[AusNOG] AusCERT Week in Review - Week Ending 03/02/2012 (AUSCERT#20073F686)
Jonathan Levine
jonathan at auscert.org.au
Fri Feb 3 18:34:23 EST 2012
AusCERT Week in Review
03 February 2012
AusCERT in the Media:
- ---------------------
Papers, Articles and other documents:
- -------------------------------------
Web Log Entries:
- ----------------
Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2012.0016 - [Win][Linux][Solaris][AIX] Oracle GlassFish
Enterprise
Server and Sun Java System Application Server: Access confidential
data
- Remote with user interaction
Date: 03 February 2012
URL: http://www.auscert.org.au/15414
Title: ASB-2012.0014.2 - UPDATE [Win][UNIX/Linux] Mozilla Firefox and
Mozilla
Thunderbird: Multiple vulnerabilities
Date: 01 February 2012
URL: http://www.auscert.org.au/15390
Title: ASB-2012.0015 - [UNIX/Linux] sudo: Root compromise - Existing account
Date: 01 February 2012
URL: http://www.auscert.org.au/15396
Title: ASB-2012.0013 - [UNIX/Linux] Samba: Denial of service -
Remote/unauthenticated
Date: 31 January 2012
URL: http://www.auscert.org.au/15384
Title: ASB-2012.0012 - [Win][UNIX/Linux] Joomla!: Cross-site scripting -
Remote/unauthenticated
Date: 30 January 2012
URL: http://www.auscert.org.au/15378
External Security Bulletins:
- ----------------------------
Title: ESB-2011.1270.2 - UPDATE [HP-UX] Java: Multiple vulnerabilities
Date: 01 February 2012
OS: HP-UX, HP-UX
URL: http://www.auscert.org.au/15245
Title: ESB-2011.1160.3 - UPDATE [HP-UX] System Administration Manager:
Increased privileges - Existing account
Date: 01 February 2012
OS: HP-UX, HP-UX, HP-UX
URL: http://www.auscert.org.au/15110
Title: ESB-2011.0270.4 - UPDATE [VMware ESX] VMware ESX and VMware ESXi:
Multiple vulnerabilities
Date: 01 February 2012
OS: Virtualisation, Virtualisation, Virtualisation
URL: http://www.auscert.org.au/14078
Title: ESB-2012.0127 - [Win] RSA enVision 4.x: Access privileged data -
Remote/unauthenticated
Date: 03 February 2012
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/15417
Title: ESB-2012.0126 - [Win] HP Data Protector Media Operations: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 03 February 2012
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/15416
Title: ESB-2012.0125 - [Win][UNIX/Linux] Bugzilla: Multiple vulnerabilities
Date: 03 February 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/15415
Title: ESB-2012.0124 - [RedHat] ghostscript: Multiple vulnerabilities
Date: 03 February 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15413
Title: ESB-2012.0123 - [RedHat] freetype: Multiple vulnerabilities
Date: 03 February 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15412
Title: ESB-2012.0122 - [UNIX/Linux][RedHat] JBoss Enterprise Middleware:
Multiple vulnerabilities
Date: 03 February 2012
OS: IRIX, Solaris, HP Tru64 UNIX, Red Hat Linux, Debian GNU/Linux,
Ubuntu,
HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD, Other Linux
Variants
URL: http://www.auscert.org.au/15411
Title: ESB-2012.0121 - [RedHat] php53: Multiple vulnerabilities
Date: 03 February 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15410
Title: ESB-2012.0120 - [RedHat] php: Multiple vulnerabilities
Date: 03 February 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15409
Title: ESB-2012.0119 - ALERT [Win][UNIX/Linux][Debian] php5: Execute
arbitrary
code/commands - Remote/unauthenticated
Date: 03 February 2012
OS: IRIX, Solaris, HP Tru64 UNIX, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, FreeBSD, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/15408
Title: ESB-2012.0118 - [Debian] iceape: Multiple vulnerabilities
Date: 03 February 2012
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/15407
Title: ESB-2012.0117 - [Debian] iceweasel: Multiple vulnerabilities
Date: 03 February 2012
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/15406
Title: ESB-2012.0116 - [Debian] tomcat6: Multiple vulnerabilities
Date: 03 February 2012
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/15405
Title: ESB-2012.0115 - [Win][UNIX/Linux] Drupal: Multiple vulnerabilities
Date: 02 February 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15404
Title: ESB-2012.0114 - [OSX] Apple Mac OS X: Multiple vulnerabilities
Date: 02 February 2012
OS: Mac OS X
URL: http://www.auscert.org.au/15403
Title: ESB-2012.0113 - [RedHat] openssl: Multiple vulnerabilities
Date: 02 February 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15402
Title: ESB-2012.0112.2 - UPDATE [Win][UNIX/Linux][RedHat] JBoss Enterprise
Middleware: Multiple vulnerabilities
Date: 02 February 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008, IRIX, HP Tru64 UNIX,
Solaris, Red Hat Linux, Windows 2003, Windows 7, Mac OS X, Ubuntu,
Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants, SUSE,
OpenBSD,
Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux Variants,
Windows Server 2008
URL: http://www.auscert.org.au/15401
Title: ESB-2012.0111 - [RedHat] thunderbird: Multiple vulnerabilities
Date: 02 February 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15400
Title: ESB-2012.0110 - [Win][UNIX/Linux][RedHat] seamonkey: Multiple
vulnerabilities
Date: 02 February 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15399
Title: ESB-2012.0109 - [VMware ESX] VMware ESXi & VMware ESX: Multiple
vulnerabilities
Date: 02 February 2012
OS: Virtualisation
URL: http://www.auscert.org.au/15398
Title: ESB-2012.0108 - [Win][Linux][HP-UX][Solaris][AIX] IBM DB2 and IBM DB2
Accessories Suite: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 01 February 2012
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, HP-UX, Windows XP, SUSE, Windows 2000, AIX, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/15397
Title: ESB-2012.0107 - [Win] IBM SPSS: Execute arbitrary code/commands -
Remote with user interaction
Date: 01 February 2012
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/15395
Title: ESB-2012.0106 - [RedHat] thunderbird: Multiple vulnerabilities
Date: 01 February 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15394
Title: ESB-2012.0105 - [HP-UX] OpenSSL: Denial of service -
Remote/unauthenticated
Date: 01 February 2012
OS: HP-UX
URL: http://www.auscert.org.au/15393
Title: ESB-2012.0104 - [RedHat] firefox: Multiple vulnerabilities
Date: 01 February 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15392
Title: ESB-2012.0103 - [RedHat] JBoss Communications Platform: Multiple
vulnerabilities
Date: 01 February 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15391
Title: ESB-2012.0102 - [RedHat] jbossweb: Multiple vulnerabilities
Date: 01 February 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15389
Title: ESB-2012.0101 - [Win][UNIX/Linux] Apache HTTP Server: Multiple
vulnerabilities
Date: 01 February 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/15388
Title: ESB-2012.0100 - [RedHat] Red Hat Enterprise Linux 4: 30 day End Of
Life
Notice
Date: 01 February 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15387
Title: ESB-2012.0099 - [Debian] php5: Multiple vulnerabilities
Date: 01 February 2012
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/15386
Title: ESB-2012.0098 - [Win][Linux][Solaris] HP Network Automation:
Unauthorised access - Remote/unauthenticated
Date: 31 January 2012
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/15385
Title: ESB-2012.0097 - [Win][UNIX/Linux][Debian] curl: Multiple
vulnerabilities
Date: 31 January 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15383
Title: ESB-2012.0096 - [RedHat] php: Multiple vulnerabilities
Date: 31 January 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15382
Title: ESB-2012.0095 - [RedHat] ruby: Multiple vulnerabilities
Date: 31 January 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15381
Title: ESB-2012.0094 - [Win][UNIX/Linux][RedHat] ruby: Denial of service -
Remote/unauthenticated
Date: 31 January 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15380
Title: ESB-2012.0093 - ALERT [Cisco] IronPort Email Security & Security
Management: Execute arbitrary code/commands - Remote/unauthenticated
Date: 30 January 2012
OS: Cisco Products
URL: http://www.auscert.org.au/15379
Title: ESB-2012.0092 - [Linux][Debian] icu: Execute arbitrary code/commands
-
Remote/unauthenticated
Date: 30 January 2012
OS: Red Hat Linux, SUSE, Other Linux Variants, Debian GNU/Linux, Ubuntu
URL: http://www.auscert.org.au/15377
Title: ESB-2012.0091 - [Linux][Debian] qemu-kvm: Increased privileges -
Existing account
Date: 30 January 2012
OS: Red Hat Linux, SUSE, Other Linux Variants, Debian GNU/Linux, Ubuntu
URL: http://www.auscert.org.au/15376
Title: ESB-2012.0090 - [Debian] wireshark: Multiple vulnerabilities
Date: 30 January 2012
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/15375
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list