[AusNOG] AusCERT Week in Review - Week Ending 12/02/2010 (AUSCERT#20073f686)
Patrick Mannion
patrick at auscert.org.au
Fri Feb 12 16:24:52 EST 2010
AusCERT Week in Review
12 February 2010
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2010.0052 - [Win] Google Chrome: Denial of service -
Remote/unauthenticated
Date: 12 February 2010
URL: http://www.auscert.org.au/12388
Title: ASB-2010.0053 - [RedHat][Solaris][AIX][SUSE] Novell eDirectory 8.8:
Denial of service - Remote/unauthenticated
Date: 12 February 2010
URL: http://www.auscert.org.au/12389
Title: ASB-2010.0051 - [Appliance] BIG-IP LTM versions 9.3 - 9.3.1: Denial of
service - Remote/unauthenticated
Date: 11 February 2010
URL: http://www.auscert.org.au/12378
Title: ASB-2010.0045.2 - UPDATE [Win][Linux][HP-UX][Solaris][AIX] WebSphere
Application Server: Access confidential data - Remote/unauthenticated
Date: 09 February 2010
URL: http://www.auscert.org.au/12349
Title: ASB-2010.0049 - [Win] Oracle WebLogic Server: Unauthorised access -
Remote/unauthenticated
Date: 09 February 2010
URL: http://www.auscert.org.au/12358
Title: ASB-2010.0050 - ALERT [Win][Mac][OSX] Microsoft Bulletin Notification -
February Pre-release Announcement
Date: 09 February 2010
URL: http://www.auscert.org.au/12360
Title: ASB-2010.0046 - [Linux][HP-UX][Solaris][AIX] WebSphere Application
Server: Unauthorised access - Remote/unauthenticated
Date: 08 February 2010
URL: http://www.auscert.org.au/12350
Title: ASB-2010.0047 - [Netware][Linux] Novell NetStorage: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 08 February 2010
URL: http://www.auscert.org.au/12352
Title: ASB-2010.0048 - [Win][Linux][BSD][Solaris] Intel Desktop motherboards:
Increased privileges - Remote/unauthenticated
Date: 08 February 2010
URL: http://www.auscert.org.au/12353
External Security Bulletins:
----------------------------
Title: ESB-2009.1582.2 - UPDATE [UNIX] NonStop Kernel: Execute arbitrary
code/commands - Existing account
Date: 12 February 2010
OS: FreeBSD, AIX, OpenBSD, Other BSD Variants, HP-UX, Solaris, HP Tru64
UNIX, IRIX
URL: http://www.auscert.org.au/12040
Title: ESB-2010.0150 - [Win][Linux][Solaris][Mac][OSX] Adobe Flash Player:
Multiple vulnerabilities
Date: 12 February 2010
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Mac OS X, Ubuntu,
Debian GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Other
Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12390
Title: ESB-2010.0149 - [Win] HP ProLiant Support Pack 8.30 for Windows:
Multiple vulnerabilities
Date: 12 February 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12387
Title: ESB-2010.0148 - [Win][Linux][Solaris] Java Platform, Standard Edition 6
(Java SE 6): Denial of service - Remote/unauthenticated
Date: 12 February 2010
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/12386
Title: ESB-2010.0147 - [UNIX/Linux][Debian] ajaxterm: Denial of service -
Remote/unauthenticated
Date: 12 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/12385
Title: ESB-2010.0146 - [Cisco] Cisco IronPort: Multiple vulnerabilities
Date: 11 February 2010
OS: Cisco Products
URL: http://www.auscert.org.au/12384
Title: ESB-2010.0145 - [Debian] otrs2: Increased privileges - Existing account
Date: 11 February 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12383
Title: ESB-2010.0144 - [Win][Linux][HP-UX][Solaris] Hewlett-Packard: Multiple
vulnerabilities
Date: 11 February 2010
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12382
Title: ESB-2010.0143 - [Win][Linux][HP-UX][Solaris] HP Network Node Manager
(NNM): Execute arbitrary code/commands - Remote/unauthenticated
Date: 11 February 2010
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12381
Title: ESB-2010.0142.2 - UPDATE [UNIX/Linux][Ubuntu] gnome-screensaver:
Multiple vulnerabilities
Date: 12 February 2010
OS: Other Linux Variants, FreeBSD, AIX, OpenBSD, SUSE, Other BSD Variants,
HP-UX, Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Solaris, HP
Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/12380
Title: ESB-2010.0141 - [Win] Microsoft TLS/SSL: Execute arbitrary
code/commands - Remote with user interaction
Date: 11 February 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12379
Title: ESB-2010.0140 - [RedHat] HelixPlayer: Multiple vulnerabilities
Date: 10 February 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12377
Title: ESB-2010.0139 - [UNIX/Linux][RedHat] kvm: Multiple vulnerabilities
Date: 10 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12376
Title: ESB-2010.0138 - [SUSE] SUSE: Multiple vulnerabilities
Date: 10 February 2010
OS: SUSE
URL: http://www.auscert.org.au/12375
Title: ESB-2010.0137 - [Win] Microsoft Paint: Execute arbitrary code/commands
- Remote with user interaction
Date: 10 February 2010
OS: Windows 2003, Windows XP, Windows 2000
URL: http://www.auscert.org.au/12374
Title: ESB-2010.0136 - [Win] Windows Kernel: Administrator compromise -
Existing account
Date: 10 February 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12373
Title: ESB-2010.0135 - [Win] Kerberos: Denial of service - Existing account
Date: 10 February 2010
OS: Windows 2003, Windows Server 2008, Windows 2000
URL: http://www.auscert.org.au/12372
Title: ESB-2010.0134 - [Win] Microsoft Server Message Block: Multiple
vulnerabilities
Date: 10 February 2010
OS: Windows 2003, Windows XP, Windows 2000
URL: http://www.auscert.org.au/12371
Title: ESB-2010.0133 - [Win] Microsoft Windows Client/Server Run-time
Subsystem: Administrator compromise - Existing account
Date: 10 February 2010
OS: Windows 2003, Windows XP, Windows 2000
URL: http://www.auscert.org.au/12370
Title: ESB-2010.0132 - [Win] Windows Server 2008 Hyper-V: Denial of service -
Existing account
Date: 10 February 2010
OS: Windows Server 2008
URL: http://www.auscert.org.au/12369
Title: ESB-2010.0131 - [Win][Mac][OSX] Microsoft PowerPoint: Execute arbitrary
code/commands - Remote with user interaction
Date: 10 February 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Mac
OS X, Windows Server 2008
URL: http://www.auscert.org.au/12368
Title: ESB-2010.0130 - [Win][Mac][OSX] Microsoft Office: Execute arbitrary
code/commands - Remote with user interaction
Date: 10 February 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Mac
OS X, Windows Server 2008
URL: http://www.auscert.org.au/12367
Title: ESB-2010.0129 - ALERT [Win] Microsoft DirectShow: Execute arbitrary
code/commands - Remote with user interaction
Date: 10 February 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12366
Title: ESB-2010.0128 - ALERT [Win] Windows TCP/IP v6: Multiple vulnerabilities
Date: 10 February 2010
OS: Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/12365
Title: ESB-2010.0127 - ALERT [Win] Cumulative Security Update of ActiveX Kill
Bits: Execute arbitrary code/commands - Remote with user interaction
Date: 10 February 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12364
Title: ESB-2010.0126 - ALERT [Win] Microsoft Windows Shell Handler:
Administrator compromise - Remote/unauthenticated
Date: 10 February 2010
OS: Windows 2003, Windows XP, Windows 2000
URL: http://www.auscert.org.au/12363
Title: ESB-2010.0125 - ALERT [Win] Microsoft Windows SMB Client: Multiple
vulnerabilities
Date: 10 February 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12362
Title: ESB-2010.0124 - [Win] Multiple Web Servers: Unauthorised access -
Remote/unauthenticated
Date: 09 February 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12361
Title: ESB-2010.0123 - [Win][UNIX/Linux] OTRS: Multiple vulnerabilities
Date: 09 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12359
Title: ESB-2010.0122 - [Linux][SUSE] kernel: Multiple vulnerabilities
Date: 09 February 2010
OS: Red Hat Linux, SUSE, Other Linux Variants, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/12357
Title: ESB-2010.0121 - [HP-UX] Java: Multiple vulnerabilities
Date: 09 February 2010
OS: HP-UX
URL: http://www.auscert.org.au/12356
Title: ESB-2010.0120 - [Solaris] HP Operations Agent: Unauthorised access -
Remote/unauthenticated
Date: 09 February 2010
OS: Solaris
URL: http://www.auscert.org.au/12355
Title: ESB-2010.0119.2 - UPDATE [UNIX/Linux] fetchmail: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 09 February 2010
OS: Other Linux Variants, FreeBSD, AIX, OpenBSD, SUSE, Other BSD Variants,
HP-UX, Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Solaris, HP
Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/12354
Title: ESB-2010.0118 - [SUSE] kernel: Multiple vulnerabilities
Date: 08 February 2010
OS: SUSE
URL: http://www.auscert.org.au/12351
Title: ESB-2010.0117 - [Win] LANDesk: Multiple vulnerabilities
Date: 08 February 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12348
Title: ESB-2010.0113.2 - UPDATE [NetBSD] NetBSD: Denial of service - Existing
account
Date: 09 February 2010
OS: Other BSD Variants
URL: http://www.auscert.org.au/12340
More information about the AusNOG
mailing list