[AusNOG] AusCERT Week in Review - Week Ending 29/04/2011 (AUSCERT#20073F686)

Richard Billington richard at auscert.org.au
Fri Apr 29 15:22:27 EST 2011


AusCERT Week in Review
29 April 2011


Alerts, Advisories and Updates:
- - -------------------------------
Title: ASB-2011.0034 - [Win][UNIX/Linux] Firefox, Thunderbird and SeaMonkey:
       Multiple vulnerabilities 
Date:  29 April 2011
URL:   http://www.auscert.org.au/14314

Title: ASB-2011.0033 - [Win][UNIX/Linux] Chrome Web Browser: Reduced security
       - Unknown/unspecified 
Date:  28 April 2011
URL:   http://www.auscert.org.au/14313

Title: ASB-2011.0032 - [Win][UNIX/Linux] WordPress: Reduced security -
       Existing account 
Date:  27 April 2011
URL:   http://www.auscert.org.au/14307


External Security Bulletins:
- - ----------------------------
Title: ESB-2010.1105.4 - UPDATE [VMware ESX] VMware ESX 3.5: Multiple
       vulnerabilities 
Date:  29 April 2011
OS:    Virtualisation 
URL:   http://www.auscert.org.au/13685

Title: ESB-2011.0488 - [RedHat] firefox, thunderbird, seamonkey: Multiple
       vulnerabilities 
Date:  29 April 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/14318

Title: ESB-2011.0487 - [SUSE] kernel: Multiple vulnerabilities 
Date:  29 April 2011
OS:    SUSE 
URL:   http://www.auscert.org.au/14317

Title: ESB-2011.0486 - [Win] OpenView Storage Data Protector: Execute
       arbitrary code/commands - Remote/unauthenticated 
Date:  29 April 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/14316

Title: ESB-2011.0485 - [VMware ESX] ESX 4: Denial of service -
       Remote/unauthenticated 
Date:  29 April 2011
OS:    Virtualisation 
URL:   http://www.auscert.org.au/14315

Title: ESB-2011.0484 - [Win][UNIX/Linux] Node Reference URL Widget (Drupal
       third-party module): Cross-site scripting - Remote with user
       interaction 
Date:  28 April 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/14312

Title: ESB-2011.0483 - [Win][UNIX/Linux] Save Draft (Drupal third-party
       module): Reduced security - Unknown/unspecified 
Date:  28 April 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/14311

Title: ESB-2011.0482 - [Cisco] Cisco Wireless LAN Controllers: Denial of
       service - Remote/unauthenticated 
Date:  28 April 2011
OS:    Cisco Products 
URL:   http://www.auscert.org.au/14310

Title: ESB-2011.0481 - [Cisco] Cisco Unified Communications Manager: Multiple
       vulnerabilities 
Date:  28 April 2011
OS:    Cisco Products 
URL:   http://www.auscert.org.au/14309

Title: ESB-2011.0480 - [Win][RedHat][Solaris] Arcot WebFort Versatile
       Authentication Server: Cross-site scripting - Remote with user
       interaction 
Date:  28 April 2011
OS:    Solaris, Windows 2003, Red Hat Linux, Windows XP, Windows 2000, Windows
       7, Windows Vista, Windows Server 2008 
URL:   http://www.auscert.org.au/14308

Title: ESB-2011.0479 - [Win][Mac][OSX] Adobe Reader and Acrobat: Execute
       arbitrary code/commands - Remote with user interaction 
Date:  27 April 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Mac
       OS X, Windows Server 2008 
URL:   http://www.auscert.org.au/14306

Title: ESB-2011.0478 - [Win] Output Management Web Viewer: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  27 April 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/14305

Title: ESB-2011.0477 - [Win][RedHat][HP-UX][Solaris] SiteMinder: Increased
       privileges - Existing account 
Date:  27 April 2011
OS:    Solaris, Windows 2003, Red Hat Linux, Windows XP, HP-UX, Windows 2000,
       Windows 7, Windows Vista, Windows Server 2008 
URL:   http://www.auscert.org.au/14304

Title: ESB-2011.0476 - [NetBSD] dhclient: Execute arbitrary code/commands -
       Remote/unauthenticated 
Date:  27 April 2011
OS:    Other BSD Variants 
URL:   http://www.auscert.org.au/14303

Title: ESB-2011.0475 - [Win][UNIX/Linux] SiteScope: Cross-site scripting -
       Remote with user interaction 
Date:  27 April 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/14302

Title: ESB-2011.0474 - [Win][Linux][Solaris] Network Automation: Access
       confidential data - Remote/unauthenticated 
Date:  27 April 2011
OS:    Solaris, Windows 2003, Red Hat Linux, Windows 7, Debian GNU/Linux,
       Ubuntu, Windows XP, SUSE, Windows Vista, Other Linux Variants, Windows
       Server 2008 
URL:   http://www.auscert.org.au/14301

Title: ESB-2011.0473 - [Win] Virtual Server Environment: Increased privileges
       - Remote/unauthenticated 
Date:  27 April 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/14300

Title: ESB-2011.0472 - [Win] Insight Control performance management: Multiple
       vulnerabilities 
Date:  27 April 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/14299

Title: ESB-2011.0471 - [Win][Linux][HP-UX][Solaris] OpenView Storage Data
       Protector 6: Execute arbitrary code/commands - Remote/unauthenticated 
Date:  27 April 2011
OS:    Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
       Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista, Windows
       Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/14298

Title: ESB-2011.0470 - [RedHat] kdenetwork: Execute arbitrary code/commands -
       Remote with user interaction 
Date:  27 April 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/14297

Title: ESB-2011.0469 - [UNIX/Linux][RedHat] kdelibs: Multiple vulnerabilities 
Date:  27 April 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/14296

Title: ESB-2011.0468 - [UNIX/Linux][Debian] libmodplug: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  27 April 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/14295

Title: ESB-2011.0467 - [UNIX/Linux][Debian] asterisk: Multiple vulnerabilities
Date:  27 April 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/14294

Title: ESB-2011.0270.2 - UPDATE [VMware ESX] VMware ESX and VMware ESXi:
       Multiple vulnerabilities 
Date:  29 April 2011
OS:    Virtualisation 
URL:   http://www.auscert.org.au/14078

Title: ESB-2011.0010.3 - UPDATE [VMware ESX] VMWare: Multiple vulnerabilities 
Date:  29 April 2011
OS:    Virtualisation 
URL:   http://www.auscert.org.au/13787



===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================




More information about the AusNOG mailing list