[AusNOG] AusCERT Week in Review - Week Ending 29/07/2011 (AUSCERT#20073f686)
Jonathan Levine
jonathan at auscert.org.au
Fri Jul 29 15:27:58 EST 2011
AusCERT Week in Review
29 July 2011
Web Log Entries:
- ----------------
Title: ALDI 4-in-1 device spreads conficker
Date: 28 July 2011
URL: http://www.auscert.org.au/14652
External Security Bulletins:
- ----------------------------
Title: ESB-2011.0792 - [Win] Citrix XenApp and Citrix XenDesktop: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 29 July 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/14659
Title: ESB-2011.0791 - [UNIX/Linux][Mandriva] samba: Multiple
vulnerabilities
Date: 29 July 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/14658
Title: ESB-2011.0790 - [Win][Linux][Solaris] HP Network Automation: Multiple
vulnerabilities
Date: 29 July 2011
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14657
Title: ESB-2011.0789 - [RedHat] libpng: Multiple vulnerabilities
Date: 29 July 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14656
Title: ESB-2011.0788 - [UNIX/Linux][RedHat] libsoup: Unauthorised access -
Remote/unauthenticated
Date: 29 July 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/14655
Title: ESB-2011.0787 - [Debian] libsndfile: Execute arbitrary code/commands
-
Remote with user interaction
Date: 29 July 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14654
Title: ESB-2011.0786 - [UNIX/Linux][Debian] libpng: Multiple vulnerabilities
Date: 29 July 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/14653
Title: ESB-2011.0785 - [Win][Linux][HP-UX][Solaris][AIX] HP Performance
Agent
and HP Operations Agent: Delete arbitrary files -
Remote/unauthenticated
Date: 28 July 2011
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14651
Title: ESB-2011.0784 - [Win][Linux][HP-UX][Solaris] HP Data Protector:
Denial
of service - Remote/unauthenticated
Date: 28 July 2011
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
GNU/Linux, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14650
Title: ESB-2011.0783 - [Win][Linux][Solaris] HP SiteScope: Cross-site
scripting - Remote with user interaction
Date: 28 July 2011
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/14649
Title: ESB-2011.0782 - [Win][UNIX/Linux] EMC Captiva eInput: Multiple
vulnerabilities
Date: 28 July 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14648
Title: ESB-2011.0781 - [Win][RedHat][Solaris][SUSE] EMC Data Protection
Advisor: Access confidential data - Unknown/unspecified
Date: 28 July 2011
OS: Solaris, Windows 2003, Windows XP, SUSE, Windows 2000, Windows 7,
Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/14647
Title: ESB-2011.0780 - [SUSE] freetype2: Execute arbitrary code/commands -
Remote with user interaction
Date: 28 July 2011
OS: SUSE
URL: http://www.auscert.org.au/14646
Title: ESB-2011.0779 - [SUSE] compat-openssl097g: Multiple vulnerabilities
Date: 28 July 2011
OS: SUSE
URL: http://www.auscert.org.au/14645
Title: ESB-2011.0778 - [Win][UNIX/Linux] Drupal: Unauthorised access -
Remote/unauthenticated
Date: 28 July 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14644
Title: ESB-2011.0777 - [UNIX/Linux][RedHat] icedtea-web: Multiple
vulnerabilities
Date: 28 July 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/14643
Title: ESB-2011.0776 - [RedHat] rhev-hypervisor: Denial of service -
Remote/unauthenticated
Date: 28 July 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14642
Title: ESB-2011.0775 - [Debian] phpymadmin: Multiple vulnerabilities
Date: 27 July 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14641
Title: ESB-2011.0774 - [NetBSD] BIND: Denial of service -
Remote/unauthenticated
Date: 27 July 2011
OS: Other BSD Variants
URL: http://www.auscert.org.au/14640
Title: ESB-2011.0773 - [Apple iOS] Apple iOS: Access privileged data -
Remote/unauthenticated
Date: 26 July 2011
OS: Apple iOS
URL: http://www.auscert.org.au/14639
Title: ESB-2011.0772 - [OSX] iWork: Multiple vulnerabilities
Date: 26 July 2011
OS: Mac OS X
URL: http://www.auscert.org.au/14638
Title: ESB-2011.0771 - [SUSE] kernel: Multiple vulnerabilities
Date: 26 July 2011
OS: SUSE
URL: http://www.auscert.org.au/14637
Title: ESB-2011.0770 - [Win][UNIX/Linux][Debian] mapserver: Execute
arbitrary
code/commands - Remote/unauthenticated
Date: 26 July 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14636
Title: ESB-2011.0769 - [Debian] opensaml2: Unauthorised access -
Remote/unauthenticated
Date: 26 July 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14635
Title: ESB-2011.0768 - [Debian] krb5-appl: Root compromise -
Remote/unauthenticated
Date: 26 July 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14634
Title: ESB-2011.0767 - [Debian] qemu-kvm: Multiple vulnerabilities
Date: 26 July 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14633
Title: ESB-2011.0766 - [Linux][RedHat] systemtap: Increased privileges -
Existing account
Date: 26 July 2011
OS: Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/14632
Title: ESB-2011.0765 - [Win][UNIX/Linux] Shibboleth: Unauthorised access -
Remote/unauthenticated
Date: 26 July 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14631
Title: ESB-2011.0764 - [Win][Linux] Novell Teaming and Novell Vibe OnPrem:
Denial of service - Remote/unauthenticated
Date: 25 July 2011
OS: Red Hat Linux, Windows 2003, SUSE, Windows 7, Other Linux Variants,
Windows Server 2008, Debian GNU/Linux, Ubuntu
URL: http://www.auscert.org.au/14630
Title: ESB-2011.0763 - [Win][UNIX/Linux] phpMyAdmin: Multiple
vulnerabilities
Date: 25 July 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14629
Title: ESB-2011.0762 - [RedHat] java-1.5.0-ibm: Multiple vulnerabilities
Date: 25 July 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14628
Title: ESB-2011.0712.2 - UPDATE [HP-UX] OpenSSL: Denial of service -
Remote/unauthenticated
Date: 29 July 2011
OS: HP-UX, HP-UX
URL: http://www.auscert.org.au/14573
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list