[AusNOG] AusCERT Week in Review - Week Ending 22/10/2010 (AUSCERT#20073F686)
Richard Billington
richard at auscert.org.au
Fri Oct 22 16:30:17 EST 2010
AusCERT Week in Review
22 October 2010
Alerts, Advisories and Updates:
- - -------------------------------
Title: ASB-2010.0224.2 - UPDATE [Win][UNIX/Linux] Opera prior to 10.63:
Multiple vulnerabilities
Date: 22 October 2010
URL: http://www.auscert.org.au/13471
Title: ASB-2010.0230.2 - UPDATE [Win][Linux][OSX] Google Chrome: Multiple
vulnerabilities
Date: 22 October 2010
URL: http://www.auscert.org.au/13505
Title: ASB-2010.0228 - [Win][UNIX/Linux] Apache: Denial of service - Remote
with user interaction
Date: 20 October 2010
URL: http://www.auscert.org.au/13497
Title: ASB-2010.0229 - [Win][UNIX/Linux] Firefox: Multiple vulnerabilities
Date: 20 October 2010
URL: http://www.auscert.org.au/13498
Title: ASB-2010.0227 - [Win] RealPlayer SP & RealPlayer Enterprise: Multiple
vulnerabilities
Date: 18 October 2010
URL: http://www.auscert.org.au/13487
External Security Bulletins:
- - ----------------------------
Title: ESB-2010.0957 - [NetBSD] netsmb: Denial of service - Existing account
Date: 22 October 2010
OS: Other BSD Variants
URL: http://www.auscert.org.au/13512
Title: ESB-2010.0956 - [NetBSD] Larn: Increased privileges - Existing account
Date: 22 October 2010
OS: Other BSD Variants
URL: http://www.auscert.org.au/13511
Title: ESB-2010.0955 - [Win][Linux][HP-UX] HP Systems Insight Manager (SIM):
Multiple vulnerabilities
Date: 22 October 2010
OS: Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux, Ubuntu,
HP-UX, Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/13510
Title: ESB-2010.0954 - [Win][Linux][HP-UX] HP Systems Insight Manager (SIM):
Multiple vulnerabilities
Date: 22 October 2010
OS: Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux, Ubuntu,
HP-UX, Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/13509
Title: ESB-2010.0953 - [Win][Linux][HP-UX][Solaris][AIX] HP AssetCenter and HP
AssetManager: Cross-site scripting - Remote/unauthenticated
Date: 22 October 2010
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13508
Title: ESB-2010.0952 - [Win][UNIX/Linux][RedHat] pidgin: Denial of service -
Remote with user interaction
Date: 22 October 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13507
Title: ESB-2010.0951 - [Win][Linux][HP-UX][Solaris][AIX] IBM WebSphere MQ:
Unauthorised access - Remote with user interaction
Date: 21 October 2010
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
GNU/Linux, Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13506
Title: ESB-2010.0950 - [Win][UNIX/Linux] Ubuntu Drupal Theme (Drupal
third-party module): Access privileged data - Remote with user
interaction
Date: 21 October 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13504
Title: ESB-2010.0949 - [OSX] Java: Multiple vulnerabilities
Date: 21 October 2010
OS: Mac OS X
URL: http://www.auscert.org.au/13503
Title: ESB-2010.0948 - [RedHat] glibc: Increased privileges - Existing account
Date: 21 October 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/13502
Title: ESB-2010.0947 - [RedHat] java-1.4.2-ibm: Multiple vulnerabilities
Date: 21 October 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/13501
Title: ESB-2010.0946 - [RedHat] quagga: Multiple vulnerabilities
Date: 21 October 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/13500
Title: ESB-2010.0945 - [RedHat] thunderbird and firefox: Multiple
vulnerabilities
Date: 20 October 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/13499
Title: ESB-2010.0944 - [Win][Linux][Solaris][AIX] IBM DB2 Universal Database:
Execute arbitrary code/commands - Existing account
Date: 20 October 2010
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
GNU/Linux, Windows XP, SUSE, Windows 2000, AIX, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13496
Title: ESB-2010.0943 - [Win][UNIX/Linux][RedHat] seamonkey: Multiple
vulnerabilities
Date: 20 October 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13495
Title: ESB-2010.0942 - [RedHat] kernel: Access privileged data - Existing
account
Date: 20 October 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/13494
Title: ESB-2010.0941 - [Win][UNIX/Linux][Debian] typo3-src: Multiple
vulnerabilities
Date: 20 October 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13493
Title: ESB-2010.0940 - [Win][UNIX/Linux] TWiki: Cross-site scripting - Remote
with user interaction
Date: 19 October 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13492
Title: ESB-2010.0939 - [Win][UNIX/Linux] IBM Informix Dynamic Server: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 19 October 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13491
Title: ESB-2010.0938 - [Win][Linux] IBM Rational Quality Manager and IBM
Rational Test Lab Manager: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 19 October 2010
OS: Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux,
Windows XP, SUSE, Windows 2000, Windows Vista, Windows Server 2008,
Other Linux Variants
URL: http://www.auscert.org.au/13490
Title: ESB-2010.0937 - [RedHat] cobbler: Root compromise - Existing account
Date: 19 October 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/13489
Title: ESB-2010.0936 - [Win][UNIX/Linux] Views (Drupal third-party module):
Denial of service - Remote with user interaction
Date: 18 October 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13488
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list