Orbit


                        AusCERT Week in Review
23 July 2010
Web Log Entries:
----------------
Title: Malware targeting Siemens SCADA 
Date:  20 July 2010
URL:   http://www.auscert.org.au/13084
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2010.0174.4 - UPDATED ALERT Siemens Simatic WinCC and PCS 7:
       Unauthorised access - Unknown/unspecified 
Date:  23 July 2010
URL:   http://www.auscert.org.au/13083
Title: ASB-2010.0178 - [Win][UNIX/Linux] vBulletin: Unauthorised access -
       Unknown/unspecified 
Date:  23 July 2010
URL:   http://www.auscert.org.au/13100
Title: ASB-2010.0179 - [Win][UNIX/Linux] Pidgin: Denial of service -
       Remote/unauthenticated 
Date:  23 July 2010
URL:   http://www.auscert.org.au/13101
Title: ASB-2010.0175 - [Win][UNIX/Linux] Firefox: Multiple vulnerabilities 
Date:  21 July 2010
URL:   http://www.auscert.org.au/13087
Title: ASB-2010.0176 - [Win][Linux] Novell Teaming: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  21 July 2010
URL:   http://www.auscert.org.au/13090
Title: ASB-2010.0177 - [Win] Windows XP Service Pack 2: Reduced security -
       Unknown/unspecified 
Date:  21 July 2010
URL:   http://www.auscert.org.au/13094
Title: ASB-2010.0173 - [Win][UNIX/Linux] OpenLDAP: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  20 July 2010
URL:   http://www.auscert.org.au/13081
Title: ASB-2010.0172 - [Win][UNIX/Linux] Joomla! 1.5.19 and all previous 1.5
       releases: Cross-site scripting - Existing account 
Date:  19 July 2010
URL:   http://www.auscert.org.au/13076
External Security Bulletins:
----------------------------
Title: ESB-2010.0644 - [Win][UNIX/Linux] Tagging (Drupal Third-party module):
       Cross-site scripting - Remote with user interaction 
Date:  22 July 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13099
Title: ESB-2010.0643 - [Win] HP Virtual Connect Enterprise Manager v6.1 or
       subsequent: Cross-site scripting - Remote with user interaction 
Date:  22 July 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/13098
Title: ESB-2010.0642 - [Cisco] Cisco Content Delivery System Internet
       Streamer: Access privileged data - Remote/unauthenticated 
Date:  22 July 2010
OS:    Cisco Products 
URL:   http://www.auscert.org.au/13097
Title: ESB-2010.0641 - [Debian] ncompress: Execute arbitrary code/commands -
       Remote with user interaction 
Date:  22 July 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/13096
Title: ESB-2010.0640 - [RedHat] java-1.6.0-ibm: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  22 July 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13095
Title: ESB-2010.0639 - [RedHat] firefox and thunderbird: Multiple
       vulnerabilities 
Date:  21 July 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13093
Title: ESB-2010.0638 - [RedHat] seamonkey: Multiple vulnerabilities 
Date:  21 July 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13091
Title: ESB-2010.0637 - [UNIX/Linux][Debian] mlmmj: Modify arbitrary files -
       Existing account 
Date:  21 July 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/13089
Title: ESB-2010.0636 - [SUSE] kernel: Multiple vulnerabilities 
Date:  21 July 2010
OS:    SUSE 
URL:   http://www.auscert.org.au/13088
Title: ESB-2010.0635.3 - UPDATE [Win][Linux][HP-UX][Solaris] HP OpenView
       Network Node Manager: Execute arbitrary code/commands -
       Remote/unauthenticated 
Date:  23 July 2010
OS:    Other Linux Variants, Windows Server 2008, Windows Vista, Windows 2000,
       SUSE, HP-UX, Windows XP, Ubuntu, Debian GNU/Linux, Windows 7, Red Hat
       Linux, Windows 2003, Solaris 
URL:   http://www.auscert.org.au/13086
Title: ESB-2010.0634 - [RedHat] openldap: Multiple vulnerabilities 
Date:  21 July 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13085
Title: ESB-2010.0633 - [AIX] ToolTalk: Execute arbitrary code/commands -
       Remote/unauthenticated 
Date:  20 July 2010
OS:    AIX 
URL:   http://www.auscert.org.au/13082
Title: ESB-2010.0632 - [Win] iTunes: Execute arbitrary code/commands - Remote
       with user interaction 
Date:  20 July 2010
OS:    Windows XP, Windows 7, Windows Vista 
URL:   http://www.auscert.org.au/13080
Title: ESB-2010.0631 - [Debian] libpng: Multiple vulnerabilities 
Date:  20 July 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/13079
Title: ESB-2010.0630 - [VMware ESX] VMWare: Multiple vulnerabilities 
Date:  20 July 2010
OS:    Virtualisation 
URL:   http://www.auscert.org.au/13078
Title: ESB-2010.0629 - [Win][UNIX/Linux] ghostscript: Multiple vulnerabilities
Date:  19 July 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13077
Title: ESB-2010.0628.2 - UPDATE ALERT [Win] Windows Shell: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  21 July 2010
OS:    Windows Server 2008, Windows Vista, Windows 7, Windows XP, Windows 2003
URL:   http://www.auscert.org.au/13075
Title: ESB-2010.0627 - [Win] Ipswitch Imail Server: Administrator compromise -
       Remote/unauthenticated 
Date:  19 July 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/13074
Title: ESB-2010.0617.2 - UPDATE [Win] SolidDB: Administrator compromise -
       Remote/unauthenticated 
Date:  23 July 2010
OS:    Windows Server 2008, Windows Vista, Windows 7, Windows 2000, Windows
       XP, Windows 2003 
URL:   http://www.auscert.org.au/13061
Title: ESB-2010.0434 -- [Win][Linux][HP-UX][Solaris] -- HP OpenView Network
       Node Manager: Execute Arbitrary Code 
Date:  20 July 2010
OS:    Windows Vista, HP-UX, Red Hat Linux, Windows Server 2008, Windows XP,
       Other Linux Variants, Windows 2000, Windows 2003, Debian GNU/Linux,
       Ubuntu, Solaris 
URL:   http://www.auscert.org.au/10945
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

Orbit

[pacnog] AusCERT Week in Review - Week Ending 23/07/2010 (AUSCERT#20073f686)

Activity Summary

Participants (1)