[AusNOG] AusCERT Week in Review - Week Ending 02/09/2011 (AUSCERT#20073f686)
Jonathan Levine
jonathan at auscert.org.au
Fri Sep 2 15:37:27 EST 2011
AusCERT Week in Review
02 September 2011
Web Log Entries:
- ----------------
Title: Exploding Blowfish Sushi
Date: 01 September 2011
URL: http://www.auscert.org.au/14783
Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2011.0071 - [Win][UNIX/Linux] Opera: Provide misleading
information
- Remote with user interaction
Date: 01 September 2011
URL: http://www.auscert.org.au/14778
Title: ASB-2011.0072 - [Win][UNIX/Linux] BIND: Denial of service -
Remote/unauthenticated
Date: 01 September 2011
URL: http://www.auscert.org.au/14779
Title: ASB-2011.0073 - [Win][UNIX/Linux] Firefox and Thunderbird: Provide
misleading information - Remote with user interaction
Date: 01 September 2011
URL: http://www.auscert.org.au/14780
Title: ASB-2011.0074 - [Linux] Security breach on kernel.org
Date: 01 September 2011
URL: http://www.auscert.org.au/14784
Title: ASB-2011.0070 - [Win][Linux][HP-UX][Solaris][AIX] IBM Tivoli Storage
Productivity Center 4.2.1: Denial of service - Remote/unauthenticated
Date: 29 August 2011
URL: http://www.auscert.org.au/14761
External Security Bulletins:
- ----------------------------
Title: ESB-2011.0903 - [SUSE] kernel: Multiple vulnerabilities
Date: 02 September 2011
OS: SUSE
URL: http://www.auscert.org.au/14791
Title: ESB-2011.0902 - [Win][Netware][Linux][Solaris][AIX][SUSE] Novell
Identity Manager: Denial of service - Remote/unauthenticated
Date: 02 September 2011
OS: Solaris, Windows 2003, Red Hat Linux, Windows 7, Novell Netware,
Ubuntu, Debian GNU/Linux, Windows XP, SUSE, Windows 2000, AIX,
Windows
Vista, Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14790
Title: ESB-2011.0901 - [Win][Linux][HP-UX][Solaris][AIX] IBM HTTP Server:
Denial of service - Remote/unauthenticated
Date: 02 September 2011
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14789
Title: ESB-2011.0900 - [SUSE] SUSE Linux Enterprise 9: End of General
Support
Date: 02 September 2011
OS: SUSE
URL: http://www.auscert.org.au/14788
Title: ESB-2011.0899 - [UNIX/Linux][RedHat] rsyslog: Denial of service -
Existing account
Date: 02 September 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/14787
Title: ESB-2011.0898 - [SUSE] Xen: Denial of service - Unknown/unspecified
Date: 01 September 2011
OS: SUSE
URL: http://www.auscert.org.au/14786
Title: ESB-2011.0897 - [Win][UNIX/Linux] Tivoli Access Manager for
e-business:
Denial of service - Remote with user interaction
Date: 01 September 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14785
Title: ESB-2011.0896 - [RedHat] httpd: Denial of service -
Remote/unauthenticated
Date: 01 September 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14782
Title: ESB-2011.0895 - [RedHat] Firefox, Thunderbird and Seamonkey: Provide
misleading information - Remote with user interaction
Date: 01 September 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14781
Title: ESB-2011.0894 - [Win][UNIX/Linux] Drupal third-party modules:
Cross-site scripting - Remote with user interaction
Date: 01 September 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14777
Title: ESB-2011.0893 - [Linux][RedHat] ecryptfs-utils: Multiple
vulnerabilities
Date: 01 September 2011
OS: Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/14776
Title: ESB-2011.0892 - [RedHat] End Of Life announced for Red Hat Enterprise
Linux 4 and Extended Update Support 4.7
Date: 01 September 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14775
Title: ESB-2011.0891 - [Debian] ca-certificates: Provide misleading
information - Remote with user interaction
Date: 01 September 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14774
Title: ESB-2011.0890 - [Debian] nss: Provide misleading information - Remote
with user interaction
Date: 01 September 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14773
Title: ESB-2011.0889 - [Cisco] Cisco TelePresence Codecs: Denial of service
-
Remote/unauthenticated
Date: 01 September 2011
OS: Cisco Products
URL: http://www.auscert.org.au/14772
Title: ESB-2011.0888 - [SUSE] vpnc: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 31 August 2011
OS: SUSE
URL: http://www.auscert.org.au/14771
Title: ESB-2011.0887 - [Cisco] Cisco Devices: Denial of service -
Remote/unauthenticated
Date: 31 August 2011
OS: Cisco Products
URL: http://www.auscert.org.au/14770
Title: ESB-2011.0886.2 - UPDATE [Win] Microsoft Windows: Provide misleading
information - Remote with user interaction
Date: 30 August 2011
OS: Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008, Windows 2003, Windows XP, Windows 7, Windows Vista, Windows
Server 2008
URL: http://www.auscert.org.au/14769
Title: ESB-2011.0885 - [SUSE][OpenSUSE] Firefox, Thunderbird and Seamonkey:
Multiple vulnerabilities
Date: 30 August 2011
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/14768
Title: ESB-2011.0884 - [SUSE] java-1_4_2-ibm: Multiple vulnerabilities
Date: 30 August 2011
OS: SUSE
URL: http://www.auscert.org.au/14767
Title: ESB-2011.0883 - [Win][Linux][HP-UX][Solaris][AIX] IBM WebSphere
Application Server: Access privileged data - Existing account
Date: 30 August 2011
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14766
Title: ESB-2011.0882 - [Win][UNIX/Linux] Squid: Denial of service -
Remote/unauthenticated
Date: 30 August 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14765
Title: ESB-2011.0881 - [Debian] apache2: Denial of service -
Remote/unauthenticated
Date: 30 August 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14764
Title: ESB-2011.0880 - [Win][UNIX/Linux] Apache Tomcat: Access privileged
data
- Remote/unauthenticated
Date: 30 August 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14763
Title: ESB-2011.0879 - [RedHat] samba, samba3x and cifs-utils: Multiple
vulnerabilities
Date: 30 August 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14762
Title: ESB-2011.0870.2 - UPDATED ALERT [Win][UNIX/Linux] Apache HTTPD:
Denial
of service - Remote/unauthenticated
Date: 29 August 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008, IRIX, HP Tru64 UNIX,
Solaris, Windows 2003, Red Hat Linux, Windows 7, Mac OS X, Debian
GNU/Linux, Ubuntu, Windows XP, HP-UX, Other BSD Variants, SUSE,
Windows
2000, OpenBSD, AIX, FreeBSD, Windows Vista, Other Linux Variants,
Windows Server 2008
URL: http://www.auscert.org.au/14748
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list