[AusNOG] AusCERT Week in Review - Week Ending 29/01/2010 (AUSCERT#20073F686)
Richard Billington
richard at auscert.org.au
Fri Jan 29 17:32:24 EST 2010
AusCERT Week in Review
29 January 2010
Alerts, Advisories and Updates:
- - -------------------------------
Title: ASB-2010.0036 - [Win][UNIX/Linux] Wireshark prior to 1.2.6: Denial of
service - Remote/unauthenticated
Date: 29 January 2010
URL: http://www.auscert.org.au/12309
Title: ASB-2010.0031 - [Win][UNIX/Linux] yaSSL: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 28 January 2010
URL: http://www.auscert.org.au/12303
Title: ASB-2010.0032 - [Appliance] IBM WebSphere DataPower: Denial of service
- Remote/unauthenticated
Date: 28 January 2010
URL: http://www.auscert.org.au/12304
Title: ASB-2010.0033 - [Win][UNIX/Linux] IBM DB2: Unpatched Vulnerability
Disclosed
Date: 28 January 2010
URL: http://www.auscert.org.au/12306
Title: ASB-2010.0034 - [Win][UNIX/Linux] PostgreSQL: Unpatched Vulnerability
Disclosed
Date: 28 January 2010
URL: http://www.auscert.org.au/12307
Title: ASB-2010.0035 - [Win][UNIX/Linux] yaSSL library in MySQL: Unpatched
Vulnerability Disclosed
Date: 28 January 2010
URL: http://www.auscert.org.au/12308
Title: ASB-2010.0023.2 - UPDATE [Win][UNIX/Linux] Sun Java Web Server:
Multiple vulnerabilities
Date: 27 January 2010
URL: http://www.auscert.org.au/12278
Title: ASB-2010.0025.2 - UPDATE [Win][UNIX/Linux] Sun Java Web Server :
Multiple vulnerabilities
Date: 27 January 2010
URL: http://www.auscert.org.au/12286
Title: ASB-2010.0027 - [Win] Google Chrome: Multiple vulnerabilities
Date: 27 January 2010
URL: http://www.auscert.org.au/12291
Title: ASB-2010.0028 - [Appliance] Xerox WorkCentre 6400: Unauthorised access
- Remote/unauthenticated
Date: 27 January 2010
URL: http://www.auscert.org.au/12293
Title: ASB-2010.0029 - [XEN][Virtualisation] Citrix XenServer: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 27 January 2010
URL: http://www.auscert.org.au/12294
Title: ASB-2010.0030 - [Appliance] f5 Enterprise Manager 2.0 Released
Date: 26 January 2010
URL: http://www.auscert.org.au/12298
Title: ASB-2010.0026 - [Win] Oracle Weblogic Node Manager: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 25 January 2010
URL: http://www.auscert.org.au/12287
External Security Bulletins:
- - ----------------------------
Title: ESB-2009.1152.2 - UPDATE [HP NonStop] HP NonStop Servers with Telco
CLIMs: Execute arbitrary code/commands - Remote/unauthenticated
Date: 28 January 2010
URL: http://www.auscert.org.au/11448
Title: ESB-2010.0091 - [HP-UX] HP CIFS Server (Samba): Access confidential
data - Existing account
Date: 29 January 2010
OS: HP-UX
URL: http://www.auscert.org.au/12311
Title: ESB-2010.0090 - [UNIX/Linux][Debian] maildrop: Root compromise -
Existing account
Date: 29 January 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/12310
Title: ESB-2010.0089 - [Win][UNIX/Linux] Author Contact, Feedback (Drupal
Third-Party Modules): Cross-Site Scripting
Date: 28 January 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12305
Title: ESB-2010.0088 - [Ubuntu] dhcp3-client: Root compromise -
Remote/unauthenticated
Date: 28 January 2010
OS: Ubuntu
URL: http://www.auscert.org.au/12302
Title: ESB-2010.0087 - [Debian] lintian: Multiple vulnerabilities
Date: 28 January 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12301
Title: ESB-2010.0086 - [UNIX/Linux][Debian] ircd-hybrid/ircd-ratbox: Multiple
vulnerabilities
Date: 28 January 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/12300
Title: ESB-2010.0085 - [Cisco] Cisco Unified MeetingPlace: Multiple
vulnerabilities
Date: 28 January 2010
OS: Cisco Products
URL: http://www.auscert.org.au/12299
Title: ESB-2010.0084 - [Win][RedHat][HP-UX][Solaris] HP OpenView Network Node
Manager: Denial of service - Remote/unauthenticated
Date: 27 January 2010
OS: Solaris, Windows 2003, HP-UX, Windows XP, Windows 2000, Windows 7,
Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/12297
Title: ESB-2010.0083 - [UNIX/Linux] coreutils: Increased privileges - Existing
account
Date: 27 January 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/12296
Title: ESB-2010.0082 - [RedHat][HP-UX][Solaris] HP OpenView Storage Data
Protector: Unauthorised access - Existing account
Date: 27 January 2010
OS: Solaris, HP-UX
URL: http://www.auscert.org.au/12295
Title: ESB-2010.0081 - [Win][Linux][Solaris][AIX] Sun Java System Web Server,
Web Proxy Server: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 27 January 2010
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, SUSE, Windows 2000, AIX, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/12292
Title: ESB-2010.0080 - [SUSE][OpenSUSE] acroread: Multiple vulnerabilities
Date: 27 January 2010
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/12290
Title: ESB-2010.0079 - [Win][UNIX/Linux][Debian] phpgroupware: Multiple
vulnerabilities
Date: 27 January 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12289
Title: ESB-2010.0078 - [Win][UNIX/Linux][Debian] python: Multiple
vulnerabilities
Date: 27 January 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12288
Title: ESB-2010.0077 - [Win][UNIX/Linux] Tomcat: Multiple vulnerabilities
Date: 25 January 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12285
Title: ESB-2010.0076 - [SUSE] kernel: Multiple vulnerabilities
Date: 25 January 2010
OS: SUSE
URL: http://www.auscert.org.au/12284
Title: ESB-2010.0075 - [Win][UNIX/Linux][Debian] dokuwiki: Multiple
vulnerabilities
Date: 25 January 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12283
Title: ESB-2010.0053.2 - UPDATE [Win][UNIX/Linux] BIND: Provide misleading
information - Remote/unauthenticated
Date: 25 January 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD, AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
2003, Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/12254
Title: ESB-2010.0018.2 - UPDATE [Debian] pdns-recursor: Multiple
vulnerabilities
Date: 29 January 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12204
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list