[AusNOG] AusCERT Week in Review - Week Ending 09/04/2010 (AUSCERT#20073f686)
Patrick Mannion
patrick at auscert.org.au
Fri Apr 9 15:22:15 EST 2010
Papers, Articles and other documents:
-------------------------------------
Title: AusCERT2010 ISP Workshop
Date: 09 April 2010
URL: http://www.auscert.org.au/12634
Web Log Entries:
----------------
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2010.0059.2 - UPDATE [Linux] Linux Kernel 2.6: Denial of service -
Remote/unauthenticated
Date: 07 April 2010
URL: http://www.auscert.org.au/12434
Title: ASB-2010.0098 - [Win][RedHat][AIX][SUSE] IBM WEBi: Multiple
vulnerabilities
Date: 07 April 2010
URL: http://www.auscert.org.au/12630
Title: ASB-2010.0083.2 - UPDATE [Win] Google Chrome: Multiple vulnerabilities
Date: 06 April 2010
URL: http://www.auscert.org.au/12535
Title: ASB-2010.0093.2 - UPDATE [Win][UNIX/Linux] Firefox 3.5.8 and prior:
Multiple vulnerabilities
Date: 06 April 2010
URL: http://www.auscert.org.au/12599
Title: ASB-2010.0095 - [Win][UNIX/Linux] Firefox 3.6.2 and prior : Execute
arbitrary code/commands - Remote/unauthenticated
Date: 06 April 2010
URL: http://www.auscert.org.au/12616
Title: ASB-2010.0096 - [Win][SUSE] Novell ZENworks: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 06 April 2010
URL: http://www.auscert.org.au/12619
Title: ASB-2010.0097 - [Win][Linux] Intel Active Management Technology (Intel
AMT) Software Development Kit (SDK): Execute arbitrary code/commands -
Remote/unauthenticated
Date: 06 April 2010
URL: http://www.auscert.org.au/12620
External Security Bulletins:
----------------------------
Title: ESB-2010.0334 - [Win][UNIX/Linux] Views (Drupal third-party module):
Execute arbitrary code/commands - Remote/unauthenticated
Date: 08 April 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12633
Title: ESB-2010.0333 - [Win][UNIX/Linux] NextGEN Gallery Wordpress Plugin:
Cross-site scripting - Remote/unauthenticated
Date: 08 April 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12632
Title: ESB-2010.0332 - [SUSE][OpenSUSE] SUSE: Multiple vulnerabilities
Date: 08 April 2010
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/12631
Title: ESB-2010.0331 - [RedHat] krb5: Denial of service - Existing account
Date: 07 April 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12629
Title: ESB-2010.0330 - [RedHat] kernel: Denial of service -
Remote/unauthenticated
Date: 07 April 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12628
Title: ESB-2010.0329.2 - UPDATE [Win] Virtual PC: Unauthorised access -
Existing account
Date: 07 April 2010
OS: Windows Server 2008, Windows Vista, Windows 7, Windows 2000,
Virtualisation, Windows XP, Windows 2003
URL: http://www.auscert.org.au/12627
Title: ESB-2010.0328 - [UNIX/Linux] kadmind: Denial of service - Existing
account
Date: 07 April 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12626
Title: ESB-2010.0327 - [Win] Foxit Reader: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 07 April 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12625
Title: ESB-2010.0326 - [SUSE] openssl: Multiple vulnerabilities
Date: 07 April 2010
OS: SUSE
URL: http://www.auscert.org.au/12624
Title: ESB-2010.0325 - [Win] XOsoft: Multiple vulnerabilities
Date: 07 April 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12623
Title: ESB-2010.0324 - [UNIX/Linux][Debian] mahara: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 07 April 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/12622
Title: ESB-2010.0323 - [Netware] Novell Netware NWFTPD: Execute arbitrary
code/commands - Existing account
Date: 06 April 2010
OS: Novell Netware
URL: http://www.auscert.org.au/12621
Title: ESB-2010.0322 - [Win][Linux][Solaris][AIX] WebSphere Application
Server: Multiple vulnerabilities
Date: 06 April 2010
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
GNU/Linux, Windows XP, SUSE, Windows 2000, AIX, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12618
Title: ESB-2010.0321 - [Appliance] Avaya: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 06 April 2010
URL: http://www.auscert.org.au/12617
Title: ESB-2010.0320 - [Win][UNIX/Linux] Shibboleth 2 IdP: Cross-site
scripting - Remote/unauthenticated
Date: 06 April 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12615
Title: ESB-2010.0319 - [UNIX/Linux][Ubuntu] libnss-db: Increased privileges -
Existing account
Date: 06 April 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12614
Title: ESB-2010.0318 - [UNIX/Linux][Debian] imlib2: Execute arbitrary
code/commands - Existing account
Date: 06 April 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/12613
Title: ESB-2010.0317 - [Debian] xpdf: Multiple vulnerabilities
Date: 06 April 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12612
Title: ESB-2010.0316 - [Debian] xulrunner: Multiple vulnerabilities
Date: 06 April 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12611
Title: ESB-2010.0315 - [Debian] netpbm-free: Execute arbitrary code/commands -
Remote with user interaction
Date: 06 April 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12610
Title: ESB-2010.0314 - [VMware ESX] VMWare: Multiple vulnerabilities
Date: 06 April 2010
OS: Virtualisation
URL: http://www.auscert.org.au/12609
Title: ESB-2010.0313.2 - UPDATE [Win][UNIX/Linux][RedHat] java-1.6.0-sun:
Multiple vulnerabilities
Date: 06 April 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD, AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
2003, Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/12606
Title: ESB-2010.0312.2 - UPDATE [Win][UNIX/Linux] Drupal: Cross-site scripting
- Remote/unauthenticated
Date: 09 April 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD, AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
2003, Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/12605
Title: ESB-2010.0283.2 - UPDATE [Win][Linux][HP-UX][Solaris][AIX] HP SOA
Registry Foundation: Multiple vulnerabilities
Date: 06 April 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, AIX, Windows
2000, SUSE, HP-UX, Windows XP, Ubuntu, Debian GNU/Linux, Windows 7, Red
Hat Linux, Windows 2003, Solaris
URL: http://www.auscert.org.au/12574
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list