[AusNOG] AusCERT Week in Review - Week Ending 14/10/2011 (AUSCERT#20073f686)

Jonathan Levine jonathan at auscert.org.au
Fri Oct 14 16:41:41 EST 2011


AusCERT Week in Review
14 October 2011

Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2011.0088 - ALERT [Win][UNIX/Linux] Blackboard Learn: Increased
       privileges - Existing account 
Date:  13 October 2011
URL:   http://www.auscert.org.au/14966

Title: ASB-2011.0087 - [Win][Linux][HP-UX][Solaris][AIX] IBM WebSphere ILOG
       Rule Team Server: Cross-site scripting - Remote with user interaction

Date:  12 October 2011
URL:   http://www.auscert.org.au/14952

Title: ASB-2011.0086 - [Win][UNIX/Linux] Plone & Zope: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  11 October 2011
URL:   http://www.auscert.org.au/14942

Title: ASB-2011.0085 - [Win][RedHat][Solaris][SUSE] Novell Identity Manager:
       Cross-site scripting - Remote with user interaction 
Date:  10 October 2011
URL:   http://www.auscert.org.au/14938

External Security Bulletins:
- ----------------------------
Title: ESB-2011.1040 - [RedHat] pidgin: Denial of service -
       Remote/unauthenticated 
Date:  14 October 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/14968

Title: ESB-2011.1039 - [RedHat] httpd: Denial of service -
       Remote/unauthenticated 
Date:  14 October 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/14967

Title: ESB-2011.1038 - [VMware ESX] VMware ESXi and ESX: Multiple
       vulnerabilities 
Date:  13 October 2011
OS:    Virtualisation 
URL:   http://www.auscert.org.au/14965

Title: ESB-2011.1037 - [Apple iOS] Numbers for iOS v1.5: Multiple
       vulnerabilities 
Date:  13 October 2011
OS:    Apple iOS 
URL:   http://www.auscert.org.au/14964

Title: ESB-2011.1036 - [Apple iOS] Pages for iOS v1.5: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  13 October 2011
OS:    Apple iOS 
URL:   http://www.auscert.org.au/14963

Title: ESB-2011.1035 - [OSX] Safari: Multiple vulnerabilities 
Date:  13 October 2011
OS:    Windows XP, Windows 7, Windows Vista, Mac OS X 
URL:   http://www.auscert.org.au/14962

Title: ESB-2011.1034 - [OSX] Apple Mac OS X: Multiple vulnerabilities 
Date:  13 October 2011
OS:    Mac OS X 
URL:   http://www.auscert.org.au/14961

Title: ESB-2011.1033 - [Apple iOS] Apple TV: Multiple vulnerabilities 
Date:  13 October 2011
OS:    Apple iOS 
URL:   http://www.auscert.org.au/14959

Title: ESB-2011.1032 - [Apple iOS] iOS: Multiple vulnerabilities 
Date:  13 October 2011
OS:    Apple iOS 
URL:   http://www.auscert.org.au/14960

Title: ESB-2011.1031 - [Win] Microsoft Publisher 2007: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  13 October 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/14958

Title: ESB-2011.1030 - [Win] BlackBerry Enterprise Server: Unauthorised
access
       - Existing account 
Date:  13 October 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/14957

Title: ESB-2011.1029 - [BlackBerry] BlackBerry 6: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  13 October 2011
OS:    BlackBerry 
URL:   http://www.auscert.org.au/14956

Title: ESB-2011.1028 - [Win][UNIX/Linux] Drupal third-party modules: Execute
       arbitrary code/commands - Remote with user interaction 
Date:  13 October 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/14955

Title: ESB-2011.1027 - [Cisco] Cisco TelePresence Video Communication
Server:
       Cross-site scripting - Remote with user interaction 
Date:  13 October 2011
OS:    Cisco Products 
URL:   http://www.auscert.org.au/14954

Title: ESB-2011.1026 - [Win] iTunes: Multiple vulnerabilities 
Date:  12 October 2011
OS:    Windows Vista, Windows XP, Windows 7 
URL:   http://www.auscert.org.au/14953

Title: ESB-2011.1025 - [UNIX/Linux][RedHat] kdelibs: Provide misleading
       information - Remote with user interaction 
Date:  12 October 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/14951

Title: ESB-2011.1024 - [Win] Microsoft Host Integration Server: Denial of
       service - Remote/unauthenticated 
Date:  12 October 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/14950

Title: ESB-2011.1023 - [Win] Microsoft: Execute arbitrary code/commands -
       Remote with user interaction 
Date:  12 October 2011
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL:   http://www.auscert.org.au/14949

Title: ESB-2011.1022 - [Win] Microsoft Windows: Administrator compromise -
       Existing account 
Date:  12 October 2011
OS:    Windows 2003, Windows XP 
URL:   http://www.auscert.org.au/14948

Title: ESB-2011.1021 - [Win] Microsoft Forefront Unified Access Gateway:
       Multiple vulnerabilities 
Date:  12 October 2011
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/14947

Title: ESB-2011.1020 - [Win][OSX] Microsoft .NET Framework and Microsoft
       Silverlight: Execute arbitrary code/commands - Remote with user
       interaction 
Date:  12 October 2011
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Mac OS X, Windows
       Server 2008 
URL:   http://www.auscert.org.au/14946

Title: ESB-2011.1019 - [Win] Microsoft Windows: Multiple vulnerabilities 
Date:  12 October 2011
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL:   http://www.auscert.org.au/14945

Title: ESB-2011.1018 - [Win] Windows Media Center: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  12 October 2011
OS:    Windows Vista, Windows 7 
URL:   http://www.auscert.org.au/14943

Title: ESB-2011.1017 - [Win] Microsoft Windows: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  12 October 2011
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL:   http://www.auscert.org.au/14944

Title: ESB-2011.1016 - [Win][UNIX/Linux] HP Onboard Administrator (OA):
       Unauthorised access - Remote/unauthenticated 
Date:  11 October 2011
OS:    IRIX, Solaris, HP Tru64 UNIX, Windows 2003, Red Hat Linux, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/14941

Title: ESB-2011.1015 - [Debian] bugzilla: Multiple vulnerabilities 
Date:  11 October 2011
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/14940

Title: ESB-2011.1014 - [Win][UNIX/Linux][Debian] moin: Cross-site scripting
-
       Remote with user interaction 
Date:  11 October 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/14939

Title: ESB-2011.1013 - [SUSE] kernel: Multiple vulnerabilities 
Date:  10 October 2011
OS:    SUSE 
URL:   http://www.auscert.org.au/14937

Title: ESB-2011.1012 - [Debian] dokuwiki: Cross-site scripting - Remote with
       user interaction 
Date:  10 October 2011
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/14936

Title: ESB-2011.1011 - [Debian] policykit-1: Increased privileges - Existing
       account 
Date:  10 October 2011
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/14935

Title: ESB-2011.0793.3 - UPDATE [VMware ESX] glibc and dhcp: Multiple
       vulnerabilities 
Date:  13 October 2011
OS:    Virtualisation, Virtualisation, Virtualisation 
URL:   http://www.auscert.org.au/14660

Title: ESB-2011.0599.2 - UPDATE [Win][VMware ESX][Linux][OSX] VMware
       Workstation, Player, Fusion and ESXi: Multiple vulnerabilities 
Date:  13 October 2011
OS:    Windows 2003, Red Hat Linux, Windows 7, Mac OS X, Ubuntu, Debian
       GNU/Linux, Windows XP, Virtualisation, SUSE, Windows 2000, Windows
       Vista, Other Linux Variants, Windows Server 2008, Windows 2003, Red
Hat
       Linux, Windows 7, Mac OS X, Debian GNU/Linux, Ubuntu, Windows XP,
       Virtualisation, SUSE, Windows 2000, Windows Vista, Other Linux
       Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/14446

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================




More information about the AusNOG mailing list