[AusNOG] AusCERT Week in Review - Week Ending 19/02/2010 (AUSCERT#20073f686)
Jonathan Levine
jonathan at auscert.org.au
Fri Feb 19 16:26:00 EST 2010
AusCERT Week in Review
19 February 2010
Web Log Entries:
- ----------------
Title: Microsoft discovers rootkit causing blue screen after Windows XP
patch
Date: 17 February 2010
URL: http://www.auscert.org.au/12416
Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2010.0027.2 - UPDATE [Win] Google Chrome: Multiple
vulnerabilities
Date: 19 February 2010
URL: http://www.auscert.org.au/12291
Title: ASB-2010.0052.3 - UPDATE [Win] Google Chrome: Multiple
vulnerabilities
Date: 19 February 2010
URL: http://www.auscert.org.au/12388
Title: ASB-2010.0057 - [RedHat][SUSE] Novell Kerberos KDC prior to 1.5-41:
Execute arbitrary code/commands - Remote/unauthenticated
Date: 19 February 2010
URL: http://www.auscert.org.au/12425
Title: ASB-2010.0056 - ALERT [Win][UNIX/Linux] Firefox, Thunderbird and
Seamonkey: Multiple vulnerabilities
Date: 18 February 2010
URL: http://www.auscert.org.au/12411
Title: ASB-2010.0054 - [Win][UNIX/Linux] WordPress 2.9.1 and prior: Access
confidential data - Existing account
Date: 16 February 2010
URL: http://www.auscert.org.au/12399
Title: ASB-2010.0055 - [Win][UNIX/Linux] ModSecurity 2.5.11 and prior:
Multiple vulnerabilities
Date: 16 February 2010
URL: http://www.auscert.org.au/12400
Title: ASB-2010.0043.2 - UPDATE Citrix XenServer: Unauthorised access -
Remote/unauthenticated
Date: 15 February 2010
URL: http://www.auscert.org.au/12342
External Security Bulletins:
- ----------------------------
Title: ESB-2009.1553.4 - UPDATE [Win][VMware ESX][Linux] VMware vCenter,
ESX,
vMA: Multiple vulnerabilities
Date: 17 February 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, Windows
2000,
SUSE, Virtualisation, Windows XP, Ubuntu, Debian GNU/Linux, Windows
7,
Red Hat Linux, Windows 2003
URL: http://www.auscert.org.au/11990
Title: ESB-2009.1546.2 - UPDATE [Solaris][OpenSolaris] SAMBA(7): Multiple
vulnerabilities
Date: 16 February 2010
OS: Solaris
URL: http://www.auscert.org.au/11979
Title: ESB-2010.0179 - [Win] Symantec: Execute arbitrary code/commands -
Remote with user interaction
Date: 19 February 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12424
Title: ESB-2010.0178 - [UNIX/Linux][Mandriva] netpbm: Execute arbitrary
code/commands - Remote with user interaction
Date: 19 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12423
Title: ESB-2010.0177 - [Win] IBM Cognos Server 9.0: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 19 February 2010
OS: Windows 2003
URL: http://www.auscert.org.au/12422
Title: ESB-2010.0176 - [SUSE] kernel: Multiple vulnerabilities
Date: 19 February 2010
OS: SUSE
URL: http://www.auscert.org.au/12421
Title: ESB-2010.0175 - [Win][UNIX/Linux][Debian] ffmpeg-debian: Execute
arbitrary code/commands - Remote with user interaction
Date: 19 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12420
Title: ESB-2010.0174 - [Debian] xulrunner: Multiple vulnerabilities
Date: 19 February 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12419
Title: ESB-2010.0173.2 - UPDATE [Win][UNIX/Linux][RedHat] pidgin: Denial of
service - Remote/unauthenticated
Date: 19 February 2010
OS: Red Hat Linux, Solaris, HP Tru64 UNIX, IRIX, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12418
Title: ESB-2010.0172 - [RedHat] acroread: Execute arbitrary code/commands -
Remote with user interaction
Date: 19 February 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12417
Title: ESB-2010.0171 - [Cisco] Cisco ASA 5500 Series Adaptive Security
Appliances: Multiple vulnerabilities
Date: 18 February 2010
OS: Cisco Products
URL: http://www.auscert.org.au/12415
Title: ESB-2010.0170 - [Cisco] Cisco Firewall Services Module: Denial of
service - Remote/unauthenticated
Date: 18 February 2010
OS: Cisco Products
URL: http://www.auscert.org.au/12414
Title: ESB-2010.0169 - [Win][UNIX/Linux] Cisco Security Agent: Multiple
vulnerabilities
Date: 18 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Cisco Products, Windows 2003, Red Hat
Linux, Windows 7, Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP,
HP-UX, Other BSD Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows
Vista, FreeBSD, Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12413
Title: ESB-2010.0168 - [RedHat] firefox and seamonkey: Multiple
vulnerabilities
Date: 18 February 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12412
Title: ESB-2010.0167 - [Win][UNIX/Linux] Drupal (Third-party modules):
Cross-site scripting - Remote with user interaction
Date: 18 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12410
Title: ESB-2010.0166 - [Debian] kdelibs: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 18 February 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12409
Title: ESB-2010.0165 - [SUSE] SUSE: Multiple vulnerabilities
Date: 17 February 2010
OS: SUSE
URL: http://www.auscert.org.au/12408
Title: ESB-2010.0164 - [UNIX/Linux] krb5-1.7: Denial of service -
Remote/unauthenticated
Date: 17 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12407
Title: ESB-2010.0163 - [VMware ESX] VMware ESX 3.5: Denial of service -
Remote/unauthenticated
Date: 17 February 2010
OS: Virtualisation
URL: http://www.auscert.org.au/12406
Title: ESB-2010.0162 - [RedHat] kernel: Denial of service - Remote with user
interaction
Date: 17 February 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12405
Title: ESB-2010.0161 - [RedHat] mysql: Multiple vulnerabilities
Date: 17 February 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12404
Title: ESB-2010.0160 - [RedHat] NetworkManager: Unauthorised access - Remote
with user interaction
Date: 17 February 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12403
Title: ESB-2010.0159.2 - UPDATE [Win][UNIX/Linux] Adobe Reader and Adobe
Acrobat: Multiple vulnerabilities
Date: 17 February 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
2003, Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/12402
Title: ESB-2010.0158 - [Win][UNIX/Linux] ColdFusion, BlazeDS, LiveCycle and
Flex Data Services: Access confidential data - Remote with user
interaction
Date: 16 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12401
Title: ESB-2010.0157.2 - UPDATE [Win][UNIX/Linux] Squid: Denial of service -
Remote/unauthenticated
Date: 16 February 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
2003, Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/12398
Title: ESB-2010.0156 - [Win] Panda ActiveScan: Execute arbitrary
code/commands
- Remote with user interaction
Date: 15 February 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12397
Title: ESB-2010.0155 - [Linux][Debian] kernel: Multiple vulnerabilities
Date: 15 February 2010
OS: Red Hat Linux, SUSE, Other Linux Variants, Debian GNU/Linux, Ubuntu
URL: http://www.auscert.org.au/12396
Title: ESB-2010.0154 - [Win][UNIX/Linux][Debian] mysql-dfsg-5.0: Multiple
vulnerabilities
Date: 15 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12395
Title: ESB-2010.0153 - [Debian] OpenOffice.org: Execute arbitrary
code/commands - Remote with user interaction
Date: 15 February 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12394
Title: ESB-2010.0152 - [Win][UNIX/Linux][RedHat] OpenOffice.org: Execute
arbitrary code/commands - Remote with user interaction
Date: 15 February 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12393
Title: ESB-2010.0151 - [RedHat] flash-plugin: Multiple vulnerabilities
Date: 15 February 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12392
Title: ESB-2010.0144.2 - UPDATE [Win][Linux][HP-UX][Solaris]
Hewlett-Packard:
Multiple vulnerabilities
Date: 15 February 2010
OS: Other Linux Variants, Windows Server 2008, Windows Vista, Windows
2000,
SUSE, HP-UX, Windows XP, Ubuntu, Debian GNU/Linux, Windows 7, Red Hat
Linux, Windows 2003, Solaris
URL: http://www.auscert.org.au/12382
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFLfh///iFOrG6YcBERAv62AJ9oC4MufFNbIhz1aSeyAPz78fpeEwCgusCx
hvVHdIHkuob3MguAy+zonOw=
=PMuk
-----END PGP SIGNATURE-----
More information about the AusNOG
mailing list