[AusNOG] AusCERT Week in Review - Week Ending 23/03/2012 (AUSCERT#20073f686)
Jonathan Levine
jonathan at auscert.org.au
Fri Mar 23 17:10:34 EST 2012
AusCERT Week in Review
23 March 2012
Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2012.0040 - [Win][Linux][Mac][OSX] Google Chrome: Multiple
vulnerabilities
Date: 23 March 2012
URL: http://www.auscert.org.au/15638
Title: ASB-2012.0039 - [Win][Netware][Linux][Solaris][AIX] Novell
eDirectory:
Denial of service - Existing account
Date: 20 March 2012
URL: http://www.auscert.org.au/15621
Title: ASB-2012.0038 - [Win][UNIX/Linux] Joomla!: Increased privileges -
Existing account
Date: 19 March 2012
URL: http://www.auscert.org.au/15614
External Security Bulletins:
- ----------------------------
Title: ESB-2011.1185.5 - UPDATED ALERT [Printer] HP Printers & HP Digital
Senders: Execute arbitrary code/commands - Remote/unauthenticated
Date: 20 March 2012
OS: Printer, Printer, Printer
URL: http://www.auscert.org.au/15144
Title: ESB-2012.0312 - [Win][UNIX/Linux] RealPlayer: Execute arbitrary
code/commands - Remote with user interaction
Date: 23 March 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15637
Title: ESB-2012.0311 - [Win][UNIX/Linux][RedHat] openoffice.org: Execute
arbitrary code/commands - Remote with user interaction
Date: 23 March 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15636
Title: ESB-2012.0310 - [RedHat] raptor: Execute arbitrary code/commands -
Remote with user interaction
Date: 23 March 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15635
Title: ESB-2012.0309 - [Debian] libpng: Execute arbitrary code/commands -
Remote with user interaction
Date: 23 March 2012
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/15634
Title: ESB-2012.0308 - [Win][UNIX/Linux][Debian] raptor: Access confidential
data - Remote/unauthenticated
Date: 23 March 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15633
Title: ESB-2012.0307 - [Win][UNIX/Linux] IBM Tivoli Endpoint Manager:
Cross-site scripting - Remote with user interaction
Date: 22 March 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/15632
Title: ESB-2012.0306 - [Win] Citrix XenServer: Reduced security -
Unknown/unspecified
Date: 22 March 2012
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/15631
Title: ESB-2012.0305 - [AIX] OpenSSL: Multiple vulnerabilities
Date: 22 March 2012
OS: AIX
URL: http://www.auscert.org.au/15630
Title: ESB-2012.0304 - [Win] CA ARCserve Backup: Denial of service -
Remote/unauthenticated
Date: 22 March 2012
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/15629
Title: ESB-2012.0303 - [Debian] icedove: Multiple vulnerabilities
Date: 22 March 2012
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/15628
Title: ESB-2012.0302 - [Win][Linux][HP-UX][Solaris][AIX] IBM WebSphere
Application Server: Multiple vulnerabilities
Date: 21 March 2012
OS: Solaris, HP-UX, SUSE, Ubuntu, Debian GNU/Linux, Other Linux Variants,
Red Hat Linux, AIX, Windows 7, Windows Server 2008, Windows Vista,
Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/15627
Title: ESB-2012.0301 - [Linux] HP Insight Control Software: Multiple
vulnerabilities
Date: 21 March 2012
OS: Red Hat Linux, HP-UX, SUSE, Other Linux Variants, Debian GNU/Linux,
Ubuntu
URL: http://www.auscert.org.au/15626
Title: ESB-2012.0300 - [Win][UNIX/Linux][RedHat] libpng: Execute arbitrary
code/commands - Remote with user interaction
Date: 21 March 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15625
Title: ESB-2012.0299 - [Win][UNIX/Linux][RedHat] JBoss Operations Network
3.0.1: Multiple vulnerabilities
Date: 21 March 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15624
Title: ESB-2012.0298 - [Win][Linux][HP-UX][Solaris][AIX] IBM DB2: Multiple
vulnerabilities
Date: 20 March 2012
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/15623
Title: ESB-2012.0297 - [Win][UNIX/Linux] VLC media player: Multiple
vulnerabilities
Date: 20 March 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15622
Title: ESB-2012.0296 - [Win] RSA enVision 4.x: Multiple vulnerabilities
Date: 20 March 2012
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/15620
Title: ESB-2012.0295 - [RedHat] glibc: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 20 March 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15619
Title: ESB-2012.0294 - [Win][UNIX/Linux][RedHat] JBoss Operations Network
2.4.2: Unauthorised access - Remote/unauthenticated
Date: 20 March 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/15618
Title: ESB-2012.0293 - [Win][UNIX/Linux][Debian] libapache2-mod-fcgid:
Denial
of service - Remote/unauthenticated
Date: 20 March 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15617
Title: ESB-2012.0292 - [Win][UNIX/Linux][Debian] gnash: Multiple
vulnerabilities
Date: 20 March 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15616
Title: ESB-2012.0291 - [Win][UNIX/Linux][Debian] nginx: Access privileged
data
- Remote/unauthenticated
Date: 20 March 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15615
Title: ESB-2012.0290 - [Win][UNIX/Linux][Mandriva] Pidgin: Denial of service
-
Remote/unauthenticated
Date: 19 March 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15613
Title: ESB-2012.0289 - [Win][VMware ESX][Linux] VMWare: Multiple
vulnerabilities
Date: 19 March 2012
OS: Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux,
Windows XP, Virtualisation, SUSE, Windows 2000, Windows Vista,
Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/15612
Title: ESB-2012.0288 - [Win] VMware View: Multiple vulnerabilities
Date: 19 March 2012
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/15611
Title: ESB-2012.0287 - [Debian] iceweasel: Multiple vulnerabilities
Date: 19 March 2012
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/15610
Title: ESB-2012.0109.2 - UPDATE [VMware ESX] VMware ESXi & VMware ESX:
Multiple vulnerabilities
Date: 19 March 2012
OS: Virtualisation, Virtualisation
URL: http://www.auscert.org.au/15398
===========================================================================
Australian Computer Emergency Response Team The University of Queensland
Brisbane Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list