[AusNOG] AusCERT Week in Review - Week Ending 28/05/2010 (AUSCERT#20073f686)
Patrick Mannion
patrick at auscert.org.au
Fri May 28 15:12:28 EST 2010
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2010.0127.2 - UPDATE [Win][UNIX/Linux] cacti 0.8.7e and prior:
Execute arbitrary code/commands - Remote/unauthenticated
Date: 28 May 2010
URL: http://www.auscert.org.au/12825
Title: ASB-2010.0128 - [AIX] IBM Communications Server: Denial of service -
Remote/unauthenticated
Date: 28 May 2010
URL: http://www.auscert.org.au/12847
Title: ASB-2010.0129 - [Win][Linux][Mac][OSX] Google Chrome: Provide
misleading information - Remote/unauthenticated
Date: 28 May 2010
URL: http://www.auscert.org.au/12848
Title: ASB-2010.0130 - [Win][Mac][OSX] Adobe Photoshop CS4: Execute arbitrary
code/commands - Remote with user interaction
Date: 28 May 2010
URL: http://www.auscert.org.au/12849
Title: ASB-2009.1021.2 - UPDATE [Win][Linux][Solaris] Novell Access Manager:
Access privileged data - Existing account
Date: 27 May 2010
URL: http://www.auscert.org.au/11342
External Security Bulletins:
----------------------------
Title: ESB-2010.0483 - [Win][UNIX/Linux][Mandriva] clamav: Denial of service -
Remote/unauthenticated
Date: 28 May 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12846
Title: ESB-2010.0482 - [FreeBSD] nfsclient: Execute arbitrary code/commands -
Existing account
Date: 27 May 2010
OS: FreeBSD
URL: http://www.auscert.org.au/12845
Title: ESB-2010.0481 - [FreeBSD] opie: Denial of service -
Remote/unauthenticated
Date: 27 May 2010
OS: FreeBSD
URL: http://www.auscert.org.au/12844
Title: ESB-2010.0480 - [FreeBSD] jail: Access confidential data - Existing
account
Date: 27 May 2010
OS: FreeBSD
URL: http://www.auscert.org.au/12843
Title: ESB-2010.0479 - [UNIX/Linux][Ubuntu] Ubuntu: GNU C Library
vulnerabilities
Date: 27 May 2010
OS: HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,
HP-UX, SUSE, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat
Linux, AIX, Mac OS X
URL: http://www.auscert.org.au/12842
Title: ESB-2010.0478 - [RedHat] mysql: Multiple vulnerabilities
Date: 27 May 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12841
Title: ESB-2010.0477 - ALERT [Cisco] Cisco Systems: Multiple vulnerabilities
Date: 27 May 2010
OS: Cisco Products
URL: http://www.auscert.org.au/12840
Title: ESB-2010.0476 - [SUSE] SUSE: Multiple vulnerabilities
Date: 26 May 2010
OS: SUSE
URL: http://www.auscert.org.au/12839
Title: ESB-2010.0475 - [Win][UNIX/Linux] Heartbeat (Drupal third-party
module): Administrator compromise - Existing account
Date: 26 May 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/12838
Title: ESB-2010.0474 - [RedHat][Solaris][AIX] HP TestDirector for Quality
Center: Unauthorised access - Remote/unauthenticated
Date: 26 May 2010
OS: Solaris, Red Hat Linux, AIX
URL: http://www.auscert.org.au/12837
Title: ESB-2010.0473 - [Win][Solaris] HP Business Availability Center Running
Apache: Multiple vulnerabilities
Date: 26 May 2010
OS: Solaris, Windows 2003, Windows XP, Windows 2000, Windows 7, Windows
Vista, Windows Server 2008
URL: http://www.auscert.org.au/12836
Title: ESB-2010.0472 - [RedHat] rhev-hypervisor: Multiple vulnerabilities
Date: 26 May 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12835
Title: ESB-2010.0471 - [RedHat] kernel: Denial of service -
Remote/unauthenticated
Date: 26 May 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/12834
Title: ESB-2010.0470 - [Linux][Debian] linux-2.6: Multiple vulnerabilities
Date: 26 May 2010
OS: Red Hat Linux, SUSE, Other Linux Variants, Debian GNU/Linux, Ubuntu
URL: http://www.auscert.org.au/12833
Title: ESB-2010.0469 - [AIX] OpenSSL: Multiple vulnerabilities
Date: 25 May 2010
OS: AIX
URL: http://www.auscert.org.au/12832
Title: ESB-2010.0468 - [Debian] krb5: Denial of service - Existing account
Date: 25 May 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12831
Title: ESB-2010.0467 - [Debian] kdegraphics: Multiple vulnerabilities
Date: 25 May 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12830
Title: ESB-2010.0466 - [UNIX/Linux][Debian] postgresql-8.3: Multiple
vulnerabilities
Date: 25 May 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/12829
Title: ESB-2010.0465 - [Debian] barnowl: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 24 May 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12828
Title: ESB-2010.0464 - [Debian] dvipng: Execute arbitrary code/commands -
Remote with user interaction
Date: 24 May 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/12827
Title: ESB-2010.0463 - [AIX] rpc.pcnfsd: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 24 May 2010
OS: AIX
URL: http://www.auscert.org.au/12826
Title: ESB-2010.0460.2 - UPDATE [Win][UNIX/Linux] Drupal Third Party-Modules:
Execute arbitrary code/commands - Existing account
Date: 25 May 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD, AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
2003, Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/12822
Title: ESB-2010.0441.4 - UPDATE [Win][UNIX/Linux] Drupal: Multiple
vulnerabilities
Date: 24 May 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD, AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
2003, Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/12798
Title: ESB-2010.0418.2 - UPDATE [Win][UNIX/Linux] Drupal Third-Party Module:
Cross-site scripting - Remote with user interaction
Date: 24 May 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD, AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
2003, Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/12764
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list