[AusNOG] AusCERT Week in Review - Week Ending 27/11/2009 (AUSCERT#20073f686)
Paul Fahey
paul at auscert.org.au
Fri Nov 27 16:38:56 EST 2009
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2009.1143 - [OpenBSD] OpenSSL: Unauthorised access -
Remote/unauthenticated
Date: 27 November 2009
URL: http://www.auscert.org.au/12018
Title: ASB-2009.1144 - [Win][Linux][HP-UX][Solaris][AIX] IBM DB2 9.7:
Increased privileges - Existing account
Date: 27 November 2009
URL: http://www.auscert.org.au/12019
Title: ASB-2009.1145 - [Appliance] Ingate Firewall and SIParator: Multiple
vulnerabilities
Date: 27 November 2009
URL: http://www.auscert.org.au/12020
Title: ASB-2009.1138.2 - UPDATE [UNIX/Linux] Dovecot: Unauthorised access -
Existing account
Date: 25 November 2009
URL: http://www.auscert.org.au/11994
Title: ASB-2009.1141.2 - UPDATE [Win][UNIX/Linux] Opera: Multiple
vulnerabilities
Date: 25 November 2009
URL: http://www.auscert.org.au/12002
Title: ASB-2009.1142 - [Win][UNIX/Linux] WP-Cumulus (WordPress Plugin):
Cross-site scripting - Remote/unauthenticated
Date: 25 November 2009
URL: http://www.auscert.org.au/12009
Title: ASB-2009.1136.2 - UPDATE [Win][UNIX/Linux] PHP 5.3.1: Multiple
vulnerabilities
Date: 24 November 2009
URL: http://www.auscert.org.au/11987
Title: ASB-2009.1139.2 - UPDATE [Win][Linux] IBM Rational Software Architect
:
Cross-site scripting - Remote/unauthenticated
Date: 24 November 2009
URL: http://www.auscert.org.au/11995
Title: ASB-2009.1134.2 - UPDATE [UNIX/Linux] libexif: Denial of service -
Remote with user interaction
Date: 23 November 2009
URL: http://www.auscert.org.au/11961
Title: ASB-2009.1137 - [Win][UNIX/Linux] MySQL Community Server: Provide
misleading information - Remote/unauthenticated
Date: 23 November 2009
URL: http://www.auscert.org.au/11993
Title: ASB-2009.1140 - [UNIX/Linux] PEAR Mail: Execute arbitrary
code/commands
- Remote/unauthenticated
Date: 23 November 2009
URL: http://www.auscert.org.au/11996
External Security Bulletins:
----------------------------
Title: ESB-2009.1571 - [Win] Symantec: Execute arbitrary code/commands -
Remote with user interaction
Date: 26 November 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12017
Title: ESB-2009.1570 - [Solaris][OpenSolaris] LDAP client configuration
cache
daemon: Denial of service - Existing account
Date: 26 November 2009
OS: Solaris
URL: http://www.auscert.org.au/12016
Title: ESB-2009.1569 - [Solaris][OpenSolaris] BIND: Provide misleading
information - Remote/unauthenticated
Date: 26 November 2009
OS: Solaris
URL: http://www.auscert.org.au/12015
Title: ESB-2009.1568 - [HP-UX] OpenSSL: Unauthorised access -
Remote/unauthenticated
Date: 26 November 2009
OS: HP-UX
URL: http://www.auscert.org.au/12014
Title: ESB-2009.1567 - [Debian] php5: Multiple vulnerabilities
Date: 26 November 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12013
Title: ESB-2009.1566 - [Debian] poppler: Multiple vulnerabilities
Date: 26 November 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12012
Title: ESB-2009.1565 - [UNIX/Linux][RedHat] kdelibs: Execute arbitrary
code/commands - Remote with user interaction
Date: 25 November 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12007
Title: ESB-2009.1564.2 - UPDATE [Solaris][OpenSolaris] Solaris sshd: Denial
of
service - Remote/unauthenticated
Date: 27 November 2009
OS: Solaris
URL: http://www.auscert.org.au/12006
Title: ESB-2009.1563 - [Debian] libvorbis: Multiple vulnerabilities
Date: 25 November 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12005
Title: ESB-2009.1562 - [UNIX/Linux][SUSE][OpenSUSE] SUSE packages: Multiple
vulnerabilities
Date: 25 November 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12004
Title: ESB-2009.1561 - [Win][UNIX/Linux] BIND: Provide misleading
information
- Remote/unauthenticated
Date: 25 November 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12003
Title: ESB-2009.1560 - [Win][OSX] Autodesk Maya: Execute arbitrary
code/commands - Remote with user interaction
Date: 24 November 2009
OS: Windows XP, Windows Vista, Mac OS X
URL: http://www.auscert.org.au/12001
Title: ESB-2009.1559 - [Win] Autodesk 3DS Max: Execute arbitrary
code/commands
- Remote with user interaction
Date: 24 November 2009
OS: Windows Vista, Windows XP
URL: http://www.auscert.org.au/12000
Title: ESB-2009.1558 - [Win][Linux] Autodesk SoftImage: Execute arbitrary
code/commands - Remote with user interaction
Date: 24 November 2009
OS: Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux,
Windows XP, SUSE, Windows 2000, Windows Vista, Windows Server 2008,
Other Linux Variants
URL: http://www.auscert.org.au/11999
Title: ESB-2009.1557 - ALERT [Win] Internet Explorer: Execute arbitrary
code/commands - Remote with user interaction
Date: 23 November 2009
OS: Windows Server 2008, Windows Vista, Windows 2003, Windows 2000,
Windows
XP
URL: http://www.auscert.org.au/11998
Title: ESB-2009.1556 - [Debian] php-mail: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 24 November 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11997
Title: ESB-2009.1555 - [Solaris][OpenSolaris] Transport Layer Security and
Secure Sockets Layer 3.0: Unauthorised access -
Remote/unauthenticated
Date: 23 November 2009
OS: Solaris
URL: http://www.auscert.org.au/11992
Title: ESB-2009.1554 - [Win] HP Operations Manager: Unauthorised access -
Remote/unauthenticated
Date: 23 November 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/11991
Title: ESB-2009.1553 - [Win][VMware ESX][Linux] VMware vCenter, ESX, vMA:
Multiple vulnerabilities
Date: 23 November 2009
OS: Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux,
Windows XP, Virtualisation, SUSE, Windows 2000, Windows Vista,
Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/11990
Title: ESB-2009.1552 - [UNIX/Linux][Debian] gforge: Cross-site scripting -
Remote/unauthenticated
Date: 23 November 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/11989
Title: ESB-2009.1548.2 - UPDATE [Win][UNIX/Linux] Drupal: Multiple
vulnerabilities
Date: 24 November 2009
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
2003, Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/11982
Title: ESB-2009.1522.2 - UPDATE [Win][UNIX/Linux] Drupal: Multiple
vulnerabilities
Date: 23 November 2009
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
2003, Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/11944
Title: ESB-2009.1430.2 - UPDATE [VMware ESX] VMware ESX: Multiple
vulnerabilities
Date: 23 November 2009
OS: Virtualisation
URL: http://www.auscert.org.au/11820
Title: ESB-2009.0696 -- [Win][Netware][Linux] -- HP Data Protector Express:
Execute Arbitrary Code
Date: 25 November 2009
OS: Novell Netware, Red Hat Linux, Windows XP, Other Linux Variants,
Windows 2000, Windows 2003
URL: http://www.auscert.org.au/10989
Title: ESB-2009.0583 -- [UNIX/Linux][Debian] -- gforge: Cross-site Scripting
Date: 25 November 2009
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64
UNIX, Solaris
URL: http://www.auscert.org.au/11167
Title: ESB-2009.0167 -- [Win][VMware ESX][Linux] -- VirtualCenter Update 4
and
ESX patch update Tomcat to version 5.5.27
Date: 23 November 2009
OS: Windows Vista, Red Hat Linux, Windows Server 2008, Virtualisation,
Windows XP, Other Linux Variants, Windows 2000, Windows 2003, Debian
GNU/Linux, Ubuntu
URL: http://www.auscert.org.au/10543
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20091127/88a61461/attachment.html>
More information about the AusNOG
mailing list