Australia's Leading Computer Emergency Response Team

AusCERT Week in Review for 1st April 2011
Date: 01 April 2011
Original URL: http://www.auscert.org.au/render.html?cid=7066&it=14187


AusCERT Week in Review
01 April 2011

External Security Bulletins:
----------------------------
Title: ESB-2011.0367 - [z/OS] IBM WebSphere Application Server: Unauthorised
access - Remote/unauthenticated
Date: 01 April 2011
URL: http://www.auscert.org.au/14186

Title: ESB-2011.0366 - [Debian] bind9: Denial of service -
Remote/unauthenticated
Date: 01 April 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14185

Title: ESB-2011.0365 - [UNIX/Linux][RedHat] logrotate: Multiple
vulnerabilities
Date: 01 April 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/14184

Title: ESB-2011.0364 - [RedHat] quagga: Denial of service -
Remote/unauthenticated
Date: 01 April 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14183

Title: ESB-2011.0363 - [Win][UNIX/Linux] Translation Management (Drupal
third-party module): Cross-site scripting - Remote with user
interaction
Date: 31 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14182

Title: ESB-2011.0362 - [Win] EMC NetWorker Module for Microsoft Applications:
Execute arbitrary code/commands - Remote/unauthenticated
Date: 31 March 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/14181

Title: ESB-2011.0361 - [Cisco] Cisco Network Access Control: Unauthorised
access - Remote/unauthenticated
Date: 31 March 2011
OS: Cisco Products
URL: http://www.auscert.org.au/14180

Title: ESB-2011.0360 - ALERT [Cisco] Cisco Secure ACS: Unauthorised access -
Remote/unauthenticated
Date: 31 March 2011
OS: Cisco Products
URL: http://www.auscert.org.au/14179

Title: ESB-2011.0359 - [Debian] bind9: Denial of service -
Remote/unauthenticated
Date: 31 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14178

Title: ESB-2011.0358.2 - UPDATE [Linux] VMware VIX API and VMware Workstation:
Execute arbitrary code/commands - Existing account
Date: 31 March 2011
OS: Ubuntu, Debian GNU/Linux, SUSE, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/14177

Title: ESB-2011.0357 - [Appliance] IBM WebSphere DataPower XC10 Appliance:
Reduced security - Unknown/unspecified
Date: 30 March 2011
URL: http://www.auscert.org.au/14176

Title: ESB-2011.0356 - [Win] Microsoft Windows Vista Service Pack 1: End of
life announced
Date: 30 March 2011
OS: Windows Vista
URL: http://www.auscert.org.au/14175

Title: ESB-2011.0355 - [Debian] tomcat5.5: Multiple vulnerabilities
Date: 30 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14174

Title: ESB-2011.0354 - [Win][UNIX/Linux][Debian] mahara: Multiple
vulnerabilities
Date: 30 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14173

Title: ESB-2011.0353 - [Win][UNIX/Linux] Zend Server: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 29 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14172

Title: ESB-2011.0352 - [Win] HP Diagnostics: Cross-site scripting -
Remote/unauthenticated
Date: 29 March 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/14171

Title: ESB-2011.0351 - [Win][UNIX/Linux] Symantec LiveUpdate Administrator:
Cross-site request forgery - Remote with user interaction
Date: 29 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/14170

Title: ESB-2011.0350 - [RedHat] gdm: Increased privileges - Existing account
Date: 29 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14169

Title: ESB-2011.0349 - [UNIX/Linux][RedHat] conga: Administrator compromise -
Remote/unauthenticated
Date: 29 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/14168

Title: ESB-2011.0348 - [RedHat] libtiff: Multiple vulnerabilities
Date: 29 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14167

Title: ESB-2011.0347 - [RedHat] libvirt: Increased privileges - Existing
account
Date: 29 March 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14166

Title: ESB-2011.0346 - [UNIX/Linux][RedHat] rsync: Execute arbitrary
code/commands - Remote with user interaction
Date: 29 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/14165

Title: ESB-2011.0345 - [UNIX/Linux][Debian] gdm3: Root compromise - Existing
account
Date: 29 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/14164

Title: ESB-2011.0344 - [Solaris] EMC Data Protection Advisor Collector:
Execute arbitrary code/commands - Existing account
Date: 28 March 2011
OS: Solaris
URL: http://www.auscert.org.au/14163

Title: ESB-2011.0343 - [Win] Citrix: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 28 March 2011
OS: Windows 2003, Windows Server 2008
URL: http://www.auscert.org.au/14162

Title: ESB-2011.0342 - [Win][UNIX/Linux][Debian] imp4: Cross-site scripting -
Remote/unauthenticated
Date: 28 March 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/14161

Title: ESB-2011.0341 - [Debian] nss: Provide misleading information -
Remote/unauthenticated
Date: 28 March 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14160

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================