[AusNOG] AusCERT Week in Review - Week Ending 25/03/2011 (AUSCERT#20073f686)
Zane Jarvis
zane at auscert.org.au
Fri Mar 25 16:13:50 EST 2011
AusCERT Week in Review
25 March 2011
AusCERT in the Media:
---------------------
Papers, Articles and other documents:
-------------------------------------
Web Log Entries:
----------------
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2011.0026 - [Win][UNIX/Linux] Google Chrome: Reduced security -
Remote with user interaction
Date: 25 March 2011
URL: http://www.auscert.org.au/14156
Title: ASB-2011.0024.3 - UPDATE [Win][UNIX/Linux] Firefox 3.6.15 and prior:
Provide misleading information - Remote/unauthenticated
Date: 24 March 2011
URL: http://www.auscert.org.au/14143
Title: ASB-2011.0025 - Comodo Certificates: Provide misleading information -
Remote/unauthenticated
Date: 24 March 2011
URL: http://www.auscert.org.au/14146
Title: ASB-2011.0023 - ALERT [Win] SCADA Vendors: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 23 March 2011
URL: http://www.auscert.org.au/14142
External Security Bulletins:
----------------------------
Title: ESB-2011.0340 - [SUSE] kernel: Multiple vulnerabilities
Date: 25 March 2011
OS: SUSE
URL: http://www.auscert.org.au/14158
Title: ESB-2011.0339 - [Win][UNIX/Linux] Webform Block (Drupal module):
Cross-site scripting - Existing account
Date: 25 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14157
Title: ESB-2011.0338 - [Win][UNIX/Linux] VLC Media Player: Execute arbitrary
code/commands - Remote with user interaction
Date: 25 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14155
Title: ESB-2011.0337 - [Debian] wireshark: Multiple vulnerabilities
Date: 24 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14154
Title: ESB-2011.0336 - [Debian] iceweasel: Provide misleading information -
Remote/unauthenticated
Date: 24 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14153
Title: ESB-2011.0335 - [Debian] iceape: Provide misleading information -
Remote/unauthenticated
Date: 24 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14152
Title: ESB-2011.0334 - [UNIX/Linux][Debian] apache2: Increased privileges -
Remote/unauthenticated
Date: 24 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/14151
Title: ESB-2011.0333 - ALERT [Win][Netware][Linux] Hewlett-Packard Data
Protector: Administrator compromise - Remote/unauthenticated
Date: 24 March 2011
OS: Windows 2003, Red Hat Linux, Windows 7, Novell Netware, Ubuntu,
Debian
GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14150
Title: ESB-2011.0332 - ALERT [VMware ESX] Hewlett-Packard Virtual SAN
Appliance: Administrator compromise - Remote/unauthenticated
Date: 24 March 2011
OS: Virtualisation
URL: http://www.auscert.org.au/14149
Title: ESB-2011.0331 - ALERT [Win][Linux][Solaris][AIX] IBM Lotus Domino:
Execute arbitrary code/commands - Remote/unauthenticated
Date: 24 March 2011
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
GNU/Linux, Windows XP, SUSE, Windows 2000, AIX, Windows Vista, Other
Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14148
Title: ESB-2011.0330 - [Win] Windows: Provide misleading information -
Remote/unauthenticated
Date: 24 March 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/14147
Title: ESB-2011.0329 - [Win] HP Discovery & Dependency Mapping Inventory:
Access confidential data - Remote/unauthenticated
Date: 23 March 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/14145
Title: ESB-2011.0328 - [SUSE] java: Multiple vulnerabilities
Date: 23 March 2011
OS: SUSE
URL: http://www.auscert.org.au/14144
Title: ESB-2011.0327 - [RedHat] dbus: Denial of service - Existing account
Date: 23 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14141
Title: ESB-2011.0326 - [RedHat] seamonkey: Provide misleading information -
Remote with user interaction
Date: 23 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14140
Title: ESB-2011.0325 - [RedHat] thunderbird: Provide misleading
information -
Remote with user interaction
Date: 23 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14139
Title: ESB-2011.0324 - [RedHat] firefox: Provide misleading information -
Remote with user interaction
Date: 23 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14138
Title: ESB-2011.0323 - [RedHat] flash-plugin: Execute arbitrary
code/commands
- Remote with user interaction
Date: 23 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14137
Title: ESB-2011.0322 - [UNIX/Linux][Debian] tex-common: Execute arbitrary
code/commands - Existing account
Date: 23 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/14136
Title: ESB-2011.0321 - [Win][UNIX/Linux] pidgin: Denial of service -
Remote/unauthenticated
Date: 22 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14135
Title: ESB-2011.0320 - [Win][UNIX/Linux] libtiff: Execute arbitrary
code/commands - Remote with user interaction
Date: 22 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14134
Title: ESB-2011.0319 - [Win][Mac][OSX] Adobe Reader and Acrobat: Execute
arbitrary code/commands - Remote with user interaction
Date: 22 March 2011
OS: Windows 2003, Windows XP, Windows 7, Windows Vista, Mac OS X, Windows
Server 2008
URL: http://www.auscert.org.au/14133
Title: ESB-2011.0318 - [Win][Linux][Solaris][Mac][OSX] Flash Player: Execute
arbitrary code/commands - Remote with user interaction
Date: 22 March 2011
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Mac OS X, Ubuntu,
Debian GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista,
Other
Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14132
Title: ESB-2011.0317 - [RedHat] wireshark: Multiple vulnerabilities
Date: 22 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14131
Title: ESB-2011.0316 - [RedHat] wireshark: Multiple vulnerabilities
Date: 22 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14130
Title: ESB-2011.0315 - [RedHat] flash-plugin: End of Life
Date: 22 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14129
Title: ESB-2011.0314 - [Mac][OSX] Apple OS X: Multiple vulnerabilities
Date: 22 March 2011
OS: Mac OS X
URL: http://www.auscert.org.au/14128
Title: ESB-2011.0313 - [Linux][BSD][Debian][Solaris] quagga: Denial of
service
- Remote/unauthenticated
Date: 22 March 2011
OS: Solaris, Red Hat Linux, Other BSD Variants, SUSE, OpenBSD, FreeBSD,
Other Linux Variants, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/14127
Title: ESB-2011.0312 - [Netware] Novell Netware: Execute arbitrary
code/commands - Existing account
Date: 21 March 2011
OS: Novell Netware
URL: http://www.auscert.org.au/14126
Title: ESB-2011.0311 - [UNIX/Linux][Debian] maradns: Denial of service -
Remote/unauthenticated
Date: 21 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/14125
Title: ESB-2011.0310 - [Debian] php5: Delete arbitrary files -
Remote/unauthenticated
Date: 21 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14124
Title: ESB-2011.0309 - [UNIX/Linux][Debian] libvirt: Increased privileges -
Existing account
Date: 21 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/14123
Title: ESB-2011.0308 - [Debian] vimperator: Reduced security -
Unknown/unspecified
Date: 21 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14122
Title: ESB-2011.0137.2 - UPDATE [Win] Windows Kernel-Mode Drivers: Multiple
vulnerabilities
Date: 21 March 2011
OS: Windows Server 2008, Windows Vista, Windows 7, Windows XP,
Windows 2003
URL: http://www.auscert.org.au/13932
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list