[AusNOG] AusCERT Week in Review - Week Ending 01/04/2011 (AUSCERT#20073f686)

Jonathan Levine jonathan at auscert.org.au
Fri Apr 1 16:17:22 EST 2011


AusCERT Week in Review
01 April 2011

External Security Bulletins:
- ----------------------------
Title: ESB-2011.0367 - [z/OS] IBM WebSphere Application Server: Unauthorised
       access - Remote/unauthenticated
Date:  01 April 2011
URL:   http://www.auscert.org.au/14186

Title: ESB-2011.0366 - [Debian] bind9: Denial of service -
       Remote/unauthenticated
Date:  01 April 2011
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/14185

Title: ESB-2011.0365 - [UNIX/Linux][RedHat] logrotate: Multiple
       vulnerabilities
Date:  01 April 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/14184

Title: ESB-2011.0364 - [RedHat] quagga: Denial of service -
       Remote/unauthenticated
Date:  01 April 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/14183

Title: ESB-2011.0363 - [Win][UNIX/Linux] Translation Management (Drupal
       third-party module): Cross-site scripting - Remote with user
       interaction
Date:  31 March 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/14182

Title: ESB-2011.0362 - [Win] EMC NetWorker Module for Microsoft
Applications:
       Execute arbitrary code/commands - Remote/unauthenticated
Date:  31 March 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/14181

Title: ESB-2011.0361 - [Cisco] Cisco Network Access Control: Unauthorised
       access - Remote/unauthenticated
Date:  31 March 2011
OS:    Cisco Products 
URL:   http://www.auscert.org.au/14180

Title: ESB-2011.0360 - ALERT [Cisco] Cisco Secure ACS: Unauthorised access -
       Remote/unauthenticated
Date:  31 March 2011
OS:    Cisco Products 
URL:   http://www.auscert.org.au/14179

Title: ESB-2011.0359 - [Debian] bind9: Denial of service -
       Remote/unauthenticated
Date:  31 March 2011
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/14178

Title: ESB-2011.0358.2 - UPDATE [Linux] VMware VIX API and VMware
Workstation:
       Execute arbitrary code/commands - Existing account
Date:  31 March 2011
OS:    Ubuntu, Debian GNU/Linux, SUSE, Other Linux Variants, Red Hat Linux 
URL:   http://www.auscert.org.au/14177

Title: ESB-2011.0357 - [Appliance] IBM WebSphere DataPower XC10 Appliance:
       Reduced security - Unknown/unspecified
Date:  30 March 2011
URL:   http://www.auscert.org.au/14176

Title: ESB-2011.0356 - [Win] Microsoft Windows Vista Service Pack 1: End of
       life announced
Date:  30 March 2011
OS:    Windows Vista 
URL:   http://www.auscert.org.au/14175

Title: ESB-2011.0355 - [Debian] tomcat5.5: Multiple vulnerabilities
Date:  30 March 2011
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/14174

Title: ESB-2011.0354 - [Win][UNIX/Linux][Debian] mahara: Multiple
       vulnerabilities
Date:  30 March 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/14173

Title: ESB-2011.0353 - [Win][UNIX/Linux] Zend Server: Execute arbitrary
       code/commands - Remote/unauthenticated
Date:  29 March 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/14172

Title: ESB-2011.0352 - [Win] HP Diagnostics: Cross-site scripting -
       Remote/unauthenticated
Date:  29 March 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/14171

Title: ESB-2011.0351 - [Win][UNIX/Linux] Symantec LiveUpdate Administrator:
       Cross-site request forgery - Remote with user interaction
Date:  29 March 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/14170

Title: ESB-2011.0350 - [RedHat] gdm: Increased privileges - Existing account
Date:  29 March 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/14169

Title: ESB-2011.0349 - [UNIX/Linux][RedHat] conga: Administrator compromise
-
       Remote/unauthenticated
Date:  29 March 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/14168

Title: ESB-2011.0348 - [RedHat] libtiff: Multiple vulnerabilities
Date:  29 March 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/14167

Title: ESB-2011.0347 - [RedHat] libvirt: Increased privileges - Existing
       account
Date:  29 March 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/14166

Title: ESB-2011.0346 - [UNIX/Linux][RedHat] rsync: Execute arbitrary
       code/commands - Remote with user interaction
Date:  29 March 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/14165

Title: ESB-2011.0345 - [UNIX/Linux][Debian] gdm3: Root compromise - Existing
       account
Date:  29 March 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/14164

Title: ESB-2011.0344 - [Solaris] EMC Data Protection Advisor Collector:
       Execute arbitrary code/commands - Existing account
Date:  28 March 2011
OS:    Solaris 
URL:   http://www.auscert.org.au/14163

Title: ESB-2011.0343 - [Win] Citrix: Execute arbitrary code/commands -
       Remote/unauthenticated
Date:  28 March 2011
OS:    Windows 2003, Windows Server 2008 
URL:   http://www.auscert.org.au/14162

Title: ESB-2011.0342 - [Win][UNIX/Linux][Debian] imp4: Cross-site scripting
-
       Remote/unauthenticated
Date:  28 March 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/14161

Title: ESB-2011.0341 - [Debian] nss: Provide misleading information -
       Remote/unauthenticated
Date:  28 March 2011
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/14160

===========================================================================
Australian Computer Emergency Response Team The University of Queensland
Brisbane Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================




More information about the AusNOG mailing list