[AusNOG] AusCERT Week in Review - Week Ending 03/02/2012 (AUSCERT#20073F686)

Jonathan Levine jonathan at auscert.org.au
Fri Feb 3 18:34:23 EST 2012


AusCERT Week in Review
03 February 2012


AusCERT in the Media:
- ---------------------

Papers, Articles and other documents:
- -------------------------------------


Web Log Entries:
- ----------------


Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2012.0016 - [Win][Linux][Solaris][AIX] Oracle GlassFish
Enterprise
       Server and Sun Java System Application Server: Access confidential
data
       - Remote with user interaction
Date:  03 February 2012
URL:   http://www.auscert.org.au/15414

Title: ASB-2012.0014.2 - UPDATE [Win][UNIX/Linux] Mozilla Firefox and
Mozilla
       Thunderbird: Multiple vulnerabilities
Date:  01 February 2012
URL:   http://www.auscert.org.au/15390

Title: ASB-2012.0015 - [UNIX/Linux] sudo: Root compromise - Existing account
Date:  01 February 2012
URL:   http://www.auscert.org.au/15396

Title: ASB-2012.0013 - [UNIX/Linux] Samba: Denial of service -
       Remote/unauthenticated
Date:  31 January 2012
URL:   http://www.auscert.org.au/15384

Title: ASB-2012.0012 - [Win][UNIX/Linux] Joomla!: Cross-site scripting -
       Remote/unauthenticated
Date:  30 January 2012
URL:   http://www.auscert.org.au/15378


External Security Bulletins:
- ----------------------------
Title: ESB-2011.1270.2 - UPDATE [HP-UX] Java: Multiple vulnerabilities 
Date:  01 February 2012
OS:    HP-UX, HP-UX 
URL:   http://www.auscert.org.au/15245

Title: ESB-2011.1160.3 - UPDATE [HP-UX] System Administration Manager:
       Increased privileges - Existing account 
Date:  01 February 2012
OS:    HP-UX, HP-UX, HP-UX 
URL:   http://www.auscert.org.au/15110

Title: ESB-2011.0270.4 - UPDATE [VMware ESX] VMware ESX and VMware ESXi:
       Multiple vulnerabilities 
Date:  01 February 2012
OS:    Virtualisation, Virtualisation, Virtualisation 
URL:   http://www.auscert.org.au/14078

Title: ESB-2012.0127 - [Win] RSA enVision 4.x: Access privileged data -
       Remote/unauthenticated 
Date:  03 February 2012
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/15417

Title: ESB-2012.0126 - [Win] HP Data Protector Media Operations: Execute
       arbitrary code/commands - Remote/unauthenticated 
Date:  03 February 2012
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/15416

Title: ESB-2012.0125 - [Win][UNIX/Linux] Bugzilla: Multiple vulnerabilities 
Date:  03 February 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/15415

Title: ESB-2012.0124 - [RedHat] ghostscript: Multiple vulnerabilities 
Date:  03 February 2012
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/15413

Title: ESB-2012.0123 - [RedHat] freetype: Multiple vulnerabilities 
Date:  03 February 2012
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/15412

Title: ESB-2012.0122 - [UNIX/Linux][RedHat] JBoss Enterprise Middleware:
       Multiple vulnerabilities 
Date:  03 February 2012
OS:    IRIX, Solaris, HP Tru64 UNIX, Red Hat Linux, Debian GNU/Linux,
Ubuntu,
       HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD, Other Linux
       Variants 
URL:   http://www.auscert.org.au/15411

Title: ESB-2012.0121 - [RedHat] php53: Multiple vulnerabilities 
Date:  03 February 2012
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/15410

Title: ESB-2012.0120 - [RedHat] php: Multiple vulnerabilities 
Date:  03 February 2012
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/15409

Title: ESB-2012.0119 - ALERT [Win][UNIX/Linux][Debian] php5: Execute
arbitrary
       code/commands - Remote/unauthenticated 
Date:  03 February 2012
OS:    IRIX, Solaris, HP Tru64 UNIX, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, FreeBSD, Windows Vista,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/15408

Title: ESB-2012.0118 - [Debian] iceape: Multiple vulnerabilities 
Date:  03 February 2012
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/15407

Title: ESB-2012.0117 - [Debian] iceweasel: Multiple vulnerabilities 
Date:  03 February 2012
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/15406

Title: ESB-2012.0116 - [Debian] tomcat6: Multiple vulnerabilities 
Date:  03 February 2012
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/15405

Title: ESB-2012.0115 - [Win][UNIX/Linux] Drupal: Multiple vulnerabilities 
Date:  02 February 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/15404

Title: ESB-2012.0114 - [OSX] Apple Mac OS X: Multiple vulnerabilities 
Date:  02 February 2012
OS:    Mac OS X 
URL:   http://www.auscert.org.au/15403

Title: ESB-2012.0113 - [RedHat] openssl: Multiple vulnerabilities 
Date:  02 February 2012
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/15402

Title: ESB-2012.0112.2 - UPDATE [Win][UNIX/Linux][RedHat] JBoss Enterprise
       Middleware: Multiple vulnerabilities 
Date:  02 February 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008, IRIX, HP Tru64 UNIX,
       Solaris, Red Hat Linux, Windows 2003, Windows 7, Mac OS X, Ubuntu,
       Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants, SUSE,
OpenBSD,
       Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux Variants,
       Windows Server 2008 
URL:   http://www.auscert.org.au/15401

Title: ESB-2012.0111 - [RedHat] thunderbird: Multiple vulnerabilities 
Date:  02 February 2012
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/15400

Title: ESB-2012.0110 - [Win][UNIX/Linux][RedHat] seamonkey: Multiple
       vulnerabilities 
Date:  02 February 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/15399

Title: ESB-2012.0109 - [VMware ESX] VMware ESXi & VMware ESX: Multiple
       vulnerabilities 
Date:  02 February 2012
OS:    Virtualisation 
URL:   http://www.auscert.org.au/15398

Title: ESB-2012.0108 - [Win][Linux][HP-UX][Solaris][AIX] IBM DB2 and IBM DB2
       Accessories Suite: Execute arbitrary code/commands -
       Remote/unauthenticated 
Date:  01 February 2012
OS:    Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
       Ubuntu, HP-UX, Windows XP, SUSE, Windows 2000, AIX, Windows Vista,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/15397

Title: ESB-2012.0107 - [Win] IBM SPSS: Execute arbitrary code/commands -
       Remote with user interaction 
Date:  01 February 2012
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/15395

Title: ESB-2012.0106 - [RedHat] thunderbird: Multiple vulnerabilities 
Date:  01 February 2012
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/15394

Title: ESB-2012.0105 - [HP-UX] OpenSSL: Denial of service -
       Remote/unauthenticated 
Date:  01 February 2012
OS:    HP-UX 
URL:   http://www.auscert.org.au/15393

Title: ESB-2012.0104 - [RedHat] firefox: Multiple vulnerabilities 
Date:  01 February 2012
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/15392

Title: ESB-2012.0103 - [RedHat] JBoss Communications Platform: Multiple
       vulnerabilities 
Date:  01 February 2012
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/15391

Title: ESB-2012.0102 - [RedHat] jbossweb: Multiple vulnerabilities 
Date:  01 February 2012
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/15389

Title: ESB-2012.0101 - [Win][UNIX/Linux] Apache HTTP Server: Multiple
       vulnerabilities 
Date:  01 February 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/15388

Title: ESB-2012.0100 - [RedHat] Red Hat Enterprise Linux 4: 30 day End Of
Life
       Notice 
Date:  01 February 2012
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/15387

Title: ESB-2012.0099 - [Debian] php5: Multiple vulnerabilities 
Date:  01 February 2012
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/15386

Title: ESB-2012.0098 - [Win][Linux][Solaris] HP Network Automation:
       Unauthorised access - Remote/unauthenticated 
Date:  31 January 2012
OS:    Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
       Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, Windows Vista, Windows
       Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/15385

Title: ESB-2012.0097 - [Win][UNIX/Linux][Debian] curl: Multiple
       vulnerabilities 
Date:  31 January 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/15383

Title: ESB-2012.0096 - [RedHat] php: Multiple vulnerabilities 
Date:  31 January 2012
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/15382

Title: ESB-2012.0095 - [RedHat] ruby: Multiple vulnerabilities 
Date:  31 January 2012
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/15381

Title: ESB-2012.0094 - [Win][UNIX/Linux][RedHat] ruby: Denial of service -
       Remote/unauthenticated 
Date:  31 January 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/15380

Title: ESB-2012.0093 - ALERT [Cisco] IronPort Email Security & Security
       Management: Execute arbitrary code/commands - Remote/unauthenticated 
Date:  30 January 2012
OS:    Cisco Products 
URL:   http://www.auscert.org.au/15379

Title: ESB-2012.0092 - [Linux][Debian] icu: Execute arbitrary code/commands
-
       Remote/unauthenticated 
Date:  30 January 2012
OS:    Red Hat Linux, SUSE, Other Linux Variants, Debian GNU/Linux, Ubuntu 
URL:   http://www.auscert.org.au/15377

Title: ESB-2012.0091 - [Linux][Debian] qemu-kvm: Increased privileges -
       Existing account 
Date:  30 January 2012
OS:    Red Hat Linux, SUSE, Other Linux Variants, Debian GNU/Linux, Ubuntu 
URL:   http://www.auscert.org.au/15376

Title: ESB-2012.0090 - [Debian] wireshark: Multiple vulnerabilities 
Date:  30 January 2012
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/15375



===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================




More information about the AusNOG mailing list