[AusNOG] AusCERT Week in Review - Week Ending 25/02/2011 (AUSCERT#20073f686)

Jonathan Levine jonathan at auscert.org.au
Fri Feb 25 16:22:19 EST 2011 

Greetings,

AusCERT would like to extend our sympathies to everyone who has been
affected by the recent earthquake in New Zealand. Our thoughts are with you.

Regards,
Jonathan

AusCERT Week in Review
25 February 2011

Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2011.0018 - [Win][UNIX/Linux] TYPO3: Cross-site request forgery -
       Remote with user interaction
Date:  21 February 2011
URL:   http://www.auscert.org.au/14000

External Security Bulletins:
- ----------------------------
Title: ESB-2011.0220 - [UNIX/Linux][Mandriva] avahi: Denial of service -
       Remote/unauthenticated
Date:  25 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/14023

Title: ESB-2011.0219.2 - UPDATE [Win] CA Internet Security Suite: Execute
       arbitrary code/commands - Remote with user interaction
Date:  24 February 2011
OS:    Windows Server 2008, Windows Vista, Windows 7, Windows 2000, Windows
       XP, Windows 2003 
URL:   http://www.auscert.org.au/14022

Title: ESB-2011.0218 - [Win][Linux][OSX] Cisco Secure Destkop: Execute
       arbitrary code/commands - Remote with user interaction
Date:  24 February 2011
OS:    Windows 2003, Red Hat Linux, Windows 7, Mac OS X, Ubuntu, Debian
       GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux
       Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/14021

Title: ESB-2011.0217 - [Netware] Novell Netware: Execute arbitrary
       code/commands - Remote/unauthenticated
Date:  24 February 2011
OS:    Novell Netware 
URL:   http://www.auscert.org.au/14020

Title: ESB-2011.0216 - [Win] Microsoft Malware Protection Engine: Increased
       privileges - Existing account
Date:  24 February 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/14019

Title: ESB-2011.0215 - [Cisco] Cisco Firewall Services Module: Denial of
       service - Remote/unauthenticated
Date:  24 February 2011
OS:    Cisco Products 
URL:   http://www.auscert.org.au/14018

Title: ESB-2011.0214 - [Cisco] Cisco ASA 5500 Series: Multiple
vulnerabilities
Date:  24 February 2011
OS:    Cisco Products 
URL:   http://www.auscert.org.au/14017

Title: ESB-2011.0213 - ALERT [Cisco] Cisco TelePresence Devices: Multiple
       vulnerabilities
Date:  24 February 2011
OS:    Cisco Products 
URL:   http://www.auscert.org.au/14016

Title: ESB-2011.0212 - [RedHat] acroread: Multiple vulnerabilities
Date:  24 February 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/14014

Title: ESB-2011.0211 - [RedHat] Red Hat Network Satellite Server: Multiple
       vulnerabilities
Date:  24 February 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/14013

Title: ESB-2011.0210 - [RedHat] java-1.4.2-ibm-sap: Denial of service -
Remote
       with user interaction
Date:  24 February 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/14012

Title: ESB-2011.0209 - [SUSE][OpenSUSE] SUSE: Multiple vulnerabilities
Date:  23 February 2011
OS:    Other Linux Variants, SUSE 
URL:   http://www.auscert.org.au/14011

Title: ESB-2011.0208 - [SUSE][OpenSUSE] java-1_6_0-sun: Multiple
       vulnerabilities
Date:  23 February 2011
OS:    Other Linux Variants, SUSE 
URL:   http://www.auscert.org.au/14010

Title: ESB-2011.0207 - [RedHat] Red Hat Directory Server: Multiple
       vulnerabilities
Date:  23 February 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/14009

Title: ESB-2011.0206.2 - UPDATE [RedHat] java-1.6.0-ibm, java-1.5.0-ibm and
       java-1.4.2-ibm: Denial of service - Remote/unauthenticated
Date:  23 February 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/14008

Title: ESB-2011.0205 - [RedHat] kernel: Denial of service - Existing account
Date:  23 February 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/14007

Title: ESB-2011.0204 - [Win][UNIX/Linux][Debian] moodle: Multiple
       vulnerabilities
Date:  23 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/14006

Title: ESB-2011.0203 - [UNIX/Linux] Asterisk: Execute arbitrary
code/commands
       - Remote/unauthenticated
Date:  23 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/14005

Title: ESB-2011.0202 - ALERT [Win][UNIX/Linux] BIND: Denial of service -
       Remote/unauthenticated
Date:  23 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/14004

Title: ESB-2011.0201 - [Win][UNIX/Linux] RealPlayer: Execute arbitrary
       code/commands - Remote with user interaction
Date:  22 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/14003

Title: ESB-2011.0200 - [Debian] asterisk: Execute arbitrary code/commands -
       Remote/unauthenticated
Date:  22 February 2011
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/14002

Title: ESB-2011.0199 - [Win][UNIX/Linux] PHP 5.3.5: Denial of service -
       Remote/unauthenticated
Date:  21 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/14001

Title: ESB-2011.0198.2 - UPDATE [Linux] F-Secure Internet Gatekeeper 3.x:
       Unauthorised access - Remote/unauthenticated
Date:  21 February 2011
OS:    Ubuntu, Debian GNU/Linux, SUSE, Other Linux Variants, Red Hat Linux 
URL:   http://www.auscert.org.au/13999

Title: ESB-2011.0197 - [HP-UX][Solaris] CDE Calendar Manager: Execute
       arbitrary code/commands - Remote/unauthenticated
Date:  21 February 2011
OS:    Solaris, HP-UX 
URL:   http://www.auscert.org.au/13998

Title: ESB-2011.0196 - [UNIX/Linux][Debian] mailman: Multiple
vulnerabilities
Date:  21 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/13997

===========================================================================
Australian Computer Emergency Response Team The University of Queensland
Brisbane Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

More information about the AusNOG mailing list