:: IT Security Neophyte Investigator's MEMO ::: 水曜日、先負

2009年4月8日水曜日

水曜日、先負

+ Solution 255308 : A Security Vulnerability May Allow Popup Windows to Appear Through the Solaris XScreenSaver Program
http://sunsolve.sun.com/search/document.do?assetkey=1-66-255308-1

Solution 256408 : Multiple Security Vulnerabilities in Firefox Versions Before 2.0.0.19 May Allow Execution of Arbitrary Code or Access to Unauthorized Data
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256408-1

Solution 256728 : Multiple Security Vulnerabilities in the Solaris Kerberos 'Mech' Libraries May Lead To Execution of Arbitrary Code, Unauthorized Access to Data or a Denial of Service (DoS) Condition
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256728-1

+ Solution 254909 : Multiple Security Vulnerabilities in the Adobe Flash Player for Solaris 10 (Adobe Security Bulletin APSB09-01)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1

Solution 248386 : Security vulnerability in Solaris Related to the Apache 1.3 mod_perl(3) Module Component "PerlRun.pm" may Lead to Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-248386-1

Solution 255008 : Security Vulnerability in Sun Java System Calendar Server 6.3 May Allow Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-255008-1

Solution 256688 : SUN ALERT WEEKLY SUMMARY REPORT - Week of 29-Mar-2009 to 04-Apr-2009
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256688-1

Call for Venue for YAPC::Europe::2010
http://use.perl.org/article.pl?sid=09/04/07/1421218&from=rss

Internet Scanner 7.0 SP2 XPU 7.2.67
http://www.isskk.co.jp/offer/XPressUpdates_history.html

トレンドマイクロがiPhone向けWebセキュリティ、不正サイトへの接続を防ぐ
http://itpro.nikkeibp.co.jp/article/NEWS/20090408/328039/?ST=security

JPCERT/CC REPORT 2009-04-08
http://www.jpcert.or.jp/wr/2009/wr091401.txt

JVNDB-2009-001126 Sun Solaris の NFS デーモンにおけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001126.html

JVNDB-2009-001125 Sun Solaris の NFS サーバにおけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001125.html

JVNDB-2009-001062 Linux kernel の sctp 実装におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001062.html

JVNDB-2009-001061 Linux kernel の keyctl_join_session_keyring 関数におけるメモリリークの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001061.html

JVNDB-2008-001406 Apple Mac OS X の International Components for Unicode (ICU) におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001406.html

JVNDB-2008-000009 Apache Tomcat において不正な Cookie を送信される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000009.html

53352 : Synchrologic Email Accelerator aggregate.asp User Account Disclosure
http://osvdb.org/show/osvdb/53352

Apache Tomcat mod_jk May Disclose Responses to the Wrong User
http://securitytracker.com/alerts/2009/Apr/1022001.html

multipath-tools Unsafe Socket Permissions Let Local Users Deny Service
http://securitytracker.com/alerts/2009/Apr/1021997.html

Kerberos ASN.1 GeneralizedTime Decoder Bug Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Apr/1021994.html

Kerberos ASN.1 Decoding Bug Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Apr/1021993.html

Novell Client NetIdentity Agent Pointer Dereference Bug Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Apr/1021990.html

xine-lib Integer Overflow in Processing QuickTime Media Files Lets Remote Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Apr/1021989.html

mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2009/Apr/1021988.html

MIT Kerberos 'NegTokenInit' Token Handling Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34257

MIT Kerberos SPNEGO and ASN.1 Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/34408

MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34409

The latest prepatch for the stable Linux kernel tree is: 2.6.30-rc1
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.30-rc1

+ RHSA-2009:0410-1: Critical: krb5 security update
http://rhn.redhat.com/errata/RHSA-2009-0410.html

GLSA 200904-07: Xpdf: Untrusted search path
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28888

GLSA 200904-08: OpenSSL: Denial of Service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28889

Java-SA-04/07/2009: POC - Sun Java System Acccess Manager & Identity Manager Users Enumeration
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28893

SUSE-SA:2009:018: security-announce SUSE Security Announcement: IBM Java 1.4.2 and 6
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28881

USN-751-1: Linux kernel vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28880

DSA 1763-1: New openssl packages fix denial of service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28882

GLSA 200904-06: Eye of GNOME: Untrusted search path
http://www.criticalwatch.com/support/security-advisories.aspx?AID=28887

2005年出現の古いウイルス、話題の「Conficker」をまねて“復活”
Windowsの脆弱性を突いて感染、USBメモリー経由の感染手法も備える
http://itpro.nikkeibp.co.jp/article/NEWS/20090407/327973/?ST=security

「一太郎」シリーズに危険な脆弱性、すぐにアップデートの適用を
ファイルやWebページを開くだけで被害の恐れ、現時点では実害なし
http://itpro.nikkeibp.co.jp/article/NEWS/20090407/327983/?ST=security

「アダルト動画を表示、閉じると『入会完了』」ワンクリ詐欺の新手口
危ないのは実行形式だけではない、HTA形式ファイルにも注意
http://itpro.nikkeibp.co.jp/article/NEWS/20090407/327972/?ST=security

マカフィーが2009年3月の脅威動向を発表
既知のぜい弱性経由での感染が増加，適切なぜい弱性管理を！
http://itpro.nikkeibp.co.jp/article/NEWS/20090407/327848/?ST=security

[SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00064.html

[USN-754-1] ClamAV vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00063.html

MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846]
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00062.html

MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00060.html

[USN-752-1] Linux kernel vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00059.html

LayerOne 2009 - Registration Open, Initial Speakers Announced
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00061.html

[USN-753-1] PostgreSQL vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00056.html

+ [security bulletin] HPSBUX02415 SSRT090023 rev.1 - HP-UX Running PAM Kerberos, Local Privilege Escalation, Unauthorized Access
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00054.html

POC - Sun Java System Acccess Manager & Identity Manager Users Enumeration
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00055.html

Secunia Research: IrfanView Formats Plug-in XPM Parsing Integer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00052.html

[ GLSA 200904-08 ] OpenSSL: Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00051.html

[ GLSA 200904-07 ] Xpdf: Untrusted search path
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00049.html

[ GLSA 200904-06 ] Eye of GNOME: Untrusted search path
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00057.html

ZDI-09-016: Novell Client/NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00048.html

TPTI-09-02: VMWare VMnc Codec Open-DML Standard Index dwSize Heap Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00050.html

TPTI-09-01: VMWare VMnc Codec Invalid RFB Message Type Heap Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00053.html

[security bulletin] HPSBMA02416 SSRT090008 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-04/msg00047.html

RHSA-2009:0411-1: Moderate: device-mapper-multipath security update
http://rhn.redhat.com/errata/RHSA-2009-0411.html

+ RHSA-2009:0409-1: Important: krb5 security update
http://rhn.redhat.com/errata/RHSA-2009-0409.html

JustSystems Ichitaro RTF Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/0957

ContentKeeper Command Injection and Privilege Escalation Vulnerabilities
http://www.vupen.com/english/advisories/2009/0956

Q2 Solutions ConnX "txtEmail" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/0955

Novell NetIdentity Client Agent Remote Code Execution Vulnerability
http://www.vupen.com/english/advisories/2009/0954

IrfanView Formats Plug-in XPM Handling Integer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/0953

BookJoomlas for Joomla "gbid" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/0952

+ Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34412

ClamAV Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/34357

Little CMS Memory Leak and Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/34185

Little CMS Null Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/34411

XBMC Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34334

MIT Kerberos 'NegTokenInit' Token Handling Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34257

MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34409

MIT Kerberos SPNEGO and ASN.1 Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/34408

+ Sun Java Applet Font.createFont Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/17981

+ Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240

+ Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/32892

+ Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32608

+ Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/32620

pam-krb5 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33740

pam-krb5 'KRB5CCNAME' Environment Variable Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33741

CF Shopkart 'index.cfm' SQL Injection Vulnerability
http://www.securityfocus.com/bid/32765

Q2 Solutions ConnX 'frmLoginPwdReminderPopup.aspx' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34350

Pixie CMS SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/34189

PPLive URI Handlers 'LoadModule' Parameter Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/34128

FormEncode 'chained_validators' Class Security Bypass Vulnerability
http://www.securityfocus.com/bid/30282

ldns 'rr.c' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34233

Destar Add User Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/28426

7-Zip Unspecified Archive Handling Vulnerability
http://www.securityfocus.com/bid/28285

iDB 'skin' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/34397

Unsniff Network Analyzer '.usnf' File Heap-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34396

Particle Software IntraLaunch ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34395

KVM Block Device Backend Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/28001

+ Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33846

+ Linux Kernel 'seccomp' System Call Security Bypass Vulnerability
http://www.securityfocus.com/bid/33948

+ Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33113

+ Linux Kernel '/ipc/shm.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34020

+ Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33428

MoinMoin 1.6.1 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/34406

Linux Kernel SPARC 'mremap()' Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/33836

+ Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
http://www.securityfocus.com/bid/33906

+ Linux Kernel 'locks_remove_flock()' Local Race Condition Vulnerability
http://www.securityfocus.com/bid/33237

+ Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
http://www.securityfocus.com/bid/33951

Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33275

Adobe Flash Player Unspecified Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/33890

+ Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34405

Avaya SIP Enablement Services (SES) Server Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/28687

Adobe Flash Player Invalid Object Reference Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/33880

+ Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34351

XAMPP Phonebook.PHP Remote HTML Injection Vulnerability
http://www.securityfocus.com/bid/13127

HP OpenView Network Node Manager 'OvOSLocale' Cookie Parameter Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34294

Drupal Deleted Input Format HTML Injection Vulnerability
http://www.securityfocus.com/bid/32778

JustSystems Ichitaro RTF File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34403

+ OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
http://www.securityfocus.com/bid/19849

HP OpenView Network Node Manager 'OvAcceptLang' Parameter Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34134

+ PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34090

HP OpenView Network Node Manager 'Accept-Language' HTTP Header Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34135

vBulletin Admin Control Panel Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/34393

IrfanView FORMATS Plugin XPM Format Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34402

Web Help Desk Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/34391

Novell NetIdentity Agent 'XTIERRPCPIPE' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/34400

Xpdf Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34401

eog 'PySys_SetArgv' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/33443

ConnX 'frmLoginPwdReminderPopup.aspx' SQL Injection Vulnerability
http://www.securityfocus.com/bid/34388

+ OpenSSH CBC Mode Information Disclosure Vulnerability
http://www.securityfocus.com/bid/32319

Sun Java System Calendar Server Duplicate URI Request Denial of Service Vulnerability
http://www.securityfocus.com/bid/34150

+ Linux Kernel Kprobe Memory Corruption Vulnerability
http://www.securityfocus.com/bid/33758

+ Linux Kernel 'readlink' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33412

+ Linux Kernel Console Selection Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/33672

+ Linux Kernel 'keyctl_join_session_keyring()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/33339

Apache Struts Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34399

MapServer Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/34306

NOS Microsystems getPlus Download Manager ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/32105

OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/34256

Adobe Reader Unspecified Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/29420

Adobe Acrobat and Reader 8.1.2 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32100

VMware Hosted Products VMSA-2009-0005 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/34373

Tunapie Stream URI Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/34418

Tunapie Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/34417

Lanius CMS 'upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/34415

OpenAFS Unix Cache Manager Heap-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34407

OpenAFS Error Codes Remote Denial of Service Vulnerabiliy
http://www.securityfocus.com/bid/34404

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)