[AusNOG] AusCERT Week in Review - Week Ending 30/01/2009 (AUSCERT#20073F686)
Jonathan Levine
jonathan at auscert.org.au
Fri Jan 30 17:30:39 EST 2009
Alerts, Advisories and Updates:
-------------------------------
Title: AU-2009.0008 -- AusCERT Update - [Win] - Updated - MS08-074 -
Critical
- Vulnerabilities in Microsoft Office Excel Could Allow Remote Code
Execution
Date: 29 January 2009
URL: http://www.auscert.org.au/10430
Title: AA-2009.0011 -- [Win][UNIX/Linux] -- A number of vulnerabilities have
been identified in Horde and Horde Groupware
Date: 29 January 2009
URL: http://www.auscert.org.au/10431
Title: AA-2009.0012 -- [Win][UNIX/Linux] -- A vulnerability has been
identified in Horde IMP Webmail
Date: 29 January 2009
URL: http://www.auscert.org.au/10432
Title: AL-2008.0123 -- [Win][Mac][OSX] -- MS08-074 - Critical -
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code
Execution
Date: 28 January 2009
URL: http://www.auscert.org.au/10173
Title: AL-2009.0004 -- [Win] -- A number of vulnerabilities have been
identified in Trend Micro OfficeScan 8.0
Date: 27 January 2009
URL: http://www.auscert.org.au/10399
External Security Bulletins:
----------------------------
Title: ESB-2008.1109 -- [Win][UNIX/Linux] -- BMC PatrolAgent Version Logging
Format String Vulnerability
Date: 28 January 2009
OS: HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,
HP-UX, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,
AIX, Server 2008, Windows Vista, Windows 2003, Windows XP
URL: http://www.auscert.org.au/10188
Title: ESB-2008.0769 -- [AIX] -- AIX named DNS Cache Poisoning Vulnerability
Date: 26 January 2009
OS: AIX
URL: http://www.auscert.org.au/9670
Title: ESB-2008.0610 -- [Win][UNIX/Linux][Debian] -- New typo3 packages fix
several vulnerabilities
Date: 26 January 2009
OS: HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,
HP-UX, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,
AIX, Server 2008, Windows Vista, Windows 2003, Windows 2000, Windows
XP, Mac OS X
URL: http://www.auscert.org.au/9445
Title: ESB-2009.0109 -- [Solaris] -- A number of vulnerabilities have been
identified in Avaya Systems products using Solaris
Date: 30 January 2009
OS: Solaris
URL: http://www.auscert.org.au/10442
Title: ESB-2009.0108 -- [Solaris] -- Security Vulnerability in samba(7)
Specially Crafted Packet May Allow Execution of Arbitrary Code With
Root Privileges
Date: 30 January 2009
OS: Solaris
URL: http://www.auscert.org.au/10441
Title: ESB-2009.0107 -- [Solaris] -- A Security Vulnerability in the Solaris
ip(7P) Kernel Module's IP-in-IP Packet Processing May Lead to a
Denial
of Service (DoS)
Date: 30 January 2009
OS: Solaris
URL: http://www.auscert.org.au/10440
Title: ESB-2009.0106 -- [Solaris] -- Security Vulnerabilities in the
Embedded
Lights Out Manager (ELOM) on Sun Fire X2100 M2 and X2200 M2 May Allow
Unauthorized Logins
Date: 30 January 2009
OS: Solaris
URL: http://www.auscert.org.au/10439
Title: ESB-2009.0105 -- [MPE/iX] -- MPE/iX Running BIND/iX, Remote DNS Cache
Poisoning
Date: 30 January 2009
OS: HP Tru64 UNIX, HP-UX
URL: http://www.auscert.org.au/10438
Title: ESB-2009.0104 -- [AIX] -- AIX rmsock log append file vulnerability
Date: 30 January 2009
OS: AIX
URL: http://www.auscert.org.au/10437
Title: ESB-2009.0103 -- [Win][Linux][HP-UX][Solaris] -- A vulnerability has
been identified in HP Select Access
Date: 30 January 2009
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX,
Windows
Vista
URL: http://www.auscert.org.au/10436
Title: ESB-2009.0102 -- [RedHat] -- Moderate: ntp security update
Date: 30 January 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10435
Title: ESB-2009.0101 -- [RedHat] -- Moderate: rhpki security and bug fix
update
Date: 30 January 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10434
Title: ESB-2009.0100 -- [UNIX/Linux][Debian] -- New moin packages fix
insufficient input sanitising
Date: 30 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10433
Title: ESB-2009.0099 -- [Solaris] -- A Security Vulnerability in Solaris
IPv6
Implementation (ip6(7p)) May Cause a System Panic
Date: 29 January 2009
OS: Solaris
URL: http://www.auscert.org.au/10429
Title: ESB-2009.0098 -- [Solaris] -- Security Vulnerability in Solaris BIND
named(1M) due to Incorrect DNSSEC Signature Verification
Date: 29 January 2009
OS: Solaris
URL: http://www.auscert.org.au/10428
Title: ESB-2009.0097 -- [Win][Linux][HP-UX][Solaris] -- A Security
Vulnerability in Sun Java System Access Manager May Allow a Remote
Unprivileged User to Determine the Existence of "guessed" Usernames
Date: 29 January 2009
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X,
HP-UX, Windows Vista
URL: http://www.auscert.org.au/10427
Title: ESB-2009.0096 -- [UNIX/Linux][Debian] -- New rt2400, rt2500 and
rt2570
packages fix arbitrary code execution
Date: 29 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10426
Title: ESB-2009.0095 -- [Solaris] -- Security Vulnerability in the Solaris
"autofs" Kernel Module may Allow a Local Unprivileged User to Execute
Arbitrary Code
Date: 28 January 2009
OS: Solaris
URL: http://www.auscert.org.au/10425
Title: ESB-2009.0094 -- [Win][Netware][UNIX/Linux] -- CA Anti-Virus Engine
Detection Evasion Multiple Vulnerabilities
Date: 27 January 2009
OS: HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,
HP-UX, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,
AIX, Server 2008, Windows Vista, Windows 2003, Windows 2000, Windows
XP, Mac OS X
URL: http://www.auscert.org.au/10424
Title: ESB-2009.0093 -- [Win] -- Cohesion Tomcat Multiple Vulnerabilities
Date: 28 January 2009
OS: Windows Vista, Server 2008, Windows XP, Windows 2000, Windows 2003
URL: http://www.auscert.org.au/10423
Title: ESB-2009.0092 -- [UNIX/Linux] -- A vulnerability has been identified
in
cups
Date: 26 January 2009
OS: HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,
HP-UX, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,
AIX, Mac OS X
URL: http://www.auscert.org.au/10422
Title: ESB-2009.0091 -- [Win][UNIX/Linux] -- Multiple vulnerabilities
identified in phpMyAdmin
Date: 27 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,
Windows Vista
URL: http://www.auscert.org.au/10421
Title: ESB-2009.0090 -- [Solaris] -- Security Vulnerability in the Solaris
Pseudo-terminal Driver (pty(7D)) may Cause a System Panic
Date: 27 January 2009
OS: Solaris
URL: http://www.auscert.org.au/10420
Title: ESB-2009.0089 -- [Solaris] -- Security Vulnerability with IKE Packet
Handling in Solaris libike Library may Lead to a Crash of in.iked(1M)
Date: 27 January 2009
OS: Solaris
URL: http://www.auscert.org.au/10419
Title: ESB-2009.0088 -- [UNIX/Linux][Debian] -- New typo3 packages fix
remote
code execution
Date: 27 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10418
Title: ESB-2009.0087 -- [UNIX/Linux][Debian] -- New ganglia-monitor-core
packages fix remote code execution
Date: 27 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10417
Title: ESB-2009.0086 -- [Win][VMware ESX][Linux][HP-UX][Solaris][AIX] -- EMC
AutoStart Backbone Engine Trusted Pointer Code Execution
Vulnerability
Date: 29 January 2009
OS: Windows Vista, AIX, HP-UX, Red Hat Linux, Server 2008,
Virtualisation,
Windows XP, Other Linux Variants, Windows 2000, Windows 2003, Debian
GNU/Linux, Ubuntu, Solaris
URL: http://www.auscert.org.au/10416
Title: ESB-2009.0084 -- [Solaris] -- A Solaris Kernel Security Vulnerability
on Systems Using the Sun UltraSPARC T2 and T2+ Processors May Allow
Denial of Service (DoS)
Date: 29 January 2009
OS: Solaris
URL: http://www.auscert.org.au/10409
Title: ESB-2009.0083 -- [Win][Linux][Solaris] -- A Security Vulnerability in
Sun Java System Application Server May Expose an Application's
WEB-INF
and META-INF Content
Date: 29 January 2009
OS: Windows Vista, Red Hat Linux, Server 2008, Windows XP, Other Linux
Variants, Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu,
Solaris
URL: http://www.auscert.org.au/10408
Title: ESB-2009.0076 -- [Win] -- Microsoft Windows Does Not Disable AutoRun
Properly
Date: 26 January 2009
OS: Server 2008, Windows Vista, Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/10393
Title: ESB-2009.0060 -- [UNIX/Linux][Debian] -- New netatalk packages fix
arbitrary code execution
Date: 30 January 2009
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64
UNIX, Solaris
URL: http://www.auscert.org.au/10362
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090130/f584ebca/attachment.html>
More information about the AusNOG
mailing list