[AusNOG] AusCERT Week in Review - Week Ending 23/04/2010 (AUSCERT#20073f686)

Jonathan Levine jonathan at auscert.org.au
Fri Apr 23 14:25:42 EST 2010


AusCERT Week in Review
23 April 2010

Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2010.0111 - [Win][UNIX/Linux] VLC media player prior to 1.0.6:
       Execute arbitrary code/commands - Remote with user interaction 
Date:  23 April 2010
URL:   http://www.auscert.org.au/12729

Title: ASB-2010.0112 - [Win][Linux][HP-UX][Solaris][AIX] IBM DB2 9.1:
Multiple
       vulnerabilities 
Date:  23 April 2010
URL:   http://www.auscert.org.au/12730

Title: ASB-2010.0109.2 - UPDATE ALERT [Win] McAfee VirusScan Enterprise:
       Denial of service - Existing account 
Date:  22 April 2010
URL:   http://www.auscert.org.au/12720

Title: ASB-2010.0110 - [Win] Google Chrome prior to 4.1.249.1059: Multiple
       vulnerabilities 
Date:  22 April 2010
URL:   http://www.auscert.org.au/12724

Title: ASB-2010.0103.3 - UPDATE [Win][UNIX/Linux] Atlassian JIRA: Multiple
       vulnerabilities 
Date:  21 April 2010
URL:   http://www.auscert.org.au/12675

Title: ASB-2010.0108 - [Win][UNIX/Linux] MySQL "UNINSTALL PLUGIN": Modify
       arbitrary files - Existing account 
Date:  21 April 2010
URL:   http://www.auscert.org.au/12719

Title: ASB-2010.0105 - [Appliance] IBM BladeCenter Advanced Management
Module:
       Denial of service - Unknown/unspecified 
Date:  20 April 2010
URL:   http://www.auscert.org.au/12694

Title: ASB-2010.0106 - [Win][Linux][HP-UX][Solaris][AIX] IBM WebSphere
Portal:
       Reduced security - Unknown/unspecified 
Date:  20 April 2010
URL:   http://www.auscert.org.au/12695

Title: ASB-2010.0107 - [Appliance] 3Com H3C S9500E/S12500 Switch: Denial of
       service - Remote/unauthenticated 
Date:  20 April 2010
URL:   http://www.auscert.org.au/12703

External Security Bulletins:
- ----------------------------
Title: ESB-2010.0396 - [Solaris][OpenSolaris] sendmail: Provide misleading
       information - Remote with user interaction 
Date:  23 April 2010
OS:    Solaris 
URL:   http://www.auscert.org.au/12728

Title: ESB-2010.0395 - [Win][UNIX/Linux] Apache Tomcat: Access confidential
       data - Remote/unauthenticated 
Date:  23 April 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/12727

Title: ESB-2010.0394 - [Win] HP Virtual Machine Manager: Unauthorised access
-
       Remote/unauthenticated 
Date:  23 April 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/12726

Title: ESB-2010.0393 - [HP-UX] BIND: Provide misleading information -
       Remote/unauthenticated 
Date:  22 April 2010
OS:    HP-UX 
URL:   http://www.auscert.org.au/12725

Title: ESB-2010.0392 - [Win][Linux] HP System Management Homepage: Multiple
       vulnerabilities 
Date:  22 April 2010
OS:    Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux, Ubuntu,
       Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux Variants,
       Windows Server 2008 
URL:   http://www.auscert.org.au/12723

Title: ESB-2010.0391 - [SUSE][OpenSUSE] acroread: Multiple vulnerabilities 
Date:  22 April 2010
OS:    Other Linux Variants, SUSE 
URL:   http://www.auscert.org.au/12722

Title: ESB-2010.0390 - [Cisco] Cisco Systems: Administrator compromise -
       Remote with user interaction 
Date:  22 April 2010
OS:    Cisco Products 
URL:   http://www.auscert.org.au/12721

Title: ESB-2010.0389 - [RedHat] scsi-target-utils: Denial of service -
       Remote/unauthenticated 
Date:  21 April 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12717

Title: ESB-2010.0388 - [RedHat] sudo: Root compromise - Existing account 
Date:  21 April 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12707

Title: ESB-2010.0387 - [RedHat] wireshark: Multiple vulnerabilities 
Date:  21 April 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12706

Title: ESB-2010.0386 - [UNIX/Linux] krb5: Execute arbitrary code/commands -
       Existing account 
Date:  21 April 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/12705

Title: ESB-2010.0385 - [Win] HP Operations Manager for Windows: Execute
       arbitrary code/commands - Remote with user interaction 
Date:  21 April 2010
OS:    Windows 2003, HP-UX, Windows XP, Windows 2000, Windows 7, Windows
       Vista, Windows Server 2008 
URL:   http://www.auscert.org.au/12704

Title: ESB-2010.0384 - [UNIX/Linux][Mandriva] sudo: Execute arbitrary
       code/commands - Existing account 
Date:  20 April 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/12693

Title: ESB-2010.0383 - [HP-UX] Denial of service - Existing account 
Date:  20 April 2010
OS:    HP-UX 
URL:   http://www.auscert.org.au/12692

Title: ESB-2010.0382 - [RedHat] java-1.6.0-sun: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  20 April 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12691

Title: ESB-2010.0381 - [Win][Linux] F-Secure Products: Reduced security -
       Remote/unauthenticated 
Date:  19 April 2010
OS:    Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux,
       Windows XP, SUSE, Windows 2000, Windows Vista, Windows Server 2008,
       Other Linux Variants 
URL:   http://www.auscert.org.au/12690

Title: ESB-2010.0380 - [Win][UNIX/Linux] Drupal Third-Party Modules:
       Cross-site scripting - Existing account 
Date:  19 April 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12688

Title: ESB-2010.0379 - [Debian] pidgin: Denial of service - Remote with user
       interaction 
Date:  19 April 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12687

Title: ESB-2010.0378 - [Debian] kdm (kdebase): Root compromise - Existing
       account 
Date:  19 April 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12686

Title: ESB-2010.0377 - [Debian] jasper: Denial of service - Remote with user
       interaction 
Date:  19 April 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12685

Title: ESB-2010.0376 - [Debian] apache2: Multiple vulnerabilities 
Date:  19 April 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12684

Title: ESB-2010.0375 - [Debian] phpmyadmin: Multiple vulnerabilities 
Date:  19 April 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12683

Title: ESB-2010.0352.2 - UPDATE [HP-UX] OpenSSL: Multiple vulnerabilities 
Date:  20 April 2010
OS:    HP-UX 
URL:   http://www.auscert.org.au/12655

Title: ESB-2010.0346.2 - UPDATED ALERT [Win] Windows Media Services: Execute
       arbitrary code/commands - Remote/unauthenticated 
Date:  22 April 2010
OS:    Windows 2000 
URL:   http://www.auscert.org.au/12649

Title: ESB-2010.0272.2 - UPDATE [HP-UX] sendmail: Unauthorised access -
       Remote/unauthenticated 
Date:  21 April 2010
OS:    HP-UX 
URL:   http://www.auscert.org.au/12561

Title: ESB-2010.0027.2 - UPDATED ALERT [Win][UNIX/Linux] Adobe: Multiple
       vulnerabilities 
Date:  22 April 2010
OS:    Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,
       OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
       Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
       2003, Solaris, HP Tru64 UNIX, IRIX 
URL:   http://www.auscert.org.au/12220

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================





More information about the AusNOG mailing list