[AusNOG] AusCERT Week In Review - Week Ending 16/10/2009 (AusCERT#20073f686)
Jonathan Levine
jonathan at auscert.org.au
Fri Oct 16 16:38:20 EST 2009
AusCERT Week in Review
16 October 2009
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2009.1108 - [Netware] Novell Netware 6.5: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 16 October 2009
URL: http://www.auscert.org.au/11815
Title: ASB-2009.1107.2 - UPDATED ALERT [Win] Microsoft: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 13 October 2009
URL: http://www.auscert.org.au/11780
Title: ASB-2009.1105.2 - UPDATE [Win][UNIX/Linux] ClamAV: Reduced security -
Existing account
Date: 12 October 2009
URL: http://www.auscert.org.au/11756
External Security Bulletins:
----------------------------
Title: ESB-2009.1426 - [Win][Linux][HP-UX][SCO][Solaris][HP Tru64][AIX][OSX]
IBM Informix: Execute arbitrary code/commands - Remote with user
interaction
Date: 15 October 2009
OS: Solaris, HP Tru64 UNIX, Windows 2003, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Windows XP, SUSE, Windows 2000, AIX,
Windows
Vista, Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/11814
Title: ESB-2009.1425 - [Solaris][OpenSolaris] libpng: Access confidential
data
- Remote with user interaction
Date: 16 October 2009
OS: Solaris
URL: http://www.auscert.org.au/11813
Title: ESB-2009.1424 - [Solaris][OpenSolaris] Sun Microsystems: Modify
arbitrary files - Existing account
Date: 16 October 2009
OS: Solaris
URL: http://www.auscert.org.au/11812
Title: ESB-2009.1423 - [RedHat] Red Hat: Multiple vulnerabilities
Date: 16 October 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11811
Title: ESB-2009.1422 - [Linux] kernel: Denial of service - Existing account
Date: 15 October 2009
OS: Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/11810
Title: ESB-2009.1421 - [Win][UNIX/Linux] Webform (Drupal third-party
module):
Administrator compromise - Remote with user interaction
Date: 15 October 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
SUSE,
OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11809
Title: ESB-2009.1420 - [Debian] postgresql-ocaml, mysql-ocaml & pygresql:
Multiple vulnerabilities
Date: 15 October 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11808
Title: ESB-2009.1419 - [Cisco] Cisco Unified Presence: Denial of service -
Remote/unauthenticated
Date: 15 October 2009
OS: Cisco Products
URL: http://www.auscert.org.au/11807
Title: ESB-2009.1418.2 - UPDATE [Win][UNIX/Linux] Drupal third-party
modules:
Multiple vulnerabilities
Date: 15 October 2009
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Windows 2003,
Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/11806
Title: ESB-2009.1417 - [RedHat] Apache Tomcat: Multiple vulnerabilities
Date: 15 October 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11805
Title: ESB-2009.1416.2 - UPDATE [RedHat] java-1.4.2-ibm: Denial of service -
Remote with user interaction
Date: 15 October 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11803
Title: ESB-2009.1415 - [RedHat] acroread: Multiple vulnerabilities
Date: 15 October 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11804
Title: ESB-2009.1414 - [OpenSolaris] OpenSolaris JBIG2: Execute arbitrary
code/commands - Remote with user interaction
Date: 15 October 2009
OS: Solaris
URL: http://www.auscert.org.au/11802
Title: ESB-2009.1413 - [Win][Linux][HP-UX][Solaris] Sun Microsystems:
Execute
arbitrary code/commands - Remote/unauthenticated
Date: 15 October 2009
OS: Solaris, Red Hat Linux, Windows 2003, Debian GNU/Linux, Ubuntu,
HP-UX,
Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux Variants,
Windows Server 2008
URL: http://www.auscert.org.au/11801
Title: ESB-2009.1412 - [Debian] samba: Multiple vulnerabilities
Date: 14 October 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11800
Title: ESB-2009.1411.2 - UPDATED ALERT [Win] Microsoft: Administrator
compromise - Remote with user interaction
Date: 14 October 2009
OS: Windows Server 2008, Windows Vista, Windows 2000, Windows XP, Windows
2003
URL: http://www.auscert.org.au/11799
Title: ESB-2009.1410.2 - UPDATED ALERT [Win] Microsoft: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 15 October 2009
OS: Windows Server 2008, Windows Vista, Windows 7, Windows 2000, Windows
XP, Windows 2003
URL: http://www.auscert.org.au/11798
Title: ESB-2009.1409 - ALERT [Win] Microsoft: Execute arbitrary
code/commands
- Remote/unauthenticated
Date: 14 October 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/11797
Title: ESB-2009.1408 - ALERT [Win] Microsoft Windows: Denial of service -
Remote/unauthenticated
Date: 14 October 2009
OS: Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/11796
Title: ESB-2009.1407 - ALERT [Win] Microsoft Windows: Administrator
compromise
- Existing account
Date: 14 October 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/11795
Title: ESB-2009.1406 - ALERT [Win] Microsoft Windows: Administrator
compromise
- Remote with user interaction
Date: 14 October 2009
OS: Windows 2003, Windows XP, Windows 2000
URL: http://www.auscert.org.au/11794
Title: ESB-2009.1405 - ALERT [Win] Microsoft Windows: Provide misleading
information - Remote/unauthenticated
Date: 14 October 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/11793
Title: ESB-2009.1404 - ALERT [Win] Microsoft Windows: Execute arbitrary
code/commands - Remote with user interaction
Date: 14 October 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/11792
Title: ESB-2009.1403 - ALERT [Win] Internet Explorer: Execute arbitrary
code/commands - Remote with user interaction
Date: 14 October 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/11791
Title: ESB-2009.1402 - ALERT [Win] Microsoft IIS: Denial of service -
Remote/unauthenticated
Date: 14 October 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/11790
Title: ESB-2009.1401 - ALERT [Win] Windows Media Player: Execute arbitrary
code/commands - Remote with user interaction
Date: 14 October 2009
OS: Windows 2003, Windows XP, Windows 2000
URL: http://www.auscert.org.au/11789
Title: ESB-2009.1400 - ALERT [Win] Windows Media Runtime: Administrator
compromise - Remote with user interaction
Date: 14 October 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/11788
Title: ESB-2009.1399.2 - UPDATED ALERT [Win] SMBv2: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 15 October 2009
OS: Windows Server 2008, Windows Vista
URL: http://www.auscert.org.au/11787
Title: ESB-2009.1398 - [UNIX/Linux] phpmyadmin: Multiple vulnerabilities
Date: 14 October 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/11786
Title: ESB-2009.1397 - [Win][UNIX/Linux] libnasl: Reduced security - Remote
with user interaction
Date: 14 October 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
SUSE,
OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11785
Title: ESB-2009.1396 - [UNIX/Linux] sympa: Modify arbitrary files - Existing
account
Date: 14 October 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/11784
Title: ESB-2009.1395 - ALERT [Win][UNIX/Linux] Adobe Reader and Adobe
Acrobat:
Multiple vulnerabilities
Date: 14 October 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Mac OS X,
Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD Variants,
SUSE,
Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD, Windows Server
2008, Other Linux Variants
URL: http://www.auscert.org.au/11783
Title: ESB-2009.1394 - [SUSE][OpenSUSE] SUSE: Multiple vulnerabilities
Date: 14 October 2009
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/11782
Title: ESB-2009.1393 - [Debian] kvm: Multiple vulnerabilities
Date: 14 October 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11781
Title: ESB-2009.1392 - [Win][UNIX/Linux] mono: Multiple vulnerabilities
Date: 13 October 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
SUSE,
OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11779
Title: ESB-2009.1391 - [Solaris][OpenSolaris] Thunderbird: Multiple
vulnerabilities
Date: 13 October 2009
OS: Solaris
URL: http://www.auscert.org.au/11778
Title: ESB-2009.1390 - [Win][UNIX/Linux] Shared Sign On (Drupal third-party
module): Multiple vulnerabilities
Date: 12 October 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
SUSE,
OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11777
Title: ESB-2009.1389 - [UNIX/Linux] netpbm: Denial of service - Remote with
user interaction
Date: 12 October 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/11776
Title: ESB-2009.1388 - [Win][UNIX/Linux][Debian] opensaml2, shibboleth-sp2:
Reduced security - Remote/unauthenticated
Date: 12 October 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD Variants,
SUSE,
OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11775
Title: ESB-2009.1387 - [Win][Linux][Solaris][OSX] Computer Associates:
Multiple vulnerabilities
Date: 12 October 2009
OS: Solaris, Windows 2003, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11774
Title: ESB-2009.1386.3 - UPDATE [Win][UNIX/Linux][Debian] python-django:
Denial of service - Remote/unauthenticated
Date: 15 October 2009
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Windows 2003,
Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/11773
Title: ESB-2009.1385 - [Debian] wget: Access privileged data - Remote with
user interaction
Date: 12 October 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11772
Title: ESB-2009.1382.2 - UPDATE [Linux][Solaris][Mac][OSX] Sun Microsystems:
Root compromise - Existing account
Date: 16 October 2009
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Mac OS X, SUSE, Red
Hat
Linux, Solaris
URL: http://www.auscert.org.au/11764
Title: ESB-2009.1381.2 - UPDATE [AIX] rpc.cmsd: Root compromise -
Remote/unauthenticated
Date: 16 October 2009
OS: AIX
URL: http://www.auscert.org.au/11763
Title: ESB-2009.1041.2 - UPDATE [Solaris][OpenSolaris] Solaris Bundled
Tomcat:
Multiple vulnerabilities
Date: 12 October 2009
OS: Solaris
URL: http://www.auscert.org.au/11288
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20091016/3ee3ac0a/attachment.html>
More information about the AusNOG
mailing list