[AusNOG] AusCERT Week in Review - Week Ending 13/08/2010 (AusCERT#20073f686)
Jonathan Levine
jonathan at auscert.org.au
Fri Aug 13 15:38:35 EST 2010
AusCERT Week in Review
13 August 2010
Web Log Entries:
- ----------------
Title: Microsoft August 2010 bulletins
Date: 12 August 2010
URL: http://www.auscert.org.au/13206
Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2010.0191 - [Win][UNIX/Linux] Opera prior to 10.61: Execute
arbitrary code/commands - Remote with user interaction
Date: 13 August 2010
URL: http://www.auscert.org.au/13210
Title: ASB-2010.0189 - [Win][UNIX/Linux] PHP prior to 5.3.3 and 5.2.14:
Multiple vulnerabilities
Date: 10 August 2010
URL: http://www.auscert.org.au/13175
Title: ASB-2010.0190 - [Win] Microsoft Bulletin Notification - August
Pre-release Announcement
Date: 10 August 2010
URL: http://www.auscert.org.au/13176
Title: ASB-2010.0188 - [Win] Foxit Reader prior to 4.1.1: Execute arbitrary
code/commands - Remote with user interaction
Date: 09 August 2010
URL: http://www.auscert.org.au/13173
External Security Bulletins:
- ----------------------------
Title: ESB-2010.0733 - [Win] QuickTime: Execute arbitrary code/commands -
Remote with user interaction
Date: 13 August 2010
OS: Windows XP, Windows 7, Windows Vista
URL: http://www.auscert.org.au/13209
Title: ESB-2010.0732 - [Debian] squirrelmail: Cross-site request forgery -
Remote with user interaction
Date: 13 August 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13208
Title: ESB-2010.0731 - [Cisco] Cisco IOS Software 15.1(2)T: Denial of
service
- Remote/unauthenticated
Date: 13 August 2010
OS: Cisco Products
URL: http://www.auscert.org.au/13207
Title: ESB-2010.0730 - [Cisco] Cisco Wireless Control System 6.0.x:
Administrator compromise - Existing account
Date: 12 August 2010
OS: Cisco Products
URL: http://www.auscert.org.au/13205
Title: ESB-2010.0729 - [Cisco] Cisco Systems: Denial of service -
Remote/unauthenticated
Date: 12 August 2010
OS: Cisco Products
URL: http://www.auscert.org.au/13204
Title: ESB-2010.0728 - [RedHat] wireshark: Multiple vulnerabilities
Date: 12 August 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/13203
Title: ESB-2010.0727 - [Win][UNIX/Linux] Drupal Third-party modules: Execute
arbitrary code/commands - Remote with user interaction
Date: 12 August 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13202
Title: ESB-2010.0726 - [Win][UNIX/Linux] Drupal: Multiple vulnerabilities
Date: 12 August 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13201
Title: ESB-2010.0725 - ALERT [Win] SAP Crystal Reports: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 12 August 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/13200
Title: ESB-2010.0724.2 - UPDATE [Apple iOS] Apple iOS: Multiple
vulnerabilities
Date: 12 August 2010
OS: Apple iOS
URL: http://www.auscert.org.au/13199
Title: ESB-2010.0723 - [RedHat] flash-plugin: Multiple vulnerabilities
Date: 12 August 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/13197
Title: ESB-2010.0722 - [UNIX/Linux][RedHat] dbus-glib: Denial of service -
Existing account
Date: 11 August 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/13196
Title: ESB-2010.0721 - [Linux][RedHat] libvirt: Access confidential data -
Existing account
Date: 11 August 2010
OS: Red Hat Linux, SUSE, Other Linux Variants, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/13195
Title: ESB-2010.0720 - [Linux][RedHat] kernel: Multiple vulnerabilities
Date: 11 August 2010
OS: Red Hat Linux, SUSE, Other Linux Variants, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/13194
Title: ESB-2010.0719 - [Win][RedHat] Adobe Flash Media Server: Multiple
vulnerabilities
Date: 11 August 2010
OS: Windows 2003, Windows 7, Windows XP, Windows 2000, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/13193
Title: ESB-2010.0718 - [Win][UNIX/Linux] Adobe: Access confidential data -
Unknown/unspecified
Date: 11 August 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13192
Title: ESB-2010.0717 - [Win][Linux][Solaris][Mac][OSX] Adobe Flash, AIR,
CS3,
Flex: Multiple vulnerabilities
Date: 11 August 2010
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Mac OS X, Ubuntu,
Debian GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista,
Other
Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13191
Title: ESB-2010.0716 - [Win] Microsoft Movie Maker: Execute arbitrary
code/commands - Remote with user interaction
Date: 11 August 2010
OS: Windows Vista, Windows XP
URL: http://www.auscert.org.au/13190
Title: ESB-2010.0715 - [Win] Microsoft Office: Execute arbitrary
code/commands
- Remote with user interaction
Date: 11 August 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/13189
Title: ESB-2010.0714 - [Win] Microsoft Windows: Increased privileges -
Existing account
Date: 11 August 2010
OS: Windows 2003, Windows 7, Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/13188
Title: ESB-2010.0713 - [Win] Microsoft Windows: Multiple vulnerabilities
Date: 11 August 2010
OS: Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/13187
Title: ESB-2010.0712 - [Win] Microsoft: Execute arbitrary code/commands -
Remote with user interaction
Date: 11 August 2010
OS: Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/13186
Title: ESB-2010.0711 - [Win][Mac][OSX] Microsoft Office and Microsoft Works:
Execute arbitrary code/commands - Remote with user interaction
Date: 11 August 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Mac
OS X, Windows Server 2008
URL: http://www.auscert.org.au/13185
Title: ESB-2010.0710 - [Win] Microsoft Windows: Execute arbitrary
code/commands - Remote with user interaction
Date: 11 August 2010
OS: Windows XP, Windows 7, Windows Vista
URL: http://www.auscert.org.au/13184
Title: ESB-2010.0709 - ALERT [Win] Microsoft Windows: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 11 August 2010
OS: Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/13183
Title: ESB-2010.0708 - [Win] Microsoft Internet Explorer: Multiple
vulnerabilities
Date: 11 August 2010
OS: Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/13182
Title: ESB-2010.0707 - [Win] Microsoft Windows: Execute arbitrary
code/commands - Remote with user interaction
Date: 11 August 2010
OS: Windows 2003, Windows XP
URL: http://www.auscert.org.au/13181
Title: ESB-2010.0706 - [Win] Microsoft Windows and Internet Explorer:
Execute
arbitrary code/commands - Remote with user interaction
Date: 11 August 2010
OS: Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/13180
Title: ESB-2010.0705 - [Win] Microsoft Windows: Multiple vulnerabilities
Date: 11 August 2010
OS: Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/13179
Title: ESB-2010.0704 - [Win] Microsoft Windows: Multiple vulnerabilities
Date: 11 August 2010
OS: Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/13178
Title: ESB-2010.0703 - [Win] Microsoft Windows: Multiple vulnerabilities
Date: 11 August 2010
OS: Windows XP, Windows 7, Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/13177
Title: ESB-2010.0702 - [Win][Linux] Novell Sentinel Log Manager: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 10 August 2010
OS: Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux, Ubuntu,
Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux Variants,
Windows Server 2008
URL: http://www.auscert.org.au/13174
Title: ESB-2010.0701 - [Win][UNIX/Linux] Bugzilla: Multiple vulnerabilities
Date: 09 August 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13172
Title: ESB-2010.0700 - [Win] Oracle Siebel Option Pack for IE: Execute
arbitrary code/commands - Remote with user interaction
Date: 09 August 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/13171
Title: ESB-2010.0699 - [Win][Appliance] RSA enVision prior to 3.7 SP1:
Denial
of service - Remote/unauthenticated
Date: 09 August 2010
OS: Windows 2003
URL: http://www.auscert.org.au/13170
Title: ESB-2010.0698 - [Win][UNIX/Linux][Debian] socat: Execute arbitrary
code/commands - Remote with user interaction
Date: 09 August 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13169
Title: ESB-2010.0697 - [Debian] php5: Multiple vulnerabilities
Date: 09 August 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13168
Title: ESB-2010.0686.2 - UPDATE [Win][UNIX/Linux] Citrix ICA Client: Execute
arbitrary code/commands - Remote with user interaction
Date: 12 August 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
2003, Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/13155
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list