[AusNOG] AusCERT Week in Review - Week Ending 22/01/2010 (AUSCERT#20073f686)
Paul Fahey
paul at auscert.org.au
Fri Jan 22 15:31:20 EST 2010
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2010.0023 - [Win][UNIX/Linux] Sun Java Web Server: Multiple
vulnerabilities
Date: 22 January 2010
URL: http://www.auscert.org.au/12278
Title: ASB-2010.0024 - [Win][Linux][Solaris][AIX] IBM Lotus Domino: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 22 January 2010
URL: http://www.auscert.org.au/12280
Title: ASB-2010.0017.2 - UPDATE [Win][UNIX/Linux] IBM Lotus Web Content
Management: Cross-site scripting - Remote/unauthenticated
Date: 21 January 2010
URL: http://www.auscert.org.au/12251
Title: ASB-2010.0020 - [Win][Linux][OSX] RealPlayer: Multiple
vulnerabilities
Date: 21 January 2010
URL: http://www.auscert.org.au/12271
Title: ASB-2010.0021 - [Win][UNIX/Linux] Thunderbird: Multiple
vulnerabilities
Date: 21 January 2010
URL: http://www.auscert.org.au/12273
Title: ASB-2010.0022 - ALERT [Win] Internet Explorer: Execute arbitrary
code/commands - Remote with user interaction
Date: 21 January 2010
URL: http://www.auscert.org.au/12274
Title: ASB-2010.0019 - [Win] Microsoft Windows: Administrator compromise -
Existing account
Date: 20 January 2010
URL: http://www.auscert.org.au/12262
Title: ASB-2010.0018 - [Linux] SystemTap: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 19 January 2010
URL: http://www.auscert.org.au/12252
Title: ASB-2010.0015 - [Win][UNIX/Linux] phpMyAdmin: Multiple
vulnerabilities
Date: 18 January 2010
URL: http://www.auscert.org.au/12248
Title: ASB-2010.0016 - [Win][Netware] Novell GroupWise Client: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 18 January 2010
URL: http://www.auscert.org.au/12249
External Security Bulletins:
----------------------------
Title: ESB-2009.1619.2 - UPDATE [HP-UX] sendmail: Denial of service -
Remote/unauthenticated
Date: 18 January 2010
OS: HP-UX
URL: http://www.auscert.org.au/12085
Title: ESB-2010.0073 - [Win][RedHat][HP-UX][Solaris][AIX][SUSE] Novell
ZENworks Asset Management: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 22 January 2010
OS: Solaris, Windows 2003, Windows XP, HP-UX, SUSE, Windows 2000, Windows
7, AIX, Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/12279
Title: ESB-2010.0072 - ALERT [Win] Internet Explorer: Multiple
vulnerabilities
Date: 22 January 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/12277
Title: ESB-2010.0071 - [RedHat] kernel-rt : Multiple vulnerabilities
Date: 22 January 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12276
Title: ESB-2010.0070 - [Win][Linux][HP-UX][Solaris] Sun Java System
Directory
Server : Denial of service - Remote/unauthenticated
Date: 21 January 2010
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, HP-UX, Windows XP, SUSE, Windows 2000, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12275
Title: ESB-2010.0069 - [Win][OSX] Adobe Shockwave Player: Execute arbitrary
code/commands - Remote with user interaction
Date: 21 January 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Mac
OS X, Windows Server 2008
URL: http://www.auscert.org.au/12272
Title: ESB-2010.0068 - [Win][UNIX/Linux] Control Panel, Recent Comments,
Block
Class (Drupal Third-party modules): Cross-site scripting -
Remote/unauthenticated
Date: 21 January 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12270
Title: ESB-2010.0067 - [Win] CiscoWorks Internetwork Performance Monitor:
Administrator compromise - Remote/unauthenticated
Date: 21 January 2010
OS: Cisco Products, Windows 2003, Windows XP, Windows 2000, Windows 7,
Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/12269
Title: ESB-2010.0066 - [Cisco] Cisco IOS: Denial of service -
Remote/unauthenticated
Date: 21 January 2010
OS: Cisco Products
URL: http://www.auscert.org.au/12268
Title: ESB-2010.0065 - [Debian] Debian 4.0: Reduced security - Existing
account
Date: 21 January 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12267
Title: ESB-2010.0064 - [Debian] gzip: Execute arbitrary code/commands -
Remote
with user interaction
Date: 21 January 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12266
Title: ESB-2010.0063 - [RedHat] bind: Multiple vulnerabilities
Date: 21 January 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12265
Title: ESB-2010.0062 - [Win][UNIX/Linux][RedHat] gzip: Execute arbitrary
code/commands - Remote with user interaction
Date: 21 January 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12264
Title: ESB-2010.0061 - [RedHat] acroread: Multiple vulnerabilities
Date: 21 January 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12263
Title: ESB-2010.0060 - [RedHat] kernel: Denial of service -
Remote/unauthenticated
Date: 20 January 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12261
Title: ESB-2010.0059 - [RedHat] openssl: Multiple vulnerabilities
Date: 20 January 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12260
Title: ESB-2010.0058 - [RedHat] kernel: Multiple vulnerabilities
Date: 20 January 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12259
Title: ESB-2010.0057 - [SUSE][OpenSUSE] SUSE: Multiple vulnerabilities
Date: 20 January 2010
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/12258
Title: ESB-2010.0056 - [SUSE][OpenSUSE] krb5: Execute arbitrary
code/commands
- Remote/unauthenticated
Date: 20 January 2010
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/12257
Title: ESB-2010.0055 - [Win][RedHat][SUSE] HP Power Manager: Execute
arbitrary
code/commands - Remote/unauthenticated
Date: 20 January 2010
OS: Windows 2003, Windows 7, HP-UX, Windows XP, SUSE, Windows 2000,
Windows
Vista, Windows Server 2008
URL: http://www.auscert.org.au/12256
Title: ESB-2010.0054 - [UNIX/Linux][Debian] glibc, eglibc: Access
confidential
data - Existing account
Date: 20 January 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/12255
Title: ESB-2010.0053 - [Win][UNIX/Linux] BIND: Provide misleading
information
- Remote/unauthenticated
Date: 20 January 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/12254
Title: ESB-2010.0052 - [OSX] Mac OS X: Multiple vulnerabilities
Date: 20 January 2010
OS: Mac OS X
URL: http://www.auscert.org.au/12253
Title: ESB-2010.0051 - [Appliance] Micrologix 1100 & 1400 Series
Controllers:
Administrator compromise - Remote/unauthenticated
Date: 18 January 2010
URL: http://www.auscert.org.au/12250
Title: ESB-2010.0050 - [SUSE][OpenSUSE] kernel: Multiple vulnerabilities
Date: 18 January 2010
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/12247
Title: ESB-2010.0049.2 - UPDATE [UNIX/Linux][Debian] audiofile: Execute
arbitrary code/commands - Remote with user interaction
Date: 22 January 2010
OS: Other Linux Variants, FreeBSD, AIX, OpenBSD, SUSE, Other BSD
Variants,
HP-UX, Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Solaris, HP
Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/12246
Title: ESB-2010.0040.2 - UPDATE [Win][UNIX/Linux] Drupal: Cross-site
scripting
- Remote with user interaction
Date: 22 January 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
2003, Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/12234
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100122/b7bca76e/attachment.html>
More information about the AusNOG
mailing list