[AusNOG] AusCERT Week in Review - Week Ending 10/07/2009 (AUSCERT#20073f686)
Patrick Mannion
patrick at auscert.org.au
Fri Jul 10 16:38:00 EST 2009
AusCERT Week in Review
10 July 2009
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2009.1010 - [Win][Linux][HP-UX][AIX] IBM Websphere Application
Server: Unauthorised access - Remote/unauthenticated
Date: 10 July 2009
URL: http://www.auscert.org.au/11282
Title: ASB-2009.1007 - [Win][Linux][AIX] IBM Websphere Application Server 6.1
before 6.1.0.25: Reduced security - Remote/unauthenticated
Date: 08 July 2009
URL: http://www.auscert.org.au/11272
Title: ASB-2009.1008 - [Win][UNIX/Linux] Ruby on Rails: Unauthorised access -
Remote/unauthenticated
Date: 08 July 2009
URL: http://www.auscert.org.au/11275
Title: ASB-2009.1009 - [UNIX/Linux] kvm: Denial of service - Existing account
Date: 08 July 2009
URL: http://www.auscert.org.au/11276
Title: ASB-2009.1004.3 - UPDATED ALERT [Win] Microsoft video streaming ActiveX
control: Execute arbitrary code/commands - Remote/unauthenticated
Date: 07 July 2009
URL: http://www.auscert.org.au/11265
Title: ASB-2009.1005 - [Win][UNIX/Linux] FCKeditor: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 07 July 2009
URL: http://www.auscert.org.au/11266
Title: ASB-2009.1006.2 - UPDATE [Win][UNIX/Linux] Tivoli Identity Manager:
Execute arbitrary code/commands - Remote with user interaction
Date: 07 July 2009
URL: http://www.auscert.org.au/11270
Title: AA-2009.0058 -- [Win][UNIX/Linux] -- ModSecurity 2.5.9 Released
Date: 06 July 2009
URL: http://www.auscert.org.au/10643
Title: ASB-2009.1002 - [Win][UNIX/Linux] Joomla! 1.5.11 and prior: Multiple
vulnerabilities
Date: 06 July 2009
URL: http://www.auscert.org.au/11258
Title: ASB-2009.1003 - [Cisco] Cisco Adaptive Security Appliances Firmware
(ASA): Multiple vulnerabilities
Date: 06 July 2009
URL: http://www.auscert.org.au/11264
External Security Bulletins:
----------------------------
Title: ESB-2009.1037 - [OpenSolaris] OpenSolaris: Denial of service - Existing
account
Date: 10 July 2009
OS: Solaris
URL: http://www.auscert.org.au/11283
Title: ESB-2009.1036 - [Win][UNIX/Linux][RedHat] httpd: Multiple
vulnerabilities
Date: 10 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11281
Title: ESB-2009.1035 - [Win][UNIX/Linux] WordPress: Multiple vulnerabilities
Date: 09 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11280
Title: ESB-2009.1034 - [Win][Mac][OSX] Safari: Multiple vulnerabilities
Date: 09 July 2009
OS: Windows Vista, Mac OS X, Windows XP
URL: http://www.auscert.org.au/11279
Title: ESB-2009.1033 - [Win][UNIX/Linux] Nodequeue (third-party Drupal
module): Read-only data access - Remote/unauthenticated
Date: 09 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11278
Title: ESB-2009.1032 - [NetBSD] OpenSSL: Multiple vulnerabilities
Date: 09 July 2009
OS: Other BSD Variants
URL: http://www.auscert.org.au/11277
Title: ESB-2009.1031 - [Linux] Linux 2.6 kernel: Multiple vulnerabilities
Date: 08 July 2009
OS: Red Hat Linux, Other Linux Variants, Debian GNU/Linux, Ubuntu
URL: http://www.auscert.org.au/11274
Title: ESB-2009.1030 - [Win][UNIX/Linux][Debian] ocsinventory-agent: Execute
arbitrary code/commands - Existing account
Date: 08 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11273
Title: ESB-2009.1029 - [UNIX/Linux] Libtiff: Denial of service - Remote with
user interaction
Date: 07 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, HP-UX, Other BSD Variants,
OpenBSD, AIX, FreeBSD, Mac OS X, Other Linux Variants, Ubuntu, Debian
GNU/Linux
URL: http://www.auscert.org.au/11271
Title: ESB-2009.1028 - Lightweight Availability Collection Tool: Modify
Arbitrary Files - Existing Account
Date: 07 July 2009
OS: Solaris
URL: http://www.auscert.org.au/11269
Title: ESB-2009.1027 - [Win][UNIX/Linux][Debian] ipplan: Cross-site scripting
- Remote with user interaction
Date: 07 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11268
Title: ESB-2009.1026 - [RedHat] JBoss Enterprise Application Platform:
Multiple vulnerabilities
Date: 07 July 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11267
Title: ESB-2009.1025.2 - UPDATE [Debian] nagios2, nagios3: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 06 July 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11261
Title: ESB-2009.1024 - [UNIX/Linux][Debian] eggdrop: Multiple vulnerabilities
Date: 06 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, HP-UX, Other BSD Variants,
OpenBSD, AIX, FreeBSD, Mac OS X, Other Linux Variants, Ubuntu, Debian
GNU/Linux
URL: http://www.auscert.org.au/11260
Title: ESB-2009.1023 - [Win][Mac][OSX] Timbuktu Pro: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 06 July 2009
OS: Windows Vista, Windows 2003, Mac OS X, Windows Server 2008, Windows XP,
Windows 2000
URL: http://www.auscert.org.au/11259
Title: ESB-2009.1022 - [NetBSD] OpenSSH: Access privileged data -
Remote/unauthenticated
Date: 06 July 2009
OS: Other BSD Variants
URL: http://www.auscert.org.au/11257
Title: ESB-2009.1020.2 - UPDATE [Solaris][OpenSolaris] Solaris Network File
System Version 4 (NFSv4): Modify arbitrary files -
Remote/unauthenticated
Date: 06 July 2009
OS: Solaris
URL: http://www.auscert.org.au/11254
Title: ESB-2009.1019.2 - UPDATE [Solaris][OpenSolaris] Solaris Kernel udp(7p):
Denial of service - Remote/unauthenticated
Date: 06 July 2009
OS: Solaris
URL: http://www.auscert.org.au/11253
Title: ESB-2009.1008.2 - UPDATE [Win][UNIX/Linux] Drupal core: Multiple
vulnerabilities
Date: 10 July 2009
OS: Other Linux Variants, Windows Server 2008, FreeBSD, Windows Vista, AIX,
Windows 2000, OpenBSD, Other BSD Variants, Windows XP, HP-UX, Debian
GNU/Linux, Ubuntu, Mac OS X, Windows 2003, Red Hat Linux, HP Tru64
UNIX, Solaris, IRIX
URL: http://www.auscert.org.au/11242
Title: ESB-2009.0127 -- [Win][UNIX/Linux] -- HP Storage Essentials SRM, Remote
Unauthorized Access
Date: 07 July 2009
OS: Windows Vista, AIX, HP-UX, Red Hat Linux, Windows XP, Other Linux
Variants, Windows 2000, Windows 2003, IRIX, Debian GNU/Linux, Ubuntu,
HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/8751
Title: ESB-2009.0127 -- [Appliance] -- Certain HP Printers, and HP Digital
Senders, Remote Unauthorized Access to Files
Date: 06 July 2009
URL: http://www.auscert.org.au/10470
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list