[AusNOG] AusCERT Week in Review - Week Ending 12/02/2010 (AUSCERT#20073f686)

Patrick Mannion patrick at auscert.org.au
Fri Feb 12 16:24:52 EST 2010


AusCERT Week in Review
12 February 2010

Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2010.0052 - [Win] Google Chrome: Denial of service -
       Remote/unauthenticated 
Date:  12 February 2010
URL:   http://www.auscert.org.au/12388

Title: ASB-2010.0053 - [RedHat][Solaris][AIX][SUSE] Novell eDirectory 8.8:
       Denial of service - Remote/unauthenticated 
Date:  12 February 2010
URL:   http://www.auscert.org.au/12389

Title: ASB-2010.0051 - [Appliance] BIG-IP LTM versions 9.3 - 9.3.1: Denial of
       service - Remote/unauthenticated 
Date:  11 February 2010
URL:   http://www.auscert.org.au/12378

Title: ASB-2010.0045.2 - UPDATE [Win][Linux][HP-UX][Solaris][AIX] WebSphere
       Application Server: Access confidential data - Remote/unauthenticated 
Date:  09 February 2010
URL:   http://www.auscert.org.au/12349

Title: ASB-2010.0049 - [Win] Oracle WebLogic Server: Unauthorised access -
       Remote/unauthenticated 
Date:  09 February 2010
URL:   http://www.auscert.org.au/12358

Title: ASB-2010.0050 - ALERT [Win][Mac][OSX] Microsoft Bulletin Notification -
       February Pre-release Announcement 
Date:  09 February 2010
URL:   http://www.auscert.org.au/12360

Title: ASB-2010.0046 - [Linux][HP-UX][Solaris][AIX] WebSphere Application
       Server: Unauthorised access - Remote/unauthenticated 
Date:  08 February 2010
URL:   http://www.auscert.org.au/12350

Title: ASB-2010.0047 - [Netware][Linux] Novell NetStorage: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  08 February 2010
URL:   http://www.auscert.org.au/12352

Title: ASB-2010.0048 - [Win][Linux][BSD][Solaris] Intel Desktop motherboards:
       Increased privileges - Remote/unauthenticated 
Date:  08 February 2010
URL:   http://www.auscert.org.au/12353


External Security Bulletins:
----------------------------
Title: ESB-2009.1582.2 - UPDATE [UNIX] NonStop Kernel: Execute arbitrary
       code/commands - Existing account 
Date:  12 February 2010
OS:    FreeBSD, AIX, OpenBSD, Other BSD Variants, HP-UX, Solaris, HP Tru64
       UNIX, IRIX 
URL:   http://www.auscert.org.au/12040

Title: ESB-2010.0150 - [Win][Linux][Solaris][Mac][OSX] Adobe Flash Player:
       Multiple vulnerabilities 
Date:  12 February 2010
OS:    Solaris, Windows 2003, Red Hat Linux, Windows 7, Mac OS X, Ubuntu,
       Debian GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Other
       Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12390

Title: ESB-2010.0149 - [Win] HP ProLiant Support Pack 8.30 for Windows:
       Multiple vulnerabilities 
Date:  12 February 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/12387

Title: ESB-2010.0148 - [Win][Linux][Solaris] Java Platform, Standard Edition 6
       (Java SE 6): Denial of service - Remote/unauthenticated 
Date:  12 February 2010
OS:    Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
       Ubuntu, Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux
       Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12386

Title: ESB-2010.0147 - [UNIX/Linux][Debian] ajaxterm: Denial of service -
       Remote/unauthenticated 
Date:  12 February 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/12385

Title: ESB-2010.0146 - [Cisco] Cisco IronPort: Multiple vulnerabilities 
Date:  11 February 2010
OS:    Cisco Products 
URL:   http://www.auscert.org.au/12384

Title: ESB-2010.0145 - [Debian] otrs2: Increased privileges - Existing account
Date:  11 February 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12383

Title: ESB-2010.0144 - [Win][Linux][HP-UX][Solaris] Hewlett-Packard: Multiple
       vulnerabilities 
Date:  11 February 2010
OS:    Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
       Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista, Windows
       Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/12382

Title: ESB-2010.0143 - [Win][Linux][HP-UX][Solaris] HP Network Node Manager
       (NNM): Execute arbitrary code/commands - Remote/unauthenticated 
Date:  11 February 2010
OS:    Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
       Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista, Windows
       Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/12381

Title: ESB-2010.0142.2 - UPDATE [UNIX/Linux][Ubuntu] gnome-screensaver:
       Multiple vulnerabilities 
Date:  12 February 2010
OS:    Other Linux Variants, FreeBSD, AIX, OpenBSD, SUSE, Other BSD Variants,
       HP-UX, Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Solaris, HP
       Tru64 UNIX, IRIX 
URL:   http://www.auscert.org.au/12380

Title: ESB-2010.0141 - [Win] Microsoft TLS/SSL: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  11 February 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/12379

Title: ESB-2010.0140 - [RedHat] HelixPlayer: Multiple vulnerabilities 
Date:  10 February 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12377

Title: ESB-2010.0139 - [UNIX/Linux][RedHat] kvm: Multiple vulnerabilities 
Date:  10 February 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/12376

Title: ESB-2010.0138 - [SUSE] SUSE: Multiple vulnerabilities 
Date:  10 February 2010
OS:    SUSE 
URL:   http://www.auscert.org.au/12375

Title: ESB-2010.0137 - [Win] Microsoft Paint: Execute arbitrary code/commands
       - Remote with user interaction 
Date:  10 February 2010
OS:    Windows 2003, Windows XP, Windows 2000 
URL:   http://www.auscert.org.au/12374

Title: ESB-2010.0136 - [Win] Windows Kernel: Administrator compromise -
       Existing account 
Date:  10 February 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/12373

Title: ESB-2010.0135 - [Win] Kerberos: Denial of service - Existing account 
Date:  10 February 2010
OS:    Windows 2003, Windows Server 2008, Windows 2000 
URL:   http://www.auscert.org.au/12372

Title: ESB-2010.0134 - [Win] Microsoft Server Message Block: Multiple
       vulnerabilities 
Date:  10 February 2010
OS:    Windows 2003, Windows XP, Windows 2000 
URL:   http://www.auscert.org.au/12371

Title: ESB-2010.0133 - [Win] Microsoft Windows Client/Server Run-time
       Subsystem: Administrator compromise - Existing account 
Date:  10 February 2010
OS:    Windows 2003, Windows XP, Windows 2000 
URL:   http://www.auscert.org.au/12370

Title: ESB-2010.0132 - [Win] Windows Server 2008 Hyper-V: Denial of service -
       Existing account 
Date:  10 February 2010
OS:    Windows Server 2008 
URL:   http://www.auscert.org.au/12369

Title: ESB-2010.0131 - [Win][Mac][OSX] Microsoft PowerPoint: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  10 February 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Mac
       OS X, Windows Server 2008 
URL:   http://www.auscert.org.au/12368

Title: ESB-2010.0130 - [Win][Mac][OSX] Microsoft Office: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  10 February 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Mac
       OS X, Windows Server 2008 
URL:   http://www.auscert.org.au/12367

Title: ESB-2010.0129 - ALERT [Win] Microsoft DirectShow: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  10 February 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/12366

Title: ESB-2010.0128 - ALERT [Win] Windows TCP/IP v6: Multiple vulnerabilities
Date:  10 February 2010
OS:    Windows Vista, Windows Server 2008 
URL:   http://www.auscert.org.au/12365

Title: ESB-2010.0127 - ALERT [Win] Cumulative Security Update of ActiveX Kill
       Bits: Execute arbitrary code/commands - Remote with user interaction 
Date:  10 February 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/12364

Title: ESB-2010.0126 - ALERT [Win] Microsoft Windows Shell Handler:
       Administrator compromise - Remote/unauthenticated 
Date:  10 February 2010
OS:    Windows 2003, Windows XP, Windows 2000 
URL:   http://www.auscert.org.au/12363

Title: ESB-2010.0125 - ALERT [Win] Microsoft Windows SMB Client: Multiple
       vulnerabilities 
Date:  10 February 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/12362

Title: ESB-2010.0124 - [Win] Multiple Web Servers: Unauthorised access -
       Remote/unauthenticated 
Date:  09 February 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/12361

Title: ESB-2010.0123 - [Win][UNIX/Linux] OTRS: Multiple vulnerabilities 
Date:  09 February 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/12359

Title: ESB-2010.0122 - [Linux][SUSE] kernel: Multiple vulnerabilities 
Date:  09 February 2010
OS:    Red Hat Linux, SUSE, Other Linux Variants, Ubuntu, Debian GNU/Linux 
URL:   http://www.auscert.org.au/12357

Title: ESB-2010.0121 - [HP-UX] Java: Multiple vulnerabilities 
Date:  09 February 2010
OS:    HP-UX 
URL:   http://www.auscert.org.au/12356

Title: ESB-2010.0120 - [Solaris] HP Operations Agent: Unauthorised access -
       Remote/unauthenticated 
Date:  09 February 2010
OS:    Solaris 
URL:   http://www.auscert.org.au/12355

Title: ESB-2010.0119.2 - UPDATE [UNIX/Linux] fetchmail: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  09 February 2010
OS:    Other Linux Variants, FreeBSD, AIX, OpenBSD, SUSE, Other BSD Variants,
       HP-UX, Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Solaris, HP
       Tru64 UNIX, IRIX 
URL:   http://www.auscert.org.au/12354

Title: ESB-2010.0118 - [SUSE] kernel: Multiple vulnerabilities 
Date:  08 February 2010
OS:    SUSE 
URL:   http://www.auscert.org.au/12351

Title: ESB-2010.0117 - [Win] LANDesk: Multiple vulnerabilities 
Date:  08 February 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/12348

Title: ESB-2010.0113.2 - UPDATE [NetBSD] NetBSD: Denial of service - Existing
       account 
Date:  09 February 2010
OS:    Other BSD Variants 
URL:   http://www.auscert.org.au/12340



More information about the AusNOG mailing list