[AusNOG] AusCERT Week in Review - Week Ending 11/09/2009 (AUSCERT#20073F686)
Richard Billington
richard at auscert.org.au
Fri Sep 11 16:50:58 EST 2009
AusCERT Week in Review
11 September 2009
AusCERT in the Media:
- - ---------------------
Papers, Articles and other documents:
- - -------------------------------------
Web Log Entries:
- - ----------------
Title: Increased port 445 scanning/SMB 0Day
Date: 09 September 2009
URL: http://www.auscert.org.au/11613
Alerts, Advisories and Updates:
- - -------------------------------
Title: ASB-2009.1080 - [UNIX/Linux] FreeRADIUS 1.1.7 and prior: Denial of
service - Remote/unauthenticated
Date: 11 September 2009
URL: http://www.auscert.org.au/11626
Title: ASB-2009.1078 - ALERT [Win][UNIX/Linux] Firefox: Multiple
vulnerabilities
Date: 10 September 2009
URL: http://www.auscert.org.au/11618
Title: ASB-2009.1079 - [Win][Linux][HP-UX][Solaris][AIX] Hitachi: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 10 September 2009
URL: http://www.auscert.org.au/11623
Title: ASB-2009.1076 - [Appliance] Xerox WorkCentre: Denial of service -
Remote/unauthenticated
Date: 08 September 2009
URL: http://www.auscert.org.au/11599
Title: ASB-2009.1077 - [Win] Microsoft Bulletin Notification - September
Pre-release Announcement
Date: 08 September 2009
URL: http://www.auscert.org.au/11600
Title: ASB-2009.1074 - [Win][UNIX/Linux] DotNetNuke: Cross-site scripting -
Remote/unauthenticated
Date: 07 September 2009
URL: http://www.auscert.org.au/11595
Title: ASB-2009.1075 - [Win][UNIX/Linux] Ruby on Rails: Cross-site scripting -
Remote/unauthenticated
Date: 07 September 2009
URL: http://www.auscert.org.au/11597
External Security Bulletins:
- - ----------------------------
Title: ESB-2009.1281 - [Mac][OSX] Apple: Multiple vulnerabilities
Date: 11 September 2009
OS: Mac OS X
URL: http://www.auscert.org.au/11625
Title: ESB-2009.1280 - [Mac][OSX] Flash Player plug-in: Execute arbitrary
code/commands - Remote with user interaction
Date: 11 September 2009
OS: Mac OS X
URL: http://www.auscert.org.au/11624
Title: ESB-2009.1279 - [UNIX/Linux][Debian] nagios2: Cross-site scripting -
Remote/unauthenticated
Date: 10 September 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/11622
Title: ESB-2009.1278 - [Win][UNIX/Linux][Debian] xapian-omega: Cross-site
scripting - Remote/unauthenticated
Date: 10 September 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD Variants, SUSE,
OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11621
Title: ESB-2009.1277 - [RedHat] Seamonkey: Multiple vulnerabilities
Date: 10 September 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11620
Title: ESB-2009.1276 - ALERT [RedHat] Firefox: Multiple vulnerabilities
Date: 10 September 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11619
Title: ESB-2009.1275 - ALERT [Win][Mac][OSX] Quicktime: Multiple
vulnerabilities
Date: 10 September 2009
OS: Windows XP, Windows 7, Windows Vista, Mac OS X
URL: http://www.auscert.org.au/11617
Title: ESB-2009.1274.2 - UPDATE ALERT [Appliance][Mac][OSX] iPhone/iPod touch:
Multiple vulnerabilities
Date: 10 September 2009
OS: Mac OS X
URL: http://www.auscert.org.au/11616
Title: ESB-2009.1273 - [UNIX/Linux] qt4: Provide misleading information -
Remote/unauthenticated
Date: 09 September 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/11612
Title: ESB-2009.1272 - [RedHat] xmlsec1: Provide misleading information -
Remote/unauthenticated
Date: 09 September 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11611
Title: ESB-2009.1271 - [RedHat] fetchmail: Multiple vulnerabilities
Date: 09 September 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11610
Title: ESB-2009.1270 - ALERT [Cisco] Cisco Systems: Denial of service -
Remote/unauthenticated
Date: 09 September 2009
OS: Cisco Products
URL: http://www.auscert.org.au/11609
Title: ESB-2009.1269.2 - UPDATE ALERT [Win] SMB: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 09 September 2009
OS: Windows Server 2008, Windows Vista
URL: http://www.auscert.org.au/11608
Title: ESB-2009.1268 - ALERT [Win] Wireless LAN AutoConfig Service: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 09 September 2009
OS: Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/11607
Title: ESB-2009.1267.2 - UPDATED ALERT [Win] Windows TCP/IP: Multiple
vulnerabilities
Date: 10 September 2009
OS: Windows Server 2008, Windows Vista, Windows 2000, Windows XP, Windows
2003
URL: http://www.auscert.org.au/11606
Title: ESB-2009.1266.2 - UPDATED ALERT [Win] Windows Media Format (WMF):
Execute arbitrary code/commands - Remote with user interaction
Date: 09 September 2009
OS: Windows Server 2008, Windows Vista, Windows 2000, Windows XP, Windows
2003
URL: http://www.auscert.org.au/11604
Title: ESB-2009.1265 - ALERT [Win] DHTML Editing Component ActiveX control:
Execute arbitrary code/commands - Remote with user interaction
Date: 09 September 2009
OS: Windows 2003, Windows XP, Windows 2000
URL: http://www.auscert.org.au/11603
Title: ESB-2009.1264 - ALERT [Win] JScript: Execute arbitrary code/commands -
Remote with user interaction
Date: 09 September 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/11602
Title: ESB-2009.1263 - ALERT
[Win][UNIX/Linux][Appliance][Juniper][Cisco][RedHat] TCP Protocol:
Denial of service - Remote/unauthenticated
Date: 09 September 2009
OS: Windows 2003, Cisco Products, Red Hat Linux, Ubuntu, Debian GNU/Linux,
Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux Variants,
Windows Server 2008
URL: http://www.auscert.org.au/11601
Title: ESB-2009.1262 - [UNIX/Linux][Debian] cyrus-imapd-2.2: Increased
privileges - Existing account
Date: 08 September 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/11598
Title: ESB-2009.1261 - [Win] VMware: Execute arbitrary code/commands - Remote
with user interaction
Date: 07 September 2009
OS: Windows 2003, Windows XP, Windows 2000, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/11596
Title: ESB-2009.1260 - [Solaris][OpenSolaris] libxml2: Denial of service -
Remote with user interaction
Date: 07 September 2009
OS: Solaris
URL: http://www.auscert.org.au/11594
Title: ESB-2009.1259 - [UNIX/Linux][Debian] silc-client/silc-toolkit: Multiple
vulnerabilities
Date: 07 September 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/11593
Title: ESB-2009.1258 - [Debian] openoffice.org: Multiple vulnerabilities
Date: 07 September 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11592
Title: ESB-2009.1257 - [Win][UNIX/Linux][RedHat] OpenOffice.org: Multiple
vulnerabilities
Date: 07 September 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants, SUSE,
OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11591
Title: ESB-2009.1235.3 - UPDATE [Win] Microsoft Internet Information Server:
Denial of service - Remote/unauthenticated
Date: 07 September 2009
OS: Windows Server 2008, Windows Vista, Windows 2000, Windows XP, Windows
2003
URL: http://www.auscert.org.au/11563
Title: ESB-2009.1021.3 - UPDATE [Solaris][OpenSolaris] SNMP daemon
(snmpd(1M)): Denial of service - Remote/unauthenticated
Date: 09 September 2009
OS: Solaris
URL: http://www.auscert.org.au/11255
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list