[AusNOG] AusCERT Week in Review - Week Ending 27/08/2010 (AUSCERT#20073f686)

Fri Aug 27 15:37:08 EST 2010

AusCERT Week in Review
27 August 2010

Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2010.0189.2 - UPDATE [Win][UNIX/Linux] PHP prior to 5.3.3 and
       5.2.14: Multiple vulnerabilities 
Date:  26 August 2010
URL:   http://www.auscert.org.au/13175

Title: ASB-2010.0196.2 - UPDATE [Win][UNIX/Linux] phpMyAdmin prior to
       2.11.10.1 and 3.3.5.1: Multiple vulnerabilities 
Date:  26 August 2010
URL:   http://www.auscert.org.au/13239

Title: ASB-2010.0197.2 - UPDATE [Win][UNIX/Linux] Google Chrome: Multiple
       vulnerabilities 
Date:  26 August 2010
URL:   http://www.auscert.org.au/13240

Title: ASB-2010.0198 - [Win][UNIX/Linux] MySQL prior to 5.1.50: Denial of
       service - Existing account 
Date:  25 August 2010
URL:   http://www.auscert.org.au/13251

External Security Bulletins:
- ----------------------------
Title: ESB-2009.1136.2 - UPDATE [Win][UNIX/Linux] Webform report (Drupal
       third-party module): Cross-site scripting - Remote with user
       interaction 
Date:  26 August 2010
OS:    Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,
       OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
       Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Windows 2003,
       Solaris, HP Tru64 UNIX, IRIX 
URL:   http://www.auscert.org.au/11431

Title: ESB-2010.0776 - [Win][Linux][HP-UX][Solaris][AIX] IBM Websphere
       Application Server: Reduced security - Remote with user interaction 
Date:  27 August 2010
OS:    Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
       Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13264

Title: ESB-2010.0775 - [Win][UNIX/Linux] Ghostscript prior to 8.71: Execute
       arbitrary code/commands - Remote with user interaction 
Date:  27 August 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13263

Title: ESB-2010.0774 - [Win][Linux][OSX] RealPlayer: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  27 August 2010
OS:    Windows 2003, Red Hat Linux, Windows 7, Mac OS X, Ubuntu, Debian
       GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux
       Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13262

Title: ESB-2010.0773 - [SUSE] SUSE: Multiple vulnerabilities 
Date:  27 August 2010
OS:    SUSE 
URL:   http://www.auscert.org.au/13261

Title: ESB-2010.0772 - [UNIX/Linux][RedHat] gdm: Reduced security -
       Console/physical 
Date:  27 August 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/13260

Title: ESB-2010.0771 - [HP-UX] Software Distributor: Increased privileges -
       Existing account 
Date:  26 August 2010
OS:    HP-UX 
URL:   http://www.auscert.org.au/13259

Title: ESB-2010.0770 - [UNIX/Linux][AIX] ftpd: Execute arbitrary
code/commands
       - Remote with user interaction 
Date:  26 August 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/13258

Title: ESB-2010.0769 - [NetBSD] CODA: Access privileged data - Existing
       account 
Date:  26 August 2010
OS:    Other BSD Variants 
URL:   http://www.auscert.org.au/13257

Title: ESB-2010.0768 - [Cisco] Cisco Unified Presence and Cisco Unified
       Communications Manager: Denial of service - Remote/unauthenticated 
Date:  26 August 2010
OS:    Cisco Products 
URL:   http://www.auscert.org.au/13256

Title: ESB-2010.0767 - [Win] Trend Micro Internet Security Pro 2010: Execute
       arbitrary code/commands - Remote with user interaction 
Date:  26 August 2010
OS:    Windows Vista, Windows XP, Windows 7 
URL:   http://www.auscert.org.au/13255

Title: ESB-2010.0766 - [RedHat] ImageMagick: Execute arbitrary code/commands
-
       Remote with user interaction 
Date:  26 August 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13254

Title: ESB-2010.0765 - [RedHat] qspice-client: Unauthorised access -
Existing
       account 
Date:  26 August 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13253

Title: ESB-2010.0764 - [Linux][RedHat] spice-xpi: Multiple vulnerabilities 
Date:  26 August 2010
OS:    Red Hat Linux, SUSE, Other Linux Variants, Ubuntu, Debian GNU/Linux 
URL:   http://www.auscert.org.au/13252

Title: ESB-2010.0763 - [OSX] Apple: Multiple vulnerabilities 
Date:  25 August 2010
OS:    Mac OS X 
URL:   http://www.auscert.org.au/13250

Title: ESB-2010.0762 - [Win][OSX] Adobe Shockwave Player prior to
11.5.8.612:
       Multiple vulnerabilities 
Date:  25 August 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Mac
       OS X, Windows Server 2008 
URL:   http://www.auscert.org.au/13249

Title: ESB-2010.0761 - [Win][UNIX/Linux][Debian] zope-ldapuserfolder:
       Administrator compromise - Remote with user interaction 
Date:  25 August 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13248

Title: ESB-2010.0760 - [Apple iOS] HP MagCloud iPad App: Access confidential
       data - Remote with user interaction 
Date:  24 August 2010
OS:    Apple iOS 
URL:   http://www.auscert.org.au/13247

Title: ESB-2010.0759 - [Win] Microsoft Windows: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  24 August 2010
OS:    Windows 7, Windows Server 2008, Windows Vista, Windows 2003, Windows
       2000, Windows XP 
URL:   http://www.auscert.org.au/13246

Title: ESB-2010.0758 - [Win][Linux][Mac][OSX] Cisco WebEx Player: Execute
       arbitrary code/commands - Remote with user interaction 
Date:  24 August 2010
OS:    Windows 2003, Red Hat Linux, Windows 7, Mac OS X, Ubuntu, Debian
       GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux
       Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13245

Title: ESB-2010.0757 - [Win][UNIX/Linux][Mandriva] freetype2: Multiple
       vulnerabilities 
Date:  24 August 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13244

Title: ESB-2010.0756 - [Win][UNIX/Linux][RedHat] openoffice.org: Multiple
       vulnerabilities 
Date:  24 August 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13243

Title: ESB-2010.0755 - [Debian] lvm2: Denial of service - Existing account 
Date:  24 August 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/13242

Title: ESB-2010.0754 - [Debian] linux-2.6: Multiple vulnerabilities 
Date:  24 August 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/13241

Title: ESB-2010.0753 - [Win] Novell iPrint Client: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  23 August 2010
OS:    Windows Vista, Windows XP, Windows 7 
URL:   http://www.auscert.org.au/13238

Title: ESB-2010.0752 - [RedHat] acroread: Multiple vulnerabilities 
Date:  23 August 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13237

Title: ESB-2010.0498.5 - UPDATE [Win][Linux][HP-UX] HP StorageWorks Storage
       Mirroring: Unauthorised access - Remote/unauthenticated 
Date:  24 August 2010
OS:    Windows Server 2008, Other Linux Variants, Windows Vista, Windows
2000,
       SUSE, Windows XP, HP-UX, Ubuntu, Debian GNU/Linux, Windows 7, Red Hat
       Linux, Windows 2003 
URL:   http://www.auscert.org.au/12871

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFMd06M/iFOrG6YcBERAoaZAKC1NnbPLz+EmBU+FdLuBubQ1Jwf3QCgr0CN
+tK8FgoWESLlNJDUEpMQRuU=
=nI/q
-----END PGP SIGNATURE-----