[AusNOG] AusCERT Week in Review - Week Ending 26/06/2009 (AUSCERT#20073F686)
Richard Billington
richard at auscert.org.au
Fri Jun 26 16:18:31 EST 2009
AusCERT Week in Review
26 June 2009
Web Log Entries:
----------------
Title: SquirrelMail Webserver Compromised
Date: 23 June 2009
URL: http://www.auscert.org.au/11192
Title: Windows 7 UAC Injection Flaw Source Code
Date: 23 June 2009
URL: http://www.auscert.org.au/11193
Title: New Wireshark release
Date: 22 June 2009
URL: http://www.auscert.org.au/11179
Alerts, Advisories and Updates:
-------------------------------
Title: AA-2009.0152 -- [Cisco] -- Cisco ASA: Access Privileged Data
Date: 26 June 2009
URL: http://www.auscert.org.au/11206
Title: AA-2009.0154 -- [Linux] -- Openswan: Denial of Service
Date: 26 June 2009
URL: http://www.auscert.org.au/11215
Title: AA-2009.0155 -- [Win] -- Google Chrome: Execute Arbitrary Code
Date: 26 June 2009
URL: http://www.auscert.org.au/11220
Title: AA-2009.0156 -- [Win][Linux][HP-UX][Solaris][AIX] -- IBM Rational
ClearQuest: Multiple Vulnerabilities
Date: 26 June 2009
URL: http://www.auscert.org.au/11221
Title: AA-2009.0153 -- [UNIX/Linux] -- Nagios: Execute Arbitrary Code
Date: 25 June 2009
URL: http://www.auscert.org.au/11207
Title: AA-2009.0149 -- [Win][UNIX/Linux] -- Apache Web Server: Denial of
Service
Date: 24 June 2009
URL: http://www.auscert.org.au/11200
Title: AA-2009.0150 -- [Win][UNIX/Linux] -- php: Denial of Service
Date: 24 June 2009
URL: http://www.auscert.org.au/11202
Title: AA-2009.0151 -- [Win] -- Foxit Reader: Execute Arbitrary Code
Date: 24 June 2009
URL: http://www.auscert.org.au/11203
Title: AA-2009.0147 -- [Win][UNIX/Linux] -- SquirrelMail web server compromise
Date: 23 June 2009
URL: http://www.auscert.org.au/11190
Title: AA-2009.0148 -- [Linux] -- strongSwan: Denial of Service
Date: 23 June 2009
URL: http://www.auscert.org.au/11194
Title: AA-2009.0078 -- [Win][UNIX/Linux] -- IBM WebSphere Application Server:
Multiple Vulnerabilities
Date: 22 June 2009
URL: http://www.auscert.org.au/10748
Title: AA-2009.0143 -- [Appliance] -- f5 FirePass: Cross-site Scripting
Date: 22 June 2009
URL: http://www.auscert.org.au/11142
Title: AA-2009.0146 -- [Win][UNIX/Linux] -- International Components for
Unicode: Cross-site Scripting
Date: 22 June 2009
URL: http://www.auscert.org.au/11180
External Security Bulletins:
----------------------------
Title: ESB-2009.0616 -- [Win][UNIX/Linux][Ubuntu] -- OpenSSL: Denial of
Service
Date: 26 June 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,
HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/11219
Title: ESB-2009.0615 -- [Win][UNIX/Linux] -- Drupal third-party module:
Cross-site Scripting
Date: 26 June 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,
HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/11218
Title: ESB-2009.0614 -- [Debian] -- phpmyadmin: Multiple Vulnerabilities
Date: 26 June 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11217
Title: ESB-2009.0613 -- [UNIX/Linux][Debian] -- Samba: Multiple
Vulnerabilities
Date: 26 June 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/11216
Title: ESB-2009.0612 -- [UNIX/Linux][RedHat] -- kdegraphics: Execute Arbitrary
Code
Date: 26 June 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/11214
Title: ESB-2009.0611 -- [UNIX/Linux][RedHat] -- kdelibs: Multiple
Vulnerabilities
Date: 26 June 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/11213
Title: ESB-2009.0610 -- [RedHat] -- Thunderbird: Multiple Vulnerabilities
Date: 26 June 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11212
Title: ESB-2009.0609 -- [UNIX/Linux][RedHat] -- net-snmp: Denial of Service
Date: 26 June 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/11211
Title: ESB-2009.0608 -- [RedHat] -- gstreamer-plugins-good: Execute Arbitrary
Code
Date: 26 June 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11210
Title: ESB-2009.0607 -- [UNIX/Linux][RedHat] -- icu: Provide Misleading
Information
Date: 26 June 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/11209
Title: ESB-2009.0606 -- [Win][Mac][OSX] -- Adobe Shockwave Player:
Administrator Compromise
Date: 25 June 2009
OS: Windows 2003, Windows 2000, Windows XP, Windows Server 2008, Mac OS X,
Windows Vista
URL: http://www.auscert.org.au/11208
Title: ESB-2009.0605 -- [Cisco] -- Cisco Physical Access Gateway: Denial of
Service
Date: 25 June 2009
OS: Cisco Products
URL: http://www.auscert.org.au/11205
Title: ESB-2009.0604 -- [Cisco] -- Cisco Video Surveillance Products: Multiple
Vulnerabilities
Date: 25 June 2009
OS: Cisco Products
URL: http://www.auscert.org.au/11204
Title: ESB-2009.0603 -- [Win][Linux] -- F-Secure Messaging Security Gateway:
Reduced Security
Date: 24 June 2009
OS: Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
Variants, Windows XP, Windows Server 2008, Red Hat Linux, Windows Vista
URL: http://www.auscert.org.au/11201
Title: ESB-2009.0602 -- [UNIX/Linux][Debian] -- mahara: Cross-site Scripting
Date: 24 June 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/11199
Title: ESB-2009.0601 -- [NetBSD] -- NetBSD OpenPAM passwd(1): Root Compromise
Date: 24 June 2009
OS: Other BSD Variants
URL: http://www.auscert.org.au/11198
Title: ESB-2009.0600 -- [NetBSD] -- proplib: Denial of Service
Date: 24 June 2009
OS: Other BSD Variants
URL: http://www.auscert.org.au/11197
Title: ESB-2009.0599 -- [NetBSD] -- tcpdump: Execute Arbitrary Code
Date: 24 June 2009
OS: Other BSD Variants
URL: http://www.auscert.org.au/11196
Title: ESB-2009.0598 -- [NetBSD] -- PF firewall: Denial of Service
Date: 24 June 2009
OS: Other BSD Variants
URL: http://www.auscert.org.au/11195
Title: ESB-2009.0597 -- [Win][UNIX/Linux][Debian] -- amule: Execute Arbitrary
Code
Date: 23 June 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,
HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/11191
Title: ESB-2009.0596 -- [Win] -- Foxit Reader: Execute Arbitrary Code
Date: 23 June 2009
OS: Windows 2003, Windows 2000, Windows XP, Windows Server 2008, Windows
Vista
URL: http://www.auscert.org.au/11189
Title: ESB-2009.0595 -- [Win][UNIX/Linux][Ubuntu] -- GStreamer Good Plugins:
Execute Arbitrary Code
Date: 23 June 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,
HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/11188
Title: ESB-2009.0594 -- [Win][UNIX/Linux] -- Sophos products: Reduced Security
Date: 22 June 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Windows Server 2008, Red Hat Linux, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/11187
Title: ESB-2009.0593 -- [Win] -- Citrix Secure Gateway: Denial of Service
Date: 22 June 2009
OS: Windows 2003, Windows 2000, Windows XP, Windows Server 2008, Windows
Vista
URL: http://www.auscert.org.au/11186
Title: ESB-2009.0592 -- [AIX] -- AIX libtt.a rpc.ttdbserver: Execute Arbitrary
Code
Date: 22 June 2009
OS: AIX
URL: http://www.auscert.org.au/11185
Title: ESB-2009.0591 -- [FreeBSD] -- pipe implementation: Access Privileged
Data
Date: 22 June 2009
OS: FreeBSD
URL: http://www.auscert.org.au/11184
Title: ESB-2009.0590 -- [Win][UNIX/Linux] -- Shibboleth 2.X IdPs: Access
Privileged Data
Date: 22 June 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,
HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/11183
Title: ESB-2009.0589 -- [Solaris][OpenSolaris] -- Solaris Event Port API:
Denial of Service
Date: 22 June 2009
OS: Solaris
URL: http://www.auscert.org.au/11182
Title: ESB-2009.0588 -- [Solaris][OpenSolaris] -- Solaris TCP/IP Networking
Stack: Denial of Service
Date: 22 June 2009
OS: Solaris
URL: http://www.auscert.org.au/11181
Title: ESB-2009.0555 -- [FreeBSD] -- IPv6: Inappropriate Access
Date: 25 June 2009
OS: FreeBSD
URL: http://www.auscert.org.au/11131
Title: ESB-2009.0553 -- [Win][UNIX/Linux] -- Drupal third-party modules:
Multiple Vulnerabilities
Date: 22 June 2009
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows Server
2008, Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/11129
Title: ESB-2009.0341 -- [Solaris][OpenSolaris] -- Kerberos 'Mech' Libraries:
Multiple Vulnerabilities
Date: 22 June 2009
OS: Solaris
URL: http://www.auscert.org.au/10790
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list