[AusNOG] AusCERT Week in Review - Week Ending 28/01/2011 (AUSCERT#20073f686)
Jonathan Levine
jonathan at auscert.org.au
Fri Jan 28 16:27:25 EST 2011
AusCERT Week in Review
28 January 2011
External Security Bulletins:
- ----------------------------
Title: ESB-2011.0099 - [Win][UNIX/Linux] Realplayer: Execute arbitrary
code/commands - Remote with user interaction
Date: 28 January 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13888
Title: ESB-2011.0098 - [Win] Symantec Intel Alert Management System: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 28 January 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/13887
Title: ESB-2011.0097 - [Win][Netware][Linux] Novell GroupWise Internet
Agent:
Execute arbitrary code/commands - Remote/unauthenticated
Date: 28 January 2011
OS: Windows 2003, Red Hat Linux, Windows 7, Novell Netware, Ubuntu,
Debian
GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13886
Title: ESB-2011.0096 - [Win] Novell Zenworks Handheld Management: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 28 January 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/13885
Title: ESB-2011.0095 - [Win][UNIX/Linux] TYPO3: Cross-site scripting -
Remote
with user interaction
Date: 28 January 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13884
Title: ESB-2011.0094 - [RedHat] pango: Execute arbitrary code/commands -
Remote with user interaction
Date: 28 January 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13883
Title: ESB-2011.0093 - [Win][UNIX/Linux] EMC NetWorker: Denial of service -
Remote/unauthenticated
Date: 28 January 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13882
Title: ESB-2011.0091 - [Debian] hplip: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 28 January 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13880
Title: ESB-2011.0090 - [Linux][BSD][Solaris] ISC DHCP 4.0.x through 4.2.x:
Denial of service - Remote/unauthenticated
Date: 28 January 2011
OS: Solaris, Red Hat Linux, Other BSD Variants, SUSE, OpenBSD, FreeBSD,
Other Linux Variants, Debian GNU/Linux, Ubuntu
URL: http://www.auscert.org.au/13879
Title: ESB-2011.0089 - [Win][Netware][Linux] Novell GroupWise Internet
Agent:
Administrator compromise - Remote/unauthenticated
Date: 27 January 2011
OS: Windows 2003, Red Hat Linux, Windows 7, Novell Netware, Ubuntu,
Debian
GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13878
Title: ESB-2011.0088 - [Win][UNIX/Linux] Bugzilla: Multiple vulnerabilities
Date: 27 January 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13877
Title: ESB-2011.0087 - [SUSE][OpenSUSE] SUSE: Multiple vulnerabilities
Date: 27 January 2011
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/13876
Title: ESB-2011.0086 - [SUSE] java-1_6_0-ibm: Multiple vulnerabilities
Date: 27 January 2011
OS: SUSE
URL: http://www.auscert.org.au/13875
Title: ESB-2011.0085 - [SUSE] kernel: Multiple vulnerabilities
Date: 27 January 2011
OS: SUSE
URL: http://www.auscert.org.au/13874
Title: ESB-2011.0084 - [Win] HP OpenView Storage Data Protector: Denial of
service - Remote/unauthenticated
Date: 27 January 2011
OS: Windows 2003, HP-UX, Windows XP, Windows 2000, Windows 7, Windows
Vista, Windows Server 2008
URL: http://www.auscert.org.au/13873
Title: ESB-2011.0083 - [RedHat] webkitgtk: Multiple vulnerabilities
Date: 27 January 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13872
Title: ESB-2011.0082 - [RedHat] java-1.6.0-openjdk: Multiple vulnerabilities
Date: 27 January 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13871
Title: ESB-2011.0081 - [RedHat] JBoss Web Framework Kit: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 27 January 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13870
Title: ESB-2011.0080 - [Win][UNIX/Linux][Debian] openoffice.org: Multiple
vulnerabilities
Date: 27 January 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13869
Title: ESB-2011.0079 - [Cisco] Cisco Content Services Gateway: Multiple
vulnerabilities
Date: 27 January 2011
OS: Cisco Products
URL: http://www.auscert.org.au/13868
Title: ESB-2011.0078 - [Win][UNIX/Linux][Ubuntu] awstats: Execute arbitrary
code/commands - Existing account
Date: 25 January 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13867
Title: ESB-2011.0077 - [Win][Linux][HP-UX][Solaris] RSA Key Manager C Client
versions 1.5.x.x: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 25 January 2011
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
GNU/Linux, HP-UX, Windows XP, SUSE, Windows 2000, Windows Vista,
Other
Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13866
Title: ESB-2011.0076 - [UNIX/Linux][Mandriva] ccid and pcsc-lite: Multiple
vulnerabilities
Date: 24 January 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/13865
Title: ESB-2011.0075 - [Win][Solaris] HP Business Availability Center and
Business Service Management: Cross-site scripting - Remote with user
interaction
Date: 24 January 2011
OS: Solaris, Windows 2003, HP-UX, Windows XP, Windows 2000, Windows 7,
Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/13864
Title: ESB-2011.0074 - [Win][UNIX/Linux][Debian] request-tracker3.6: Access
confidential data - Existing account
Date: 24 January 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13863
Title: ESB-2011.0040.2 - UPDATE [Win] HP LoadRunner 9.52: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 27 January 2011
OS: Windows Server 2008, Windows Vista, Windows 7, Windows 2000, Windows
XP, HP-UX, Windows 2003
URL: http://www.auscert.org.au/13823
===========================================================================
Australian Computer Emergency Response Team The University of Queensland
Brisbane Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list