[pacnog] AusCERT Week in Review - Week Ending 27/11/2009 (AUSCERT#20073f

  • To: <pacnog at pacnog dot org>
  • Subject: [pacnog] AusCERT Week in Review - Week Ending 27/11/2009 (AUSCERT#20073f686)
  • From: "Paul Fahey" <paul at auscert dot org dot au>
  • Date: Fri, 27 Nov 2009 15:39:20 +1000
  • Delivered-to: pacnog at mailman dot apnic dot net
  • List-archive: <http://mailman.apnic.net/mailing-lists/pacnog>
  • List-help: <mailto:pacnog-request@pacnog.org?subject=help>
  • List-id: Pacific Network Operators Group <pacnog.pacnog.org>
  • List-post: <mailto:pacnog@pacnog.org>
  • List-subscribe: <http://mailman.apnic.net/mailman/listinfo/pacnog>, <mailto:pacnog-request@pacnog.org?subject=subscribe>
  • List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/pacnog>, <mailto:pacnog-request@pacnog.org?subject=unsubscribe>
  • Thread-index: AcpvI+z4PNDl2b3HSyGQAioQCm2iVw==
    • Alerts, Advisories and Updates:

      -------------------------------

      Title: ASB-2009.1143 - [OpenBSD] OpenSSL: Unauthorised access -

             Remote/unauthenticated

      Date:  27 November 2009

      URL:   http://www.auscert.org.au/12018

       

      Title: ASB-2009.1144 - [Win][Linux][HP-UX][Solaris][AIX] IBM DB2 9.7:

             Increased privileges - Existing account

      Date:  27 November 2009

      URL:   http://www.auscert.org.au/12019

       

      Title: ASB-2009.1145 - [Appliance] Ingate Firewall and SIParator: Multiple

             vulnerabilities

      Date:  27 November 2009

      URL:   http://www.auscert.org.au/12020

       

      Title: ASB-2009.1138.2 - UPDATE [UNIX/Linux] Dovecot: Unauthorised access -

             Existing account

      Date:  25 November 2009

      URL:   http://www.auscert.org.au/11994

       

      Title: ASB-2009.1141.2 - UPDATE [Win][UNIX/Linux] Opera: Multiple

             vulnerabilities

      Date:  25 November 2009

      URL:   http://www.auscert.org.au/12002

       

      Title: ASB-2009.1142 - [Win][UNIX/Linux] WP-Cumulus (WordPress Plugin):

             Cross-site scripting - Remote/unauthenticated

      Date:  25 November 2009

      URL:   http://www.auscert.org.au/12009

       

      Title: ASB-2009.1136.2 - UPDATE [Win][UNIX/Linux] PHP 5.3.1: Multiple

             vulnerabilities

      Date:  24 November 2009

      URL:   http://www.auscert.org.au/11987

       

      Title: ASB-2009.1139.2 - UPDATE [Win][Linux] IBM Rational Software Architect :

             Cross-site scripting - Remote/unauthenticated

      Date:  24 November 2009

      URL:   http://www.auscert.org.au/11995

       

      Title: ASB-2009.1134.2 - UPDATE [UNIX/Linux] libexif: Denial of service -

             Remote with user interaction

      Date:  23 November 2009

      URL:   http://www.auscert.org.au/11961

       

      Title: ASB-2009.1137 - [Win][UNIX/Linux] MySQL Community Server: Provide

             misleading information - Remote/unauthenticated

      Date:  23 November 2009

      URL:   http://www.auscert.org.au/11993

       

      Title: ASB-2009.1140 - [UNIX/Linux] PEAR Mail: Execute arbitrary code/commands

             - Remote/unauthenticated

      Date:  23 November 2009

      URL:   http://www.auscert.org.au/11996

       

       

      External Security Bulletins:

      ----------------------------

      Title: ESB-2009.1571 - [Win] Symantec: Execute arbitrary code/commands -

             Remote with user interaction

      Date:  26 November 2009

      OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,

             Windows Server 2008

      URL:   http://www.auscert.org.au/12017

       

      Title: ESB-2009.1570 - [Solaris][OpenSolaris] LDAP client configuration cache

             daemon: Denial of service - Existing account

      Date:  26 November 2009

      OS:    Solaris

      URL:   http://www.auscert.org.au/12016

       

      Title: ESB-2009.1569 - [Solaris][OpenSolaris] BIND: Provide misleading

             information - Remote/unauthenticated

      Date:  26 November 2009

      OS:    Solaris

      URL:   http://www.auscert.org.au/12015

       

      Title: ESB-2009.1568 - [HP-UX] OpenSSL: Unauthorised access -

             Remote/unauthenticated

      Date:  26 November 2009

      OS:    HP-UX

      URL:   http://www.auscert.org.au/12014

       

      Title: ESB-2009.1567 - [Debian] php5: Multiple vulnerabilities

      Date:  26 November 2009

      OS:    Debian GNU/Linux

      URL:   http://www.auscert.org.au/12013

       

      Title: ESB-2009.1566 - [Debian] poppler: Multiple vulnerabilities

      Date:  26 November 2009

      OS:    Debian GNU/Linux

      URL:   http://www.auscert.org.au/12012

       

      Title: ESB-2009.1565 - [UNIX/Linux][RedHat] kdelibs: Execute arbitrary

             code/commands - Remote with user interaction

      Date:  25 November 2009

      OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian

             GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,

             Other Linux Variants

      URL:   http://www.auscert.org.au/12007

       

      Title: ESB-2009.1564.2 - UPDATE [Solaris][OpenSolaris] Solaris sshd: Denial of

             service - Remote/unauthenticated

      Date:  27 November 2009

      OS:    Solaris

      URL:   http://www.auscert.org.au/12006

       

      Title: ESB-2009.1563 - [Debian] libvorbis: Multiple vulnerabilities

      Date:  25 November 2009

      OS:    Debian GNU/Linux

      URL:   http://www.auscert.org.au/12005

       

      Title: ESB-2009.1562 - [UNIX/Linux][SUSE][OpenSUSE] SUSE packages: Multiple

             vulnerabilities

      Date:  25 November 2009

      OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian

             GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,

             Other Linux Variants

      URL:   http://www.auscert.org.au/12004

       

      Title: ESB-2009.1561 - [Win][UNIX/Linux] BIND: Provide misleading information

             - Remote/unauthenticated

      Date:  25 November 2009

      OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,

             Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD

             Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,

             Windows Server 2008, Other Linux Variants

      URL:   http://www.auscert.org.au/12003

       

      Title: ESB-2009.1560 - [Win][OSX] Autodesk Maya: Execute arbitrary

             code/commands - Remote with user interaction

      Date:  24 November 2009

      OS:    Windows XP, Windows Vista, Mac OS X

      URL:   http://www.auscert.org.au/12001

       

      Title: ESB-2009.1559 - [Win] Autodesk 3DS Max: Execute arbitrary code/commands

             - Remote with user interaction

      Date:  24 November 2009

      OS:    Windows Vista, Windows XP

      URL:   http://www.auscert.org.au/12000

       

      Title: ESB-2009.1558 - [Win][Linux] Autodesk SoftImage: Execute arbitrary

             code/commands - Remote with user interaction

      Date:  24 November 2009

      OS:    Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux,

             Windows XP, SUSE, Windows 2000, Windows Vista, Windows Server 2008,

             Other Linux Variants

      URL:   http://www.auscert.org.au/11999

       

      Title: ESB-2009.1557 - ALERT [Win] Internet Explorer: Execute arbitrary

             code/commands - Remote with user interaction

      Date:  23 November 2009

      OS:    Windows Server 2008, Windows Vista, Windows 2003, Windows 2000, Windows

             XP

      URL:   http://www.auscert.org.au/11998

       

      Title: ESB-2009.1556 - [Debian] php-mail: Execute arbitrary code/commands -

             Remote/unauthenticated

      Date:  24 November 2009

      OS:    Debian GNU/Linux

      URL:   http://www.auscert.org.au/11997

       

      Title: ESB-2009.1555 - [Solaris][OpenSolaris] Transport Layer Security and

             Secure Sockets Layer 3.0: Unauthorised access - Remote/unauthenticated

      Date:  23 November 2009

      OS:    Solaris

      URL:   http://www.auscert.org.au/11992

       

      Title: ESB-2009.1554 - [Win] HP Operations Manager: Unauthorised access -

             Remote/unauthenticated

      Date:  23 November 2009

      OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,

             Windows Server 2008

      URL:   http://www.auscert.org.au/11991

       

      Title: ESB-2009.1553 - [Win][VMware ESX][Linux] VMware vCenter, ESX, vMA:

             Multiple vulnerabilities

      Date:  23 November 2009

      OS:    Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux,

             Windows XP, Virtualisation, SUSE, Windows 2000, Windows Vista, Windows

             Server 2008, Other Linux Variants

      URL:   http://www.auscert.org.au/11990

       

      Title: ESB-2009.1552 - [UNIX/Linux][Debian] gforge: Cross-site scripting -

             Remote/unauthenticated

      Date:  23 November 2009

      OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian

             GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,

             FreeBSD, Other Linux Variants

      URL:   http://www.auscert.org.au/11989

       

      Title: ESB-2009.1548.2 - UPDATE [Win][UNIX/Linux] Drupal: Multiple

             vulnerabilities

      Date:  24 November 2009

      OS:    Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD, AIX,

             OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,

             Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows

             2003, Solaris, HP Tru64 UNIX, IRIX

      URL:   http://www.auscert.org.au/11982

       

      Title: ESB-2009.1522.2 - UPDATE [Win][UNIX/Linux] Drupal: Multiple

             vulnerabilities

      Date:  23 November 2009

      OS:    Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD, AIX,

             OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,

             Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows

             2003, Solaris, HP Tru64 UNIX, IRIX

      URL:   http://www.auscert.org.au/11944

       

      Title: ESB-2009.1430.2 - UPDATE [VMware ESX] VMware ESX: Multiple

             vulnerabilities

      Date:  23 November 2009

      OS:    Virtualisation

      URL:   http://www.auscert.org.au/11820

       

      Title: ESB-2009.0696 -- [Win][Netware][Linux] -- HP Data Protector Express:

             Execute Arbitrary Code

      Date:  25 November 2009

      OS:    Novell Netware, Red Hat Linux, Windows XP, Other Linux Variants,

             Windows 2000, Windows 2003

      URL:   http://www.auscert.org.au/10989

       

      Title: ESB-2009.0583 -- [UNIX/Linux][Debian] -- gforge: Cross-site Scripting

      Date:  25 November 2009

      OS:    AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,

             OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64

             UNIX, Solaris

      URL:   http://www.auscert.org.au/11167

       

      Title: ESB-2009.0167 -- [Win][VMware ESX][Linux] -- VirtualCenter Update 4 and

             ESX patch update Tomcat to version 5.5.27

      Date:  23 November 2009

      OS:    Windows Vista, Red Hat Linux, Windows Server 2008, Virtualisation,

             Windows XP, Other Linux Variants, Windows 2000, Windows 2003, Debian

             GNU/Linux, Ubuntu

      URL:   http://www.auscert.org.au/10543

       

       

       

      ===========================================================================

      Australian Computer Emergency Response Team

      The University of Queensland

      Brisbane

      Qld 4072

       

      Internet Email: auscert at auscert dot org dot au

      Facsimile:      (07) 3365 7031

      Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)

                      AusCERT personnel answer during Queensland business hours

                      which are GMT+10:00 (AEST).

                      On call after hours for member emergencies only.

      ===========================================================================