26日 火曜日、先勝

The latest snapshot for the stable Linux kernel tree is: 2.6.30-rc7-git1
http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=summary

VASCO，携帯電話を使った認証ソリューションの企業版を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20090526/330658/?ST=security

JVNDB-2009-001255 Ghostscript の big2_decode_symbol_dict 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001255.html

JVNDB-2009-001254 Ghostscript の BaseFont writer モジュールにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001254.html

JVNDB-2009-001253 Ghostscript の CCITTFax デコードフィルタにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001253.html

+ JVNDB-2008-002277 Linux Kernel における sendmsg 関数の呼び出しに関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002277.html
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.1

GroupWise Internet Agent Buffer Overflows in SMTP Service Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/May/1022276.html

sadmind Buffer Overflows Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/May/1022275.html

Wireshark PCNFSD Dissector Bug Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/May/1022274.html

Sun Java System Portal Server Input Validation Bug in Error Page Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2009/May/1022273.html




- Event ID: 8194 - VXVMASRS.exe Get configuration failed with 0xE515000A when backing up system state
http://seer.entsupport.symantec.com/docs/321931.htm

Arcade Trade Script XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00239.html

PAPER: Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00238.html

MULTIPLE SQL INJECTION VULNERABILITIES --Joomla Component Boy Scout Advancement <= v-0.3 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00235.html

[ GLSA 200905-06 ] acpid: Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00228.html

[ GLSA 200905-05 ] FreeType: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00234.html

Hardening OSX against CVE-2008-5353
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00237.html

[InterN0T] AMember 3.1.7 - Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00226.html

[ GLSA 200905-04 ] GnuTLS: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00229.html

[ GLSA 200905-03 ] IPSec Tools: Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00225.html

[ GLSA 200905-02 ] Cscope: User-assisted execution of arbitrary code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00230.html

[SECURITY] [DSA 1806-1] New cscope packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00233.html

[ MDVSA-2009:122 ] squirrelmail
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00231.html

Secunia Research: Sun Solaris "sadmind" Integer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00224.html

Secunia Research: Sun Solaris "sadmind" Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00236.html

MULTIPLE REMOTE VULNERABILITIES --MiniTwitter<=v0.3-Beta-->
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00227.html

[oCERT-2009-006] Android improper package verification when using shared uids
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00223.html

1カ月に出現するウイルスは70万種類以上、累計では1600万種類以上に
ドイツのウイルス検査機関が集計、増加傾向だが増加率は鈍化
http://itpro.nikkeibp.co.jp/article/NEWS/20090526/330619/?ST=security

SaaS型セキュリティの米ゼットスケーラーが日本に本格参入、国内データセンターも
http://itpro.nikkeibp.co.jp/article/NEWS/20090525/330635/?ST=security

SUSE update for IBM JDK 5
http://secunia.com/advisories/35223/

Sun Java System Portal Server Error Page Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35221/

Debian update for pidgin
http://secunia.com/advisories/35215/

Debian update for cscope
http://secunia.com/advisories/35214/

Gentoo update for cscope
http://secunia.com/advisories/35213/

Sun Java System Portal Server Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/1411

Sun OpenSolaris "sdhost" Local Kernel Memory corruption Vulnerability
http://www.vupen.com/english/advisories/2009/1410

Sun Solaris "sadmind" Daemon Heap and Integer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2009/1409

Wireshark PCNFSD Dissector Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/1408

Apple QuickTime PICT 0x77 Tag Parsing Heap Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1407

Pidgin Multiple Buffer Overflow and Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/1396

Soulseek Distributed File Search Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35091

Pidgin Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35067

Realty Web-Base 'list_list.php' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/35043

NetDecision TFTP Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/35002

VidsharePro SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/35033

Microsoft IIS Unicode Requests to WebDAV Multiple Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/34993

CastRipper '.m3u' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34915

TCPDB 'user/index.php' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/34866

Bitweaver Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/34910

Smarty Template Engine 'function.math.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/34918

KVM Block Device Backend Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/28001

Microchip MPLAB IDE '.mcp' File Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34897

QEMU Security Bypass Vulnerability
http://www.securityfocus.com/bid/30604

QEMU Multiple Local Vulnerabilities
http://www.securityfocus.com/bid/23731

FUDforum Avatar Upload Arbitrary Script Upload Vulnerability
http://www.securityfocus.com/bid/14678

Open Handset Alliance Android Signature Validation Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35090

aMember Multiple Cross Site Scripting And HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/35089

NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35017

Cyrus SASL 'sasl_encode64()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34961

Xerox WorkCentre Webserver Unspecified Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/34984

Wireshark PCNFSD Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/35081

Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240

MiniTwitter SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/35088

OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/35001

Joomla! Boy Scout Advancement 'id' Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/35087

Basic Analysis And Security Engine Cross Site Scripting And HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/35086

acpid Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/34692

FreeType Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34550

Cute Editor for ASP.NET 'file' Parameter Directory Traversal Vulnerability
http://www.securityfocus.com/bid/35085

GnuTLS Prior to 2.6.6 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/34783

IPsec-Tools Prior to 0.7.2 Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/34765

Cscope Multiple Stack Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34805

Cscope 'find.c' Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34832

Saman Portal 'pageid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/35084

SquirrelMail Prior to 1.4.18 Multiple Vulnerabilities
http://www.securityfocus.com/bid/34916

CiscoWorks Common Services TFTP Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/35040

Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32608

Sun Solstice AdminSuite 'sadmind' 'adm_build_path()' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31751

Sun Solaris 'sadmind' Daemon Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35083

Sun Java System Portal Server Error Page Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35082