[AusNOG] AusCERT Week in Review - Week Ending 05/02/2010 (AUSCERT#20073F686)

Richard Billington richard at auscert.org.au
Fri Feb 5 17:59:57 EST 2010


AusCERT Week in Review
05 February 2010


Alerts, Advisories and Updates:
- - -------------------------------
Title: ASB-2010.0042.2 - UPDATE [Win] Internet Explorer 5: Access confidential
       data - Remote with user interaction 
Date:  05 February 2010
URL:   http://www.auscert.org.au/12341

Title: ASB-2010.0040.2 - UPDATE [Win][UNIX/Linux] Squid: Denial of service -
       Remote/unauthenticated 
Date:  04 February 2010
URL:   http://www.auscert.org.au/12324

Title: ASB-2010.0043 - Citrix XenServer: Unauthorised access -
       Remote/unauthenticated 
Date:  04 February 2010
URL:   http://www.auscert.org.au/12342

Title: ASB-2010.0041 - [Win][Linux][Solaris][AIX][Mac][OSX] ColdFusion 9.0:
       Access confidential data - Remote/unauthenticated 
Date:  03 February 2010
URL:   http://www.auscert.org.au/12335

Title: ASB-2010.0038 - [Win][UNIX/Linux] Apache httpd 1.3.41 and earlier:
       Execute arbitrary code/commands - Remote/unauthenticated 
Date:  02 February 2010
URL:   http://www.auscert.org.au/12319

Title: ASB-2010.0039 - [Win] Symantec Altiris Notification Server 6.0.x:
       Increased privileges - Existing account 
Date:  02 February 2010
URL:   http://www.auscert.org.au/12321

Title: ASB-2010.0033.2 - UPDATE [Win][UNIX/Linux] IBM DB2: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  01 February 2010
URL:   http://www.auscert.org.au/12306

Title: ASB-2010.0036.2 - UPDATE [Win][UNIX/Linux] Wireshark prior to 1.2.6:
       Multiple vulnerabilities 
Date:  01 February 2010
URL:   http://www.auscert.org.au/12309

Title: ASB-2010.0037 - [Win][UNIX/Linux] MySQL Community Server: Denial of
       service - Remote/unauthenticated 
Date:  01 February 2010
URL:   http://www.auscert.org.au/12318


External Security Bulletins:
- - ----------------------------
Title: ESB-2009.1553.3 - UPDATE [Win][VMware ESX][Linux] VMware vCenter, ESX,
       vMA: Multiple vulnerabilities 
Date:  01 February 2010
OS:    Windows Server 2008, Other Linux Variants, Windows Vista, Windows 2000,
       SUSE, Virtualisation, Windows XP, Ubuntu, Debian GNU/Linux, Windows 7,
       Red Hat Linux, Windows 2003 
URL:   http://www.auscert.org.au/11990

Title: ESB-2009.1092.2 - UPDATE [UNIX/Linux][Debian] git-core: Denial of
       service - Remote/unauthenticated 
Date:  01 February 2010
OS:    Other Linux Variants, FreeBSD, AIX, OpenBSD, Other BSD Variants, HP-UX,
       Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Solaris, HP Tru64
       UNIX, IRIX 
URL:   http://www.auscert.org.au/11368

Title: ESB-2010.0116 - [FreeBSD] FreeBSD 6.3: Reduced security -
       Unknown/unspecified 
Date:  05 February 2010
URL:   http://www.auscert.org.au/12345

Title: ESB-2010.0115 - [Linux][Debian] chrony: Denial of service -
       Remote/unauthenticated 
Date:  05 February 2010
OS:    Red Hat Linux, SUSE, Other Linux Variants, Debian GNU/Linux, Ubuntu 
URL:   http://www.auscert.org.au/12344

Title: ESB-2010.0114 - [Debian] squid/squid3: Denial of service -
       Remote/unauthenticated 
Date:  05 February 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12343

Title: ESB-2010.0113 - [NetBSD] NetBSD: Denial of service - Existing account 
Date:  04 February 2010
OS:    Other BSD Variants 
URL:   http://www.auscert.org.au/12340

Title: ESB-2010.0112 - [Debian] trac-git: Execute arbitrary code/commands -
       Remote/unauthenticated 
Date:  04 February 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12339

Title: ESB-2010.0111 - [UNIX/Linux] Asterisk: Denial of service -
       Remote/unauthenticated 
Date:  04 February 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/12337

Title: ESB-2010.0110 - [Win][Linux] HP System Management Homepage (SMH):
       Cross-site scripting - Remote with user interaction 
Date:  04 February 2010
OS:    Windows 2003, Red Hat Linux, Windows 7, Debian GNU/Linux, Ubuntu,
       Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux Variants,
       Windows Server 2008 
URL:   http://www.auscert.org.au/12338

Title: ESB-2010.0109 - [Appliance][Mac][OSX] iPhone OS 3.1.3: Multiple
       vulnerabilities 
Date:  03 February 2010
OS:    Mac OS X 
URL:   http://www.auscert.org.au/12334

Title: ESB-2010.0108 - [Debian] qt4-x11: Multiple vulnerabilities 
Date:  03 February 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12333

Title: ESB-2010.0107 - [HP-UX] HP Enterprise Cluster Master Toolkit (ECMT):
       Unauthorised access - Existing account 
Date:  03 February 2010
OS:    HP-UX 
URL:   http://www.auscert.org.au/12332

Title: ESB-2010.0106 - [Win][UNIX/Linux][Debian] moodle: Multiple
       vulnerabilities 
Date:  03 February 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12331

Title: ESB-2010.0105 - HP OpenVMS RMS: Increased privileges - Existing account
Date:  03 February 2010
URL:   http://www.auscert.org.au/12330

Title: ESB-2010.0104 - [Win][UNIX/Linux][Debian] lighttpd: Denial of service -
       Remote/unauthenticated 
Date:  03 February 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12329

Title: ESB-2010.0103 - [UNIX/Linux][Debian] fuse: Denial of service - Existing
       account 
Date:  03 February 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/12328

Title: ESB-2010.0102 - [Win][UNIX/Linux] BIND: Execute arbitrary code/commands
       - Remote/unauthenticated 
Date:  03 February 2010
OS:    Windows 7, Red Hat Linux, Windows 2003, Solaris, HP Tru64 UNIX, IRIX,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/12327

Title: ESB-2010.0101 - [RedHat] kernel: Multiple vulnerabilities 
Date:  03 February 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12326

Title: ESB-2010.0100 - [SUSE][OpenSUSE] SUSE: Multiple vulnerabilities 
Date:  02 February 2010
OS:    Other Linux Variants, SUSE 
URL:   http://www.auscert.org.au/12325

Title: ESB-2010.0099 - [Win] Corel Paint Shop Pro Photo X2: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  02 February 2010
OS:    Windows Vista, Windows XP, Windows 7 
URL:   http://www.auscert.org.au/12323

Title: ESB-2010.0098 - [Cisco] Core Security Technologies: Cross-site
       scripting - Remote/unauthenticated 
Date:  02 February 2010
OS:    Cisco Products 
URL:   http://www.auscert.org.au/12322

Title: ESB-2010.0097 - [Win][UNIX/Linux] Bugzilla: Access confidential data -
       Remote/unauthenticated 
Date:  02 February 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12320

Title: ESB-2010.0096 - [Debian] sendmail: Provide misleading information -
       Remote with user interaction 
Date:  01 February 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12315

Title: ESB-2010.0095 - [Debian] wireshark: Multiple vulnerabilities 
Date:  01 February 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12317

Title: ESB-2010.0094 - [Debian] libxerces: Denial of service -
       Remote/unauthenticated 
Date:  01 February 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12316

Title: ESB-2010.0093 - [UNIX/Linux][Debian] hybserv: Denial of service -
       Remote/unauthenticated 
Date:  01 February 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/12314

Title: ESB-2010.0092 - [Win][VMware ESX][Linux] VMWare: Multiple
       vulnerabilities 
Date:  01 February 2010
OS:    Windows 2003, Red Hat Linux, Windows 7, Debian GNU/Linux, Ubuntu,
       Windows XP, Virtualisation, SUSE, Windows 2000, Windows Vista, Other
       Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12313

Title: ESB-2010.0090.2 - UPDATE [UNIX/Linux][Debian] maildrop: Root compromise
       - Existing account 
Date:  01 February 2010
OS:    Other Linux Variants, FreeBSD, AIX, OpenBSD, SUSE, Other BSD Variants,
       HP-UX, Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Solaris, HP
       Tru64 UNIX, IRIX 
URL:   http://www.auscert.org.au/12310

Title: ESB-2010.0036.2 - UPDATE [NetBSD] OpenSSL TLS: Unauthorised access -
       Remote/unauthenticated 
Date:  03 February 2010
OS:    Other BSD Variants 
URL:   http://www.auscert.org.au/12229

Title: ESB-2010.0035.2 - UPDATE [NetBSD] VFS: Denial of service - Existing
       account 
Date:  03 February 2010
OS:    Other BSD Variants 
URL:   http://www.auscert.org.au/12228


===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================



More information about the AusNOG mailing list