[AusNOG] AusCERT Week in Review - Week Ending 21/04/2011 (AUSCERT#20073F686)
Zane Jarvis
zane at auscert.org.au
Thu Apr 21 17:43:29 EST 2011
AusCERT Week in Review
21 April 2011
AusCERT in the Media:
---------------------
Papers, Articles and other documents:
-------------------------------------
Web Log Entries:
----------------
Title: Website Compromise - Vectors and Mitigations
Date: 18 April 2011
URL: http://www.auscert.org.au/14266
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2011.0031 - ALERT [Win][UNIX/Linux] Oracle Products: Reduced
security - Remote/unauthenticated
Date: 21 April 2011
URL: http://www.auscert.org.au/14293
Title: ASB-2011.0028 - [Win][UNIX/Linux] Chrome Web Browser: Execute arbitrary
code/commands - Remote with user interaction
Date: 18 April 2011
URL: http://www.auscert.org.au/14265
Title: ASB-2011.0029 - [Win][UNIX/Linux] wireshark: Execute arbitrary
code/commands - Remote with user interaction
Date: 18 April 2011
URL: http://www.auscert.org.au/14267
Title: ASB-2011.0030 - [Win][Linux][HP-UX][Solaris][AIX] Tivoli Directory
Server: Multiple vulnerabilities
Date: 18 April 2011
URL: http://www.auscert.org.au/14268
External Security Bulletins:
----------------------------
Title: ESB-2011.0466 - [Win][Linux] HP Systems Insight Manager: Multiple
vulnerabilities
Date: 21 April 2011
OS: Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux, Ubuntu,
HP-UX, Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/14292
Title: ESB-2011.0465 - [Win][Linux] HP System Management Homepage: Multiple
vulnerabilities
Date: 21 April 2011
OS: Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux, Ubuntu,
HP-UX, Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/14291
Title: ESB-2011.0464 - [Win][Linux] HP Proliant Support Pack: Multiple
vulnerabilities
Date: 21 April 2011
OS: Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux, Ubuntu,
HP-UX, Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/14290
Title: ESB-2011.0463 - [Win][Linux][HP-UX][Solaris] HP Performance Insight:
Access confidential data - Remote/unauthenticated
Date: 21 April 2011
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14289
Title: ESB-2011.0462 - [Linux] Insight Control for Linux (IC-Linux): Multiple
vulnerabilities
Date: 21 April 2011
OS: Red Hat Linux, HP-UX, SUSE, Other Linux Variants, Debian GNU/Linux,
Ubuntu
URL: http://www.auscert.org.au/14288
Title: ESB-2011.0461 - [RedHat] JBoss Enterprise SOA Platform 4.3.0.CP04 and
5.1.0: Execute arbitrary code/commands - Remote/unauthenticated
Date: 21 April 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14287
Title: ESB-2011.0460 - [RedHat] jboss-seam: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 21 April 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14286
Title: ESB-2011.0459 - [RedHat] jboss-seam2: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 21 April 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14285
Title: ESB-2011.0458 - [Win][UNIX/Linux][RedHat] jboss-seam2: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 21 April 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14284
Title: ESB-2011.0457 - [Debian] openjdk-6: Multiple vulnerabilities
Date: 21 April 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14283
Title: ESB-2011.0456 - [Win][UNIX/Linux][Debian] doctrine: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 21 April 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14282
Title: ESB-2011.0455 - [Linux][BSD][Debian][Mac][OSX] tinyproxy: Unauthorised
access - Remote/unauthenticated
Date: 21 April 2011
OS: Red Hat Linux, Other BSD Variants, SUSE, OpenBSD, FreeBSD, Other Linux
Variants, Mac OS X, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/14281
Title: ESB-2011.0454 - [FreeBSD] mountd: Unauthorised access -
Remote/unauthenticated
Date: 21 April 2011
OS: FreeBSD
URL: http://www.auscert.org.au/14280
Title: ESB-2011.0453 - [Win][RedHat] RSA Adaptive Authentication (On-Premise):
Cross-site scripting - Remote with user interaction
Date: 20 April 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/14279
Title: ESB-2011.0452 - [Win][Linux][HP-UX][Solaris][AIX] EMC NetWorker:
Increased privileges - Existing account
Date: 20 April 2011
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
GNU/Linux, Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14278
Title: ESB-2011.0451 - [Win][Linux][HP-UX][Solaris] HP Network Node Manager i
(NNMi): Unauthorised access - Remote/unauthenticated
Date: 20 April 2011
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
GNU/Linux, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista, Other
Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14277
Title: ESB-2011.0450 - [Linux][RedHat] polkit: Root compromise - Existing
account
Date: 20 April 2011
OS: Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/14276
Title: ESB-2011.0449 - [UNIX/Linux][Debian] request-tracker: Multiple
vulnerabilities
Date: 20 April 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/14275
Title: ESB-2011.0448 - [SUSE][OpenSUSE] SUSE Packages: Multiple
vulnerabilities
Date: 20 April 2011
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/14274
Title: ESB-2011.0447 - [SUSE] flash-player: Execute arbitrary code/commands -
Remote with user interaction
Date: 19 April 2011
OS: SUSE
URL: http://www.auscert.org.au/14273
Title: ESB-2011.0446 - [Win][UNIX/Linux][RedHat] libtiff: Execute arbitrary
code/commands - Remote with user interaction
Date: 19 April 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14272
Title: ESB-2011.0445 - [RedHat] flash-plugin: Execute arbitrary code/commands
- Remote with user interaction
Date: 19 April 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14271
Title: ESB-2011.0444 - [Win][UNIX/Linux][Debian] xmlsec1: Modify arbitrary
files - Remote with user interaction
Date: 19 April 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14270
Title: ESB-2011.0443 - [Win][Mac][OSX] iTunes: Execute arbitrary code/commands
- Remote with user interaction
Date: 19 April 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Mac
OS X, Windows Server 2008
URL: http://www.auscert.org.au/14269
Title: ESB-2011.0442 - ALERT [Win][Linux][Mobile][Solaris][Mac][OSX] Adobe
Flash Player and AIR: Execute arbitrary code/commands - Remote with
user interaction
Date: 18 April 2011
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Mac OS X, Debian
GNU/Linux, Ubuntu, Windows XP, SUSE, Windows 2000, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14264
Title: ESB-2011.0441 - [Mac][OSX] Apple Mac OS X: Provide misleading
information - Remote/unauthenticated
Date: 15 April 2011
OS: Mac OS X
URL: http://www.auscert.org.au/14263
Title: ESB-2011.0440 - [Win][Mac][OSX] Safari 5.0.4 and prior: Execute
arbitrary code/commands - Remote with user interaction
Date: 15 April 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008, Mac OS X
URL: http://www.auscert.org.au/14262
Title: ESB-2011.0439 - [Apple iOS] Apple iOS: Multiple vulnerabilities
Date: 15 April 2011
OS: Apple iOS
URL: http://www.auscert.org.au/14261
Title: ESB-2011.0438 - [RedHat] krb5: Denial of service -
Remote/unauthenticated
Date: 15 April 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14260
Title: ESB-2011.0380.2 - UPDATE [Win][Linux][HP-UX][Solaris] HP Network Node
Manager i: Access privileged data - Remote/unauthenticated
Date: 15 April 2011
OS: Other Linux Variants, Windows Server 2008, Windows Vista, Windows 2000,
SUSE, HP-UX, Windows XP, Ubuntu, Debian GNU/Linux, Windows 7, Red Hat
Linux, Windows 2003, Solaris
URL: http://www.auscert.org.au/14200
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list