[AusNOG] AusCERT Week in Review - Week Ending 05/02/2010 (AUSCERT#20073F686)
Richard Billington
richard at auscert.org.au
Fri Feb 5 17:59:57 EST 2010
AusCERT Week in Review
05 February 2010
Alerts, Advisories and Updates:
- - -------------------------------
Title: ASB-2010.0042.2 - UPDATE [Win] Internet Explorer 5: Access confidential
data - Remote with user interaction
Date: 05 February 2010
URL: http://www.auscert.org.au/12341
Title: ASB-2010.0040.2 - UPDATE [Win][UNIX/Linux] Squid: Denial of service -
Remote/unauthenticated
Date: 04 February 2010
URL: http://www.auscert.org.au/12324
Title: ASB-2010.0043 - Citrix XenServer: Unauthorised access -
Remote/unauthenticated
Date: 04 February 2010
URL: http://www.auscert.org.au/12342
Title: ASB-2010.0041 - [Win][Linux][Solaris][AIX][Mac][OSX] ColdFusion 9.0:
Access confidential data - Remote/unauthenticated
Date: 03 February 2010
URL: http://www.auscert.org.au/12335
Title: ASB-2010.0038 - [Win][UNIX/Linux] Apache httpd 1.3.41 and earlier:
Execute arbitrary code/commands - Remote/unauthenticated
Date: 02 February 2010
URL: http://www.auscert.org.au/12319
Title: ASB-2010.0039 - [Win] Symantec Altiris Notification Server 6.0.x:
Increased privileges - Existing account
Date: 02 February 2010
URL: http://www.auscert.org.au/12321
Title: ASB-2010.0033.2 - UPDATE [Win][UNIX/Linux] IBM DB2: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 01 February 2010
URL: http://www.auscert.org.au/12306
Title: ASB-2010.0036.2 - UPDATE [Win][UNIX/Linux] Wireshark prior to 1.2.6:
Multiple vulnerabilities
Date: 01 February 2010
URL: http://www.auscert.org.au/12309
Title: ASB-2010.0037 - [Win][UNIX/Linux] MySQL Community Server: Denial of
service - Remote/unauthenticated
Date: 01 February 2010
URL: http://www.auscert.org.au/12318
External Security Bulletins:
- - ----------------------------
Title: ESB-2009.1553.3 - UPDATE [Win][VMware ESX][Linux] VMware vCenter, ESX,
vMA: Multiple vulnerabilities
Date: 01 February 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, Windows 2000,
SUSE, Virtualisation, Windows XP, Ubuntu, Debian GNU/Linux, Windows 7,
Red Hat Linux, Windows 2003
URL: http://www.auscert.org.au/11990
Title: ESB-2009.1092.2 - UPDATE [UNIX/Linux][Debian] git-core: Denial of
service - Remote/unauthenticated
Date: 01 February 2010
OS: Other Linux Variants, FreeBSD, AIX, OpenBSD, Other BSD Variants, HP-UX,
Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Solaris, HP Tru64
UNIX, IRIX
URL: http://www.auscert.org.au/11368
Title: ESB-2010.0116 - [FreeBSD] FreeBSD 6.3: Reduced security -
Unknown/unspecified
Date: 05 February 2010
URL: http://www.auscert.org.au/12345
Title: ESB-2010.0115 - [Linux][Debian] chrony: Denial of service -
Remote/unauthenticated
Date: 05 February 2010
OS: Red Hat Linux, SUSE, Other Linux Variants, Debian GNU/Linux, Ubuntu
URL: http://www.auscert.org.au/12344
Title: ESB-2010.0114 - [Debian] squid/squid3: Denial of service -
Remote/unauthenticated
Date: 05 February 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12343
Title: ESB-2010.0113 - [NetBSD] NetBSD: Denial of service - Existing account
Date: 04 February 2010
OS: Other BSD Variants
URL: http://www.auscert.org.au/12340
Title: ESB-2010.0112 - [Debian] trac-git: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 04 February 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12339
Title: ESB-2010.0111 - [UNIX/Linux] Asterisk: Denial of service -
Remote/unauthenticated
Date: 04 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12337
Title: ESB-2010.0110 - [Win][Linux] HP System Management Homepage (SMH):
Cross-site scripting - Remote with user interaction
Date: 04 February 2010
OS: Windows 2003, Red Hat Linux, Windows 7, Debian GNU/Linux, Ubuntu,
Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux Variants,
Windows Server 2008
URL: http://www.auscert.org.au/12338
Title: ESB-2010.0109 - [Appliance][Mac][OSX] iPhone OS 3.1.3: Multiple
vulnerabilities
Date: 03 February 2010
OS: Mac OS X
URL: http://www.auscert.org.au/12334
Title: ESB-2010.0108 - [Debian] qt4-x11: Multiple vulnerabilities
Date: 03 February 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12333
Title: ESB-2010.0107 - [HP-UX] HP Enterprise Cluster Master Toolkit (ECMT):
Unauthorised access - Existing account
Date: 03 February 2010
OS: HP-UX
URL: http://www.auscert.org.au/12332
Title: ESB-2010.0106 - [Win][UNIX/Linux][Debian] moodle: Multiple
vulnerabilities
Date: 03 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12331
Title: ESB-2010.0105 - HP OpenVMS RMS: Increased privileges - Existing account
Date: 03 February 2010
URL: http://www.auscert.org.au/12330
Title: ESB-2010.0104 - [Win][UNIX/Linux][Debian] lighttpd: Denial of service -
Remote/unauthenticated
Date: 03 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12329
Title: ESB-2010.0103 - [UNIX/Linux][Debian] fuse: Denial of service - Existing
account
Date: 03 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/12328
Title: ESB-2010.0102 - [Win][UNIX/Linux] BIND: Execute arbitrary code/commands
- Remote/unauthenticated
Date: 03 February 2010
OS: Windows 7, Red Hat Linux, Windows 2003, Solaris, HP Tru64 UNIX, IRIX,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12327
Title: ESB-2010.0101 - [RedHat] kernel: Multiple vulnerabilities
Date: 03 February 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12326
Title: ESB-2010.0100 - [SUSE][OpenSUSE] SUSE: Multiple vulnerabilities
Date: 02 February 2010
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/12325
Title: ESB-2010.0099 - [Win] Corel Paint Shop Pro Photo X2: Execute arbitrary
code/commands - Remote with user interaction
Date: 02 February 2010
OS: Windows Vista, Windows XP, Windows 7
URL: http://www.auscert.org.au/12323
Title: ESB-2010.0098 - [Cisco] Core Security Technologies: Cross-site
scripting - Remote/unauthenticated
Date: 02 February 2010
OS: Cisco Products
URL: http://www.auscert.org.au/12322
Title: ESB-2010.0097 - [Win][UNIX/Linux] Bugzilla: Access confidential data -
Remote/unauthenticated
Date: 02 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12320
Title: ESB-2010.0096 - [Debian] sendmail: Provide misleading information -
Remote with user interaction
Date: 01 February 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12315
Title: ESB-2010.0095 - [Debian] wireshark: Multiple vulnerabilities
Date: 01 February 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12317
Title: ESB-2010.0094 - [Debian] libxerces: Denial of service -
Remote/unauthenticated
Date: 01 February 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12316
Title: ESB-2010.0093 - [UNIX/Linux][Debian] hybserv: Denial of service -
Remote/unauthenticated
Date: 01 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/12314
Title: ESB-2010.0092 - [Win][VMware ESX][Linux] VMWare: Multiple
vulnerabilities
Date: 01 February 2010
OS: Windows 2003, Red Hat Linux, Windows 7, Debian GNU/Linux, Ubuntu,
Windows XP, Virtualisation, SUSE, Windows 2000, Windows Vista, Other
Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12313
Title: ESB-2010.0090.2 - UPDATE [UNIX/Linux][Debian] maildrop: Root compromise
- Existing account
Date: 01 February 2010
OS: Other Linux Variants, FreeBSD, AIX, OpenBSD, SUSE, Other BSD Variants,
HP-UX, Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Solaris, HP
Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/12310
Title: ESB-2010.0036.2 - UPDATE [NetBSD] OpenSSL TLS: Unauthorised access -
Remote/unauthenticated
Date: 03 February 2010
OS: Other BSD Variants
URL: http://www.auscert.org.au/12229
Title: ESB-2010.0035.2 - UPDATE [NetBSD] VFS: Denial of service - Existing
account
Date: 03 February 2010
OS: Other BSD Variants
URL: http://www.auscert.org.au/12228
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list