[AusNOG] AusCERT Week in Review - Week Ending 01/10/2010 (AUSCERT#20073f686)

Jonathan Levine jonathan at auscert.org.au
Fri Oct 1 15:36:51 EST 2010


AusCERT Week in Review
01 October 2010

Web Log Entries:
- ----------------
Title: What is Return-Oriented Programming? 
Date:  29 September 2010
URL:   http://www.auscert.org.au/13408

Title: Iran confirms Stuxnet affected PCs used in nuclear power plant 
Date:  27 September 2010
URL:   http://www.auscert.org.au/13401

Title: Sabotage of a specific process, in a specific plant -- the Stuxnet
goal
Date:  27 September 2010
URL:   http://www.auscert.org.au/13405

Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2010.0218 - [Win][UNIX/Linux] Horde IMP: Cross-site scripting -
       Remote with user interaction 
Date:  30 September 2010
URL:   http://www.auscert.org.au/13419

Title: ASB-2010.0219 - [Win][UNIX/Linux] Horde Groupware Webmail Edition:
       Cross-site scripting - Remote with user interaction 
Date:  30 September 2010
URL:   http://www.auscert.org.au/13420

Title: ASB-2010.0217 - [Win][UNIX/Linux] BIND 9.7.2-P1: Denial of service -
       Remote/unauthenticated 
Date:  29 September 2010
URL:   http://www.auscert.org.au/13413

Title: ASB-2010.0216 - [Win] Microsoft Windows: Access confidential data -
       Remote with user interaction 
Date:  28 September 2010
URL:   http://www.auscert.org.au/13406

Title: ASB-2010.0207.3 - UPDATE [Win][Linux][Mac][OSX] Google Chrome:
Multiple
       vulnerabilities 
Date:  27 September 2010
URL:   http://www.auscert.org.au/13350

External Security Bulletins:
- ----------------------------
Title: ESB-2010.0883 - [VMware ESX] VMware ESX 4.0: Multiple vulnerabilities

Date:  01 October 2010
OS:    Virtualisation 
URL:   http://www.auscert.org.au/13422

Title: ESB-2010.0882 - [RedHat] Red Hat Enterprise Linux 3: End Of Life
       notification 
Date:  01 October 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13421

Title: ESB-2010.0881 - [Win][UNIX/Linux] memcache (Drupal third-party
module):
       Multiple vulnerabilities 
Date:  30 September 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13418

Title: ESB-2010.0880 - [Win][Linux] IBM Tivoli Storage Manager FastBack:
       Execute arbitrary code/commands - Remote/unauthenticated 
Date:  30 September 2010
OS:    Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux, Ubuntu,
       Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux Variants,
       Windows Server 2008 
URL:   http://www.auscert.org.au/13417

Title: ESB-2010.0879 - [Win][UNIX/Linux] Drupal Third-party modules:
Increased
       privileges - Remote with user interaction 
Date:  30 September 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13416

Title: ESB-2010.0878 - [Debian] moodle: Multiple vulnerabilities 
Date:  30 September 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/13415

Title: ESB-2010.0877 - [RedHat] kernel: Multiple vulnerabilities 
Date:  30 September 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13414

Title: ESB-2010.0876 - [RedHat] mikmod: Multiple vulnerabilities 
Date:  29 September 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13412

Title: ESB-2010.0875 - [RedHat] kernel: Increased privileges - Existing
       account 
Date:  29 September 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13411

Title: ESB-2010.0874 - [NetBSD] bzip2: Execute arbitrary code/commands -
       Remote with user interaction 
Date:  29 September 2010
OS:    Other BSD Variants 
URL:   http://www.auscert.org.au/13410

Title: ESB-2010.0873 - ALERT [Win] Microsoft .NET Framework: Multiple
       vulnerabilities 
Date:  29 September 2010
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL:   http://www.auscert.org.au/13407

Title: ESB-2010.0872 - [HP-UX] HP-UX Directory Server and Red Hat Directory
       Server: Multiple vulnerabilities 
Date:  27 September 2010
OS:    HP-UX 
URL:   http://www.auscert.org.au/13404

Title: ESB-2010.0871 - [Win][UNIX/Linux] VMWare Workstation, Player and ACE
       Managerment Server: Multiple vulnerabilities 
Date:  27 September 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13403

Title: ESB-2010.0870 - [UNIX/Linux][Debian] git-core: Execute arbitrary
       code/commands - Existing account 
Date:  27 September 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/13402

Title: ESB-2010.0789.3 - UPDATE [VMware ESX] VMware ESX: Multiple
       vulnerabilities 
Date:  01 October 2010
OS:    Virtualisation 
URL:   http://www.auscert.org.au/13280

Title: ESB-2010.0727.2 - UPDATE [Win][UNIX/Linux] Drupal Third-party
modules:
       Multiple vulnerabilities 
Date:  30 September 2010
OS:    Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,
       OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
       Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
       2003, Solaris, HP Tru64 UNIX, IRIX 
URL:   http://www.auscert.org.au/13202

Title: ESB-2010.0635.4 - UPDATE [Win][Linux][HP-UX][Solaris] HP OpenView
       Network Node Manager: Execute arbitrary code/commands -
       Remote/unauthenticated 
Date:  01 October 2010
OS:    Other Linux Variants, Windows Server 2008, Windows Vista, Windows
2000,
       SUSE, HP-UX, Windows XP, Ubuntu, Debian GNU/Linux, Windows 7, Red Hat
       Linux, Windows 2003, Solaris 
URL:   http://www.auscert.org.au/13086

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================




More information about the AusNOG mailing list