[AusNOG] AusCERT Week in Review - Week Ending 04/03/2011 (AUSCERT#20073f686)
Jonathan Levine
jonathan at auscert.org.au
Fri Mar 4 17:10:12 EST 2011
Greetings,
The AusCERT web site experienced an unscheduled outage last night (March 3)
that extended from 9:00 PM until approximately 9:00 AM today, March 4.
Have a great weekend,
Jonathan
AusCERT Week in Review
04 March 2011
Papers, Articles and other documents:
- -------------------------------------
Title: AusCERT web service status
Date: 04 March 2011
URL: http://www.auscert.org.au/14015
Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2011.0019 - ALERT [Win][UNIX/Linux] Firefox: Multiple
vulnerabilities
Date: 02 March 2011
URL: http://www.auscert.org.au/14042
Title: ASB-2011.0020 - [Win][UNIX/Linux][Linux] Google Chrome: Multiple
vulnerabilities
Date: 02 March 2011
URL: http://www.auscert.org.au/14046
External Security Bulletins:
- ----------------------------
Title: ESB-2011.0254 - [Win][UNIX/Linux] Atlassian JIRA: Provide misleading
information - Remote with user interaction
Date: 04 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14061
Title: ESB-2011.0253 - [Win][Linux][Solaris][AIX] IBM WebSphere Application
Server Community Edition: Denial of service - Remote/unauthenticated
Date: 04 March 2011
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, SUSE, Windows 2000, AIX, Windows Vista, Other
Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/14060
Title: ESB-2011.0252 - [Win][Linux][Solaris] Postgres Plus SQL: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 04 March 2011
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14059
Title: ESB-2011.0251 - [Win] Microsoft: Microsoft Security Bulletin Advance
Notification for March 2011
Date: 04 March 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/14058
Title: ESB-2011.0250 - [Win] HP MFP Digital Sending Software: Unauthorised
access - Remote/unauthenticated
Date: 04 March 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/14056
Title: ESB-2011.0249 - [Debian] iceape: Multiple vulnerabilities
Date: 04 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14055
Title: ESB-2011.0248 - [Linux][RedHat] libcgroup: Multiple vulnerabilities
Date: 04 March 2011
OS: Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/14057
Title: ESB-2011.0247 - [HP-UX] OpenSSL: Multiple vulnerabilities
Date: 03 March 2011
OS: HP-UX
URL: http://www.auscert.org.au/14054
Title: ESB-2011.0246 - [RedHat] libtiff: Execute arbitrary code/commands -
Remote with user interaction
Date: 03 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14053
Title: ESB-2011.0245 - [Win][UNIX/Linux] Drupal third-party modules: Provide
misleading information - Remote with user interaction
Date: 03 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14052
Title: ESB-2011.0244 - [Win][OSX] iTunes: Multiple vulnerabilities
Date: 03 March 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Mac
OS X, Windows Server 2008
URL: http://www.auscert.org.au/14051
Title: ESB-2011.0243 - [UNIX/Linux][Debian] dtc: Multiple vulnerabilities
Date: 03 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/14050
Title: ESB-2011.0242 - [Debian] pango1.0: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 03 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14049
Title: ESB-2011.0241 - [UNIX/Linux][Debian] pywebdav: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 03 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/14048
Title: ESB-2011.0240 - [Win][Linux][HP-UX][Solaris][AIX] WebSphere
Application
Server: Reduced security - Unknown/unspecified
Date: 02 March 2011
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14047
Title: ESB-2011.0239 - [RedHat] seamonkey: Multiple vulnerabilities
Date: 02 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14045
Title: ESB-2011.0238 - [RedHat] thunderbird: Multiple vulnerabilities
Date: 02 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14044
Title: ESB-2011.0237 - [RedHat] firefox: Multiple vulnerabilities
Date: 02 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14043
Title: ESB-2011.0236 - [UNIX/Linux][Ubuntu] logwatch: Root compromise -
Remote/unauthenticated
Date: 02 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/14041
Title: ESB-2011.0235 - [Win][UNIX/Linux][RedHat] pango: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 02 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14040
Title: ESB-2011.0234 - [Debian] cups: Multiple vulnerabilities
Date: 02 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14039
Title: ESB-2011.0233 - [Debian] dajaxice: Reduced security -
Unknown/unspecified
Date: 02 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14038
Title: ESB-2011.0232 - [RedHat] mailman: Cross-site scripting - Remote with
user interaction
Date: 02 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14036
Title: ESB-2011.0231 - [RedHat] samba: Denial of service -
Remote/unauthenticated
Date: 02 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14037
Title: ESB-2011.0230 - [RedHat] kernel: Multiple vulnerabilities
Date: 02 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14035
Title: ESB-2011.0229 - [Win] StorageWorks: Modify arbitrary files -
Remote/unauthenticated
Date: 01 March 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/14034
Title: ESB-2011.0228 - [Win][UNIX/Linux][Ubuntu] libclamav6: Denial of
service
- Remote with user interaction
Date: 01 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14033
Title: ESB-2011.0227 - [RedHat] Red Hat Enterprise Linux 4: 1-Year End Of
Life
Notice
Date: 01 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14032
Title: ESB-2011.0226 - [Debian] samba: Denial of service -
Remote/unauthenticated
Date: 01 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14031
Title: ESB-2011.0225 - [Win] HP Web Jetadmin: Unauthorised access - Existing
account
Date: 28 February 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/14030
Title: ESB-2011.0224 - [HP-UX] Java: Denial of service -
Remote/unauthenticated
Date: 28 February 2011
OS: HP-UX
URL: http://www.auscert.org.au/14029
Title: ESB-2011.0223 - [Win][Linux] F-Secure Policy Manager: Multiple
vulnerabilities
Date: 28 February 2011
OS: Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux,
Windows XP, SUSE, Windows 2000, Windows Vista, Windows Server 2008,
Other Linux Variants
URL: http://www.auscert.org.au/14028
Title: ESB-2011.0222 - [Debian] avahi: Denial of service -
Remote/unauthenticated
Date: 28 February 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14027
Title: ESB-2011.0221 - [UNIX/Linux][Debian] pam-pgsql: Denial of service -
Remote/unauthenticated
Date: 28 February 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/14026
===========================================================================
Australian Computer Emergency Response Team The University of Queensland
Brisbane Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list