[AusNOG] AusCERT Week in Review - Week Ending 01/04/2011 (AUSCERT#20073f686)
Jonathan Levine
jonathan at auscert.org.au
Fri Apr 1 16:17:22 EST 2011
AusCERT Week in Review
01 April 2011
External Security Bulletins:
- ----------------------------
Title: ESB-2011.0367 - [z/OS] IBM WebSphere Application Server: Unauthorised
access - Remote/unauthenticated
Date: 01 April 2011
URL: http://www.auscert.org.au/14186
Title: ESB-2011.0366 - [Debian] bind9: Denial of service -
Remote/unauthenticated
Date: 01 April 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14185
Title: ESB-2011.0365 - [UNIX/Linux][RedHat] logrotate: Multiple
vulnerabilities
Date: 01 April 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/14184
Title: ESB-2011.0364 - [RedHat] quagga: Denial of service -
Remote/unauthenticated
Date: 01 April 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14183
Title: ESB-2011.0363 - [Win][UNIX/Linux] Translation Management (Drupal
third-party module): Cross-site scripting - Remote with user
interaction
Date: 31 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14182
Title: ESB-2011.0362 - [Win] EMC NetWorker Module for Microsoft
Applications:
Execute arbitrary code/commands - Remote/unauthenticated
Date: 31 March 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/14181
Title: ESB-2011.0361 - [Cisco] Cisco Network Access Control: Unauthorised
access - Remote/unauthenticated
Date: 31 March 2011
OS: Cisco Products
URL: http://www.auscert.org.au/14180
Title: ESB-2011.0360 - ALERT [Cisco] Cisco Secure ACS: Unauthorised access -
Remote/unauthenticated
Date: 31 March 2011
OS: Cisco Products
URL: http://www.auscert.org.au/14179
Title: ESB-2011.0359 - [Debian] bind9: Denial of service -
Remote/unauthenticated
Date: 31 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14178
Title: ESB-2011.0358.2 - UPDATE [Linux] VMware VIX API and VMware
Workstation:
Execute arbitrary code/commands - Existing account
Date: 31 March 2011
OS: Ubuntu, Debian GNU/Linux, SUSE, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/14177
Title: ESB-2011.0357 - [Appliance] IBM WebSphere DataPower XC10 Appliance:
Reduced security - Unknown/unspecified
Date: 30 March 2011
URL: http://www.auscert.org.au/14176
Title: ESB-2011.0356 - [Win] Microsoft Windows Vista Service Pack 1: End of
life announced
Date: 30 March 2011
OS: Windows Vista
URL: http://www.auscert.org.au/14175
Title: ESB-2011.0355 - [Debian] tomcat5.5: Multiple vulnerabilities
Date: 30 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14174
Title: ESB-2011.0354 - [Win][UNIX/Linux][Debian] mahara: Multiple
vulnerabilities
Date: 30 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14173
Title: ESB-2011.0353 - [Win][UNIX/Linux] Zend Server: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 29 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14172
Title: ESB-2011.0352 - [Win] HP Diagnostics: Cross-site scripting -
Remote/unauthenticated
Date: 29 March 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/14171
Title: ESB-2011.0351 - [Win][UNIX/Linux] Symantec LiveUpdate Administrator:
Cross-site request forgery - Remote with user interaction
Date: 29 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14170
Title: ESB-2011.0350 - [RedHat] gdm: Increased privileges - Existing account
Date: 29 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14169
Title: ESB-2011.0349 - [UNIX/Linux][RedHat] conga: Administrator compromise
-
Remote/unauthenticated
Date: 29 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/14168
Title: ESB-2011.0348 - [RedHat] libtiff: Multiple vulnerabilities
Date: 29 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14167
Title: ESB-2011.0347 - [RedHat] libvirt: Increased privileges - Existing
account
Date: 29 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14166
Title: ESB-2011.0346 - [UNIX/Linux][RedHat] rsync: Execute arbitrary
code/commands - Remote with user interaction
Date: 29 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/14165
Title: ESB-2011.0345 - [UNIX/Linux][Debian] gdm3: Root compromise - Existing
account
Date: 29 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/14164
Title: ESB-2011.0344 - [Solaris] EMC Data Protection Advisor Collector:
Execute arbitrary code/commands - Existing account
Date: 28 March 2011
OS: Solaris
URL: http://www.auscert.org.au/14163
Title: ESB-2011.0343 - [Win] Citrix: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 28 March 2011
OS: Windows 2003, Windows Server 2008
URL: http://www.auscert.org.au/14162
Title: ESB-2011.0342 - [Win][UNIX/Linux][Debian] imp4: Cross-site scripting
-
Remote/unauthenticated
Date: 28 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14161
Title: ESB-2011.0341 - [Debian] nss: Provide misleading information -
Remote/unauthenticated
Date: 28 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14160
===========================================================================
Australian Computer Emergency Response Team The University of Queensland
Brisbane Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list