[AusNOG] AusCERT Week in Review - Week Ending (29/10/2010)
Jonathan Levine
jonathan at auscert.org.au
Fri Oct 29 21:21:18 EST 2010
AusCERT Week in Review
29 October 2010
Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2010.0234 - [Win][UNIX/Linux] Thunderbird: Execute arbitrary
code/commands - Remote with user interaction
Date: 29 October 2010
URL: http://www.auscert.org.au/13542
Title: ASB-2010.0233 - [Win][UNIX/Linux] Firefox: Execute arbitrary
code/commands - Remote with user interaction
Date: 28 October 2010
URL: http://www.auscert.org.au/13538
Title: ASB-2010.0232 - ALERT [Win][UNIX/Linux] Mozilla Firefox: Execute
arbitrary code/commands - Remote with user interaction
Date: 27 October 2010
URL: http://www.auscert.org.au/13522
External Security Bulletins:
- ----------------------------
Title: ESB-2010.0986 - [Win][UNIX/Linux] Watcher (Drupal third-party
module):
Cross-site scripting - Remote with user interaction
Date: 29 October 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13546
Title: ESB-2010.0985 - [SUSE][OpenSUSE] glibc: Multiple vulnerabilities
Date: 29 October 2010
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/13545
Title: ESB-2010.0984 - [RedHat] thunderbird: Execute arbitrary code/commands
-
Remote with user interaction
Date: 29 October 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/13543
Title: ESB-2010.0983 - [UNIX/Linux][RedHat] cups: Multiple vulnerabilities
Date: 29 October 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/13544
Title: ESB-2010.0982 - ALERT [Win][UNIX/Linux][Mobile] Adobe Flash Player,
Acrobat and Reader: Execute arbitrary code/commands - Remote with
user
interaction
Date: 29 October 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13541
Title: ESB-2010.0981 - [RedHat] firefox, xulrunner and seamonkey: Execute
arbitrary code/commands - Remote with user interaction
Date: 28 October 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/13540
Title: ESB-2010.0980 - [RedHat] java-1.5.0-ibm: Multiple vulnerabilities
Date: 28 October 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/13539
Title: ESB-2010.0979 - [Win][RedHat] Symantec IM Manager: Modify arbitrary
files - Existing account
Date: 28 October 2010
OS: Windows 2003, Red Hat Linux, Windows XP, Windows 2000, Windows 7,
Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/13537
Title: ESB-2010.0978 - ALERT [Win][Solaris] CiscoWorks: Administrator
compromise - Remote/unauthenticated
Date: 28 October 2010
OS: Solaris, Cisco Products, Windows 2003, Windows XP, Windows 2000,
Windows 7, Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/13536
Title: ESB-2010.0977 - [NetBSD] OpenSSL: Execute arbitrary code/commands -
Remote with user interaction
Date: 28 October 2010
OS: Other BSD Variants
URL: http://www.auscert.org.au/13535
Title: ESB-2010.0976 - [Win] HP LoadRunner Web Tours 9.10: Denial of service
-
Remote/unauthenticated
Date: 28 October 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/13534
Title: ESB-2010.0975 - [Win][Linux][Solaris] HP Storage Essentials:
Unauthorised access - Remote/unauthenticated
Date: 28 October 2010
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
GNU/Linux, HP-UX, Windows XP, SUSE, Windows 2000, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13533
Title: ESB-2010.0974 - [Mobile] Palm webOS Camera Application: Overwrite
arbitrary files - Existing account
Date: 28 October 2010
OS: HP-UX
URL: http://www.auscert.org.au/13532
Title: ESB-2010.0973 - [Mobile] Palm webOS: Execute arbitrary code/commands
-
Existing account
Date: 28 October 2010
URL: http://www.auscert.org.au/13531
Title: ESB-2010.0972 - [Mobile] Palm webOS: Execute arbitrary code/commands
-
Remote with user interaction
Date: 28 October 2010
URL: http://www.auscert.org.au/13530
Title: ESB-2010.0971 - [Win] HP Operations Orchestration: Cross-site
scripting
- Remote with user interaction
Date: 27 October 2010
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/13529
Title: ESB-2010.0970 - [Win] HP Version Control Repository Manager:
Cross-site
scripting - Remote with user interaction
Date: 27 October 2010
OS: Windows 2003, HP-UX, Windows XP, Windows 2000, Windows 7, Windows
Vista, Windows Server 2008
URL: http://www.auscert.org.au/13528
Title: ESB-2010.0969 - [Win] HP Insight Control Virtual Machine Management:
Multiple vulnerabilities
Date: 27 October 2010
OS: Windows 2003, HP-UX, Windows XP, Windows 2000, Windows 7, Windows
Vista, Windows Server 2008
URL: http://www.auscert.org.au/13527
Title: ESB-2010.0968 - [Win] HP Virtual Server Environment: Read-only data
access - Remote/unauthenticated
Date: 27 October 2010
OS: Windows 2003, HP-UX, Windows XP, Windows 2000, Windows 7, Windows
Vista, Windows Server 2008
URL: http://www.auscert.org.au/13526
Title: ESB-2010.0967 - [Win] HP Insight Control Server Migration: Multiple
vulnerabilities
Date: 27 October 2010
OS: Windows 2003, HP-UX, Windows XP, Windows 2000, Windows 7, Windows
Vista, Windows Server 2008
URL: http://www.auscert.org.au/13525
Title: ESB-2010.0966 - [Win] HP Insight Control Power Management: Multiple
vulnerabilities
Date: 27 October 2010
OS: Windows 2003, HP-UX, Windows XP, Windows 2000, Windows 7, Windows
Vista, Windows Server 2008
URL: http://www.auscert.org.au/13524
Title: ESB-2010.0965 - [Win][Linux][HP-UX][Solaris][AIX] IBM WebSphere
Application Server: Cross-site scripting - Remote with user
interaction
Date: 27 October 2010
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13523
Title: ESB-2010.0964 - [SUSE] SUSE: Multiple vulnerabilities
Date: 26 October 2010
OS: SUSE
URL: http://www.auscert.org.au/13521
Title: ESB-2010.0963 - [RedHat] glibc: Increased privileges - Existing
account
Date: 26 October 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/13520
Title: ESB-2010.0962 - [Linux][RedHat] kernel: Increased privileges -
Existing
account
Date: 26 October 2010
OS: Red Hat Linux, SUSE, Other Linux Variants, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/13519
Title: ESB-2010.0961 - [Win][Linux][HP-UX][Solaris][AIX] IBM solidDB: Denial
of service - Remote/unauthenticated
Date: 25 October 2010
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, HP-UX, Windows XP, SUSE, Windows 2000, AIX, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13518
Title: ESB-2010.0960 - [Win][UNIX/Linux] Ghostscript: Denial of service -
Remote with user interaction
Date: 25 October 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13517
Title: ESB-2010.0959 - [Win] HP Virtual Connect Enterprise Manager:
Read-only
data access - Remote with user interaction
Date: 25 October 2010
OS: Windows 2003, HP-UX, Windows XP, Windows 2000, Windows 7, Windows
Vista, Windows Server 2008
URL: http://www.auscert.org.au/13516
Title: ESB-2010.0958 - [Debian] glibc: Root compromise - Existing account
Date: 25 October 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13515
Title: ESB-2010.0939.3 - UPDATE [Win][UNIX/Linux] IBM Informix Dynamic
Server:
Execute arbitrary code/commands - Remote/unauthenticated
Date: 26 October 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
2003, Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/13491
Title: ESB-2010.0938.2 - UPDATE [Win][Linux] IBM Rational Quality Manager
and
IBM Rational Test Lab Manager: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 27 October 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, Windows
2000,
SUSE, Windows XP, Ubuntu, Debian GNU/Linux, Windows 7, Red Hat Linux,
Windows 2003
URL: http://www.auscert.org.au/13490
Title: ESB-2008.0422 -- [Win] -- HP Software Update HPeDiag Running on
Windows
Execute Arbitrary code
Date: 27 October 2010
OS: Windows Vista, Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/9179
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list