[AusNOG] AusCERT Week In Review - Week Ending 16/10/2009 (AusCERT#20073f686)

Jonathan Levine jonathan at auscert.org.au
Fri Oct 16 16:38:20 EST 2009


AusCERT Week in Review

16 October 2009

 

Alerts, Advisories and Updates:

-------------------------------

Title: ASB-2009.1108 - [Netware] Novell Netware 6.5: Execute arbitrary

       code/commands - Remote/unauthenticated 

Date:  16 October 2009

URL:   http://www.auscert.org.au/11815

 

Title: ASB-2009.1107.2 - UPDATED ALERT [Win] Microsoft: Execute arbitrary

       code/commands - Remote/unauthenticated 

Date:  13 October 2009

URL:   http://www.auscert.org.au/11780

 

Title: ASB-2009.1105.2 - UPDATE [Win][UNIX/Linux] ClamAV: Reduced security -

       Existing account 

Date:  12 October 2009

URL:   http://www.auscert.org.au/11756

 

External Security Bulletins:

----------------------------

Title: ESB-2009.1426 - [Win][Linux][HP-UX][SCO][Solaris][HP Tru64][AIX][OSX]

       IBM Informix: Execute arbitrary code/commands - Remote with user

       interaction 

Date:  15 October 2009

OS:    Solaris, HP Tru64 UNIX, Windows 2003, Red Hat Linux, Mac OS X, Debian

       GNU/Linux, Ubuntu, HP-UX, Windows XP, SUSE, Windows 2000, AIX,
Windows

       Vista, Windows Server 2008, Other Linux Variants 

URL:   http://www.auscert.org.au/11814

 

Title: ESB-2009.1425 - [Solaris][OpenSolaris] libpng: Access confidential
data

       - Remote with user interaction 

Date:  16 October 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/11813

 

Title: ESB-2009.1424 - [Solaris][OpenSolaris] Sun Microsystems: Modify

       arbitrary files - Existing account 

Date:  16 October 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/11812

 

Title: ESB-2009.1423 - [RedHat] Red Hat: Multiple vulnerabilities 

Date:  16 October 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/11811

 

Title: ESB-2009.1422 - [Linux] kernel: Denial of service - Existing account 

Date:  15 October 2009

OS:    Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux 

URL:   http://www.auscert.org.au/11810

 

Title: ESB-2009.1421 - [Win][UNIX/Linux] Webform (Drupal third-party
module):

       Administrator compromise - Remote with user interaction 

Date:  15 October 2009

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,

       Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
SUSE,

       OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux

       Variants, Windows Server 2008 

URL:   http://www.auscert.org.au/11809

 

Title: ESB-2009.1420 - [Debian] postgresql-ocaml, mysql-ocaml & pygresql:

       Multiple vulnerabilities 

Date:  15 October 2009

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/11808

 

Title: ESB-2009.1419 - [Cisco] Cisco Unified Presence: Denial of service -

       Remote/unauthenticated 

Date:  15 October 2009

OS:    Cisco Products 

URL:   http://www.auscert.org.au/11807

 

Title: ESB-2009.1418.2 - UPDATE [Win][UNIX/Linux] Drupal third-party
modules:

       Multiple vulnerabilities 

Date:  15 October 2009

OS:    Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,

       OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,

       Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Windows 2003,

       Solaris, HP Tru64 UNIX, IRIX 

URL:   http://www.auscert.org.au/11806

 

Title: ESB-2009.1417 - [RedHat] Apache Tomcat: Multiple vulnerabilities 

Date:  15 October 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/11805

 

Title: ESB-2009.1416.2 - UPDATE [RedHat] java-1.4.2-ibm: Denial of service -

       Remote with user interaction 

Date:  15 October 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/11803

 

Title: ESB-2009.1415 - [RedHat] acroread: Multiple vulnerabilities 

Date:  15 October 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/11804

 

Title: ESB-2009.1414 - [OpenSolaris] OpenSolaris JBIG2: Execute arbitrary

       code/commands - Remote with user interaction 

Date:  15 October 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/11802

 

Title: ESB-2009.1413 - [Win][Linux][HP-UX][Solaris] Sun Microsystems:
Execute

       arbitrary code/commands - Remote/unauthenticated 

Date:  15 October 2009

OS:    Solaris, Red Hat Linux, Windows 2003, Debian GNU/Linux, Ubuntu,
HP-UX,

       Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux Variants,

       Windows Server 2008 

URL:   http://www.auscert.org.au/11801

 

Title: ESB-2009.1412 - [Debian] samba: Multiple vulnerabilities 

Date:  14 October 2009

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/11800

 

Title: ESB-2009.1411.2 - UPDATED ALERT [Win] Microsoft: Administrator

       compromise - Remote with user interaction 

Date:  14 October 2009

OS:    Windows Server 2008, Windows Vista, Windows 2000, Windows XP, Windows

       2003 

URL:   http://www.auscert.org.au/11799

 

Title: ESB-2009.1410.2 - UPDATED ALERT [Win] Microsoft: Execute arbitrary

       code/commands - Remote/unauthenticated 

Date:  15 October 2009

OS:    Windows Server 2008, Windows Vista, Windows 7, Windows 2000, Windows

       XP, Windows 2003 

URL:   http://www.auscert.org.au/11798

 

Title: ESB-2009.1409 - ALERT [Win] Microsoft: Execute arbitrary
code/commands

       - Remote/unauthenticated 

Date:  14 October 2009

OS:    Windows 2003, Windows XP, Windows 2000, Windows Vista, Windows Server

       2008 

URL:   http://www.auscert.org.au/11797

 

Title: ESB-2009.1408 - ALERT [Win] Microsoft Windows: Denial of service -

       Remote/unauthenticated 

Date:  14 October 2009

OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008

URL:   http://www.auscert.org.au/11796

 

Title: ESB-2009.1407 - ALERT [Win] Microsoft Windows: Administrator
compromise

       - Existing account 

Date:  14 October 2009

OS:    Windows 2003, Windows XP, Windows 2000, Windows Vista, Windows Server

       2008 

URL:   http://www.auscert.org.au/11795

 

Title: ESB-2009.1406 - ALERT [Win] Microsoft Windows: Administrator
compromise

       - Remote with user interaction 

Date:  14 October 2009

OS:    Windows 2003, Windows XP, Windows 2000 

URL:   http://www.auscert.org.au/11794

 

Title: ESB-2009.1405 - ALERT [Win] Microsoft Windows: Provide misleading

       information - Remote/unauthenticated 

Date:  14 October 2009

OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,

       Windows Server 2008 

URL:   http://www.auscert.org.au/11793

 

Title: ESB-2009.1404 - ALERT [Win] Microsoft Windows: Execute arbitrary

       code/commands - Remote with user interaction 

Date:  14 October 2009

OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,

       Windows Server 2008 

URL:   http://www.auscert.org.au/11792

 

Title: ESB-2009.1403 - ALERT [Win] Internet Explorer: Execute arbitrary

       code/commands - Remote with user interaction 

Date:  14 October 2009

OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,

       Windows Server 2008 

URL:   http://www.auscert.org.au/11791

 

Title: ESB-2009.1402 - ALERT [Win] Microsoft IIS: Denial of service -

       Remote/unauthenticated 

Date:  14 October 2009

OS:    Windows 2003, Windows XP, Windows 2000, Windows Vista, Windows Server

       2008 

URL:   http://www.auscert.org.au/11790

 

Title: ESB-2009.1401 - ALERT [Win] Windows Media Player: Execute arbitrary

       code/commands - Remote with user interaction 

Date:  14 October 2009

OS:    Windows 2003, Windows XP, Windows 2000 

URL:   http://www.auscert.org.au/11789

 

Title: ESB-2009.1400 - ALERT [Win] Windows Media Runtime: Administrator

       compromise - Remote with user interaction 

Date:  14 October 2009

OS:    Windows 2003, Windows XP, Windows 2000, Windows Vista, Windows Server

       2008 

URL:   http://www.auscert.org.au/11788

 

Title: ESB-2009.1399.2 - UPDATED ALERT [Win] SMBv2: Execute arbitrary

       code/commands - Remote/unauthenticated 

Date:  15 October 2009

OS:    Windows Server 2008, Windows Vista 

URL:   http://www.auscert.org.au/11787

 

Title: ESB-2009.1398 - [UNIX/Linux] phpmyadmin: Multiple vulnerabilities 

Date:  14 October 2009

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian

       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,

       Other Linux Variants 

URL:   http://www.auscert.org.au/11786

 

Title: ESB-2009.1397 - [Win][UNIX/Linux] libnasl: Reduced security - Remote

       with user interaction 

Date:  14 October 2009

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,

       Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
SUSE,

       OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux

       Variants, Windows Server 2008 

URL:   http://www.auscert.org.au/11785

 

Title: ESB-2009.1396 - [UNIX/Linux] sympa: Modify arbitrary files - Existing

       account 

Date:  14 October 2009

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian

       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,

       Other Linux Variants 

URL:   http://www.auscert.org.au/11784

 

Title: ESB-2009.1395 - ALERT [Win][UNIX/Linux] Adobe Reader and Adobe
Acrobat:

       Multiple vulnerabilities 

Date:  14 October 2009

OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Mac OS X,

       Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD Variants,
SUSE,

       Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD, Windows Server

       2008, Other Linux Variants 

URL:   http://www.auscert.org.au/11783

 

Title: ESB-2009.1394 - [SUSE][OpenSUSE] SUSE: Multiple vulnerabilities 

Date:  14 October 2009

OS:    Other Linux Variants, SUSE 

URL:   http://www.auscert.org.au/11782

 

Title: ESB-2009.1393 - [Debian] kvm: Multiple vulnerabilities 

Date:  14 October 2009

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/11781

 

Title: ESB-2009.1392 - [Win][UNIX/Linux] mono: Multiple vulnerabilities 

Date:  13 October 2009

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,

       Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
SUSE,

       OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux

       Variants, Windows Server 2008 

URL:   http://www.auscert.org.au/11779

 

Title: ESB-2009.1391 - [Solaris][OpenSolaris] Thunderbird: Multiple

       vulnerabilities 

Date:  13 October 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/11778

 

Title: ESB-2009.1390 - [Win][UNIX/Linux] Shared Sign On (Drupal third-party

       module): Multiple vulnerabilities 

Date:  12 October 2009

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,

       Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
SUSE,

       OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux

       Variants, Windows Server 2008 

URL:   http://www.auscert.org.au/11777

 

Title: ESB-2009.1389 - [UNIX/Linux] netpbm: Denial of service - Remote with

       user interaction 

Date:  12 October 2009

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian

       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,

       Other Linux Variants 

URL:   http://www.auscert.org.au/11776

 

Title: ESB-2009.1388 - [Win][UNIX/Linux][Debian] opensaml2, shibboleth-sp2:

       Reduced security - Remote/unauthenticated 

Date:  12 October 2009

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,

       Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD Variants,
SUSE,

       OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux

       Variants, Windows Server 2008 

URL:   http://www.auscert.org.au/11775

 

Title: ESB-2009.1387 - [Win][Linux][Solaris][OSX] Computer Associates:

       Multiple vulnerabilities 

Date:  12 October 2009

OS:    Solaris, Windows 2003, Red Hat Linux, Mac OS X, Ubuntu, Debian

       GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux

       Variants, Windows Server 2008 

URL:   http://www.auscert.org.au/11774

 

Title: ESB-2009.1386.3 - UPDATE [Win][UNIX/Linux][Debian] python-django:

       Denial of service - Remote/unauthenticated 

Date:  15 October 2009

OS:    Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,

       OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,

       Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Windows 2003,

       Solaris, HP Tru64 UNIX, IRIX 

URL:   http://www.auscert.org.au/11773

 

Title: ESB-2009.1385 - [Debian] wget: Access privileged data - Remote with

       user interaction 

Date:  12 October 2009

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/11772

 

Title: ESB-2009.1382.2 - UPDATE [Linux][Solaris][Mac][OSX] Sun Microsystems:

       Root compromise - Existing account 

Date:  16 October 2009

OS:    Ubuntu, Debian GNU/Linux, Other Linux Variants, Mac OS X, SUSE, Red
Hat

       Linux, Solaris 

URL:   http://www.auscert.org.au/11764

 

Title: ESB-2009.1381.2 - UPDATE [AIX] rpc.cmsd: Root compromise -

       Remote/unauthenticated 

Date:  16 October 2009

OS:    AIX 

URL:   http://www.auscert.org.au/11763

 

Title: ESB-2009.1041.2 - UPDATE [Solaris][OpenSolaris] Solaris Bundled
Tomcat:

       Multiple vulnerabilities 

Date:  12 October 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/11288

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20091016/3ee3ac0a/attachment.html>


More information about the AusNOG mailing list