[AusNOG] AusCERT Week in Review - Week Ending 03/07/2009 (AUSCERT#20073f686)

Fri Jul 3 15:34:52 EST 2009

AusCERT Week in Review
03 July 2009


AusCERT in the Media:
---------------------

Papers, Articles and other documents:
-------------------------------------
Title: ASB-2009.1001.2 - UPDATE [Win][UNIX/Linux] phpMyAdmin: Cross-site
       scripting - Remote with user interaction 
Date:  02 July 2009
URL:   http://www.auscert.org.au/11236

Title: Zane PGP Key 
Date:  30 June 2009
URL:   http://www.auscert.org.au/11232


Web Log Entries:
----------------
Title: New bulletin format now in action 
Date:  01 July 2009
URL:   http://www.auscert.org.au/11237


Alerts, Advisories and Updates:
-------------------------------
Title: AA-2009.0153 -- [UNIX/Linux] -- Nagios: Execute Arbitrary Code 
Date:  03 July 2009
URL:   http://www.auscert.org.au/11207

Title: AA-2009.0051 -- [Win][UNIX/Linux] -- A vulnerability has been
       identified in IBM Websphere Application Server 
Date:  01 July 2009
URL:   http://www.auscert.org.au/10599

Title: AA-2009.0157 -- [Win][UNIX/Linux] -- Tor: Denial of Service 
Date:  30 June 2009
URL:   http://www.auscert.org.au/11229


External Security Bulletins:
----------------------------
Title: ESB-2009.1019 - [Solaris][OpenSolaris] Solaris Kernel udp(7p): Denial
       of service - Remote/unauthenticated 
Date:  03 July 2009
OS:    Solaris 
URL:   http://www.auscert.org.au/11253

Title: ESB-2009.1018 - [Solaris][OpenSolaris] Ultra-SPARC T2 crypto provider
       device driver (n2cp(7D)): Denial of service - Remote/unauthenticated 
Date:  03 July 2009
OS:    Solaris 
URL:   http://www.auscert.org.au/11252

Title: ESB-2009.1017 - [UNIX/Linux] perl: Denial of service - Remote with user
       interaction 
Date:  03 July 2009
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, HP-UX, Other BSD Variants,
       OpenBSD, AIX, FreeBSD, Mac OS X, Other Linux Variants, Ubuntu, Debian
       GNU/Linux 
URL:   http://www.auscert.org.au/11251

Title: ESB-2009.1016.2 - UPDATE [RedHat] nagios: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  03 July 2009
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/11250

Title: ESB-2009.1015 - [SUSE] java-1_6_0-ibm: Multiple vulnerabilities 
Date:  03 July 2009
OS:    Other Linux Variants 
URL:   http://www.auscert.org.au/11249

Title: ESB-2009.1014 - [RedHat] ruby: Multiple vulnerabilities 
Date:  03 July 2009
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/11248

Title: ESB-2009.1013 - [Win][UNIX/Linux][RedHat] pidgin: Denial of service -
       Remote/unauthenticated 
Date:  03 July 2009
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/11247

Title: ESB-2009.1012 - [RedHat] openswan: Denial of service -
       Remote/unauthenticated 
Date:  03 July 2009
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/11246

Title: ESB-2009.1011 - [VMware ESX] krb5: Execute arbitrary code/commands -
       Remote/unauthenticated 
Date:  02 July 2009
OS:    Virtualisation 
URL:   http://www.auscert.org.au/11245

Title: ESB-2009.1010 - [Win][Linux][Solaris] Sun Java Web Console: Cross-site
       scripting - Remote with user interaction 
Date:  02 July 2009
OS:    Solaris, Red Hat Linux, Windows 2003, Windows XP, Windows 2000, Windows
       Vista, Windows Server 2008, Other Linux Variants, Ubuntu, Debian
       GNU/Linux 
URL:   http://www.auscert.org.au/11244

Title: ESB-2009.1009 - [Win][UNIX/Linux] Advanced Forum (third-party drupal
       module): Multiple vulnerabilities 
Date:  02 July 2009
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows NT
       4, Mac OS X, Windows 98/98SE, Ubuntu, Debian GNU/Linux, HP-UX, Windows
       XP, Other BSD Variants, OpenBSD, Windows 2000, AIX, Windows Vista,
       FreeBSD, Other Linux Variants, Windows Server 2008, Windows ME 
URL:   http://www.auscert.org.au/11243

Title: ESB-2009.1008 - [Win][UNIX/Linux] Drupal core: Multiple vulnerabilities
Date:  02 July 2009
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
       Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
       OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
       Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/11242

Title: ESB-2009.1007 - [HP-UX] NFS/ONCplus: Denial of service - Existing
       account 
Date:  02 July 2009
OS:    HP-UX 
URL:   http://www.auscert.org.au/11241

Title: ESB-2009.1006 - [SUSE][OpenSUSE] acroread: Multiple vulnerabilities 
Date:  02 July 2009
OS:    Other Linux Variants 
URL:   http://www.auscert.org.au/11240

Title: ESB-2009.1005.2 - UPDATE [Win][UNIX/Linux] Sun Microsystems: Cross-site
       scripting - Remote with user interaction 
Date:  02 July 2009
OS:    Other Linux Variants, Windows Server 2008, FreeBSD, Windows Vista, AIX,
       Windows 2000, OpenBSD, Other BSD Variants, Windows XP, HP-UX, Debian
       GNU/Linux, Ubuntu, Mac OS X, Windows 2003, Red Hat Linux, HP Tru64
       UNIX, Solaris, IRIX 
URL:   http://www.auscert.org.au/11239

Title: ESB-2009.1004.2 - UPDATE [Win] Citrix: Unauthorised Access - Existing
       account 
Date:  02 July 2009
OS:    Windows 2000, Windows XP, Windows Server 2008, Windows 2003, Windows
       Vista 
URL:   http://www.auscert.org.au/11238

Title: ESB-2009.1003.2 - UPDATE [NetBSD] ntp: Execute arbitrary code -
       Remote/unauthenticated 
Date:  02 July 2009
OS:    Other BSD Variants 
URL:   http://www.auscert.org.au/11235

Title: ESB-2009.1002.2 - UPDATE [RedHat] SeaMonkey: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  02 July 2009
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/11234

Title: ESB-2009.1001.2 - UPDATE [RedHat] Kernel: Multiple vulnerabilities 
Date:  02 July 2009
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/11233

Title: ESB-2009.0624 -- [AIX] -- OpenSSL: Denial of Service 
Date:  30 June 2009
OS:    AIX 
URL:   http://www.auscert.org.au/11231

Title: ESB-2009.0623 -- [HP-UX] -- HP-UX Running Apache Web Server Suite:
       Execute Arbitrary Code 
Date:  30 June 2009
OS:    HP-UX 
URL:   http://www.auscert.org.au/11230

Title: ESB-2009.0622 -- [Win][UNIX/Linux] -- Links Package (Drupal third-party
       module): Administrator Compromise 
Date:  29 June 2009
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,
       HP-UX, AIX, Windows Vista 
URL:   http://www.auscert.org.au/11228

Title: ESB-2009.0621 -- [Solaris][OpenSolaris] -- Virtual Network Terminal
       Server Daemon (vntsd(1M)): Increased Privileges 
Date:  02 July 2009
OS:    Solaris 
URL:   http://www.auscert.org.au/11227

Title: ESB-2009.0620 -- [Solaris][OpenSolaris] -- Solaris Ghostscript (GS(1)):
       Execute Arbitrary Code 
Date:  29 June 2009
OS:    Solaris 
URL:   http://www.auscert.org.au/11226

Title: ESB-2009.0619 -- [Solaris] -- Apache 1.3 "mod_jk" Module: Access
       Confidential Data 
Date:  29 June 2009
OS:    Solaris 
URL:   http://www.auscert.org.au/11225

Title: ESB-2009.0618 -- [Solaris][OpenSolaris] -- Solaris auditconfig(3M):
       Increased Privileges 
Date:  29 June 2009
OS:    Solaris 
URL:   http://www.auscert.org.au/11224

Title: ESB-2009.0617 -- [Solaris][OpenSolaris] -- Solaris IP(7P) Multicast:
       Denial of Service 
Date:  01 July 2009
OS:    Solaris 
URL:   http://www.auscert.org.au/11223

Title: ESB-2009.0606 -- [Win] -- Adobe Shockwave Player: Administrator
       Compromise 
Date:  29 June 2009
OS:    Windows Vista, Windows Server 2008, Windows XP, Windows 2000, Windows
       2003 
URL:   http://www.auscert.org.au/11208

Title: ESB-2009.0593 -- [Win] -- Citrix Secure Gateway: Denial of Service 
Date:  01 July 2009
OS:    Windows Vista, Windows Server 2008, Windows XP, Windows 2000, Windows
       2003 
URL:   http://www.auscert.org.au/11186

Title: ESB-2009.0494 -- [Win][UNIX/Linux] -- Drupal third-party modules:
       Multiple Vulnerabilities 
Date:  02 July 2009
OS:    Windows ME, Windows Vista, AIX, HP-UX, Mac OS X, Windows NT 4, Red Hat
       Linux, Windows Server 2008, Windows XP, Other Linux Variants, FreeBSD,
       Windows 2000, OpenBSD, Windows 2003, IRIX, Other BSD Variants, Debian
       GNU/Linux, Ubuntu, Windows 98/98SE, HP Tru64 UNIX, Solaris 
URL:   http://www.auscert.org.au/11027


===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================