Orbit


                        AusCERT Week in Review
30 July 2010
Web Log Entries:
- ----------------
Title: NoScript 2.0 is out 
Date:  29 July 2010
URL:   http://www.auscert.org.au/13125
Title: Malware variants are exploiting the Windows Shell vulnerability 
Date:  28 July 2010
URL:   http://www.auscert.org.au/13113
Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2010.0173.2 - UPDATE [Win][UNIX/Linux] OpenLDAP: Multiple
       vulnerabilities 
Date:  30 July 2010
URL:   http://www.auscert.org.au/13081
Title: ASB-2010.0181.2 - UPDATE [Win][UNIX/Linux] Apache HTTPD: Multiple
       vulnerabilities 
Date:  29 July 2010
URL:   http://www.auscert.org.au/13107
Title: ASB-2010.0182.2 - UPDATE [Win][Linux][Mac][OSX] Google Chrome:
Multiple
       vulnerabilities 
Date:  29 July 2010
URL:   http://www.auscert.org.au/13115
Title: ASB-2010.0184 - [UNIX/Linux] GNOME Display Manager prior to 2.20.11:
       Access confidential data - Existing account 
Date:  29 July 2010
URL:   http://www.auscert.org.au/13123
Title: ASB-2010.0183 - [Win] Lotus Notes: Multiple vulnerabilities 
Date:  28 July 2010
URL:   http://www.auscert.org.au/13116
Title: ASB-2010.0180 - [Win][UNIX/Linux] Firefox: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  26 July 2010
URL:   http://www.auscert.org.au/13104
External Security Bulletins:
- ----------------------------
Title: ESB-2010.0661 - [Debian] openldap: Multiple vulnerabilities 
Date:  30 July 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/13127
Title: ESB-2010.0660 - [RedHat] java-1.4.2-ibm: Multiple vulnerabilities 
Date:  30 July 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13126
Title: ESB-2010.0659 - [Win][RedHat][Solaris][AIX][SUSE] RSA Federated
       Identity Manager: Provide misleading information - Remote with user
       interaction 
Date:  29 July 2010
OS:    Solaris, Windows 2003, Red Hat Linux, SUSE, AIX 
URL:   http://www.auscert.org.au/13124
Title: ESB-2010.0658 - [Win][VMware ESX][Linux][Solaris][AIX] Symantec
       Products: Multiple vulnerabilities 
Date:  29 July 2010
OS:    Solaris, Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian
       GNU/Linux, Windows XP, Virtualisation, SUSE, Windows 2000, AIX,
Windows
       Vista, Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13122
Title: ESB-2010.0657 - [Win][UNIX/Linux] Safari: Multiple vulnerabilities 
Date:  29 July 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13121
Title: ESB-2010.0656 - [AIX] BIND: Provide misleading information -
       Remote/unauthenticated 
Date:  29 July 2010
OS:    AIX 
URL:   http://www.auscert.org.au/13120
Title: ESB-2010.0655 - [Win][UNIX/Linux] Drupal Third-party modules:
Multiple
       vulnerabilities 
Date:  29 July 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13119
Title: ESB-2010.0654 - [UNIX/Linux][RedHat] lvm2-cluster: Multiple
       vulnerabilities 
Date:  29 July 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/13118
Title: ESB-2010.0653 - [Win] HP Insight Control: Access privileged data -
       Existing account 
Date:  29 July 2010
OS:    Windows 2003, HP-UX, Windows XP, Windows 2000, Windows 7, Windows
       Vista, Windows Server 2008 
URL:   http://www.auscert.org.au/13117
Title: ESB-2010.0652 - [UNIX/Linux][Ubuntu] Likewise Open: Reduced security
-
       Existing account 
Date:  28 July 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/13114
Title: ESB-2010.0651 - [Win][UNIX/Linux][Debian] gnupg2: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  28 July 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13112
Title: ESB-2010.0650 - [Debian] xulrunner: Multiple vulnerabilities 
Date:  28 July 2010
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/13111
Title: ESB-2010.0649 - [Win][UNIX/Linux][RedHat] w3m: Provide misleading
       information - Remote/unauthenticated 
Date:  28 July 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13110
Title: ESB-2010.0648 - [RedHat] JBoss Enterprise Application Platform:
Execute
       arbitrary code/commands - Remote with user interaction 
Date:  28 July 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13109
Title: ESB-2010.0647.2 - UPDATE [Win][Linux][HP-UX][Solaris][AIX] IBM
FileNet
       P8 Content Manager 4.5.0 and 4.5.1: Reduced security - Existing
account
Date:  29 July 2010
OS:    Windows Server 2008, Other Linux Variants, Windows Vista, AIX,
Windows
       2000, SUSE, HP-UX, Windows XP, Ubuntu, Debian GNU/Linux, Windows 7,
Red
       Hat Linux, Windows 2003, Solaris 
URL:   http://www.auscert.org.au/13108
Title: ESB-2010.0646 - [RedHat] seamonkey: Execute arbitrary code/commands -
       Remote with user interaction 
Date:  26 July 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13106
Title: ESB-2010.0645 - [RedHat] firefox: Execute arbitrary code/commands -
       Remote with user interaction 
Date:  26 July 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13105
Title: ESB-2010.0619.2 - UPDATE [HP-UX] rpc.ttdbserver: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  30 July 2010
OS:    HP-UX 
URL:   http://www.auscert.org.au/13063
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
...PGP SIGNATURE...
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFMUlhV/iFOrG6YcBERAjX2AJ9YsWrpSwzxEZp/rhK9T5ppOAvOqgCbBH4K
eOGrf1JnAIlVtPe3Pr1lTMQ=
=Z+eV
-----END PGP SIGNATURE-----

Orbit

Activity Summary