[AusNOG] AusCERT Week in Review - Week Ending 15/04/2011 (AUSCERT#20073f686)

zane at auscert.org.au zane at auscert.org.au
Fri Apr 15 16:54:46 EST 2011


AusCERT Week in Review
15 April 2011


AusCERT in the Media:
---------------------

Papers, Articles and other documents:
-------------------------------------


Web Log Entries:
----------------


Alerts, Advisories and Updates:
-------------------------------


External Security Bulletins:
----------------------------
Title: ESB-2011.0441 - [Mac][OSX] Apple Mac OS X: Provide misleading
       information - Remote/unauthenticated 
Date:  15 April 2011
OS:    Mac OS X 
URL:   http://www.auscert.org.au/14263

Title: ESB-2011.0440 - [Win][Mac][OSX] Safari 5.0.4 and prior: Execute
       arbitrary code/commands - Remote with user interaction 
Date:  15 April 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008, Mac OS X 
URL:   http://www.auscert.org.au/14262

Title: ESB-2011.0439 - [Apple iOS] Apple iOS: Multiple vulnerabilities 
Date:  15 April 2011
OS:    Apple iOS 
URL:   http://www.auscert.org.au/14261

Title: ESB-2011.0438 - [RedHat] krb5: Denial of service -
       Remote/unauthenticated 
Date:  15 April 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/14260

Title: ESB-2011.0437 - [Win] CA Total Defense Suite: Multiple vulnerabilities 
Date:  14 April 2011
OS:    Windows 2003, Windows Server 2008, Windows 7 
URL:   http://www.auscert.org.au/14259

Title: ESB-2011.0436 - [Win][Linux][HP-UX][Solaris] HP Network Node Manager i:
       Unauthorised access - Existing account 
Date:  14 April 2011
OS:    Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
       Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista, Windows
       Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/14258

Title: ESB-2011.0435 - [Win][Linux][HP-UX][Solaris] HP Network Node Manager i:
       Denial of service - Remote/unauthenticated 
Date:  14 April 2011
OS:    Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
       Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista, Windows
       Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/14257

Title: ESB-2011.0434 - [UNIX/Linux] kadmind: Denial of service -
       Remote/unauthenticated 
Date:  14 April 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/14256

Title: ESB-2011.0433 - [RedHat] rhev-hypervisor: Denial of service -
       Remote/unauthenticated 
Date:  14 April 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/14255

Title: ESB-2011.0432 - [SUSE][OpenSUSE] xorg-x11: Root compromise -
       Remote/unauthenticated 
Date:  14 April 2011
OS:    Other Linux Variants, SUSE 
URL:   http://www.auscert.org.au/14254

Title: ESB-2011.0431 - [Win][Netware][Linux][Solaris][AIX] BlackBerry
       Enterprise Server: Cross-site scripting - Remote with user interaction 
Date:  13 April 2011
OS:    Solaris, Windows 2003, Red Hat Linux, Windows 7, Novell Netware,
       Ubuntu, Debian GNU/Linux, Windows XP, SUSE, Windows 2000, AIX, Windows
       Vista, Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/14253

Title: ESB-2011.0430 - [Win][Netware][Linux][Solaris][AIX] BlackBerry
       Enterprise Server: Multiple vulnerabilities 
Date:  13 April 2011
OS:    Solaris, Windows 2003, Red Hat Linux, Windows 7, Novell Netware,
       Ubuntu, Debian GNU/Linux, Windows XP, SUSE, Windows 2000, AIX, Windows
       Vista, Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/14252

Title: ESB-2011.0429 - [HP-UX] BIND: Denial of service -
       Remote/unauthenticated 
Date:  13 April 2011
OS:    HP-UX 
URL:   http://www.auscert.org.au/14251

Title: ESB-2011.0428 - [HP-UX] NFS/ONCplus: Denial of service -
       Remote/unauthenticated 
Date:  13 April 2011
OS:    HP-UX 
URL:   http://www.auscert.org.au/14250

Title: ESB-2011.0427 - [RedHat] avahi: Denial of service - Existing account 
Date:  13 April 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/14249

Title: ESB-2011.0426 - [Win][UNIX/Linux] RealPlayer: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  13 April 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/14248

Title: ESB-2011.0425 - [RedHat] kernel: Multiple vulnerabilities 
Date:  13 April 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/14247

Title: ESB-2011.0424 - [Win][UNIX/Linux][Debian] vlc: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  13 April 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/14246

Title: ESB-2011.0423 - [Win] Microsoft Windows: Administrator compromise -
       Existing account 
Date:  13 April 2011
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server 2008
URL:   http://www.auscert.org.au/14245

Title: ESB-2011.0422 - [Win] Microsoft Windows: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  13 April 2011
OS:    Windows 2003, Windows XP 
URL:   http://www.auscert.org.au/14244

Title: ESB-2011.0421 - ALERT [Win] Microsoft Windows: Administrator compromise
       - Remote with user interaction 
Date:  13 April 2011
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server 2008
URL:   http://www.auscert.org.au/14243

Title: ESB-2011.0420 - ALERT [Win] Microsoft Windows: Administrator compromise
       - Remote with user interaction 
Date:  13 April 2011
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server 2008
URL:   http://www.auscert.org.au/14242

Title: ESB-2011.0419 - ALERT [Win] Microsoft Windows: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  13 April 2011
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server 2008
URL:   http://www.auscert.org.au/14241

Title: ESB-2011.0418 - [Win] Microsoft Office XP Service Pack 3: Execute
       arbitrary code/commands - Remote with user interaction 
Date:  13 April 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/14240

Title: ESB-2011.0417 - ALERT [Win] Microsoft .NET Framework: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  13 April 2011
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server 2008
URL:   http://www.auscert.org.au/14239

Title: ESB-2011.0416 - ALERT [Win] Microsoft Windows: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  13 April 2011
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server 2008
URL:   http://www.auscert.org.au/14238

Title: ESB-2011.0415 - [Win] Microsoft Windows: Reduced security - Remote with
       user interaction 
Date:  13 April 2011
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server 2008
URL:   http://www.auscert.org.au/14237

Title: ESB-2011.0414 - [Win] Microsoft Visual Studio and Microsoft Visual C++:
       Execute arbitrary code/commands - Remote with user interaction 
Date:  13 April 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/14236

Title: ESB-2011.0413 - [Win] Microsoft Windows: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  13 April 2011
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server 2008
URL:   http://www.auscert.org.au/14235

Title: ESB-2011.0412 - [Win][Mac][OSX] Microsoft Office: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  13 April 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008, Mac OS X 
URL:   http://www.auscert.org.au/14234

Title: ESB-2011.0411 - [Win][Mac][OSX] Microsoft PowerPoint: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  13 April 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Mac
       OS X, Windows Server 2008 
URL:   http://www.auscert.org.au/14233

Title: ESB-2011.0410 - [Win][Mac][OSX] Microsoft Excel: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  13 April 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Mac
       OS X, Windows Server 2008 
URL:   http://www.auscert.org.au/14232

Title: ESB-2011.0409 - ALERT [Win] Microsoft Windows: Execute arbitrary
       code/commands - Existing account 
Date:  13 April 2011
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server 2008
URL:   http://www.auscert.org.au/14231

Title: ESB-2011.0408 - ALERT [Win] Microsoft Windows: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  13 April 2011
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server 2008
URL:   http://www.auscert.org.au/14230

Title: ESB-2011.0407 - ALERT [Win] Microsoft Internet Explorer 6, 7 and 8:
       Multiple vulnerabilities 
Date:  13 April 2011
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server 2008
URL:   http://www.auscert.org.au/14229

Title: ESB-2011.0406 - [Printer] Hewlett-Packard Photosmart Printers: Multiple
       vulnerabilities 
Date:  12 April 2011
OS:    Printer 
URL:   http://www.auscert.org.au/14228

Title: ESB-2011.0405 - ALERT [Win][Linux][Solaris][Mac][OSX] Adobe Flash
       Player, Adobe Reader and Adobe Acrobat: Execute arbitrary code/commands
       - Remote with user interaction 
Date:  12 April 2011
OS:    Solaris, Windows 2003, Red Hat Linux, Windows 7, Mac OS X, Ubuntu,
       Debian GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Other
       Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/14227

Title: ESB-2011.0404 - [Win][Netware][Linux] Novell Zenworks: Execute
       arbitrary code/commands - Remote/unauthenticated 
Date:  12 April 2011
OS:    Windows 2003, Red Hat Linux, Windows 7, Novell Netware, Ubuntu, Debian
       GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Windows
       Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/14226

Title: ESB-2011.0403 - [Win] McAfee Firewall Reporter: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  12 April 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/14225

Title: ESB-2011.0402 - [RedHat] Red Hat Network Satellite Server: Multiple
       vulnerabilities 
Date:  12 April 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/14224

Title: ESB-2011.0401 - [RedHat] xorg-x11 and xorg-x11-server-utils: Root
       compromise - Remote/unauthenticated 
Date:  12 April 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/14223

Title: ESB-2011.0400 - [Debian] dhcp3: Execute arbitrary code/commands -
       Remote/unauthenticated 
Date:  11 April 2011
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/14222

Title: ESB-2011.0399 - [Debian] isc-dhcp: Execute arbitrary code/commands -
       Remote/unauthenticated 
Date:  11 April 2011
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/14221

Title: ESB-2011.0398 - [Linux][Debian] gitolite: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  11 April 2011
OS:    Red Hat Linux, Other Linux Variants, SUSE, Debian GNU/Linux, Ubuntu 
URL:   http://www.auscert.org.au/14220

Title: ESB-2011.0397 - [Win][UNIX/Linux][Debian] ikiwiki: Cross-site scripting
       - Remote with user interaction 
Date:  11 April 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/14219

Title: ESB-2011.0396 - [Debian] x11-xserver-utils: Root compromise -
       Remote/unauthenticated 
Date:  11 April 2011
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/14218

Title: ESB-2011.0395 - [RedHat] dhcp: Execute arbitrary code/commands -
       Remote/unauthenticated 
Date:  11 April 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/14217

Title: ESB-2011.0380.2 - UPDATE [Win][Linux][HP-UX][Solaris] HP Network Node
       Manager i: Access privileged data - Remote/unauthenticated 
Date:  15 April 2011
OS:    Other Linux Variants, Windows Server 2008, Windows Vista, Windows 2000,
       SUSE, HP-UX, Windows XP, Ubuntu, Debian GNU/Linux, Windows 7, Red Hat
       Linux, Windows 2003, Solaris 
URL:   http://www.auscert.org.au/14200

Title: ESB-2011.0305.2 - UPDATE [Win] VMware vCenter Orchestrator(vCO) :
       Execute arbitrary code/commands - Remote/unauthenticated 
Date:  13 April 2011
OS:    Virtualisation 
URL:   http://www.auscert.org.au/14115



===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================





More information about the AusNOG mailing list