[AusNOG] AusCERT Week in Review - Week Ending 17/07/2009 (AUSCERT#20073f686)
Patrick Mannion
patrick at auscert.org.au
Fri Jul 17 16:19:00 EST 2009
AusCERT Week in Review
17 July 2009
Web Log Entries:
----------------
Title: Independence Day attacks not so serious
Date: 16 July 2009
URL: http://www.auscert.org.au/11313
Title: Vulnerability in Firefox 3.5
Date: 16 July 2009
URL: http://www.auscert.org.au/11316
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2009.1015 - ALERT [Win][UNIX/Linux] Firefox 3.5: Execute arbitrary
code/commands - Remote with user interaction
Date: 16 July 2009
URL: http://www.auscert.org.au/11317
Title: ASB-2009.1016 - [AIX] IBM AIX: Execute arbitrary code/commands -
Existing account
Date: 16 July 2009
URL: http://www.auscert.org.au/11318
Title: ASB-2009.1013 - ALERT [Win][UNIX/Linux] Oracle Products: Multiple
vulnerabilities
Date: 15 July 2009
URL: http://www.auscert.org.au/11297
Title: ASB-2009.1014 - [Win][Netware][Linux][Solaris][AIX] Novell eDirectory
8.8: Denial of service - Remote with user interaction
Date: 15 July 2009
URL: http://www.auscert.org.au/11310
Title: ASB-2009.1011 - ALERT [Win] Microsoft Office Web Components: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 14 July 2009
URL: http://www.auscert.org.au/11289
Title: ASB-2009.1012 - ALERT: Microsoft Bulletin Notification - July
Pre-release Announcement
Date: 14 July 2009
URL: http://www.auscert.org.au/11296
Title: AA-2009.0157 -- [Win][UNIX/Linux] -- Tor: Denial of Service
Date: 13 July 2009
URL: http://www.auscert.org.au/11229
Title: ASB-2009.1008.2 - UPDATE [Win][UNIX/Linux] Ruby on Rails: Unauthorised
access - Remote/unauthenticated
Date: 13 July 2009
URL: http://www.auscert.org.au/11275
External Security Bulletins:
----------------------------
Title: ESB-2009.1072 - [Solaris][OpenSolaris] NFSv4: Denial of service -
Existing account
Date: 17 July 2009
OS: Solaris
URL: http://www.auscert.org.au/11327
Title: ESB-2009.1071 - [Solaris][OpenSolaris] ipfilter: Denial of service -
Remote/unauthenticated
Date: 17 July 2009
OS: Solaris
URL: http://www.auscert.org.au/11326
Title: ESB-2009.1070 - [RedHat] libtiff: Multiple vulnerabilities
Date: 17 July 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11325
Title: ESB-2009.1069 - [Debian] fckeditor: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 17 July 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11324
Title: ESB-2009.1068 - [Win][UNIX/Linux] PulseAudio: Root compromise -
Existing account
Date: 17 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11323
Title: ESB-2009.1067 - [Solaris] Sun Fire V215 Server: Denial of service -
Existing account
Date: 16 July 2009
OS: Solaris
URL: http://www.auscert.org.au/11322
Title: ESB-2009.1066 - [Win] Citrix: Multiple vulnerabilities - Remote with
user interaction
Date: 16 July 2009
OS: Windows Vista, Windows 2003, Windows Server 2008, Windows XP, Windows
2000
URL: http://www.auscert.org.au/11321
Title: ESB-2009.1065 - [Win] XenApp 4.5: Unauthorised access - Existing
account
Date: 16 July 2009
OS: Windows Vista, Windows 2003, Windows Server 2008, Windows XP, Windows
2000
URL: http://www.auscert.org.au/11320
Title: ESB-2009.1064 - [Win] Citrix License Server: Reduced security -
Unknown/unspecified
Date: 16 July 2009
OS: Windows Vista, Windows 2003, Windows Server 2008, Windows XP, Windows
2000
URL: http://www.auscert.org.au/11319
Title: ESB-2009.1063 - [Win][Cisco] Cisco Systems: Multiple vulnerabilities
Date: 16 July 2009
OS: Cisco Products, Windows 2003, Windows 2000
URL: http://www.auscert.org.au/11315
Title: ESB-2009.1062 - [SUSE][OpenSUSE] SUSE: Root compromise -
Remote/unauthenticated
Date: 16 July 2009
OS: Other Linux Variants
URL: http://www.auscert.org.au/11314
Title: ESB-2009.1061 - tiff: Multiple vulnerabilities
Date: 16 July 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11312
Title: ESB-2009.1060 - [Debian] apache2: Multiple vulnerabilities
Date: 16 July 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11311
Title: ESB-2009.1059 - [RedHat] Red Hat: Multiple vulnerabilities
Date: 15 July 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11309
Title: ESB-2009.1058 - [RedHat] Red Hat: Multiple vulnerabilities
Date: 15 July 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11308
Title: ESB-2009.1057 - [NetBSD] ISC dhclient: Root compromise -
Remote/unauthenticated
Date: 15 July 2009
OS: Other BSD Variants
URL: http://www.auscert.org.au/11307
Title: ESB-2009.1056 - [Debian] dhcp3: Multiple vulnerabilities
Date: 15 July 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11306
Title: ESB-2009.1055 - [RedHat] dhcp: Multiple vulnerabilities
Date: 15 July 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11305
Title: ESB-2009.1054 - [Win] Microsoft Office Publisher: Execute arbitrary
code/commands - Remote with user interaction
Date: 15 July 2009
OS: Windows Vista, Windows 2003, Windows XP
URL: http://www.auscert.org.au/11304
Title: ESB-2009.1053 - ALERT [UNIX/Linux] ISC DHCP: Root compromise -
Remote/unauthenticated
Date: 15 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, HP-UX, Other BSD Variants,
OpenBSD, AIX, FreeBSD, Mac OS X, Other Linux Variants, Ubuntu, Debian
GNU/Linux
URL: http://www.auscert.org.au/11303
Title: ESB-2009.1052 - ALERT [Win] Microsoft: Administrator compromise -
Remote/unauthenticated
Date: 15 July 2009
OS: Windows 2003, Windows 2000
URL: http://www.auscert.org.au/11302
Title: ESB-2009.1051 - ALERT [Win] Microsoft Virtual PC/Virtual Server:
Increased privileges - Remote/unauthenticated
Date: 15 July 2009
OS: Virtualisation
URL: http://www.auscert.org.au/11301
Title: ESB-2009.1050 - ALERT [Win] ActiveX: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 15 July 2009
OS: Windows Vista, Windows 2003, Windows Server 2008, Windows XP, Windows
2000
URL: http://www.auscert.org.au/11300
Title: ESB-2009.1049 - ALERT [Win] Microsoft DirectShow: Multiple
vulnerabilities
Date: 15 July 2009
OS: Windows 2003, Windows XP, Windows 2000
URL: http://www.auscert.org.au/11298
Title: ESB-2009.1048 - ALERT [Win] Embedded OpenType Font Engine: Multiple
vulnerabilities
Date: 15 July 2009
OS: Windows Vista, Windows 2003, Windows Server 2008, Windows XP, Windows
2000
URL: http://www.auscert.org.au/11299
Title: ESB-2009.1047 - [UNIX/Linux] tiff: Execute arbitrary code/commands -
Remote with user interaction
Date: 14 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, HP-UX, Other BSD Variants,
OpenBSD, AIX, FreeBSD, Mac OS X, Other Linux Variants, Ubuntu, Debian
GNU/Linux
URL: http://www.auscert.org.au/11295
Title: ESB-2009.1046 - [Win][UNIX/Linux] irssi: Denial of service -
Remote/unauthenticated
Date: 14 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11294
Title: ESB-2009.1045 - [UNIX/Linux] D-Bus: Provide misleading information -
Existing account
Date: 14 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, HP-UX, Other BSD Variants,
OpenBSD, AIX, FreeBSD, Mac OS X, Other Linux Variants, Ubuntu, Debian
GNU/Linux
URL: http://www.auscert.org.au/11293
Title: ESB-2009.1044 - [UNIX/Linux][Debian] camlimages: Execute arbitrary
code/commands - Existing account
Date: 14 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, HP-UX, Other BSD Variants,
OpenBSD, AIX, FreeBSD, Mac OS X, Other Linux Variants, Ubuntu, Debian
GNU/Linux
URL: http://www.auscert.org.au/11292
Title: ESB-2009.1043 - [UNIX/Linux] djbdns: Increased privileges -
Remote/unauthenticated
Date: 14 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, HP-UX, Other BSD Variants,
OpenBSD, AIX, FreeBSD, Mac OS X, Other Linux Variants, Ubuntu, Debian
GNU/Linux
URL: http://www.auscert.org.au/11291
Title: ESB-2009.1042 - [Appliance] HP ProCurve Threat Management Services zl
Module (J9155A) running vST.1.0.090213 or earlier: Multiple
vulnerabilities
Date: 14 July 2009
OS: HP-UX
URL: http://www.auscert.org.au/11290
Title: ESB-2009.1041 - [Solaris][OpenSolaris] Solaris Bundled Tomcat: Multiple
vulnerabilities
Date: 13 July 2009
OS: Solaris
URL: http://www.auscert.org.au/11288
Title: ESB-2009.1040.2 - UPDATE [UNIX/Linux][Debian] sork-passwd-h3:
Cross-site scripting - Remote with user interaction
Date: 15 July 2009
OS: Debian GNU/Linux, Ubuntu, Other Linux Variants, Mac OS X, FreeBSD, AIX,
OpenBSD, Other BSD Variants, HP-UX, Red Hat Linux, Solaris, HP Tru64
UNIX, IRIX
URL: http://www.auscert.org.au/11287
Title: ESB-2009.1039 - [VMware ESX] VMware: Multiple vulnerabilities
Date: 13 July 2009
OS: Virtualisation
URL: http://www.auscert.org.au/11286
Title: ESB-2009.1038 - [Debian] icedove: Multiple vulnerabilities
Date: 13 July 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11285
Title: ESB-2009.1035.2 - UPDATE [Win][UNIX/Linux] WordPress: Multiple
vulnerabilities
Date: 13 July 2009
OS: Other Linux Variants, Windows Server 2008, FreeBSD, Windows Vista, AIX,
Windows 2000, OpenBSD, Other BSD Variants, Windows XP, HP-UX, Debian
GNU/Linux, Ubuntu, Mac OS X, Windows 2003, Red Hat Linux, HP Tru64
UNIX, Solaris, IRIX
URL: http://www.auscert.org.au/11280
Title: ESB-2009.1021.2 - UPDATE [Solaris][OpenSolaris] SNMP daemon
(snmpd(1M)): Denial of service - Remote/unauthenticated
Date: 14 July 2009
OS: Solaris
URL: http://www.auscert.org.au/11255
Title: ESB-2009.1011.2 - UPDATE [VMware ESX] krb5: Multiple vulnerabilities
Date: 13 July 2009
OS: Virtualisation
URL: http://www.auscert.org.au/11245
Title: ESB-2009.0618 -- [Solaris][OpenSolaris] -- Solaris auditconfig(3M):
Increased Privileges
Date: 13 July 2009
OS: Solaris
URL: http://www.auscert.org.au/11224
Title: ESB-2009.0064 -- [Solaris] -- Security vulnerability in Solaris Related
to the Apache 1.3 mod_perl(3) Module Component "PerlRun.pm" may Lead to
Denial of Service (DoS)
Date: 14 July 2009
OS: Solaris
URL: http://www.auscert.org.au/10367
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list