[AusNOG] AusCERT Week in Review - Week Ending 26/02/2010 (AUSCERT#20073F686)

Jonathan Levine jonathan at auscert.org.au
Fri Feb 26 16:09:44 EST 2010


AusCERT Week in Review
26 February 2010

Papers, Articles and other documents:
- -------------------------------------
Title: National Information Technology Alert Service and National IT
Incident
       Reporting Scheme 
Date:  24 February 2010
URL:   http://www.auscert.org.au/12453

Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2010.0060 - [Appliance] Blue Coat SGOS 4, SGOS 5, Packetshaper
and
       ProxyClient: Provide misleading information - Remote/unauthenticated 
Date:  25 February 2010
URL:   http://www.auscert.org.au/12450

Title: ASB-2010.0061.2 - UPDATE [Win][Linux][HP-UX][Solaris][AIX] IBM
       Websphere Portal Portlet Palette: Cross-site scripting -
       Remote/unauthenticated 
Date:  25 February 2010
URL:   http://www.auscert.org.au/12451

Title: ASB-2010.0062 - [Win][UNIX/Linux] ActivePerl: Denial of service -
       Remote with user interaction 
Date:  25 February 2010
URL:   http://www.auscert.org.au/12452

Title: ASB-2010.0063 - [Win][UNIX/Linux] Typo3 4.2.11 and prior: Access
       privileged data - Existing account 
Date:  25 February 2010
URL:   http://www.auscert.org.au/12454

Title: ASB-2010.0058 - [Win][UNIX/Linux] IBM Tivoli Identity Manager 5.1:
       Multiple vulnerabilities 
Date:  23 February 2010
URL:   http://www.auscert.org.au/12433

Title: ASB-2010.0059 - [Linux] Linux Kernel 2.6: Denial of service -
       Remote/unauthenticated 
Date:  23 February 2010
URL:   http://www.auscert.org.au/12434

External Security Bulletins:
- ----------------------------
Title: ESB-2010.0203 - [Win][Linux][HP-UX][Solaris][AIX] IBM Websphere
Portal
       Server and Lotus Web Content Management: Cross-site scripting -
Remote
       with user interaction 
Date:  26 February 2010
OS:    Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
       Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/12458

Title: ESB-2010.0202.2 - UPDATE [Solaris] Sun Java System Directory Server:
       Denial of service - Remote/unauthenticated 
Date:  26 February 2010
OS:    Solaris 
URL:   http://www.auscert.org.au/12457

Title: ESB-2010.0201 - [UNIX/Linux] KDE 4.4.0: Unauthorised access -
       Console/physical 
Date:  25 February 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/12456

Title: ESB-2010.0200 - [Win][UNIX/Linux] iTweak Upload (Drupal third-party
       module): Cross-site scripting - Existing account 
Date:  25 February 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/12455

Title: ESB-2010.0199 - [UNIX/Linux] cronie: Increased privileges - Remote
with
       user interaction 
Date:  25 February 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/12449

Title: ESB-2010.0198 - [Appliance] Avaya CMS and Avaya IR: Multiple
       vulnerabilities 
Date:  25 February 2010
URL:   http://www.auscert.org.au/12448

Title: ESB-2010.0197 - [Appliance] Avaya Multiple Products: Execute
arbitrary
       code/commands - Remote with user interaction 
Date:  25 February 2010
URL:   http://www.auscert.org.au/12447

Title: ESB-2010.0196 - [Win][UNIX/Linux] Weekly Archive by Node Type (Drupal
       third-party module): Unauthorised access - Remote/unauthenticated 
Date:  25 February 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12446

Title: ESB-2010.0195 - [Win] Adobe Download Manager: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  24 February 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/12445

Title: ESB-2010.0194 - [Win][HP-UX][Solaris] CA eHealth Performance Manager:
       Cross-site scripting - Remote with user interaction 
Date:  24 February 2010
OS:    Solaris, Windows 2003, HP-UX, Windows XP, Windows 2000, Windows 7,
       Windows Vista, Windows Server 2008 
URL:   http://www.auscert.org.au/12443

Title: ESB-2010.0193 - [Win][Linux][Solaris] EMC HomeBase Server: Execute
       arbitrary code/commands - Remote/unauthenticated 
Date:  24 February 2010
OS:    Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
       Ubuntu, Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux
       Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12442

Title: ESB-2010.0192 - [Win][RedHat] Symantec IM Manager: Cross-site
scripting
       - Remote with user interaction 
Date:  24 February 2010
OS:    Windows 2003, Red Hat Linux, Windows XP, Windows 2000, Windows 7,
       Windows Vista, Windows Server 2008 
URL:   http://www.auscert.org.au/12441

Title: ESB-2010.0191 - [Win][UNIX/Linux] Content Distribution (Drupal
       third-party module): Modify arbitrary files - Remote with user
       interaction 
Date:  24 February 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12440

Title: ESB-2010.0190 - [Solaris][OpenSolaris] xntpd(1M): Denial of service -
       Remote/unauthenticated 
Date:  24 February 2010
OS:    Solaris 
URL:   http://www.auscert.org.au/12439

Title: ESB-2010.0189 - [SUSE][OpenSUSE] Multiple products: Multiple
       vulnerabilities 
Date:  24 February 2010
OS:    Other Linux Variants, SUSE 
URL:   http://www.auscert.org.au/12438

Title: ESB-2010.0188.2 - UPDATE [Win][UNIX/Linux] CA Service Desk:
Cross-site
       scripting - Remote with user interaction 
Date:  24 February 2010
OS:    Windows 2000, OpenBSD, SUSE, Other BSD Variants, Windows XP, HP-UX,
       Debian GNU/Linux, Ubuntu, Mac OS X, Windows 7, Windows 2003, Red Hat
       Linux, Solaris, HP Tru64 UNIX, IRIX, AIX, FreeBSD, Windows Vista,
Other
       Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/12437

Title: ESB-2010.0187 - [RedHat] JBoss Enterprise Web Server: Multiple
       vulnerabilities 
Date:  24 February 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/12436

Title: ESB-2010.0186 - [Debian] linux-2.6: Multiple vulnerabilities 
Date:  23 February 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12435

Title: ESB-2010.0185 - [Win] Symantec AntiVirus and Client Security: Denial
of
       service - Remote with user interaction 
Date:  22 February 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/12432

Title: ESB-2010.0184 - [Win] Symantec AntiVirus, Client Security and
Endpoint
       Protection: Reduced security - Existing account 
Date:  22 February 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/12431

Title: ESB-2010.0183 - [Debian] polipo: Denial of service -
       Remote/unauthenticated 
Date:  22 February 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12430

Title: ESB-2010.0182 - [Debian] php5: Multiple vulnerabilities 
Date:  22 February 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/12429

Title: ESB-2010.0181 - [RedHat] rhev-hypervisor: Multiple vulnerabilities 
Date:  22 February 2010
OS:    Red Hat Linux, Virtualisation 
URL:   http://www.auscert.org.au/12428

Title: ESB-2010.0180.2 - UPDATE [UNIX/Linux] Asterisk: Modify arbitrary
files
       - Remote with user interaction 
Date:  24 February 2010
OS:    Other Linux Variants, FreeBSD, AIX, OpenBSD, SUSE, Other BSD
Variants,
       HP-UX, Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Solaris, HP
       Tru64 UNIX, IRIX 
URL:   http://www.auscert.org.au/12427

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================




More information about the AusNOG mailing list