[AusNOG] AusCERT Week in Review - Week Ending 14/01/2011 (AUSCERT#20073F686)
Joel Hatton
joel at auscert.org.au
Fri Jan 14 21:18:08 EST 2011
AusCERT Week in Review
14 January 2011
Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2011.0004 - [Win][Linux][OSX] Google Chrome prior to 8.0.552.237:
Execute arbitrary code/commands - Remote with user interaction
Date: 14 January 2011
URL: http://www.auscert.org.au/13825
Title: ASB-2011.0005 - [UNIX/Linux] sudo 1.7.0 through 1.7.4p4: Increased
privileges - Existing account
Date: 14 January 2011
URL: http://www.auscert.org.au/13826
Title: ASB-2010.0198.2 - UPDATE [Win][UNIX/Linux] MySQL prior to 5.1.50:
Denial of service - Existing account
Date: 13 January 2011
URL: http://www.auscert.org.au/13251
Title: ASB-2011.0002 - [Win][UNIX/Linux] pidgin 2.7.8 and prior: Denial of
service - Remote/unauthenticated
Date: 10 January 2011
URL: http://www.auscert.org.au/13799
Title: ASB-2011.0003 - [Win][RedHat][Solaris][SUSE] Novell Identity Manager
Roles Based Provisioning Module: Cross-site scripting - Existing
account
Date: 10 January 2011
URL: http://www.auscert.org.au/13804
External Security Bulletins:
- ----------------------------
Title: ESB-2010.1123.3 - UPDATE [HP-UX] Java: Multiple vulnerabilities
Date: 14 January 2011
OS: HP-UX
URL: http://www.auscert.org.au/13707
Title: ESB-2010.0958.2 - UPDATE [Debian] glibc: Root compromise - Existing
account
Date: 12 January 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13515
Title: ESB-2010.0635.5 - UPDATE [Win][Linux][HP-UX][Solaris] HP OpenView
Network Node Manager: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 13 January 2011
OS: Other Linux Variants, Windows Server 2008, Windows Vista, Windows
2000,
SUSE, HP-UX, Windows XP, Ubuntu, Debian GNU/Linux, Windows 7, Red Hat
Linux, Windows 2003, Solaris
URL: http://www.auscert.org.au/13086
Title: ESB-2011.0041 - [Win][Linux][HP-UX][Solaris][AIX] IBM WebSphere MQ
7.0:
Execute arbitrary code/commands - Remote/unauthenticated
Date: 14 January 2011
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
GNU/Linux, Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13824
Title: ESB-2011.0040 - [Win] HP LoadRunner 9.52: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 14 January 2011
OS: Windows 2003, HP-UX, Windows XP, Windows 2000, Windows 7, Windows
Vista, Windows Server 2008
URL: http://www.auscert.org.au/13823
Title: ESB-2011.0039 - [RedHat] kvm: Access privileged data - Existing
account
Date: 14 January 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13822
Title: ESB-2011.0038 - [RedHat] python: Execute arbitrary code/commands -
Existing account
Date: 14 January 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13821
Title: ESB-2011.0037.2 - UPDATE [UNIX/Linux][RedHat] gcc: Overwrite
arbitrary
files - Existing account
Date: 14 January 2011
OS: Other Linux Variants, FreeBSD, AIX, OpenBSD, SUSE, Other BSD
Variants,
HP-UX, Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Solaris, HP
Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/13820
Title: ESB-2011.0036 - [RedHat] kernel: Multiple vulnerabilities
Date: 14 January 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13819
Title: ESB-2011.0035 - [Win][UNIX/Linux] Panels (Drupal third-party module):
Cross-site scripting - Remote with user interaction
Date: 13 January 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13818
Title: ESB-2011.0034 - [Win][UNIX/Linux] Shibboleth IdP 2.X: Access
privileged
data - Existing account
Date: 13 January 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13817
Title: ESB-2011.0033 - [Win][UNIX/Linux] Symantec Web Gateway 4.5: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 13 January 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13816
Title: ESB-2011.0032 - [SUSE][OpenSUSE] SUSE: Multiple vulnerabilities
Date: 13 January 2011
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/13815
Title: ESB-2011.0031 - [Win][Linux][HP-UX][Solaris] HP OpenView Network Node
Manager: Execute arbitrary code/commands - Remote/unauthenticated
Date: 13 January 2011
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13814
Title: ESB-2011.0030 - [Debian] lighttpd: Denial of service -
Unknown/unspecified
Date: 13 January 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13813
Title: ESB-2011.0029 - [RedHat] kernel: Multiple vulnerabilities
Date: 12 January 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13812
Title: ESB-2011.0028 - [Win] RIM: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 12 January 2011
OS: Windows 2003, Windows Server 2008
URL: http://www.auscert.org.au/13811
Title: ESB-2011.0027 - [BlackBerry][Mobile] BlackBerry Device Software:
Denial
of service - Remote with user interaction
Date: 12 January 2011
OS: BlackBerry
URL: http://www.auscert.org.au/13810
Title: ESB-2011.0026 - [Win] Microsoft: Execute arbitrary code/commands -
Remote with user interaction
Date: 12 January 2011
OS: Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/13807
Title: ESB-2011.0025 - [Win] Windows Backup Manager: Execute arbitrary
code/commands - Remote with user interaction
Date: 12 January 2011
OS: Windows Vista
URL: http://www.auscert.org.au/13806
Title: ESB-2011.0024 - [Win][UNIX/Linux][RedHat] wireshark: Execute
arbitrary
code/commands - Remote/unauthenticated
Date: 11 January 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13805
Title: ESB-2011.0023 - [Win][UNIX/Linux] python-django: Multiple
vulnerabilities
Date: 10 January 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13803
Title: ESB-2011.0022 - [Linux][Ubuntu] apparmor: Reduced security -
Unknown/unspecified
Date: 10 January 2011
OS: Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/13802
Title: ESB-2011.0021 - [Ubuntu] dpkg-dev: Modify arbitrary files - Existing
account
Date: 10 January 2011
OS: Ubuntu
URL: http://www.auscert.org.au/13801
Title: ESB-2011.0020 - [Ubuntu] ifupdown: Reduced security -
Unknown/unspecified
Date: 10 January 2011
OS: Ubuntu
URL: http://www.auscert.org.au/13800
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list