[AusNOG] AusCERT Week in Review - Week Ending 06/11/2009 (AUSCERT#20073f686)
Paul Fahey
paul at auscert.org.au
Fri Nov 6 13:13:40 EST 2009
AusCERT Week in Review
06 November 2009
Papers, Articles and other documents:
-------------------------------------
Title: AustralianIT: System needed to warn websites of security threats
Date: 04 November 2009
URL: http://www.auscert.org.au/11895
Web Log Entries:
----------------
Title: Running programs with unsecure code? Meet Emet.
Date: 02 November 2009
URL: http://www.auscert.org.au/11871
Title: NIST updates their Guidelines on Firewalls and Firewall Policy
Date: 01 November 2009
URL: http://www.auscert.org.au/11869
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2009.1124.2 - UPDATE [Win][UNIX/Linux] Joomla!: Multiple
vulnerabilities
Date: 06 November 2009
URL: http://www.auscert.org.au/11902
Title: ASB-2009.1123.2 - UPDATE [Win][Netware][Linux][Solaris][AIX] IBM
Tivoli
Storage Manager Client: Multiple vulnerabilities
Date: 05 November 2009
URL: http://www.auscert.org.au/11893
Title: ASB-2009.1119 - [Win][OSX] BlackBerry Desktop Manager: Execute
arbitrary code/commands - Remote with user interaction
Date: 04 November 2009
URL: http://www.auscert.org.au/11878
Title: ASB-2009.1120 - ALERT [Win] Fake Comcover Emails Contain Malicious
Attachments: Execute arbitrary code/commands - Remote with user
interaction
Date: 04 November 2009
URL: http://www.auscert.org.au/11880
Title: ASB-2009.1121 - [Win][Linux][Solaris] Sun Java: Execute arbitrary
code/commands - Remote with user interaction
Date: 04 November 2009
URL: http://www.auscert.org.au/11881
Title: ASB-2009.1122 - [Win][UNIX/Linux] VLC Media Player: Execute arbitrary
code/commands - Remote with user interaction
Date: 04 November 2009
URL: http://www.auscert.org.au/11883
Title: ASB-2009.1118 - [Win][Linux] Multiple F-Secure Products: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 03 November 2009
URL: http://www.auscert.org.au/11872
Title: ASB-2009.1115.2 - UPDATE [Win][UNIX/Linux] Opera: Multiple
vulnerabilities
Date: 02 November 2009
URL: http://www.auscert.org.au/11858
External Security Bulletins:
----------------------------
Title: ESB-2009.1491 - [Debian] linux-2.6: Multiple vulnerabilities
Date: 06 November 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11905
Title: ESB-2009.1490 - [Win][UNIX/Linux][Ubuntu] libgd2: Multiple
vulnerabilities
Date: 06 November 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
SUSE,
OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11903
Title: ESB-2009.1489 - [OpenSolaris] SCTP and SDP: Denial of service -
Existing account
Date: 06 November 2009
OS: Solaris
URL: http://www.auscert.org.au/11901
Title: ESB-2009.1488 - [Debian] linux-2.6.24: Multiple vulnerabilities
Date: 06 November 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11900
Title: ESB-2009.1487 - [UNIX/Linux] Asterisk: Cross-site request forgery -
Remote/unauthenticated
Date: 06 November 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/11899
Title: ESB-2009.1486 - [Win][UNIX/Linux] Blender: Execute arbitrary
code/commands - Remote with user interaction
Date: 06 November 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Mac OS X,
Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD Variants,
SUSE,
Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD, Windows Server
2008, Other Linux Variants
URL: http://www.auscert.org.au/11898
Title: ESB-2009.1485 - [Win][Linux][HP-UX] HP Power Manager: Execute
arbitrary
code/commands - Remote/unauthenticated
Date: 06 November 2009
OS: Windows 2003, Red Hat Linux, Ubuntu, Debian GNU/Linux, HP-UX, Windows
XP, SUSE, Windows 2000, Windows Vista, Windows Server 2008, Other
Linux
Variants
URL: http://www.auscert.org.au/11897
Title: ESB-2009.1484 - [Debian] linux-2.6: Multiple vulnerabilities
Date: 06 November 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11896
Title: ESB-2009.1483 - [RedHat] java-1.4.2-ibm: Denial of service -
Remote/unauthenticated
Date: 05 November 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11894
Title: ESB-2009.1482 - [Win][UNIX/Linux] Drupal Third Party Modules:
Multiple
Vulnerabilities
Date: 05 November 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
SUSE,
OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11892
Title: ESB-2009.1481 - [AIX] PowerHA Cluster Management: Modify arbitrary
files - Remote/unauthenticated
Date: 05 November 2009
OS: AIX
URL: http://www.auscert.org.au/11891
Title: ESB-2009.1480 - [Win][UNIX/Linux] Shibboleth: Cross-site scripting -
Remote/unauthenticated
Date: 05 November 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Mac OS X,
Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD Variants,
SUSE,
Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD, Windows Server
2008, Other Linux Variants
URL: http://www.auscert.org.au/11890
Title: ESB-2009.1479 - [Solaris] Kernel: Denial of service - Existing
account
Date: 05 November 2009
OS: Solaris
URL: http://www.auscert.org.au/11889
Title: ESB-2009.1478 - [Solaris] Sun Virtual Desktop Infrastructure:
Unauthorised access - Existing account
Date: 05 November 2009
OS: Solaris
URL: http://www.auscert.org.au/11888
Title: ESB-2009.1477 - [SUSE] kernel: Root compromise - Existing account
Date: 05 November 2009
OS: SUSE
URL: http://www.auscert.org.au/11887
Title: ESB-2009.1476 - [SUSE] java-1_6_0-ibm: Multiple vulnerabilities
Date: 05 November 2009
OS: SUSE
URL: http://www.auscert.org.au/11886
Title: ESB-2009.1475 - [SUSE][OpenSUSE] Firefox: Multiple vulnerabilities
Date: 05 November 2009
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/11885
Title: ESB-2009.1474 - [Win][UNIX/Linux][Debian] TYPO3: Multiple
vulnerabilities
Date: 05 November 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD Variants,
SUSE,
OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11884
Title: ESB-2009.1473 - ALERT [Win] Symantec Altiris Deployment, Altiris
Notification, Management Platform: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 04 November 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/11882
Title: ESB-2009.1472 - [Win][OSX] Shockwave Player: Multiple vulnerabilities
Date: 04 November 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows Vista, Mac OS X,
Windows Server 2008
URL: http://www.auscert.org.au/11879
Title: ESB-2009.1471 - [Solaris][OpenSolaris] Solaris Sockets Direct
Protocol:
Denial of service - Existing account
Date: 04 November 2009
OS: Solaris
URL: http://www.auscert.org.au/11877
Title: ESB-2009.1470 - [UNIX/Linux][Ubuntu] poppler: Multiple
vulnerabilities
Date: 04 November 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/11876
Title: ESB-2009.1469.2 - UPDATE [Win][Netware][Linux][Solaris][AIX] Novell
eDirectory: Denial of service - Remote/unauthenticated
Date: 05 November 2009
OS: Other Linux Variants, Windows Server 2008, Windows Vista, AIX,
Windows
2000, SUSE, Windows XP, Ubuntu, Debian GNU/Linux, Novell Netware, Red
Hat Linux, Windows 2003, Solaris
URL: http://www.auscert.org.au/11875
Title: ESB-2009.1468 - [RedHat] wget: Provide misleading information -
Remote
with user interaction
Date: 04 November 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11874
Title: ESB-2009.1467 - [Linux][RedHat] kernel: Multiple vulnerabilities
Date: 04 November 2009
OS: Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/11873
Title: ESB-2009.1466 - [SUSE][OpenSUSE] kernel: Multiple vulnerabilities
Date: 03 November 2009
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/11870
Title: ESB-2009.1465 - [Win] EMC Documentum, OpenText Hummingbird/Search
Server: Administrator compromise - Remote/unauthenticated
Date: 01 November 2009
OS: Windows Server 2008, Windows Vista, Windows 2003, Windows 2000,
Windows
XP
URL: http://www.auscert.org.au/11868
Title: ESB-2009.1464 - [Win][Linux][Solaris][AIX] Sun GlassFish Enterprise
Server v2.1: Unauthorised access - Remote/unauthenticated
Date: 02 November 2009
OS: Solaris, Red Hat Linux, Windows 2003, Debian GNU/Linux, Ubuntu,
Windows
XP, SUSE, Windows 2000, AIX, Windows Vista, Other Linux Variants,
Windows Server 2008
URL: http://www.auscert.org.au/11867
Title: ESB-2009.1463 - [Debian] proftpd-dfsg: Provide misleading information
-
Remote/unauthenticated
Date: 02 November 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11866
Title: ESB-2009.1462 - [UNIX/Linux][Debian] mahara: Multiple vulnerabilities
Date: 02 November 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/11865
Title: ESB-2009.1455.2 - UPDATE [Solaris][OpenSolaris] Solaris Trusted
Extensions: Execute arbitrary code/commands - Remote/unauthenticated
Date: 03 November 2009
OS: Solaris
URL: http://www.auscert.org.au/11851
Title: ESB-2009.1443.2 - UPDATE [Solaris] xscreensaver: Reduced security -
Console/physical
Date: 02 November 2009
OS: Solaris
URL: http://www.auscert.org.au/11839
Title: ESB-2009.1403.2 - UPDATE ALERT [Win] Internet Explorer: Execute
arbitrary code/commands - Remote with user interaction
Date: 03 November 2009
OS: Windows Server 2008, Windows Vista, Windows 7, Windows 2000, Windows
XP, Windows 2003
URL: http://www.auscert.org.au/11791
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20091106/d464b58b/attachment.html>
More information about the AusNOG
mailing list