[AusNOG] AusCERT Week in Review - Week Ending 14/10/2011 (AUSCERT#20073f686)
Jonathan Levine
jonathan at auscert.org.au
Fri Oct 14 16:41:41 EST 2011
AusCERT Week in Review
14 October 2011
Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2011.0088 - ALERT [Win][UNIX/Linux] Blackboard Learn: Increased
privileges - Existing account
Date: 13 October 2011
URL: http://www.auscert.org.au/14966
Title: ASB-2011.0087 - [Win][Linux][HP-UX][Solaris][AIX] IBM WebSphere ILOG
Rule Team Server: Cross-site scripting - Remote with user interaction
Date: 12 October 2011
URL: http://www.auscert.org.au/14952
Title: ASB-2011.0086 - [Win][UNIX/Linux] Plone & Zope: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 11 October 2011
URL: http://www.auscert.org.au/14942
Title: ASB-2011.0085 - [Win][RedHat][Solaris][SUSE] Novell Identity Manager:
Cross-site scripting - Remote with user interaction
Date: 10 October 2011
URL: http://www.auscert.org.au/14938
External Security Bulletins:
- ----------------------------
Title: ESB-2011.1040 - [RedHat] pidgin: Denial of service -
Remote/unauthenticated
Date: 14 October 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14968
Title: ESB-2011.1039 - [RedHat] httpd: Denial of service -
Remote/unauthenticated
Date: 14 October 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14967
Title: ESB-2011.1038 - [VMware ESX] VMware ESXi and ESX: Multiple
vulnerabilities
Date: 13 October 2011
OS: Virtualisation
URL: http://www.auscert.org.au/14965
Title: ESB-2011.1037 - [Apple iOS] Numbers for iOS v1.5: Multiple
vulnerabilities
Date: 13 October 2011
OS: Apple iOS
URL: http://www.auscert.org.au/14964
Title: ESB-2011.1036 - [Apple iOS] Pages for iOS v1.5: Execute arbitrary
code/commands - Remote with user interaction
Date: 13 October 2011
OS: Apple iOS
URL: http://www.auscert.org.au/14963
Title: ESB-2011.1035 - [OSX] Safari: Multiple vulnerabilities
Date: 13 October 2011
OS: Windows XP, Windows 7, Windows Vista, Mac OS X
URL: http://www.auscert.org.au/14962
Title: ESB-2011.1034 - [OSX] Apple Mac OS X: Multiple vulnerabilities
Date: 13 October 2011
OS: Mac OS X
URL: http://www.auscert.org.au/14961
Title: ESB-2011.1033 - [Apple iOS] Apple TV: Multiple vulnerabilities
Date: 13 October 2011
OS: Apple iOS
URL: http://www.auscert.org.au/14959
Title: ESB-2011.1032 - [Apple iOS] iOS: Multiple vulnerabilities
Date: 13 October 2011
OS: Apple iOS
URL: http://www.auscert.org.au/14960
Title: ESB-2011.1031 - [Win] Microsoft Publisher 2007: Execute arbitrary
code/commands - Remote with user interaction
Date: 13 October 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/14958
Title: ESB-2011.1030 - [Win] BlackBerry Enterprise Server: Unauthorised
access
- Existing account
Date: 13 October 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/14957
Title: ESB-2011.1029 - [BlackBerry] BlackBerry 6: Execute arbitrary
code/commands - Remote with user interaction
Date: 13 October 2011
OS: BlackBerry
URL: http://www.auscert.org.au/14956
Title: ESB-2011.1028 - [Win][UNIX/Linux] Drupal third-party modules: Execute
arbitrary code/commands - Remote with user interaction
Date: 13 October 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14955
Title: ESB-2011.1027 - [Cisco] Cisco TelePresence Video Communication
Server:
Cross-site scripting - Remote with user interaction
Date: 13 October 2011
OS: Cisco Products
URL: http://www.auscert.org.au/14954
Title: ESB-2011.1026 - [Win] iTunes: Multiple vulnerabilities
Date: 12 October 2011
OS: Windows Vista, Windows XP, Windows 7
URL: http://www.auscert.org.au/14953
Title: ESB-2011.1025 - [UNIX/Linux][RedHat] kdelibs: Provide misleading
information - Remote with user interaction
Date: 12 October 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/14951
Title: ESB-2011.1024 - [Win] Microsoft Host Integration Server: Denial of
service - Remote/unauthenticated
Date: 12 October 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/14950
Title: ESB-2011.1023 - [Win] Microsoft: Execute arbitrary code/commands -
Remote with user interaction
Date: 12 October 2011
OS: Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/14949
Title: ESB-2011.1022 - [Win] Microsoft Windows: Administrator compromise -
Existing account
Date: 12 October 2011
OS: Windows 2003, Windows XP
URL: http://www.auscert.org.au/14948
Title: ESB-2011.1021 - [Win] Microsoft Forefront Unified Access Gateway:
Multiple vulnerabilities
Date: 12 October 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/14947
Title: ESB-2011.1020 - [Win][OSX] Microsoft .NET Framework and Microsoft
Silverlight: Execute arbitrary code/commands - Remote with user
interaction
Date: 12 October 2011
OS: Windows 2003, Windows XP, Windows 7, Windows Vista, Mac OS X, Windows
Server 2008
URL: http://www.auscert.org.au/14946
Title: ESB-2011.1019 - [Win] Microsoft Windows: Multiple vulnerabilities
Date: 12 October 2011
OS: Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/14945
Title: ESB-2011.1018 - [Win] Windows Media Center: Execute arbitrary
code/commands - Remote with user interaction
Date: 12 October 2011
OS: Windows Vista, Windows 7
URL: http://www.auscert.org.au/14943
Title: ESB-2011.1017 - [Win] Microsoft Windows: Execute arbitrary
code/commands - Remote with user interaction
Date: 12 October 2011
OS: Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL: http://www.auscert.org.au/14944
Title: ESB-2011.1016 - [Win][UNIX/Linux] HP Onboard Administrator (OA):
Unauthorised access - Remote/unauthenticated
Date: 11 October 2011
OS: IRIX, Solaris, HP Tru64 UNIX, Windows 2003, Red Hat Linux, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14941
Title: ESB-2011.1015 - [Debian] bugzilla: Multiple vulnerabilities
Date: 11 October 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14940
Title: ESB-2011.1014 - [Win][UNIX/Linux][Debian] moin: Cross-site scripting
-
Remote with user interaction
Date: 11 October 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14939
Title: ESB-2011.1013 - [SUSE] kernel: Multiple vulnerabilities
Date: 10 October 2011
OS: SUSE
URL: http://www.auscert.org.au/14937
Title: ESB-2011.1012 - [Debian] dokuwiki: Cross-site scripting - Remote with
user interaction
Date: 10 October 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14936
Title: ESB-2011.1011 - [Debian] policykit-1: Increased privileges - Existing
account
Date: 10 October 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14935
Title: ESB-2011.0793.3 - UPDATE [VMware ESX] glibc and dhcp: Multiple
vulnerabilities
Date: 13 October 2011
OS: Virtualisation, Virtualisation, Virtualisation
URL: http://www.auscert.org.au/14660
Title: ESB-2011.0599.2 - UPDATE [Win][VMware ESX][Linux][OSX] VMware
Workstation, Player, Fusion and ESXi: Multiple vulnerabilities
Date: 13 October 2011
OS: Windows 2003, Red Hat Linux, Windows 7, Mac OS X, Ubuntu, Debian
GNU/Linux, Windows XP, Virtualisation, SUSE, Windows 2000, Windows
Vista, Other Linux Variants, Windows Server 2008, Windows 2003, Red
Hat
Linux, Windows 7, Mac OS X, Debian GNU/Linux, Ubuntu, Windows XP,
Virtualisation, SUSE, Windows 2000, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/14446
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list