[AusNOG] AusCERT Week in Review - Week Ending 24/09/2010 (AUSCERT#20073f686)
Patrick Mannion
patrick at auscert.org.au
Fri Sep 24 15:44:29 EST 2010
AusCERT Week in Review
24 September 2010
AusCERT in the Media:
---------------------
Papers, Articles and other documents:
-------------------------------------
Title: New version of Shibboleth 2.2.0
Date: 24 September 2010
URL: http://www.auscert.org.au/13395
Title: New public vulnerability in Microsoft ASP.NET with workarounds.
Date: 18 September 2010
URL: http://www.auscert.org.au/13367
Web Log Entries:
----------------
Title: OpenX - website revenue, or website regret?
Date: 23 September 2010
URL: http://www.auscert.org.au/13386
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2010.0215 - [Win] Alcatel-Lucent OmniTouch CCAgent: Denial of
service - Remote/unauthenticated
Date: 22 September 2010
URL: http://www.auscert.org.au/13384
Title: ASB-2010.0216.2 - UPDATE [Win][Linux][HP-UX][Solaris][AIX] IBM
WebSphere Application Server 6.1: Denial of service - Remote with user
interaction
Date: 22 September 2010
URL: http://www.auscert.org.au/13385
Title: ASB-2010.0214 - ALERT [Win] Microsoft ASP.NET
Date: 21 September 2010
URL: http://www.auscert.org.au/13374
External Security Bulletins:
----------------------------
Title: ESB-2010.0869 - [Win][Linux] HP System Management Homepage (SMH):
Access confidential data - Remote/unauthenticated
Date: 24 September 2010
OS: Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux,
HP-UX, Windows XP, SUSE, Windows 2000, Windows Vista, Windows Server
2008, Other Linux Variants
URL: http://www.auscert.org.au/13399
Title: ESB-2010.0868 - [Win][Linux] HP System Management Homepage (SMH):
Provide misleading information - Remote with user interaction
Date: 24 September 2010
OS: Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux,
HP-UX, Windows XP, SUSE, Windows 2000, Windows Vista, Windows Server
2008, Other Linux Variants
URL: http://www.auscert.org.au/13398
Title: ESB-2010.0867 - [Win][Linux] HP System Management Homepage (SMH) :
Provide misleading information - Remote/unauthenticated
Date: 24 September 2010
OS: Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux,
HP-UX, Windows XP, SUSE, Windows 2000, Windows Vista, Windows Server
2008, Other Linux Variants
URL: http://www.auscert.org.au/13397
Title: ESB-2010.0866 - [Win][RedHat][HP-UX][Solaris] HP OpenView Network Node
Manager (OV NNM): Denial of service - Remote/unauthenticated
Date: 24 September 2010
OS: Solaris, Red Hat Linux, Windows 2003, HP-UX, Windows XP, Windows 2000,
Windows 7, Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/13396
Title: ESB-2010.0865 - [Win][UNIX/Linux] RSA Authentication Agent 7.0 for Web:
Access confidential data - Remote/unauthenticated
Date: 23 September 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13394
Title: ESB-2010.0864 - [RedHat] kernel-2.6.18: Increased privileges - Existing
account
Date: 23 September 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/13393
Title: ESB-2010.0863 - [Cisco] Cisco IOS Software NAT: Denial of service -
Remote/unauthenticated
Date: 23 September 2010
OS: Cisco Products
URL: http://www.auscert.org.au/13392
Title: ESB-2010.0862 - [Cisco] Cisco IOS Software Internet Group Management
Protocol: Denial of service - Remote/unauthenticated
Date: 23 September 2010
OS: Cisco Products
URL: http://www.auscert.org.au/13391
Title: ESB-2010.0861 - [Cisco] Cisco IOS Software H.323: Denial of service -
Remote/unauthenticated
Date: 23 September 2010
OS: Cisco Products
URL: http://www.auscert.org.au/13390
Title: ESB-2010.0860 - [Cisco] Cisco IOS Software Session Initiation Protocol:
Denial of service - Remote/unauthenticated
Date: 23 September 2010
OS: Cisco Products
URL: http://www.auscert.org.au/13389
Title: ESB-2010.0859 - [Cisco] Cisco IOS SSL VPN: Denial of service -
Remote/unauthenticated
Date: 23 September 2010
OS: Cisco Products
URL: http://www.auscert.org.au/13388
Title: ESB-2010.0858 - [Cisco] Cisco Unified Communications Manager: Denial of
service - Remote/unauthenticated
Date: 23 September 2010
OS: Cisco Products
URL: http://www.auscert.org.au/13387
Title: ESB-2010.0857 - [SUSE] SUSE: Unauthorised access - Unknown/unspecified
Date: 22 September 2010
OS: SUSE
URL: http://www.auscert.org.au/13383
Title: ESB-2010.0856 - [RedHat] flash-plugin: Execute arbitrary code/commands
- Remote with user interaction
Date: 22 September 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/13382
Title: ESB-2010.0855 - [RedHat] kernel: Increased privileges - Existing
account
Date: 22 September 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/13381
Title: ESB-2010.0854 - [RedHat] bzip2: Execute arbitrary code/commands -
Remote with user interaction
Date: 21 September 2010
OS: Red Hat Linux
URL: http://www.auscert.org.au/13380
Title: ESB-2010.0853 - [Win][UNIX/Linux] OTRS 2.4.x, OTRS 2.3.x: Denial of
service - Remote/unauthenticated
Date: 21 September 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13379
Title: ESB-2010.0852 - ALERT [Win][UNIX/Linux] US-CERT: Adobe Flash
Vulnerabilities
Date: 21 September 2010
OS: HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,
HP-UX, SUSE, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat
Linux, AIX, Windows 7, Windows Server 2008, Windows Vista, Windows
2003, Windows 2000, Windows XP, Mac OS X
URL: http://www.auscert.org.au/13378
Title: ESB-2010.0851 - [FreeBSD] bzip2: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 21 September 2010
OS: FreeBSD
URL: http://www.auscert.org.au/13377
Title: ESB-2010.0850 - [Linux][Debian] bzip2: Execute arbitrary code/commands
- Existing account
Date: 21 September 2010
OS: Red Hat Linux, Debian GNU/Linux, Ubuntu, SUSE, Other Linux Variants
URL: http://www.auscert.org.au/13375
Title: ESB-2010.0849 - [Win][UNIX/Linux][Debian] drupal6: Multiple
vulnerabilities
Date: 21 September 2010
OS: Red Hat Linux, Solaris, HP Tru64 UNIX, IRIX, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13373
Title: ESB-2010.0848 - [Mac][OSX] AFP Server: Access confidential data -
Remote/unauthenticated
Date: 21 September 2010
OS: Mac OS X
URL: http://www.auscert.org.au/13372
Title: ESB-2010.0847 - [Linux] linux-2.6: Multiple vulnerabilities
Date: 20 September 2010
OS: Red Hat Linux, SUSE, Other Linux Variants, Debian GNU/Linux, Ubuntu
URL: http://www.auscert.org.au/13370
Title: ESB-2010.0846 - [UNIX/Linux][Debian] squid3: Denial of service -
Remote/unauthenticated
Date: 20 September 2010
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/13369
Title: ESB-2010.0845 - [Debian] xulrunner: Multiple vulnerabilities
Date: 20 September 2010
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13368
Title: ESB-2010.0842.2 - UPDATE [Win][Linux] HP System Management Homepage:
Multiple vulnerabilities
Date: 20 September 2010
OS: Windows Server 2008, Other Linux Variants, Windows Vista, Windows 2000,
SUSE, Windows XP, Ubuntu, Debian GNU/Linux, Windows 7, Red Hat Linux,
Windows 2003
URL: http://www.auscert.org.au/13359
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list