[AusNOG] AusCERT Week in Review - Week Ending 30/01/2009 (AUSCERT#20073F686)

Jonathan Levine jonathan at auscert.org.au
Fri Jan 30 17:30:39 EST 2009


Alerts, Advisories and Updates:

-------------------------------

Title: AU-2009.0008 -- AusCERT Update - [Win] - Updated - MS08-074 -
Critical

       - Vulnerabilities in Microsoft Office Excel Could Allow Remote Code

       Execution 

Date:  29 January 2009

URL:   http://www.auscert.org.au/10430

 

Title: AA-2009.0011 -- [Win][UNIX/Linux] -- A number of vulnerabilities have

       been identified in Horde and Horde Groupware 

Date:  29 January 2009

URL:   http://www.auscert.org.au/10431

 

Title: AA-2009.0012 -- [Win][UNIX/Linux] -- A vulnerability has been

       identified in Horde IMP Webmail 

Date:  29 January 2009

URL:   http://www.auscert.org.au/10432

 

Title: AL-2008.0123 -- [Win][Mac][OSX] -- MS08-074 - Critical -

       Vulnerabilities in Microsoft Office Excel Could Allow Remote Code

       Execution 

Date:  28 January 2009

URL:   http://www.auscert.org.au/10173

 

Title: AL-2009.0004 -- [Win] -- A number of vulnerabilities have been

       identified in Trend Micro OfficeScan 8.0 

Date:  27 January 2009

URL:   http://www.auscert.org.au/10399

 

External Security Bulletins:

----------------------------

Title: ESB-2008.1109 -- [Win][UNIX/Linux] -- BMC PatrolAgent Version Logging

       Format String Vulnerability 

Date:  28 January 2009

OS:    HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,

       HP-UX, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,

       AIX, Server 2008, Windows Vista, Windows 2003, Windows XP 

URL:   http://www.auscert.org.au/10188

 

Title: ESB-2008.0769 -- [AIX] -- AIX named DNS Cache Poisoning Vulnerability


Date:  26 January 2009

OS:    AIX 

URL:   http://www.auscert.org.au/9670

 

Title: ESB-2008.0610 -- [Win][UNIX/Linux][Debian] -- New typo3 packages fix

       several vulnerabilities 

Date:  26 January 2009

OS:    HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,

       HP-UX, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,

       AIX, Server 2008, Windows Vista, Windows 2003, Windows 2000, Windows

       XP, Mac OS X 

URL:   http://www.auscert.org.au/9445

 

Title: ESB-2009.0109 -- [Solaris] -- A number of vulnerabilities have been

       identified in Avaya Systems products using Solaris 

Date:  30 January 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10442

 

Title: ESB-2009.0108 -- [Solaris] -- Security Vulnerability in samba(7)

       Specially Crafted Packet May Allow Execution of Arbitrary Code With

       Root Privileges 

Date:  30 January 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10441

 

Title: ESB-2009.0107 -- [Solaris] -- A Security Vulnerability in the Solaris

       ip(7P) Kernel Module's IP-in-IP Packet Processing May Lead to a
Denial

       of Service (DoS) 

Date:  30 January 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10440

 

Title: ESB-2009.0106 -- [Solaris] -- Security Vulnerabilities in the
Embedded

       Lights Out Manager (ELOM) on Sun Fire X2100 M2 and X2200 M2 May Allow

       Unauthorized Logins 

Date:  30 January 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10439

 

Title: ESB-2009.0105 -- [MPE/iX] -- MPE/iX Running BIND/iX, Remote DNS Cache

       Poisoning 

Date:  30 January 2009

OS:    HP Tru64 UNIX, HP-UX 

URL:   http://www.auscert.org.au/10438

 

Title: ESB-2009.0104 -- [AIX] -- AIX rmsock log append file vulnerability 

Date:  30 January 2009

OS:    AIX 

URL:   http://www.auscert.org.au/10437

 

Title: ESB-2009.0103 -- [Win][Linux][HP-UX][Solaris] -- A vulnerability has

       been identified in HP Select Access 

Date:  30 January 2009

OS:    Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other

       Linux Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX,
Windows

       Vista 

URL:   http://www.auscert.org.au/10436

 

Title: ESB-2009.0102 -- [RedHat] -- Moderate: ntp security update 

Date:  30 January 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10435

 

Title: ESB-2009.0101 -- [RedHat] -- Moderate: rhpki security and bug fix

       update 

Date:  30 January 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10434

 

Title: ESB-2009.0100 -- [UNIX/Linux][Debian] -- New moin packages fix

       insufficient input sanitising 

Date:  30 January 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,

       HP-UX, AIX 

URL:   http://www.auscert.org.au/10433

 

Title: ESB-2009.0099 -- [Solaris] -- A Security Vulnerability in Solaris
IPv6

       Implementation (ip6(7p)) May Cause a System Panic 

Date:  29 January 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10429

 

Title: ESB-2009.0098 -- [Solaris] -- Security Vulnerability in Solaris BIND

       named(1M) due to Incorrect DNSSEC Signature Verification 

Date:  29 January 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10428

 

Title: ESB-2009.0097 -- [Win][Linux][HP-UX][Solaris] -- A Security

       Vulnerability in Sun Java System Access Manager May Allow a Remote

       Unprivileged User to Determine the Existence of "guessed" Usernames 

Date:  29 January 2009

OS:    Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other

       Linux Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X,

       HP-UX, Windows Vista 

URL:   http://www.auscert.org.au/10427

 

Title: ESB-2009.0096 -- [UNIX/Linux][Debian] -- New rt2400, rt2500 and
rt2570

       packages fix arbitrary code execution 

Date:  29 January 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,

       HP-UX, AIX 

URL:   http://www.auscert.org.au/10426

 

Title: ESB-2009.0095 -- [Solaris] -- Security Vulnerability in the Solaris

       "autofs" Kernel Module may Allow a Local Unprivileged User to Execute

       Arbitrary Code 

Date:  28 January 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10425

 

Title: ESB-2009.0094 -- [Win][Netware][UNIX/Linux] -- CA Anti-Virus Engine

       Detection Evasion Multiple Vulnerabilities 

Date:  27 January 2009

OS:    HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,

       HP-UX, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,

       AIX, Server 2008, Windows Vista, Windows 2003, Windows 2000, Windows

       XP, Mac OS X 

URL:   http://www.auscert.org.au/10424

 

Title: ESB-2009.0093 -- [Win] -- Cohesion Tomcat Multiple Vulnerabilities 

Date:  28 January 2009

OS:    Windows Vista, Server 2008, Windows XP, Windows 2000, Windows 2003 

URL:   http://www.auscert.org.au/10423

 

Title: ESB-2009.0092 -- [UNIX/Linux] -- A vulnerability has been identified
in

       cups 

Date:  26 January 2009

OS:    HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,

       HP-UX, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,

       AIX, Mac OS X 

URL:   http://www.auscert.org.au/10422

 

Title: ESB-2009.0091 -- [Win][UNIX/Linux] -- Multiple vulnerabilities

       identified in phpMyAdmin 

Date:  27 January 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10421

 

Title: ESB-2009.0090 -- [Solaris] -- Security Vulnerability in the Solaris

       Pseudo-terminal Driver (pty(7D)) may Cause a System Panic 

Date:  27 January 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10420

 

Title: ESB-2009.0089 -- [Solaris] -- Security Vulnerability with IKE Packet

       Handling in Solaris libike Library may Lead to a Crash of in.iked(1M)


Date:  27 January 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10419

 

Title: ESB-2009.0088 -- [UNIX/Linux][Debian] -- New typo3 packages fix
remote

       code execution 

Date:  27 January 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,

       HP-UX, AIX 

URL:   http://www.auscert.org.au/10418

 

Title: ESB-2009.0087 -- [UNIX/Linux][Debian] -- New ganglia-monitor-core

       packages fix remote code execution 

Date:  27 January 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,

       HP-UX, AIX 

URL:   http://www.auscert.org.au/10417

 

Title: ESB-2009.0086 -- [Win][VMware ESX][Linux][HP-UX][Solaris][AIX] -- EMC

       AutoStart Backbone Engine Trusted Pointer Code Execution
Vulnerability 

Date:  29 January 2009

OS:    Windows Vista, AIX, HP-UX, Red Hat Linux, Server 2008,
Virtualisation,

       Windows XP, Other Linux Variants, Windows 2000, Windows 2003, Debian

       GNU/Linux, Ubuntu, Solaris 

URL:   http://www.auscert.org.au/10416

 

Title: ESB-2009.0084 -- [Solaris] -- A Solaris Kernel Security Vulnerability

       on Systems Using the Sun UltraSPARC T2 and T2+ Processors May Allow

       Denial of Service (DoS) 

Date:  29 January 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10409

 

Title: ESB-2009.0083 -- [Win][Linux][Solaris] -- A Security Vulnerability in

       Sun Java System Application Server May Expose an Application's
WEB-INF

       and META-INF Content 

Date:  29 January 2009

OS:    Windows Vista, Red Hat Linux, Server 2008, Windows XP, Other Linux

       Variants, Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu,
Solaris

URL:   http://www.auscert.org.au/10408

 

Title: ESB-2009.0076 -- [Win] -- Microsoft Windows Does Not Disable AutoRun

       Properly 

Date:  26 January 2009

OS:    Server 2008, Windows Vista, Windows 2003, Windows 2000, Windows XP 

URL:   http://www.auscert.org.au/10393

 

Title: ESB-2009.0060 -- [UNIX/Linux][Debian] -- New netatalk packages fix

       arbitrary code execution 

Date:  30 January 2009

OS:    AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,

       OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64

       UNIX, Solaris 

URL:   http://www.auscert.org.au/10362

 

===========================================================================

Australian Computer Emergency Response Team

The University of Queensland

Brisbane

Qld 4072

 

Internet Email: auscert at auscert.org.au

Facsimile:      (07) 3365 7031

Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)

                AusCERT personnel answer during Queensland business hours

                which are GMT+10:00 (AEST).

                On call after hours for member emergencies only.

===========================================================================

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090130/f584ebca/attachment.html>


More information about the AusNOG mailing list