-2009.0001 -- [Win][Linux][Solaris] -- Multiple Vulnerabilities in
       RealNetworks Helix Server 
Date:  02 January 2009
URL:   http://www.auscert.org.au/10286

Title: AU-2008.0030 -- AusCERT Update - [VMware ESX] - Two vulnerabilities in
       VMware products have been corrected 
Date:  31 December 2009
URL:   http://www.auscert.org.au/10283

Title: AA-2008.0270 -- [Appliance] -- New Barracuda firmware releases correct
       multiple vulnerabilities 
Date:  31 December 2009
URL:   http://www.auscert.org.au/10284

Title: AA-2008.0211 -- [Win][Appliance] -- Vulnerabilities in multiple Avaya
       products 
Date:  30 December 2009
URL:   http://www.auscert.org.au/9959

Title: AA-2008.0247 -- [Netware] -- A vulnerability has been identified in
       Novell NetWare 6.5 
Date:  30 December 2009
URL:   http://www.auscert.org.au/10152

Title: AA-2008.0267 -- [Appliance][Solaris] -- Multiple vulnerabilities in
       Avaya CMS 
Date:  30 December 2009
URL:   http://www.auscert.org.au/10280

Title: AA-2008.0268 -- [Win][Linux][HP-UX][Solaris][AIX] -- Access
       vulnerability in IBM Websphere Portal 
Date:  30 December 2009
URL:   http://www.auscert.org.au/10281

Title: AA-2008.0269 -- [Win] -- Ipswitch WS_FTP Server 6.1.1 released
       correcting multiple vulnerabilities 
Date:  30 December 2009
URL:   http://www.auscert.org.au/10282

Title: AA-2008.0265 -- [Win] -- Trend Micro HouseCall Server Edition 6.6
       Active X control could allow running of arbitrary code 
Date:  29 December 2009
URL:   http://www.auscert.org.au/10265

Title: AU-2008.0029 -- AusCERT Update - [Win][Linux][HP-UX][Solaris] -
       Vulnerability in Access Manager 7.1 may Allow Unauthorized Access to
       Resources 
Date:  29 December 2009
URL:   http://www.auscert.org.au/10279


External Security Bulletins:
----------------------------
Title: ESB-2008.1163 -- [Solaris] -- Insecure Temporary File Usage
       Vulnerability in Sun SNMP Management Agent 
Date:  29 December 2009
OS:    Solaris 
URL:   http://www.auscert.org.au/10278

Title: ESB-2008.1162 -- [Win][UNIX/Linux][Debian] -- New phppgadmin packages
       fix several vulnerabilities 
Date:  29 December 2009
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/10277

Title: ESB-2008.1161 -- [Win][UNIX/Linux][Debian] -- New php-xajax packages
       fix cross-site scripting 
Date:  29 December 2009
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/10276

Title: ESB-2008.1156 -- [UNIX/Linux] -- Nagios and Nagios3 vulnerabilities 
Date:  29 December 2009
OS:    AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
       OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64
       UNIX, Solaris 
URL:   http://www.auscert.org.au/10268

Title: ESB-2008.1142 -- [Solaris] -- Security Vulnerability in Solaris IP
       Tunnel Parameter Processing May Lead to a System Panic or Possible
       Execution of Arbitrary Code by Unprivileged Users 
Date:  30 December 2009
OS:    Solaris 
URL:   http://www.auscert.org.au/10248

Title: ESB-2008.1122 -- [Solaris] -- An IP(7P) Spoofing Security Vulnerability
       in Mid-range Sun Fire Server's Firmware May Allow Unauthorized Access
       to System Controllers 
Date:  30 December 2009
OS:    Solaris 
URL:   http://www.auscert.org.au/10213

Title: ESB-2008.1121 -- [Solaris] -- A Security Vulnerability in the
       Management of Solaris Kerberos (see kerberos(5)) may Lead to a User
       Denial of Service (DoS) Attack 
Date:  30 December 2009
OS:    Solaris 
URL:   http://www.auscert.org.au/10212

Title: ESB-2008.1120 -- [UNIX/Linux][Solaris] -- Security Vulnerability in the
       X Inter Client Exchange Library (libICE) Shipped With Solaris May Allow
       a Denial of Service (DoS) 
Date:  30 December 2009
OS:    AIX, HP-UX, Red Hat Linux, Other Linux Variants, FreeBSD, OpenBSD,
       IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX,
       Solaris 
URL:   http://www.auscert.org.au/10211

Title: ESB-2008.1086 -- [Win][VMware ESX][Mac][OSX] -- Two vulnerabilities in
       VMware products have been corrected 
Date:  30 December 2009
OS:    Virtualisation, HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD
       Variants, FreeBSD, HP-UX, Ubuntu, Debian GNU/Linux, Other Linux
       Variants, Red Hat Linux, AIX, Server 2008, Windows Vista, Windows 2003,
       Windows 2000, Windows XP, Mac OS X 
URL:   http://www.auscert.org.au/10135

Title: ESB-2008.0613 -- [Win][Linux][HP-UX][Solaris] -- Vulnerability in
       Access Manager 7.1 may Allow Unauthorized Access to Resources 
Date:  29 December 2009
OS:    Debian GNU/Linux, Ubuntu, Solaris, Windows 2003, Windows 2000, Other
       Linux Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, Windows
       Vista 
URL:   http://www.auscert.org.au/9448



===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================



More information about the AusNOG mailing list