[AusNOG] AusCERT Week in Review - Week Ending 15/01/2010 (AUSCERT#20073F686)
Matthew Braid
mdb at auscert.org.au
Fri Jan 15 16:26:27 EST 2010
AusCERT Week in Review
15 January 2010
AusCERT in the Media:
---------------------
Papers, Articles and other documents:
-------------------------------------
Web Log Entries:
----------------
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2010.0013 - [Win][UNIX/Linux] Multiple HTTP servers: Multiple
vulnerabilities
Date: 15 January 2010
URL: http://www.auscert.org.au/12241
Title: ASB-2010.0014 - [Win][UNIX/Linux] Zend Framework: Multiple
vulnerabilities
Date: 15 January 2010
URL: http://www.auscert.org.au/12242
Title: AL-2009.0043 -- [Win] -- HP DDMI: Inappropriate access
Date: 14 January 2010
URL: http://www.auscert.org.au/11103
Title: ASB-2010.0012 - [Win] Panda Products: Administrator compromise -
Existing account
Date: 13 January 2010
URL: http://www.auscert.org.au/12218
Title: ASB-2010.0009 - [Win] Microsoft Windows: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 12 January 2010
URL: http://www.auscert.org.au/12210
Title: ASB-2010.0010 - ALERT [Win][UNIX/Linux] Oracle: Unknown/unspecified -
Remote/unauthenticated
Date: 12 January 2010
URL: http://www.auscert.org.au/12211
Title: ASB-2010.0011 - [Win][UNIX/Linux] IBM Lotus iNotes: Multiple
vulnerabilities
Date: 12 January 2010
URL: http://www.auscert.org.au/12213
Title: ASB-2010.0006 - [Win][UNIX/Linux] Ruby: Execute arbitrary code/commands
- Remote with user interaction
Date: 11 January 2010
URL: http://www.auscert.org.au/12207
Title: ASB-2010.0007 - [Win][Mac][OSX] Adobe Illustrator CS4 (14.0.0): Execute
arbitrary code/commands - Remote with user interaction
Date: 11 January 2010
URL: http://www.auscert.org.au/12208
Title: ASB-2010.0008 - [Win][UNIX/Linux] Pidgin: Access confidential data -
Remote/unauthenticated
Date: 11 January 2010
URL: http://www.auscert.org.au/12209
External Security Bulletins:
----------------------------
Title: ESB-2010.0047 - [Win][UNIX/Linux] Bibliography (third-party module):
Cross-site scripting - Existing account
Date: 15 January 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12243
Title: ESB-2010.0046 - [RedHat] pidgin: Access confidential data -
Remote/unauthenticated
Date: 15 January 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12240
Title: ESB-2010.0045 - [RedHat] IBM Java: Multiple vulnerabilities
Date: 15 January 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12239
Title: ESB-2010.0044 - ALERT [Win] Microsoft: Execute arbitrary code/commands
- Remote with user interaction
Date: 15 January 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12238
Title: ESB-2010.0043 - [Solaris] Solaris Kerberos Crypto Library: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 14 January 2010
OS: Solaris
URL: http://www.auscert.org.au/12237
Title: ESB-2010.0042 - [Linux][Ubuntu] network-manager-gnome: Unauthorised
access - Remote/unauthenticated
Date: 14 January 2010
OS: Red Hat Linux, SUSE, Other Linux Variants, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/12236
Title: ESB-2010.0041 - [SUSE][OpenSUSE] Multiple products: Multiple
vulnerabilities
Date: 14 January 2010
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/12235
Title: ESB-2010.0040 - [Win][UNIX/Linux] Drupal: Cross-site scripting - Remote
with user interaction
Date: 14 January 2010
OS: Ubuntu, Mac OS X, Windows 7, Windows 2003, Red Hat Linux, Solaris, HP
Tru64 UNIX, IRIX, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12234
Title: ESB-2010.0039 - [AIX] OpenSSL: Unauthorised access -
Remote/unauthenticated
Date: 14 January 2010
OS: AIX
URL: http://www.auscert.org.au/12233
Title: ESB-2010.0038 - [Linux][Mandriva] bash: Provide misleading information
- Existing account
Date: 14 January 2010
OS: Debian GNU/Linux, Ubuntu, Other Linux Variants, SUSE, Red Hat Linux
URL: http://www.auscert.org.au/12232
Title: ESB-2010.0037 - [Win] HP Web Jetadmin: Unauthorised access -
Remote/unauthenticated
Date: 14 January 2010
OS: Windows 2003, HP-UX, Windows XP, Windows 2000, Windows 7, Windows
Vista, Windows Server 2008
URL: http://www.auscert.org.au/12230
Title: ESB-2010.0036 - [NetBSD] OpenSSL TLS: Unauthorised access -
Remote/unauthenticated
Date: 14 January 2010
OS: Other BSD Variants
URL: http://www.auscert.org.au/12229
Title: ESB-2010.0035 - [NetBSD] VFS: Denial of service - Existing account
Date: 14 January 2010
OS: Other BSD Variants
URL: http://www.auscert.org.au/12228
Title: ESB-2010.0034 - [Win][UNIX/Linux][Debian] openssl: Denial of service -
Remote/unauthenticated
Date: 14 January 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12227
Title: ESB-2010.0033 - [RedHat] acroread: Execute arbitrary code/commands -
Remote with user interaction
Date: 14 January 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12226
Title: ESB-2010.0032 - [UNIX/Linux][RedHat] gcc and gcc4: Execute arbitrary
code/commands - Existing account
Date: 14 January 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12225
Title: ESB-2010.0031 - [RedHat] php: Multiple vulnerabilities
Date: 14 January 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12224
Title: ESB-2010.0030 - [SUSE] IBM Java: Multiple vulnerabilities
Date: 14 January 2010
OS: SUSE
URL: http://www.auscert.org.au/12223
Title: ESB-2010.0029.2 - UPDATE [Solaris] Solaris Trusted Extensions:
Increased privileges - Existing account
Date: 15 January 2010
OS: Solaris
URL: http://www.auscert.org.au/12222
Title: ESB-2010.0028.2 - UPDATE [Win][UNIX/Linux] Sun Java System Identity
Manager: Administrator compromise - Remote/unauthenticated
Date: 15 January 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD, AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
2003, Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/12221
Title: ESB-2010.0028 - [Win][UNIX/Linux] Sun Java System Identity Manager:
Administrator compromise - Remote/unauthenticated
Date: 13 January 2010
URL: http://www.auscert.org.au/12231
Title: ESB-2010.0027 - ALERT [Win][UNIX/Linux] Adobe Reader and Acrobat:
Multiple vulnerabilities
Date: 13 January 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12220
Title: ESB-2010.0026.3 - UPDATED ALERT [Win][UNIX/Linux] Oracle Products:
Multiple vulnerabilities
Date: 14 January 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, AIX, Windows
2000, SUSE, HP-UX, Windows XP, Ubuntu, Debian GNU/Linux, Mac OS X,
Windows 7, Red Hat Linux, Windows 2003, Solaris, HP Tru64 UNIX
URL: http://www.auscert.org.au/12219
Title: ESB-2010.0025 - [RedHat] krb5: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 13 January 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12217
Title: ESB-2010.0024 - ALERT [Win] Embedded OpenType Font Engine: Execute
arbitrary code/commands - Remote with user interaction
Date: 13 January 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12216
Title: ESB-2010.0023 - [Debian] krb5: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 13 January 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12215
Title: ESB-2010.0022 - ALERT [UNIX/Linux] MIT Kerberos 5: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 13 January 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12214
Title: ESB-2010.0021 - [UNIX/Linux][Mandriva] squidGuard: Multiple
vulnerabilities
Date: 12 January 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12212
Title: ESB-2010.0020 - [Win][Linux][HP-UX][Solaris] Sun Microsystems: Provide
misleading information - Remote/unauthenticated
Date: 11 January 2010
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12206
Title: ESB-2010.0019 - ALERT [Win][Netware][RedHat][SUSE] Novell iManager:
Execute arbitrary code/commands - Remote/unauthenticated
Date: 11 January 2010
OS: Windows 2003, Windows XP, SUSE, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008, Novell Netware
URL: http://www.auscert.org.au/12205
Title: ESB-2010.0018 - [Debian] pdns-recursor: Multiple vulnerabilities
Date: 11 January 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12204
Title: ESB-2010.0017 - ALERT [Juniper] CCIRC: Denial of service -
Remote/unauthenticated
Date: 11 January 2010
URL: http://www.auscert.org.au/12203
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list