[AusNOG] AusCERT Week in Review - Week Ending 07/01/2011 (AUSCERT#20073F686)
Richard Billington
richard at auscert.org.au
Fri Jan 7 17:24:39 EST 2011
AusCERT Week in Review
07 January 2011
Web Log Entries:
- - ----------------
Title: SANS Microsoft Unpatch Review
Date: 06 January 2011
URL: http://www.auscert.org.au/13790
Alerts, Advisories and Updates:
- - -------------------------------
Title: ASB-2011.0001 - [Win][UNIX/Linux] WordPress prior to version 3.0.4:
Cross-site scripting - Remote/unauthenticated
Date: 04 January 2011
URL: http://www.auscert.org.au/13782
External Security Bulletins:
- - ----------------------------
Title: ESB-2010.1160.2 - UPDATE [Win][UNIX/Linux][Appliance] HP StorageWorks
Modular Smart Array P2000 G3: Unauthorised access -
Remote/unauthenticated
Date: 04 January 2011
OS: Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD, AIX,
OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
2003, Solaris, HP Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/13746
Title: ESB-2010.1083.2 - UPDATE [VMware ESX] VMWare ESX: Increased privileges
- Existing account
Date: 06 January 2011
OS: Virtualisation
URL: http://www.auscert.org.au/13657
Title: ESB-2010.1055.2 - UPDATE [VMware ESX] VMWare: Multiple vulnerabilities
Date: 06 January 2011
OS: Virtualisation
URL: http://www.auscert.org.au/13623
Title: ESB-2011.0019 - [Win] Microsoft Security Bulletin Advance Notification
for January 2011
Date: 07 January 2011
OS: Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/13797
Title: ESB-2011.0018 - [UNIX/Linux][RedHat] evince: Multiple vulnerabilities
Date: 07 January 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/13796
Title: ESB-2011.0017 - [Debian][Ubuntu] dpkg: Read-only data access - Existing
account
Date: 07 January 2011
OS: Other Linux Variants, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/13795
Title: ESB-2011.0016 - [Mac][OSX] PackageKit: Execute arbitrary code/commands
- Remote/unauthenticated
Date: 07 January 2011
OS: Mac OS X
URL: http://www.auscert.org.au/13794
Title: ESB-2011.0015 - [Debian] apache2: Provide misleading information -
Remote/unauthenticated
Date: 06 January 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13793
Title: ESB-2011.0014 - [Debian] nss: Provide misleading information -
Remote/unauthenticated
Date: 06 January 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13792
Title: ESB-2011.0013 - [Debian] openssl: Provide misleading information -
Remote/unauthenticated
Date: 06 January 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13791
Title: ESB-2011.0012 - [Win][UNIX/Linux][Debian] libapache2-mod-fcgid: Execute
arbitrary code/commands - Existing account
Date: 06 January 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13789
Title: ESB-2011.0011 - [SUSE][OpenSUSE] Mozilla Firefox, Mozilla Thunderbird,
Seamonkey: Multiple vulnerabilities
Date: 06 January 2011
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/13788
Title: ESB-2011.0010 - [VMware ESX] VMWare: Multiple vulnerabilities
Date: 06 January 2011
OS: Virtualisation
URL: http://www.auscert.org.au/13787
Title: ESB-2011.0009 - [Win] CA ARCserve D2D r15: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 05 January 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/13786
Title: ESB-2011.0008.2 - UPDATE [Win] Novell iPrint Client prior to 5.56:
Execute arbitrary code/commands - Remote/unauthenticated
Date: 05 January 2011
OS: Windows Server 2008, Windows Vista, Windows 7, Windows 2000, Windows
XP, Windows 2003
URL: http://www.auscert.org.au/13785
Title: ESB-2011.0007 - [RedHat] kernel: Multiple vulnerabilities
Date: 05 January 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13784
Title: ESB-2011.0006 - [Win] Windows Graphics Rendering Engine: Execute
arbitrary code/commands - Remote with user interaction
Date: 05 January 2011
OS: Windows 2003, Windows XP, Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/13783
Title: ESB-2011.0005 - [RedHat] Red Hat Network Satellite Server v 4.2: End Of
Life
Date: 04 January 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13781
Title: ESB-2011.0004 - [RedHat] Red Hat Network Proxy Server 4: End of Life
Date: 04 January 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13780
Title: ESB-2011.0003 - [Debian] phpmyadmin: Cross-site scripting -
Remote/unauthenticated
Date: 04 January 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13779
Title: ESB-2011.0002 - [Win][UNIX/Linux][Debian] wordpress: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 04 January 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13778
Title: ESB-2011.0001 - [Debian] libxml2: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 04 January 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13776
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list