Keyboard Shortcuts
Thread View
j: Next unread messagek: Previous unread messagej a: Jump to all threadsj l: Jump to MailingList overview
[pacnog] AusCERT Week in Review - Week Ending 24/07/2009 (AUSCERT#20073F686)
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2009.1026.2 - UPDATED ALERT [Win][UNIX/Linux] Adobe Flash: Multiple
vulnerabilities
Date: 24 July 2009
URL: http://www.auscert.org.au/11356
Title: ASB-2009.1028 - [Win][UNIX/Linux] Joomla!: Multiple vulnerabilities
Date: 24 July 2009
URL: http://www.auscert.org.au/11361
Title: ASB-2009.1029.2 - UPDATE [Win][Linux][HP-UX][Solaris][AIX] IBM Tivoli
Identity Manager: Unauthorised access - Remote/unauthenticated
Date: 24 July 2009
URL: http://www.auscert.org.au/11363
Title: ASB-2009.1025 - [Appliance] DD-WRT: Root compromise -
Remote/unauthenticated
Date: 23 July 2009
URL: http://www.auscert.org.au/11355
Title: ASB-2009.1027 - [UNIX/Linux] ZNC: Multiple vulnerabilities
Date: 23 July 2009
URL: http://www.auscert.org.au/11358
Title: ASB-2009.1019.2 - UPDATE [Win] Chrome: Multiple vulnerabilities
Date: 22 July 2009
URL: http://www.auscert.org.au/11335
Title: ASB-2009.1022.3 - UPDATE [Win][UNIX/Linux] Wireshark: Multiple
vulnerabilities
Date: 22 July 2009
URL: http://www.auscert.org.au/11343
Title: ASB-2009.1023 - [Linux] Linux kernel: Multiple vulnerabilities
Date: 22 July 2009
URL: http://www.auscert.org.au/11346
Title: ASB-2009.1024 - [Win][UNIX/Linux] WordPress: Cross-site scripting -
Remote/unauthenticated
Date: 22 July 2009
URL: http://www.auscert.org.au/11347
Title: ASB-2009.1020 - [UNIX/Linux] Novell Privileged User Manager: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 21 July 2009
URL: http://www.auscert.org.au/11341
Title: ASB-2009.1021 - [Win][Linux][Solaris] Novell Access Manager: Access
privileged data - Existing account
Date: 21 July 2009
URL: http://www.auscert.org.au/11342
Title: ASB-2009.1017 - [Win][Linux][HP-UX][AIX] Hitachi Web server: Multiple
vulnerabilities
Date: 20 July 2009
URL: http://www.auscert.org.au/11333
Title: ASB-2009.1018 - [Win] VLC media player: Execute arbitrary code/commands
- Remote with user interaction
Date: 20 July 2009
URL: http://www.auscert.org.au/11334
External Security Bulletins:
----------------------------
Title: ESB-2009.1091 - [SUSE] kernel: Multiple vulnerabilities
Date: 24 July 2009
OS: Other Linux Variants
URL: http://www.auscert.org.au/11362
Title: ESB-2009.1090 - [UNIX/Linux][Debian] xulrunner: Multiple
vulnerabilities
Date: 24 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, HP-UX, Other BSD Variants,
OpenBSD, AIX, FreeBSD, Mac OS X, Other Linux Variants, Ubuntu, Debian
GNU/Linux
URL: http://www.auscert.org.au/11360
Title: ESB-2009.1089 - [Win][UNIX/Linux] Moderation (Drupal third-party
module): Cross-site request forgery - Remote/unauthenticated
Date: 23 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11357
Title: ESB-2009.1088.2 - UPDATE [Win] Akamai Download Manager: Execute
arbitrary code/commands - Remote with user interaction
Date: 24 July 2009
OS: Windows 2000, Windows XP, Windows Server 2008, Windows 2003, Windows
Vista
URL: http://www.auscert.org.au/11354
Title: ESB-2009.1087 - [HP-UX] XNTP 3.5: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 23 July 2009
OS: HP-UX
URL: http://www.auscert.org.au/11353
Title: ESB-2009.1086 - [Debian] evolution-data-server: Multiple
vulnerabilities
Date: 22 July 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11351
Title: ESB-2009.1085 - [RedHat] tomcat: Multiple vulnerabilities
Date: 22 July 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11350
Title: ESB-2009.1084 - [Win][UNIX/Linux][RedHat] seamonkey: Multiple
vulnerabilities
Date: 22 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11349
Title: ESB-2009.1083 - [Win][UNIX/Linux] firefox: Multiple vulnerabilities
Date: 22 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11348
Title: ESB-2009.1082 - [Win][Linux][Solaris] Helix: Multiple vulnerabilities
Date: 21 July 2009
OS: Solaris, Red Hat Linux, Windows 2003, Windows XP, Windows 2000, Windows
Vista, Windows Server 2008, Other Linux Variants, Ubuntu, Debian
GNU/Linux
URL: http://www.auscert.org.au/11344
Title: ESB-2009.1081.2 - UPDATE [Solaris][OpenSolaris] SCTP: Denial of service
- Existing account
Date: 21 July 2009
OS: Solaris
URL: http://www.auscert.org.au/11340
Title: ESB-2009.1080 - [Solaris][OpenSolaris] Solaris XScreenSaver : Access
confidential data - Existing account
Date: 21 July 2009
OS: Solaris
URL: http://www.auscert.org.au/11339
Title: ESB-2009.1079.2 - UPDATE [Solaris] Sun Ray Server Software 4.0:
Multiple vulnerabilities
Date: 21 July 2009
OS: Solaris
URL: http://www.auscert.org.au/11338
Title: ESB-2009.1078 - [Win][UNIX/Linux][Appliance] XMLDsig: Provide
misleading information - Remote/unauthenticated
Date: 20 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Cisco Products, Windows
2003, Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, OpenBSD, Windows 2000, Windows Vista, FreeBSD, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11337
Title: ESB-2009.1077 - [Debian] pulseaudio: Increased privileges - Existing
account
Date: 20 July 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11336
Title: ESB-2009.1076 - [UNIX/Linux] Syslog-ng: Reduced security - Existing
account
Date: 20 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, HP-UX, Other BSD Variants,
OpenBSD, AIX, FreeBSD, Mac OS X, Other Linux Variants, Ubuntu, Debian
GNU/Linux
URL: http://www.auscert.org.au/11332
Title: ESB-2009.1075 - [Debian] GStreamer Good Plugins: Execute arbitrary
code/commands - Remote with user interaction
Date: 20 July 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11331
Title: ESB-2009.1074 - [Debian] dbus: Denial of service - Existing account
Date: 20 July 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11330
Title: ESB-2009.1073 - [RedHat] JBoss Enterprise Web Server: Multiple
vulnerabilities
Date: 20 July 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11329
Title: ESB-2009.1072.2 - UPDATE [Solaris][OpenSolaris] NFSv4: Denial of
service - Existing account
Date: 21 July 2009
OS: Solaris
URL: http://www.auscert.org.au/11327
Title: ESB-2009.1071.2 - UPDATE [Solaris][OpenSolaris] ipfilter: Denial of
service - Remote/unauthenticated
Date: 21 July 2009
OS: Solaris
URL: http://www.auscert.org.au/11326
Title: ESB-2009.0624 -- [AIX] -- OpenSSL: Denial of Service
Date: 22 July 2009
OS: AIX
URL: http://www.auscert.org.au/11231
Title: ESB-2009.0601 -- [NetBSD] -- NetBSD OpenPAM passwd(1): Root Compromise
Date: 21 July 2009
OS: Other BSD Variants
URL: http://www.auscert.org.au/11198
Title: ESB-2009.0416 -- [Win][UNIX/Linux] -- Drupal core and Drupal
third-party modules: Multiple Vulnerabilities
Date: 23 July 2009
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows Server
2008, Windows XP, Other Linux Variants, FreeBSD, OpenBSD, Windows 2003,
IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX,
Solaris
URL: http://www.auscert.org.au/10924
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
AusCERT Week in Review
07 August 2009
Web Log Entries:
----------------
Title: Firefox updates available
Date: 05 August 2009
URL: http://www.auscert.org.au/11422
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2009.1043.3 - UPDATE [Appliance] BIG-IP: Denial of service -
Remote/unauthenticated
Date: 07 August 2009
URL: http://www.auscert.org.au/11429
Title: AA-2008.0264 -- [Win][Netware][UNIX/Linux] -- Malformed CAB files may
crash Sophos Anti-virus
Date: 06 August 2009
URL: http://www.auscert.org.au/10264
Title: ASB-2009.1042 - [Linux] strongSwan 2.8.10 and prior: Denial of service
- Remote/unauthenticated
Date: 05 August 2009
URL: http://www.auscert.org.au/11428
Title: ASB-2009.1040.3 - UPDATE [Win][UNIX/Linux] Firefox 3.5.1 & 3.0.12:
Multiple vulnerabilities
Date: 05 August 2009
URL: http://www.auscert.org.au/11419
Title: ASB-2009.1041 - [Win][UNIX/Linux] Wordpress 2.8.1 and prior: Multiple
vulnerabilities
Date: 04 August 2009
URL: http://www.auscert.org.au/11420
Title: ASB-2009.1026.4 - UPDATED ALERT [Win][UNIX/Linux] Adobe Flash, Adobe
Acrobat and Adobe Reader: Multiple vulnerabilities
Date: 03 August 2009
URL: http://www.auscert.org.au/11356
Title: ASB-2009.1037 - [Win][UNIX/Linux] Joomla!: Reduced security - Existing
account
Date: 03 August 2009
URL: http://www.auscert.org.au/11415
Title: ASB-2009.1038 - ALERT [Win][UNIX/Linux] SquirrelMail plugins: Access
confidential data - Remote/unauthenticated
Date: 03 August 2009
URL: http://www.auscert.org.au/11416
Title: ASB-2009.1039 - [Win][UNIX/Linux] MySQL: Denial of service - Existing
account
Date: 03 August 2009
URL: http://www.auscert.org.au/11417
External Security Bulletins:
----------------------------
Title: ESB-2009.1147 - [HP OpenVMS] BIND: Denial of service -
Remote/unauthenticated
Date: 07 August 2009
OS: HP Tru64 UNIX, HP-UX
URL: http://www.auscert.org.au/11442
Title: ESB-2009.1146 - [Win][Linux][Solaris][Mac][OSX] Sun VirtualBox: Denial
of service - Existing account
Date: 07 August 2009
OS: Solaris, Red Hat Linux, Windows 2003, Windows XP, SUSE, Windows 2000,
Windows Vista, Mac OS X, Windows Server 2008, Other Linux Variants,
Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/11441
Title: ESB-2009.1145 - [Win][Linux][HP-UX][Solaris] Sun Java System Access
Manager and OpenSSO Enterprise: Unauthorised access -
Remote/unauthenticated
Date: 07 August 2009
OS: Solaris, Red Hat Linux, Windows 2003, HP-UX, Windows XP, SUSE, Windows
2000, Windows Vista, Windows Server 2008, Other Linux Variants, Ubuntu,
Debian GNU/Linux
URL: http://www.auscert.org.au/11440
Title: ESB-2009.1144 - [RedHat] Sun Java and IBM Java: Multiple
vulnerabilities
Date: 07 August 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11439
Title: ESB-2009.1143 - [Solaris][OpenSolaris] XScreenSaver: Access privileged
data - Console/physical
Date: 07 August 2009
OS: Solaris
URL: http://www.auscert.org.au/11438
Title: ESB-2009.1142 - [UNIX/Linux] fetchmail prior to 6.3.11: Provide
misleading information - Remote/unauthenticated
Date: 07 August 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/11437
Title: ESB-2009.1141 - [Win][UNIX/Linux] XML libraries: Multiple
vulnerabilities
Date: 07 August 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants, SUSE,
OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11436
Title: ESB-2009.1140 - [UNIX/Linux][Debian] gst-plugins-bad0.10: Denial of
service - Remote with user interaction
Date: 07 August 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/11435
Title: ESB-2009.1139 - [SUSE] Mozilla Firefox: Multiple vulnerabilities
Date: 07 August 2009
OS: SUSE
URL: http://www.auscert.org.au/11434
Title: ESB-2009.1138 - ALERT [Mac][OSX] Mac OS X prior to v10.5.8: Multiple
vulnerabilities
Date: 06 August 2009
OS: Mac OS X
URL: http://www.auscert.org.au/11433
Title: ESB-2009.1137 - [SUSE][OpenSUSE] flash-player package: Execute
arbitrary code/commands - Remote with user interaction
Date: 06 August 2009
OS: SUSE
URL: http://www.auscert.org.au/11432
Title: ESB-2009.1136 - [Win][UNIX/Linux] Webform report (Drupal third-party
module): Cross-site scripting - Remote with user interaction
Date: 06 August 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants, SUSE,
OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11431
Title: ESB-2009.1135 - [AIX] BIND 9: Denial of service -
Remote/unauthenticated
Date: 06 August 2009
OS: AIX
URL: http://www.auscert.org.au/11430
Title: ESB-2009.1134 - [AIX] XL C++ runtime library: Multiple vulnerabilities
Date: 05 August 2009
OS: AIX
URL: http://www.auscert.org.au/11427
Title: ESB-2009.1133 - [Solaris][OpenSolaris] libtiff: Execute arbitrary
code/commands - Remote with user interaction
Date: 05 August 2009
OS: Solaris
URL: http://www.auscert.org.au/11426
Title: ESB-2009.1132.2 - UPDATED ALERT [Win][Linux][Solaris] Sun Java:
Multiple vulnerabilities
Date: 07 August 2009
OS: Debian GNU/Linux, Ubuntu, Other Linux Variants, Windows Server 2008,
Windows Vista, Windows 2000, SUSE, Windows XP, Windows 2003, Red Hat
Linux, Solaris
URL: http://www.auscert.org.au/11425
Title: ESB-2009.1131 - [RedHat] kernel: Multiple vulnerabilities
Date: 05 August 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11424
Title: ESB-2009.1130 - [UNIX/Linux][Debian] libmodplug: Multiple
vulnerabilities
Date: 05 August 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/11423
Title: ESB-2009.1129 - [Win][UNIX/Linux] Bugzilla prior to 3.4.1: Access
privileged data - Existing account
Date: 04 August 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants, SUSE,
OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11421
Title: ESB-2009.1128 - [Win][RedHat][HP-UX][SUSE] HP Serviceguard Manager:
Multiple vulnerabilities
Date: 04 August 2009
OS: Red Hat Linux, Windows 2003, HP-UX, Windows XP, SUSE, Windows 2000,
Windows Vista, Windows Server 2008, Novell Netware
URL: http://www.auscert.org.au/11418
Title: ESB-2009.1127.2 - UPDATE [Solaris][OpenSolaris] Solaris Trusted
Extensions: Denial of service - Existing account
Date: 04 August 2009
OS: Solaris
URL: http://www.auscert.org.au/11414
Title: ESB-2009.1126 - [Solaris][OpenSolaris] BIND: Denial of service -
Remote/unauthenticated
Date: 03 August 2009
OS: Solaris
URL: http://www.auscert.org.au/11413
Title: ESB-2009.1125 - [Appliance] iPhone: Execute arbitrary code/commands -
OS: Solaris
URL: http://www.auscert.org.au/11413
Title: ESB-2009.1125 - [Appliance] iPhone: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 03 August 2009
URL: http://www.auscert.org.au/11412
Title: ESB-2009.1124.2 - UPDATE [Debian] znc: Create arbitrary files -
Existing account
Date: 05 August 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11411
Title: ESB-2009.1123 - [Debian] xml-security-c: Provide misleading information
- Remote/unauthenticated
Date: 03 August 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11410
Title: ESB-2009.1122 - [RedHat] flash-plugin: Multiple vulnerabilities
Date: 03 August 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11409
Title: ESB-2009.1121.2 - UPDATE [Win][UNIX/Linux][RedHat] Red Hat: Multiple
vulnerabilities
Date: 03 August 2009
OS: HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,
HP-UX, SUSE, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat
Linux, AIX, Windows Server 2008, Windows Vista, Windows 2003, Windows
2000, Windows XP, Mac OS X
URL: http://www.auscert.org.au/11407
Title: ESB-2009.1107.2 - UPDATE [Win][UNIX/Linux] Firebird SQL: Denial of
service - Remote/unauthenticated
Date: 04 August 2009
OS: Other Linux Variants, Windows Server 2008, FreeBSD, Windows Vista, AIX,
Windows 2000, OpenBSD, SUSE, Other BSD Variants, Windows XP, HP-UX,
Debian GNU/Linux, Ubuntu, Mac OS X, Windows 2003, Red Hat Linux, HP
Tru64 UNIX, Solaris, IRIX
URL: http://www.auscert.org.au/11388
Title: ESB-2009.1061.2 - UPDATE [Debian] tiff: Multiple vulnerabilities
Date: 05 August 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11312
Title: ESB-2007.0036 -- [HP-UX] -- HPSBUX02181 SSRT061289 rev.1 - HP-UX
Running IPFilter, Remote Unauthorized Denial of Service (DoS)
Date: 04 August 2009
OS: HP-UX
URL: http://www.auscert.org.au/7205
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
Activity Summary
- 4986 days inactive
- 4986 days old
- pacnog@pacnog.org
- 2 participants
- 1 comments
Participants (2)
-
Jonathan Levine
-
Paul Fahey