[AusNOG] FW: AusCERT Week in Review - Week Ending 11/02/2011

Joel Hatton joel at auscert.org.au
Fri Feb 11 18:08:11 EST 2011


AusCERT Week in Review
11 February 2011

AusCERT is looking for Information Security Analysts in Brisbane -
applications close on the 25th of February:

http://www.seek.com.au/Job/information-security-analysts/in/brisbane-cbd-inn
er-suburbs/19061619


Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2011.0013 - [Win][UNIX/Linux] Java Runtime Environment: Denial of
       service - Remote/unauthenticated
Date:  10 February 2011
URL:   http://www.auscert.org.au/13952

Title: ASB-2011.0011 - [Win][UNIX/Linux] WordPress prior to version 3.0.5:
       Unauthorised access - Existing account
Date:  08 February 2011
URL:   http://www.auscert.org.au/13916

Title: ASB-2011.0012 - [Win][Linux] IBM Rational Team Concert: Cross-site
       scripting - Remote with user interaction
Date:  08 February 2011
URL:   http://www.auscert.org.au/13922

Title: ASB-2011.0009 - [Win][UNIX/Linux] Google Chrome: Multiple
       vulnerabilities
Date:  07 February 2011
URL:   http://www.auscert.org.au/13912

Title: ASB-2011.0010 - [Win][HP-UX][Solaris][AIX] IBM Rational Build Forge:
       Cross-site scripting - Remote with user interaction
Date:  07 February 2011
URL:   http://www.auscert.org.au/13913


External Security Bulletins:
- ----------------------------
Title: ESB-2011.0163 - [UNIX/Linux] Continuum: Cross-site scripting -
       Remote/unauthenticated 
Date:  11 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/13960

Title: ESB-2011.0162 - [UNIX/Linux] Continuum: Cross-site request forgery -
       Remote/unauthenticated 
Date:  11 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/13959

Title: ESB-2011.0161 - [RedHat] JBoss Enterprise Web Platform: Denial of
       service - Remote/unauthenticated 
Date:  11 February 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13958

Title: ESB-2011.0160 - [RedHat] JBoss Enterprise Web Platform: Denial of
       service - Remote/unauthenticated 
Date:  11 February 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13957

Title: ESB-2011.0159 - [RedHat] JBoss Enterprise Application Platform:
Denial
       of service - Remote/unauthenticated 
Date:  11 February 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13956

Title: ESB-2011.0158 - [RedHat] java-1.6.0-openjdk: Denial of service -
       Remote/unauthenticated 
Date:  11 February 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13955

Title: ESB-2011.0157 - [Win][UNIX/Linux][Debian] vlc: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  11 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13954

Title: ESB-2011.0156 - [UNIX/Linux][Debian] cgiirc: Cross-site scripting -
       Remote with user interaction 
Date:  10 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/13951

Title: ESB-2011.0155 - [RedHat] flash-plugin: Multiple vulnerabilities 
Date:  10 February 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13950

Title: ESB-2011.0154 - [Win] IBM Lotus Notes: Execute arbitrary
code/commands
       - Remote with user interaction 
Date:  09 February 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/13949

Title: ESB-2011.0153 - [Win][UNIX/Linux] IBM Informix Dynamic Server:
Execute
       arbitrary code/commands - Existing account 
Date:  09 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13948

Title: ESB-2011.0152 - [Win][Mac][OSX] Microsoft Office Powerpoint 2007:
       Execute arbitrary code/commands - Remote with user interaction 
Date:  09 February 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Mac
       OS X, Windows Server 2008 
URL:   http://www.auscert.org.au/13947

Title: ESB-2011.0151 - ALERT [Win][Mac][OSX] Microsoft Excel: Execute
       arbitrary code/commands - Remote with user interaction 
Date:  09 February 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Mac
       OS X, Windows Server 2008 
URL:   http://www.auscert.org.au/13946

Title: ESB-2011.0150 - ALERT [Win] Lotus Domino: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  09 February 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/13945

Title: ESB-2011.0149 - [SUSE][OpenSUSE] SUSE: Multiple vulnerabilities 
Date:  09 February 2011
OS:    Other Linux Variants, SUSE 
URL:   http://www.auscert.org.au/13944

Title: ESB-2011.0148 - [Appliance] HP StorageWorks X9000 Network Storage
       Systems: Unauthorised access - Remote/unauthenticated 
Date:  09 February 2011
OS:    HP-UX 
URL:   http://www.auscert.org.au/13943

Title: ESB-2011.0147 - [Win][Linux] HP Power Manager (HPPM): Cross-site
       request forgery - Remote with user interaction 
Date:  09 February 2011
OS:    Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux,
       HP-UX, Windows XP, SUSE, Windows 2000, Windows Vista, Windows Server
       2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13942

Title: ESB-2011.0146 - [UNIX/Linux][Ubuntu] dovecot: Multiple
vulnerabilities 
Date:  09 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/13941

Title: ESB-2011.0145 - [UNIX/Linux][RedHat] krb5: Denial of service -
       Remote/unauthenticated 
Date:  09 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/13940

Title: ESB-2011.0144 - [VMware ESX] VMware ESX and ESXi: Denial of service -
       Remote/unauthenticated 
Date:  09 February 2011
OS:    Virtualisation 
URL:   http://www.auscert.org.au/13939

Title: ESB-2011.0143 - [Win][UNIX/Linux] ColdFusion: Multiple
vulnerabilities 
Date:  09 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13938

Title: ESB-2011.0142 - ALERT [Win][UNIX/Linux] Adobe Reader and Acrobat:
       Multiple vulnerabilities 
Date:  09 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13937

Title: ESB-2011.0141 - ALERT [Win][Linux][Solaris][OpenSolaris][Mac][OSX]
       Adobe Flash Player: Execute arbitrary code/commands - Remote with
user
       interaction 
Date:  09 February 2011
OS:    Solaris, Windows 2003, Red Hat Linux, Windows 7, Mac OS X, Ubuntu,
       Debian GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista,
Other
       Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13936

Title: ESB-2011.0140 - ALERT [Win][Mac][OSX] Adobe Shockwave Player: Execute
       arbitrary code/commands - Remote with user interaction 
Date:  09 February 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Mac
       OS X, Windows Server 2008 
URL:   http://www.auscert.org.au/13935

Title: ESB-2011.0139 - [Win] Local Security Authority Subsystem Service
       (LSASS): Increased privileges - Existing account 
Date:  09 February 2011
OS:    Windows 2003, Windows XP 
URL:   http://www.auscert.org.au/13934

Title: ESB-2011.0138 - [Win] Windows Kerberos: Multiple vulnerabilities 
Date:  09 February 2011
OS:    Windows 2003, Windows XP, Windows Server 2008, Windows 7 
URL:   http://www.auscert.org.au/13933

Title: ESB-2011.0137 - [Win] Windows Kernel-Mode Drivers: Multiple
       vulnerabilities 
Date:  09 February 2011
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL:   http://www.auscert.org.au/13932

Title: ESB-2011.0136 - [Win] Windows Kernel: Multiple vulnerabilities 
Date:  09 February 2011
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL:   http://www.auscert.org.au/13931

Title: ESB-2011.0135 - [Win] Windows Client/Server Run-time Subsystem
(CSRSS):
       Increased privileges - Existing account 
Date:  09 February 2011
OS:    Windows 2003, Windows XP 
URL:   http://www.auscert.org.au/13930

Title: ESB-2011.0134 - [Win] JScript and VBScript Scripting Engines:
Read-only
       data access - Remote with user interaction 
Date:  09 February 2011
OS:    Windows Server 2008, Windows 7 
URL:   http://www.auscert.org.au/13929

Title: ESB-2011.0133 - [Win] Microsoft Visio: Execute arbitrary
code/commands
       - Remote with user interaction 
Date:  09 February 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/13928

Title: ESB-2011.0132 - [Win] Active Directory: Denial of service - Existing
       account 
Date:  09 February 2011
OS:    Windows 2003 
URL:   http://www.auscert.org.au/13927

Title: ESB-2011.0131 - ALERT [Win] Microsoft FTP Service for IIS : Execute
       arbitrary code/commands - Remote/unauthenticated 
Date:  09 February 2011
OS:    Windows Vista, Windows Server 2008, Windows 7 
URL:   http://www.auscert.org.au/13926

Title: ESB-2011.0130 - ALERT [Win] Microsoft Windows: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  09 February 2011
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL:   http://www.auscert.org.au/13925

Title: ESB-2011.0129 - ALERT [Win] Microsoft Windows: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  09 February 2011
OS:    Windows 2003, Windows XP, Windows Vista, Windows Server 2008 
URL:   http://www.auscert.org.au/13924

Title: ESB-2011.0128 - ALERT [Win] Microsoft Internet Explorer: Execute
       arbitrary code/commands - Remote with user interaction 
Date:  09 February 2011
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL:   http://www.auscert.org.au/13923

Title: ESB-2011.0127 - [Win][HP-UX][Solaris][AIX] EMC Replication Manager
       Client and Networker Module: Execute arbitrary code/commands -
       Remote/unauthenticated 
Date:  08 February 2011
OS:    Solaris, Windows 2003, HP-UX, Windows XP, Windows 2000, Windows 7,
AIX,
       Windows Vista, Windows Server 2008 
URL:   http://www.auscert.org.au/13921

Title: ESB-2011.0126 - [Win][Netware][Linux][Solaris][AIX] Novell
eDirectory:
       Denial of service - Remote/unauthenticated 
Date:  08 February 2011
OS:    Solaris, Windows 2003, Red Hat Linux, Windows 7, Novell Netware,
       Ubuntu, Debian GNU/Linux, Windows XP, SUSE, Windows 2000, AIX,
Windows
       Vista, Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13920

Title: ESB-2011.0125 - [Win] Computer Associates eTrust Secure Content
       Manager: Execute arbitrary code/commands - Remote/unauthenticated 
Date:  08 February 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/13919

Title: ESB-2011.0124 - [SCO] SCO OpenServer IMAP daemon: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  08 February 2011
URL:   http://www.auscert.org.au/13918

Title: ESB-2011.0123.2 - UPDATE [Win][Linux][HP-UX][Solaris][AIX] Data
       Protector: Execute arbitrary code/commands - Remote/unauthenticated 
Date:  08 February 2011
OS:    Windows Server 2008, Other Linux Variants, Windows Vista, AIX,
Windows
       2000, SUSE, HP-UX, Windows XP, Ubuntu, Debian GNU/Linux, Windows 7,
Red
       Hat Linux, Windows 2003, Solaris 
URL:   http://www.auscert.org.au/13917

Title: ESB-2011.0122 - [SUSE] kernel-rt: Multiple vulnerabilities 
Date:  08 February 2011
OS:    SUSE 
URL:   http://www.auscert.org.au/13915

Title: ESB-2011.0121 - [Win] IBM Lotus Notes & Domino: Denial of service -
       Remote/unauthenticated 
Date:  07 February 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/13914

Title: ESB-2011.0120 - [UNIX/Linux] OpenSSH: Access confidential data -
Remote
       with user interaction 
Date:  07 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/13911

Title: ESB-2011.0119 - [Win][UNIX/Linux] Tomcat: Multiple vulnerabilities 
Date:  07 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13910

Title: ESB-2011.0112.2 - UPDATE [Win][UNIX/Linux] Drupal third-party
modules:
       Access confidential data - Remote with user interaction 
Date:  08 February 2011
OS:    Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
AIX,
       OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
       Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
       2003, Solaris, HP Tru64 UNIX, IRIX 
URL:   http://www.auscert.org.au/13903



===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================





More information about the AusNOG mailing list