[AusNOG] AusCERT Week in Review - Week Ending 06/08/2010 (AUSCERT#20073f686)

Jonathan Levine jonathan at auscert.org.au
Fri Aug 6 16:30:24 EST 2010


AusCERT Week in Review
06 August 2010

Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2010.0187 - [Win][Netware][Linux] Novell ZENworks: Unauthorised
       access - Existing account 
Date:  06 August 2010
URL:   http://www.auscert.org.au/13166

Title: ASB-2010.0186 - [OS/400] Apache HTTPD: Denial of service -
       Remote/unauthenticated 
Date:  03 August 2010
URL:   http://www.auscert.org.au/13147

Title: ASB-2010.0185 - ALERT [Win] Microsoft Windows: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  02 August 2010
URL:   http://www.auscert.org.au/13135

External Security Bulletins:
- ----------------------------
Title: ESB-2009.1501.2 - UPDATE [Cisco] Cisco: Multiple Vulnerabilities 
Date:  06 August 2010
OS:    Cisco Products 
URL:   http://www.auscert.org.au/11919

Title: ESB-2010.0696 - ALERT [Appliance] VxWorks: Root compromise -
       Remote/unauthenticated 
Date:  06 August 2010
URL:   http://www.auscert.org.au/13165

Title: ESB-2010.0695 - ALERT [Win][UNIX/Linux] Adobe Reader and Adobe
Acrobat:
       Execute arbitrary code/commands - Remote with user interaction 
Date:  06 August 2010
OS:    IRIX, Solaris, HP Tru64 UNIX, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, FreeBSD, Windows Vista,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13164

Title: ESB-2010.0694 - [Win][UNIX/Linux][RedHat] freetype: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  06 August 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13163

Title: ESB-2010.0693 - [RedHat] kernel: Multiple vulnerabilities 
Date:  06 August 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13162

Title: ESB-2010.0692 - [RedHat] Red Hat Certificate System 7.3: Multiple
       vulnerabilities 
Date:  06 August 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13161

Title: ESB-2010.0691 - [Appliance] Hewlett-Packard ProCurve Products:
Multiple
       vulnerabilities 
Date:  06 August 2010
OS:    HP-UX 
URL:   http://www.auscert.org.au/13160

Title: ESB-2010.0690 - [Win][Netware][Linux][Mac][OSX] Novell iPrint:
Execute
       arbitrary code/commands - Remote/unauthenticated 
Date:  06 August 2010
OS:    Windows 2003, Red Hat Linux, Windows 7, Mac OS X, Novell Netware,
       Ubuntu, Debian GNU/Linux, Windows XP, SUSE, Windows 2000, Windows
       Vista, Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13159

Title: ESB-2010.0689 - [Debian] wget: Execute arbitrary code/commands -
Remote
       with user interaction 
Date:  06 August 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/13158

Title: ESB-2010.0688.3 - UPDATE [Appliance] VxWorks: Reduced security -
       Remote/unauthenticated 
Date:  06 August 2010
URL:   http://www.auscert.org.au/13157

Title: ESB-2010.0687 - ALERT [Cisco] Cisco ASA and FWSM: Denial of service -
       Remote/unauthenticated 
Date:  05 August 2010
OS:    Cisco Products 
URL:   http://www.auscert.org.au/13156

Title: ESB-2010.0686 - [Win][UNIX/Linux] Citrix ICA Client: Execute
arbitrary
       code/commands - Remote with user interaction 
Date:  05 August 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13155

Title: ESB-2010.0685 - [Win][UNIX/Linux] Drupal Devel (third-party module):
       Cross-site scripting - Existing account 
Date:  05 August 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13154

Title: ESB-2010.0684 - [RedHat] gnupg2: Execute arbitrary code/commands -
       Remote with user interaction 
Date:  05 August 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13153

Title: ESB-2010.0683 - [Win][Linux][HP-UX][Solaris] HP OpenView Network Node
       Manager: Execute arbitrary code/commands - Remote/unauthenticated 
Date:  04 August 2010
OS:    Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
       Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista, Windows
       Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13152

Title: ESB-2010.0682 - [Win][UNIX/Linux][Debian] cabextract: Execute
arbitrary
       code/commands - Remote/unauthenticated 
Date:  04 August 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13151

Title: ESB-2010.0681 - [Debian] avahi: Denial of service -
       Remote/unauthenticated 
Date:  04 August 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/13150

Title: ESB-2010.0680 - [RedHat] Red Hat Directory Server 8: Access
privileged
       data - Existing account 
Date:  04 August 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13149

Title: ESB-2010.0679 - [Debian] lftp: Overwrite arbitrary files - Remote
with
       user interaction 
Date:  04 August 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/13148

Title: ESB-2010.0678 - [Debian] tiff: Execute arbitrary code/commands -
Remote
       with user interaction 
Date:  03 August 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/13146

Title: ESB-2010.0677 - [SUSE] SUSE: Multiple vulnerabilities 
Date:  03 August 2010
OS:    SUSE 
URL:   http://www.auscert.org.au/13145

Title: ESB-2010.0676 - [Linux][SUSE] kernel: Multiple vulnerabilities 
Date:  03 August 2010
OS:    Red Hat Linux, SUSE, Other Linux Variants, Ubuntu, Debian GNU/Linux 
URL:   http://www.auscert.org.au/13144

Title: ESB-2010.0675 - [Debian] moin: Cross-site scripting - Remote with
user
       interaction 
Date:  03 August 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/13143

Title: ESB-2010.0674 - [RedHat] java-1.4.2-ibm-sap: Multiple vulnerabilities

Date:  03 August 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13142

Title: ESB-2010.0673 - [RedHat] lftp: Overwrite arbitrary files - Remote
with
       user interaction 
Date:  03 August 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13141

Title: ESB-2010.0672 - [RedHat] jbossweb: Multiple vulnerabilities 
Date:  03 August 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13140

Title: ESB-2010.0671 - [RedHat] tomcat: Multiple vulnerabilities 
Date:  03 August 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13139

Title: ESB-2010.0670 - ALERT [Win] Microsoft Windows: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  03 August 2010
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL:   http://www.auscert.org.au/13138

Title: ESB-2010.0669 - [Appliance] EMC Disk Library (EDL): Denial of service
-
       Remote/unauthenticated 
Date:  02 August 2010
URL:   http://www.auscert.org.au/13137

Title: ESB-2010.0668 - [UNIX/Linux][Debian] gmime2.2: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  02 August 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/13136

Title: ESB-2010.0667 - [Win][UNIX/Linux][Debian] libmikmod: Execute
arbitrary
       code/commands - Remote with user interaction 
Date:  02 August 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13134

Title: ESB-2010.0666 - [Win][UNIX/Linux][Debian] mapserver: Execute
arbitrary
       code/commands - Remote/unauthenticated 
Date:  02 August 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13133

Title: ESB-2010.0665 - [Win][UNIX/Linux][Debian] kvirc: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  02 August 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13132

Title: ESB-2010.0664 - [Debian] ghostscript: Execute arbitrary code/commands
-
       Remote with user interaction 
Date:  02 August 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/13131

Title: ESB-2010.0663 - [SUSE][OpenSUSE] SUSE MozillaFirefox,
       MozillaThunderbird, seamonkey: Multiple vulnerabilities 
Date:  02 August 2010
OS:    Other Linux Variants, SUSE 
URL:   http://www.auscert.org.au/13130

Title: ESB-2010.0662 - [RedHat] freetype: Execute arbitrary code/commands -
       Remote with user interaction 
Date:  02 August 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13129

Title: ESB-2010.0652.2 - UPDATE [UNIX/Linux][Ubuntu] Likewise Open: Reduced
       security - Existing account 
Date:  04 August 2010
OS:    Other Linux Variants, FreeBSD, AIX, OpenBSD, SUSE, Other BSD
Variants,
       HP-UX, Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Solaris, HP
       Tru64 UNIX, IRIX 
URL:   http://www.auscert.org.au/13114

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================





More information about the AusNOG mailing list