[pacnog] AusCERT Week in Review - Week Ending 07/08/2009 (AUSCERT#20073F

  • To: <pacnog at pacnog dot org>
  • Subject: [pacnog] AusCERT Week in Review - Week Ending 07/08/2009 (AUSCERT#20073F686)
  • From: "Jonathan Levine" <jonathan at auscert dot org dot au>
  • Date: Fri, 7 Aug 2009 16:56:05 +1000
  • Delivered-to: pacnog at mailman dot apnic dot net
  • In-reply-to: <002701ca0c1f$aab616a0$002243e0$@org.au>
  • List-archive: <http://mailman.apnic.net/mailing-lists/pacnog>
  • List-help: <mailto:pacnog-request@pacnog.org?subject=help>
  • List-id: Pacific Network Operators Group <pacnog.pacnog.org>
  • List-post: <mailto:pacnog@pacnog.org>
  • List-subscribe: <http://mailman.apnic.net/mailman/listinfo/pacnog>, <mailto:pacnog-request@pacnog.org?subject=subscribe>
  • List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/pacnog>, <mailto:pacnog-request@pacnog.org?subject=unsubscribe>
  • References: <002701ca0c1f$aab616a0$002243e0$@org.au>
  • Thread-index: AcoMH6qjL1FkZf0YT3+FDMt2YmVMwwLCzcMQ
    • AusCERT Week in Review

      07 August 2009

       

      Web Log Entries:

      ----------------

      Title: Firefox updates available

      Date:  05 August 2009

      URL:   http://www.auscert.org.au/11422

       

      Alerts, Advisories and Updates:

      -------------------------------

      Title: ASB-2009.1043.3 - UPDATE [Appliance] BIG-IP: Denial of service -

             Remote/unauthenticated

      Date:  07 August 2009

      URL:   http://www.auscert.org.au/11429

       

      Title: AA-2008.0264 -- [Win][Netware][UNIX/Linux] -- Malformed CAB files may

             crash Sophos Anti-virus

      Date:  06 August 2009

      URL:   http://www.auscert.org.au/10264

       

      Title: ASB-2009.1042 - [Linux] strongSwan 2.8.10 and prior: Denial of service

             - Remote/unauthenticated

      Date:  05 August 2009

      URL:   http://www.auscert.org.au/11428

       

      Title: ASB-2009.1040.3 - UPDATE [Win][UNIX/Linux] Firefox 3.5.1 & 3.0.12:

             Multiple vulnerabilities

      Date:  05 August 2009

      URL:   http://www.auscert.org.au/11419

       

      Title: ASB-2009.1041 - [Win][UNIX/Linux] Wordpress 2.8.1 and prior: Multiple

             vulnerabilities

      Date:  04 August 2009

      URL:   http://www.auscert.org.au/11420

       

      Title: ASB-2009.1026.4 - UPDATED ALERT [Win][UNIX/Linux] Adobe Flash, Adobe

             Acrobat and Adobe Reader: Multiple vulnerabilities

      Date:  03 August 2009

      URL:   http://www.auscert.org.au/11356

       

      Title: ASB-2009.1037 - [Win][UNIX/Linux] Joomla!: Reduced security - Existing

             account

      Date:  03 August 2009

      URL:   http://www.auscert.org.au/11415

       

      Title: ASB-2009.1038 - ALERT [Win][UNIX/Linux] SquirrelMail plugins: Access

             confidential data - Remote/unauthenticated

      Date:  03 August 2009

      URL:   http://www.auscert.org.au/11416

       

      Title: ASB-2009.1039 - [Win][UNIX/Linux] MySQL: Denial of service – Existing

             account

      Date:  03 August 2009

      URL:   http://www.auscert.org.au/11417

       

      External Security Bulletins:

      ----------------------------

      Title: ESB-2009.1147 - [HP OpenVMS] BIND: Denial of service -

             Remote/unauthenticated

      Date:  07 August 2009

      OS:    HP Tru64 UNIX, HP-UX

      URL:   http://www.auscert.org.au/11442

       

      Title: ESB-2009.1146 - [Win][Linux][Solaris][Mac][OSX] Sun VirtualBox: Denial

             of service - Existing account

      Date:  07 August 2009

      OS:    Solaris, Red Hat Linux, Windows 2003, Windows XP, SUSE, Windows 2000,

             Windows Vista, Mac OS X, Windows Server 2008, Other Linux Variants,

             Ubuntu, Debian GNU/Linux

      URL:   http://www.auscert.org.au/11441

       

      Title: ESB-2009.1145 - [Win][Linux][HP-UX][Solaris] Sun Java System Access

             Manager and OpenSSO Enterprise: Unauthorised access -

             Remote/unauthenticated

      Date:  07 August 2009

      OS:    Solaris, Red Hat Linux, Windows 2003, HP-UX, Windows XP, SUSE, Windows

             2000, Windows Vista, Windows Server 2008, Other Linux Variants, Ubuntu,

             Debian GNU/Linux

      URL:   http://www.auscert.org.au/11440

       

      Title: ESB-2009.1144 - [RedHat] Sun Java and IBM Java: Multiple

             vulnerabilities

      Date:  07 August 2009

      OS:    Red Hat Linux

      URL:   http://www.auscert.org.au/11439

       

      Title: ESB-2009.1143 - [Solaris][OpenSolaris] XScreenSaver: Access privileged

             data - Console/physical

      Date:  07 August 2009

      OS:    Solaris

      URL:   http://www.auscert.org.au/11438

       

      Title: ESB-2009.1142 - [UNIX/Linux] fetchmail prior to 6.3.11: Provide

             misleading information - Remote/unauthenticated

      Date:  07 August 2009

      OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian

             GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,

             Other Linux Variants

      URL:   http://www.auscert.org.au/11437

       

      Title: ESB-2009.1141 - [Win][UNIX/Linux] XML libraries: Multiple

             vulnerabilities

      Date:  07 August 2009

      OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,

             Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants, SUSE,

             OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux

             Variants, Windows Server 2008

      URL:   http://www.auscert.org.au/11436

       

      Title: ESB-2009.1140 - [UNIX/Linux][Debian] gst-plugins-bad0.10: Denial of

             service - Remote with user interaction

      Date:  07 August 2009

      OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian

             GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,

             Other Linux Variants

      URL:   http://www.auscert.org.au/11435

       

      Title: ESB-2009.1139 - [SUSE] Mozilla Firefox: Multiple vulnerabilities

      Date:  07 August 2009

      OS:    SUSE

      URL:   http://www.auscert.org.au/11434

       

      Title: ESB-2009.1138 - ALERT [Mac][OSX] Mac OS X prior to v10.5.8: Multiple

             vulnerabilities

      Date:  06 August 2009

      OS:    Mac OS X

      URL:   http://www.auscert.org.au/11433

       

      Title: ESB-2009.1137 - [SUSE][OpenSUSE] flash-player package: Execute

             arbitrary code/commands - Remote with user interaction

      Date:  06 August 2009

      OS:    SUSE

      URL:   http://www.auscert.org.au/11432

       

      Title: ESB-2009.1136 - [Win][UNIX/Linux] Webform report (Drupal third-party

             module): Cross-site scripting - Remote with user interaction

      Date:  06 August 2009

      OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,

             Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants, SUSE,

             OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux

             Variants, Windows Server 2008

      URL:   http://www.auscert.org.au/11431

       

      Title: ESB-2009.1135 - [AIX] BIND 9: Denial of service -

             Remote/unauthenticated

      Date:  06 August 2009

      OS:    AIX

      URL:   http://www.auscert.org.au/11430

       

      Title: ESB-2009.1134 - [AIX] XL C++ runtime library: Multiple vulnerabilities

      Date:  05 August 2009

      OS:    AIX

      URL:   http://www.auscert.org.au/11427

       

      Title: ESB-2009.1133 - [Solaris][OpenSolaris] libtiff: Execute arbitrary

             code/commands - Remote with user interaction

      Date:  05 August 2009

      OS:    Solaris

      URL:   http://www.auscert.org.au/11426

       

      Title: ESB-2009.1132.2 - UPDATED ALERT [Win][Linux][Solaris] Sun Java:

             Multiple vulnerabilities

      Date:  07 August 2009

      OS:    Debian GNU/Linux, Ubuntu, Other Linux Variants, Windows Server 2008,

             Windows Vista, Windows 2000, SUSE, Windows XP, Windows 2003, Red Hat

             Linux, Solaris

      URL:   http://www.auscert.org.au/11425

       

      Title: ESB-2009.1131 - [RedHat] kernel: Multiple vulnerabilities

      Date:  05 August 2009

      OS:    Red Hat Linux

      URL:   http://www.auscert.org.au/11424

       

      Title: ESB-2009.1130 - [UNIX/Linux][Debian] libmodplug: Multiple

             vulnerabilities

      Date:  05 August 2009

      OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian

             GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,

             Other Linux Variants

      URL:   http://www.auscert.org.au/11423

       

      Title: ESB-2009.1129 - [Win][UNIX/Linux] Bugzilla prior to 3.4.1: Access

             privileged data - Existing account

      Date:  04 August 2009

      OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,

             Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants, SUSE,

             OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux

             Variants, Windows Server 2008

      URL:   http://www.auscert.org.au/11421

       

      Title: ESB-2009.1128 - [Win][RedHat][HP-UX][SUSE] HP Serviceguard Manager:

             Multiple vulnerabilities

      Date:  04 August 2009

      OS:    Red Hat Linux, Windows 2003, HP-UX, Windows XP, SUSE, Windows 2000,

             Windows Vista, Windows Server 2008, Novell Netware

      URL:   http://www.auscert.org.au/11418

       

      Title: ESB-2009.1127.2 - UPDATE [Solaris][OpenSolaris] Solaris Trusted

             Extensions: Denial of service - Existing account

      Date:  04 August 2009

      OS:    Solaris

      URL:   http://www.auscert.org.au/11414

       

      Title: ESB-2009.1126 - [Solaris][OpenSolaris] BIND: Denial of service -

             Remote/unauthenticated

      Date:  03 August 2009

      OS:    Solaris

      URL:   http://www.auscert.org.au/11413

       

      Title: ESB-2009.1125 - [Appliance] iPhone: Execute arbitrary code/commands –

      OS:    Solaris

      URL:   http://www.auscert.org.au/11413

       

      Title: ESB-2009.1125 - [Appliance] iPhone: Execute arbitrary code/commands -

             Remote/unauthenticated

      Date:  03 August 2009

      URL:   http://www.auscert.org.au/11412

       

      Title: ESB-2009.1124.2 - UPDATE [Debian] znc: Create arbitrary files -

             Existing account

      Date:  05 August 2009

      OS:    Debian GNU/Linux

      URL:   http://www.auscert.org.au/11411

       

      Title: ESB-2009.1123 - [Debian] xml-security-c: Provide misleading information

             - Remote/unauthenticated

      Date:  03 August 2009

      OS:    Debian GNU/Linux

      URL:   http://www.auscert.org.au/11410

       

      Title: ESB-2009.1122 - [RedHat] flash-plugin: Multiple vulnerabilities

      Date:  03 August 2009

      OS:    Red Hat Linux

      URL:   http://www.auscert.org.au/11409

       

      Title: ESB-2009.1121.2 - UPDATE [Win][UNIX/Linux][RedHat] Red Hat: Multiple

             vulnerabilities

      Date:  03 August 2009

      OS:    HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,

             HP-UX, SUSE, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat

             Linux, AIX, Windows Server 2008, Windows Vista, Windows 2003, Windows

             2000, Windows XP, Mac OS X

      URL:   http://www.auscert.org.au/11407

       

      Title: ESB-2009.1107.2 - UPDATE [Win][UNIX/Linux] Firebird SQL: Denial of

             service - Remote/unauthenticated

      Date:  04 August 2009

      OS:    Other Linux Variants, Windows Server 2008, FreeBSD, Windows Vista, AIX,

             Windows 2000, OpenBSD, SUSE, Other BSD Variants, Windows XP, HP-UX,

             Debian GNU/Linux, Ubuntu, Mac OS X, Windows 2003, Red Hat Linux, HP

             Tru64 UNIX, Solaris, IRIX

      URL:   http://www.auscert.org.au/11388

       

      Title: ESB-2009.1061.2 - UPDATE [Debian] tiff: Multiple vulnerabilities

      Date:  05 August 2009

      OS:    Debian GNU/Linux

      URL:   http://www.auscert.org.au/11312

       

      Title: ESB-2007.0036 -- [HP-UX] -- HPSBUX02181 SSRT061289 rev.1 - HP-UX

             Running IPFilter, Remote Unauthorized Denial of Service (DoS)

      Date:  04 August 2009

      OS:    HP-UX

      URL:   http://www.auscert.org.au/7205

       

      ===========================================================================

      Australian Computer Emergency Response Team

      The University of Queensland

      Brisbane

      Qld 4072

       

      Internet Email: auscert at auscert dot org dot au

      Facsimile:      (07) 3365 7031

      Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)

                      AusCERT personnel answer during Queensland business hours

                      which are GMT+10:00 (AEST).

                      On call after hours for member emergencies only.

      ===========================================================================