[AusNOG] AusCERT Week in Review - Week Ending 02/04/2010 (AUSCERT#20073f686)

Patrick Mannion patrick at auscert.org.au
Thu Apr 1 16:41:04 EST 2010


Web Log Entries:
----------------
Title: Apple updates OS X, Quicktime and iTunes 
Date:  30 March 2010
URL:   http://www.auscert.org.au/12594

Title: Own One or Own Them All? 
Date:  25 March 2010
URL:   http://www.auscert.org.au/12568


Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2010.0093 - [Win][UNIX/Linux] Firefox, SeaMonkey and Thunderbird:
       Multiple vulnerabilities 
Date:  31 March 2010
URL:   http://www.auscert.org.au/12599

Title: ASB-2010.0092 - ALERT [Win] Internet Explorer: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  30 March 2010
URL:   http://www.auscert.org.au/12573

Title: ASB-2010.0080.2 - UPDATE [UNIX/Linux] SpamAssassin Milter plugin :
       Execute arbitrary code/commands - Remote/unauthenticated 
Date:  29 March 2010
URL:   http://www.auscert.org.au/12524

Title: ASB-2010.0089.2 - UPDATED ALERT [Win][UNIX/Linux] Firefox: Multiple
       vulnerabilities 
Date:  26 March 2010
URL:   http://www.auscert.org.au/12548


External Security Bulletins:
----------------------------
Title: ESB-2009.1553.5 - UPDATE [Win][VMware ESX][Linux] VMware vCenter, ESX,
       vMA: Multiple vulnerabilities 
Date:  31 March 2010
OS:    Windows Server 2008, Other Linux Variants, Windows Vista, Windows 2000,
       SUSE, Virtualisation, Windows XP, Ubuntu, Debian GNU/Linux, Windows 7,
       Red Hat Linux, Windows 2003 
URL:   http://www.auscert.org.au/11990

Title: ESB-2010.0312 - [Win][UNIX/Linux] Drupal (Third-party modules) :
       Cross-site scripting - Remote/unauthenticated 
Date:  01 April 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12605

Title: ESB-2010.0311 - [Win][Mac][OSX] AirPort Utility: Unauthorised access -
       Remote/unauthenticated 
Date:  01 April 2010
OS:    Windows XP, Windows 7, Windows Vista, Mac OS X 
URL:   http://www.auscert.org.au/12604

Title: ESB-2010.0310 - [Debian] icedove: Multiple vulnerabilities 
Date:  01 April 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12603

Title: ESB-2010.0309 - [Win][UNIX/Linux][Debian] moin: Cross-site scripting -
       Remote/unauthenticated 
Date:  01 April 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12602

Title: ESB-2010.0308 - [Win][Linux][Mac][OSX] Java Runtime Environment:
       Execute arbitrary code/commands - Remote with user interaction 
Date:  31 March 2010
OS:    Windows 2003, Red Hat Linux, Windows 7, Mac OS X, Ubuntu, Debian
       GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux
       Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12601

Title: ESB-2010.0307 - [Win][UNIX/Linux][RedHat] Red Hat and Seamonkey:
       Multiple vulnerabilities 
Date:  31 March 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12600

Title: ESB-2010.0306 - [AIX] sendmail: Provide misleading information -
       Remote/unauthenticated 
Date:  31 March 2010
OS:    AIX 
URL:   http://www.auscert.org.au/12598

Title: ESB-2010.0305 - [RedHat][SUSE] Insight Control: Multiple
       vulnerabilities 
Date:  31 March 2010
OS:    Red Hat Linux, SUSE 
URL:   http://www.auscert.org.au/12597

Title: ESB-2010.0304 - [UNIX/Linux][Ubuntu] emacs: Access privileged data -
       Existing account 
Date:  31 March 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/12596

Title: ESB-2010.0303 - [RedHat] GFS-kernel: Denial of service - Existing
       account 
Date:  31 March 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12595

Title: ESB-2010.0302 - [RedHat] GFS: Denial of service - Existing account 
Date:  31 March 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12593

Title: ESB-2010.0301 - [RedHat] curl: Execute arbitrary code/commands -
       Remote/unauthenticated 
Date:  31 March 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12592

Title: ESB-2010.0300 - [UNIX/Linux][RedHat] automake: Modify arbitrary files -
       Existing account 
Date:  31 March 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/12591

Title: ESB-2010.0299 - [RedHat] gfs-kmod: Denial of service - Existing account
Date:  31 March 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12590

Title: ESB-2010.0298 - [RedHat] curl: Execute arbitrary code/commands -
       Remote/unauthenticated 
Date:  31 March 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12589

Title: ESB-2010.0297 - [Linux][RedHat] kvm: Denial of service -
       Remote/unauthenticated 
Date:  31 March 2010
OS:    Red Hat Linux, SUSE, Other Linux Variants, Ubuntu, Debian GNU/Linux 
URL:   http://www.auscert.org.au/12588

Title: ESB-2010.0296 - [RedHat] pam_krb5: Reduced security -
       Remote/unauthenticated 
Date:  31 March 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12587

Title: ESB-2010.0295 - [RedHat] sendmail: Multiple vulnerabilities 
Date:  31 March 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12586

Title: ESB-2010.0294 - [RedHat] squid : Denial of service -
       Remote/unauthenticated 
Date:  31 March 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12585

Title: ESB-2010.0293 - [RedHat] openldap: Provide misleading information -
       Remote/unauthenticated 
Date:  31 March 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12584

Title: ESB-2010.0292 - [Linux][RedHat] brltty : Execute arbitrary
       code/commands - Existing account 
Date:  31 March 2010
OS:    Red Hat Linux, SUSE, Other Linux Variants, Ubuntu, Debian GNU/Linux 
URL:   http://www.auscert.org.au/12583

Title: ESB-2010.0291 - [RedHat] kernel: Denial of service -
       Remote/unauthenticated 
Date:  31 March 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12582

Title: ESB-2010.0290 - [VMware ESX] WebAccess: Multiple vulnerabilities 
Date:  31 March 2010
OS:    Virtualisation 
URL:   http://www.auscert.org.au/12581

Title: ESB-2010.0289 - [SUSE] kernel: Multiple vulnerabilities 
Date:  31 March 2010
OS:    SUSE 
URL:   http://www.auscert.org.au/12580

Title: ESB-2010.0288 - [SUSE][OpenSUSE] SUSE: Multiple vulnerabilities 
Date:  31 March 2010
OS:    Other Linux Variants, SUSE 
URL:   http://www.auscert.org.au/12579

Title: ESB-2010.0287 - [Win][Mac][OSX] Apple: Multiple vulnerabilities 
Date:  31 March 2010
OS:    Windows XP, Windows 7, Windows Vista, Mac OS X 
URL:   http://www.auscert.org.au/12578

Title: ESB-2010.0286 - [Win][Mac][OSX] QuickTime: Multiple vulnerabilities 
Date:  31 March 2010
OS:    Windows XP, Windows 7, Windows Vista, Mac OS X 
URL:   http://www.auscert.org.au/12577

Title: ESB-2010.0285 - ALERT [Win] Microsoft Internet Explorer: Multiple
       vulnerabilities 
Date:  31 March 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/12576

Title: ESB-2010.0284 - [HP-UX] AudFilter: Denial of service - Existing account
Date:  30 March 2010
OS:    HP-UX 
URL:   http://www.auscert.org.au/12575

Title: ESB-2010.0283 - [Win][Linux][HP-UX][Solaris][AIX] HP SOA Registry
       Foundation: Multiple vulnerabilities 
Date:  30 March 2010
OS:    Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
       Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/12574

Title: ESB-2010.0282 - [Mac][OSX] Apple: Multiple vulnerabilities 
Date:  30 March 2010
OS:    Mac OS X 
URL:   http://www.auscert.org.au/12572

Title: ESB-2010.0281 - HP Secure Web Server for OpenVMS: Multiple
       vulnerabilities 
Date:  29 March 2010
OS:    HP-UX 
URL:   http://www.auscert.org.au/12571

Title: ESB-2010.0280 - [Debian] curl: Denial of service -
       Remote/unauthenticated 
Date:  29 March 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12570

Title: ESB-2010.0279 - HP TCP/IP Services for OpenVMS Running NTP: Multiple
       vulnerabilities 
Date:  29 March 2010
OS:    HP-UX 
URL:   http://www.auscert.org.au/12569

Title: ESB-2010.0278 - [HP-UX] NFS/ONCplus: Reduced security -
       Remote/unauthenticated 
Date:  26 March 2010
OS:    HP-UX 
URL:   http://www.auscert.org.au/12567

Title: ESB-2010.0277 - [RedHat] httpd: Multiple vulnerabilities 
Date:  26 March 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12566

Title: ESB-2010.0276 - [Win][UNIX/Linux][RedHat] gnutls: Multiple
       vulnerabilities 
Date:  26 March 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12565

Title: ESB-2010.0275 - [RedHat] nss: Access privileged data -
       Remote/unauthenticated 
Date:  26 March 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12564

Title: ESB-2010.0274 - [Win][UNIX/Linux][RedHat] openssl: Multiple
       vulnerabilities 
Date:  26 March 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/12563

Title: ESB-2010.0243.2 - UPDATE [Win][UNIX/Linux][Debian] moin: Multiple
       vulnerabilities 
Date:  30 March 2010
OS:    Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD, AIX,
       OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
       Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
       2003, Solaris, HP Tru64 UNIX, IRIX 
URL:   http://www.auscert.org.au/12514

Title: ESB-2010.0068.2 - UPDATE [Win][UNIX/Linux] Drupal: Cross-site scripting
       - Remote/unauthenticated 
Date:  26 March 2010
OS:    Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD, AIX,
       OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
       Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
       2003, Solaris, HP Tru64 UNIX, IRIX 
URL:   http://www.auscert.org.au/12270



===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================






More information about the AusNOG mailing list