[AusNOG] FW: AusCERT Week in Review - Week Ending 13/05/2011
Joel Hatton
joel at auscert.org.au
Fri May 13 17:18:19 EST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
AusCERT Week in Review
13 May 2011
It's patch week again and this one was quieter for Microsoft with only one
critical server (2003/08) vulnerability to address in the WINS service - as
this is an unauthorised RCE (remote code execute) vulnerability, you should
already be on top of this one. We've noticed that the monthly patch cycle
has had an interesting side-benefit - other systems that may have been
neglected, or just put aside for "when we've got time" are now on the agenda
for attention during the same week. As creatures of habit, people seem to
have taken to the routine and 'patch one, patch all'. Now, that's a
philosophy we can all appreciate.
http://www.auscert.org.au/render.html?it=14347
Today, AusCERT ESB-2011.0522 covered a new, critical vulnerability in Adobe
Flash Player. Reports that malware is already attempting to exploit this
vulnerability makes it even more important that this upgrade be applied.
The myriad of browser platforms available today can make this quite a chore,
but you're only as safe as your weakest link - that little-used browser that
you don't have time to patch may be the entry point for an attacker to your
network: if you don't use that extra browser, removing it may be a wise
move, after all.
http://www.auscert.org.au/render.html?it=14356
This week saw the release of the latest Microsoft Security Intelligence
Report, a report about the software threat landscape. Some interesting
points that prove that remaining up-to-date is good for security was their
finding that the newest operating systems showed the lowest infection rates,
with Windows 7 infected only half as often as Vista, with a similar
improvement for Vista over XP. From the SIR, we noticed today that Conficker
is alive and well, owning 20% of infected domain-joined
computers:
https://twitter.com/#!/AusCERT/status/68825060063985664
Periodically, software vendors need to update their own advisories. This
occurs because, for example, further information about a vulnerability
becomes available, or a patch may need revision due to an unforeseen impact.
This week, Microsoft re-released Microsoft Security Bulletin
MS11-028 - this bulletin addresses a critical vulnerability in the .NET
framework. The reason? Certain applications would crash unexpectedly after
the patch was applied and this updated bulletin offers an updated hotfix to
correct the situation. Customers can remain aware of when vendors update
their advisories by subscribing to the appropriate security mailing lists or
RSS feeds - for Microsoft, these are available by visiting:
http://www.microsoft.com/technet/security/current.aspx
AusCERT in the Media:
- ---------------------
AusCERT2011 starts this weekend. If you're booked in already, you'll be
attending one of the largest and most popular ICT security conferences
around, with speakers from all over the world. Here's a sample from the
media:
SC Magazine writing about our Monday Keynote, Bennet Arron:
http://bit.ly/jTMBcX
CIO Magazine article about speaker and speed-debating panelist, Scott
McIntyre:
http://bit.ly/jschvO
SC Magazine article featuring Thursday VOIP tutorial presenter, Chris
Gatford:
http://bit.ly/mxUv1t
AusCERT is hiring! AusCERT is looking for an Information Security Analyst to
strengthen its Coordination Centre. If you've got a keen interest in
Information Security and meet the selection requirements at
http://bit.ly/mU3TAC then get your application in now.
Web Log Entries:
- ----------------
Last week's Week in Review:
http://www.auscert.org.au/render.html?it=14338
Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2011.0036 - [Mac][OSX] Skype: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 09 May 2011
URL: http://www.auscert.org.au/14342
External Security Bulletins:
- ----------------------------
Title: ESB-2010.0630.3 - UPDATE [VMware ESX] VMWare: Multiple
vulnerabilities
Date: 09 May 2011
OS: Virtualisation
URL: http://www.auscert.org.au/13078
Title: ESB-2011.0522 - ALERT [Win][Linux][Solaris][Mac][OSX] Adobe Flash
Player: Execute arbitrary code/commands - Remote with user
interaction
Date: 13 May 2011
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Mac OS X, Ubuntu,
Debian GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista,
Other
Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14356
Title: ESB-2011.0521 - [Mobile] HP/Palm webOS: Multiple vulnerabilities
Date: 12 May 2011
URL: http://www.auscert.org.au/14355
Title: ESB-2011.0520 - [Win][Linux][HP-UX][Solaris] HP Network Node Manager
i
(NNMi) : Overwrite arbitrary files - Existing account
Date: 12 May 2011
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14354
Title: ESB-2011.0519 - [RedHat] xen: Denial of service - Existing account
Date: 12 May 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14353
Title: ESB-2011.0518 - [Win][UNIX/Linux] CA eHealth: Cross-site scripting -
Remote with user interaction
Date: 12 May 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14352
Title: ESB-2011.0517 - [Debian] postfix: Multiple vulnerabilities
Date: 11 May 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14351
Title: ESB-2011.0516 - [Win][RedHat] HP Intelligent Management Center (IMC):
Execute arbitrary code/commands - Remote/unauthenticated
Date: 11 May 2011
OS: Windows 2003, HP-UX, Windows XP, Windows 2000, Windows 7, Windows
Vista, Windows Server 2008
URL: http://www.auscert.org.au/14350
Title: ESB-2011.0515 - [Win][Mac][OSX] Microsoft Powerpoint and Office:
Execute arbitrary code/commands - Remote with user interaction
Date: 11 May 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Mac
OS X, Windows Server 2008
URL: http://www.auscert.org.au/14349
Title: ESB-2011.0514 - ALERT [Win] Microsoft Windows: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 11 May 2011
OS: Windows Server 2008, Windows 2003
URL: http://www.auscert.org.au/14348
Title: ESB-2011.0513 - [Win][Mac][OSX] Microsoft: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 11 May 2011
OS: Windows 2003, Windows Server 2008, Mac OS X
URL: http://www.auscert.org.au/14347
Title: ESB-2011.0512 - [Win][Linux][Solaris] Sybase M-Business Anywhere:
Execute arbitrary code/commands - Remote/unauthenticated
Date: 10 May 2011
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14346
Title: ESB-2011.0511 - [Win][Linux][Solaris] Sybase M-Business Anywhere
Server: Execute arbitrary code/commands - Remote/unauthenticated
Date: 10 May 2011
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14345
Title: ESB-2011.0510 - [Win][Linux][Solaris] Sybase M-Business Anywhere:
Execute arbitrary code/commands - Remote/unauthenticated
Date: 10 May 2011
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14344
Title: ESB-2011.0509 - [UNIX/Linux] Postfix SMTP server: Denial of service -
Remote/unauthenticated
Date: 10 May 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/14343
Title: ESB-2011.0508 - [UNIX/Linux][Debian] exim4: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 09 May 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/14341
Title: ESB-2011.0507 - [Win][UNIX/Linux] otrs2: Cross-site scripting -
Remote
with user interaction
Date: 09 May 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14340
Title: ESB-2011.0506 - [Win][Mac][OSX] Microsoft: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 09 May 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Mac
OS X, Windows Server 2008
URL: http://www.auscert.org.au/14339
Title: ESB-2011.0305.3 - UPDATE [Win] VMware vCenter Orchestrator(vCO) :
Execute arbitrary code/commands - Remote/unauthenticated
Date: 09 May 2011
OS: Virtualisation
URL: http://www.auscert.org.au/14115
Title: ESB-2011.0167.3 - UPDATE [VMware ESX] VMware ESX, ESXi, vCenter
Server
and vCenter Update Manager: Multiple vulnerabilities
Date: 09 May 2011
OS: Virtualisation
URL: http://www.auscert.org.au/13966
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFNzNo3/iFOrG6YcBERAnmQAKCHPZyDXFm3ZKXHwSCsi/iWW7yDHgCfd0en
gG6GZ9hrLoq8cYpTAl7dB9s=
=Hfl6
-----END PGP SIGNATURE-----
More information about the AusNOG
mailing list