[AusNOG] AusCERT Week in Review - Week Ending 02/04/2010 (AUSCERT#20073f686)
Patrick Mannion
patrick at auscert.org.au
Thu Apr 1 16:41:04 EST 2010
Web Log Entries:
----------------
Title: Apple updates OS X, Quicktime and iTunes
Date: 30 March 2010
URL: http://www.auscert.org.au/12594
Title: Own One or Own Them All?
Date: 25 March 2010
URL: http://www.auscert.org.au/12568
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2010.0093 - [Win][UNIX/Linux] Firefox, SeaMonkey and Thunderbird:
Multiple vulnerabilities
Date: 31 March 2010
URL: http://www.auscert.org.au/12599
Title: ASB-2010.0092 - ALERT [Win] Internet Explorer: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 30 March 2010
URL: http://www.auscert.org.au/12573
Title: ASB-2010.0080.2 - UPDATE [UNIX/Linux] SpamAssassin Milter plugin :
Execute arbitrary code/commands - Remote/unauthenticated
Date: 29 March 2010
URL: http://www.auscert.org.au/12524
Title: ASB-2010.0089.2 - UPDATED ALERT [Win][UNIX/Linux] Firefox: Multiple
vulnerabilities
Date: 26 March 2010
URL: http://www.auscert.org.au/12548
External Security Bulletins:
----------------------------
Title: ESB-2009.1553.5 - UPDATE [Win][VMware ESX][Linux] VMware vCenter, ESX,
vMA: Multiple vulnerabilities
Date: 31 March 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, Windows 2000,
SUSE, Virtualisation, Windows XP, Ubuntu, Debian GNU/Linux, Windows 7,
Red Hat Linux, Windows 2003
URL: http://www.auscert.org.au/11990
Title: ESB-2010.0312 - [Win][UNIX/Linux] Drupal (Third-party modules) :
Cross-site scripting - Remote/unauthenticated
Date: 01 April 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12605
Title: ESB-2010.0311 - [Win][Mac][OSX] AirPort Utility: Unauthorised access -
Remote/unauthenticated
Date: 01 April 2010
OS: Windows XP, Windows 7, Windows Vista, Mac OS X
URL: http://www.auscert.org.au/12604
Title: ESB-2010.0310 - [Debian] icedove: Multiple vulnerabilities
Date: 01 April 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12603
Title: ESB-2010.0309 - [Win][UNIX/Linux][Debian] moin: Cross-site scripting -
Remote/unauthenticated
Date: 01 April 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12602
Title: ESB-2010.0308 - [Win][Linux][Mac][OSX] Java Runtime Environment:
Execute arbitrary code/commands - Remote with user interaction
Date: 31 March 2010
OS: Windows 2003, Red Hat Linux, Windows 7, Mac OS X, Ubuntu, Debian
GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/12601
Title: ESB-2010.0307 - [Win][UNIX/Linux][RedHat] Red Hat and Seamonkey:
Multiple vulnerabilities
Date: 31 March 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12600
Title: ESB-2010.0306 - [AIX] sendmail: Provide misleading information -
Remote/unauthenticated
Date: 31 March 2010
OS: AIX
URL: http://www.auscert.org.au/12598
Title: ESB-2010.0305 - [RedHat][SUSE] Insight Control: Multiple
vulnerabilities
Date: 31 March 2010
OS: Red Hat Linux, SUSE
URL: http://www.auscert.org.au/12597
Title: ESB-2010.0304 - [UNIX/Linux][Ubuntu] emacs: Access privileged data -
Existing account
Date: 31 March 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12596
Title: ESB-2010.0303 - [RedHat] GFS-kernel: Denial of service - Existing
account
Date: 31 March 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12595
Title: ESB-2010.0302 - [RedHat] GFS: Denial of service - Existing account
Date: 31 March 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12593
Title: ESB-2010.0301 - [RedHat] curl: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 31 March 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12592
Title: ESB-2010.0300 - [UNIX/Linux][RedHat] automake: Modify arbitrary files -
Existing account
Date: 31 March 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12591
Title: ESB-2010.0299 - [RedHat] gfs-kmod: Denial of service - Existing account
Date: 31 March 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12590
Title: ESB-2010.0298 - [RedHat] curl: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 31 March 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12589
Title: ESB-2010.0297 - [Linux][RedHat] kvm: Denial of service -
Remote/unauthenticated
Date: 31 March 2010
OS: Red Hat Linux, SUSE, Other Linux Variants, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/12588
Title: ESB-2010.0296 - [RedHat] pam_krb5: Reduced security -
Remote/unauthenticated
Date: 31 March 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12587
Title: ESB-2010.0295 - [RedHat] sendmail: Multiple vulnerabilities
Date: 31 March 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12586
Title: ESB-2010.0294 - [RedHat] squid : Denial of service -
Remote/unauthenticated
Date: 31 March 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12585
Title: ESB-2010.0293 - [RedHat] openldap: Provide misleading information -
Remote/unauthenticated
Date: 31 March 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12584
Title: ESB-2010.0292 - [Linux][RedHat] brltty : Execute arbitrary
code/commands - Existing account
Date: 31 March 2010
OS: Red Hat Linux, SUSE, Other Linux Variants, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/12583
Title: ESB-2010.0291 - [RedHat] kernel: Denial of service -
Remote/unauthenticated
Date: 31 March 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12582
Title: ESB-2010.0290 - [VMware ESX] WebAccess: Multiple vulnerabilities
Date: 31 March 2010
OS: Virtualisation
URL: http://www.auscert.org.au/12581
Title: ESB-2010.0289 - [SUSE] kernel: Multiple vulnerabilities
Date: 31 March 2010
OS: SUSE
URL: http://www.auscert.org.au/12580
Title: ESB-2010.0288 - [SUSE][OpenSUSE] SUSE: Multiple vulnerabilities
Date: 31 March 2010
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/12579
Title: ESB-2010.0287 - [Win][Mac][OSX] Apple: Multiple vulnerabilities
Date: 31 March 2010
OS: Windows XP, Windows 7, Windows Vista, Mac OS X
URL: http://www.auscert.org.au/12578
Title: ESB-2010.0286 - [Win][Mac][OSX] QuickTime: Multiple vulnerabilities
Date: 31 March 2010
OS: Windows XP, Windows 7, Windows Vista, Mac OS X
URL: http://www.auscert.org.au/12577
Title: ESB-2010.0285 - ALERT [Win] Microsoft Internet Explorer: Multiple
vulnerabilities
Date: 31 March 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12576
Title: ESB-2010.0284 - [HP-UX] AudFilter: Denial of service - Existing account
Date: 30 March 2010
OS: HP-UX
URL: http://www.auscert.org.au/12575
Title: ESB-2010.0283 - [Win][Linux][HP-UX][Solaris][AIX] HP SOA Registry
Foundation: Multiple vulnerabilities
Date: 30 March 2010
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12574
Title: ESB-2010.0282 - [Mac][OSX] Apple: Multiple vulnerabilities
Date: 30 March 2010
OS: Mac OS X
URL: http://www.auscert.org.au/12572
Title: ESB-2010.0281 - HP Secure Web Server for OpenVMS: Multiple
vulnerabilities
Date: 29 March 2010
OS: HP-UX
URL: http://www.auscert.org.au/12571
Title: ESB-2010.0280 - [Debian] curl: Denial of service -
Remote/unauthenticated
Date: 29 March 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12570
Title: ESB-2010.0279 - HP TCP/IP Services for OpenVMS Running NTP: Multiple
vulnerabilities
Date: 29 March 2010
OS: HP-UX
URL: http://www.auscert.org.au/12569
Title: ESB-2010.0278 - [HP-UX] NFS/ONCplus: Reduced security -
Remote/unauthenticated
Date: 26 March 2010
OS: HP-UX
URL: http://www.auscert.org.au/12567
Title: ESB-2010.0277 - [RedHat] httpd: Multiple vulnerabilities
Date: 26 March 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12566
Title: ESB-2010.0276 - [Win][UNIX/Linux][RedHat] gnutls: Multiple
vulnerabilities
Date: 26 March 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12565
Title: ESB-2010.0275 - [RedHat] nss: Access privileged data -
Remote/unauthenticated
Date: 26 March 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12564
Title: ESB-2010.0274 - [Win][UNIX/Linux][RedHat] openssl: Multiple
vulnerabilities
Date: 26 March 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12563
Title: ESB-2010.0243.2 - UPDATE [Win][UNIX/Linux][Debian] moin: Multiple
vulnerabilities
Date: 30 March 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD, AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
2003, Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/12514
Title: ESB-2010.0068.2 - UPDATE [Win][UNIX/Linux] Drupal: Cross-site scripting
- Remote/unauthenticated
Date: 26 March 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD, AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
2003, Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/12270
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list