19日 水曜日、仏滅

+ Solution 257848: Security Vulnerability in the Solaris Kernel Involving the Interaction of the Filesystem and Virtual Memory Subsystems
http://sunsolve.sun.com/search/document.do?assetkey=1-66-257848-1
http://secunia.com/advisories/36319/
http://securitytracker.com/alerts/2009/Aug/1022738.html
http://www.vupen.com/english/advisories/2009/2291

+ RHSA-2009:1219-1: Important: libvorbis security update
http://rhn.redhat.com/errata/RHSA-2009-1219.html

- Apache APR-util Library Integer Overflow Vulnerabilities
http://secunia.com/advisories/36226/
http://www.vupen.com/english/advisories/2009/2295

Solution 265909: SUN ALERT WEEKLY SUMMARY REPORT - Week of 09-Aug-2009 to 15-Aug-2009
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265909-1

Solution 256068: Certain Disk Drives May Experience Data Miscompare or Drive Initialization Issues
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256068-1

HPSBMA02448 SSRT061231 rev.1 - HP Network Node Manager (NNM) Remote Console Running on Windows, Local Execution of Arbitrary Code, Denial of Service (DoS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01817357-1

Seven things Windows 7 can learn from Linux
http://www.linux.org/news/2009/08/18/0003.html

Will desktop Linux ever grow up?
http://www.linux.org/news/2009/08/18/0002.html

I want to like Linux, but it keeps failing on me
http://www.linux.org/news/2009/08/18/0001.html

Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090818-bgp.shtml

Document ID: 329919: Updated Veritas Cluster Server 5.1 for Windows (VCS) and Veritas Storage Foundation and High Availability 5.1 for Windows (SFW-HA) Management Pack for Microsoft System Center Operations Manager 2007
http://seer.entsupport.symantec.com/docs/329919.htm

Independent Researcher : Vtiger CRM 5.0.4 Multiple Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30140

Independent Researcher : Safari buffer overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30141

Justin C. Klein Keane : Drupal flag module xss vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30142

Mandriva : kernel
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30137

Independent Researcher : TheGreenBow VPN Client tgbvpn.sys DoS and Potential Local
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30139

[ GLSA 200908-10 ] Dillo: User-assisted execution of arbitrary code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00153.html

[ GLSA 200908-09 ] DokuWiki: Local file inclusion
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00155.html

[ GLSA 200908-08 ] ISC DHCP: dhcpd Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00152.html

[ GLSA 200908-07 ] Perl Compress::Raw modules: Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00149.html

[ GLSA 200908-06 ] CDF: User-assisted execution of arbitrary code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00156.html

[ GLSA 200908-05 ] Subversion: Remote execution of arbitrary code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00151.html

CA20090818-01: Security Notice for CA Host-Based Intrusion Prevention System
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00150.html

CA20090818-02: Security Notice for CA Internet Security Suite
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00154.html

[security bulletin] HPSBMA02448 SSRT061231 rev.1 - HP Network Node Manager (NNM) Remote Console
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00148.html

(Reposting truncated message) Re: ntop <= 3.3.10 Basic Authentication Null Pointer Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00147.html

ntop <= 3.3.10 Basic Authentication Null Pointer Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00146.html

Safari buffer overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00141.html

Vtiger CRM 5.0.4 Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00139.html

[ MDVSA-2009:205 ] kernel
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00139.html

[USN-818-1] curl vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00143.html

MS09-039 exploit in the wild?
http://isc.sans.org/diary.html?storyid=6976

Domain tcpdump.org unavailable
http://isc.sans.org/diary.html?storyid=6979

Website compromises - what's happening?
http://isc.sans.org/diary.html?storyid=6982

Security Bulletin for ColdFusion and JRun
http://isc.sans.org/diary.html?storyid=6985

Sysinternals Procdump Updated
http://isc.sans.org/diary.html?storyid=6988

Vulnerability Note VU#485961: Acer AcerCtrls.APlunch ActiveX Control fails to properly restrict access to methods
http://www.kb.cert.org/vuls/id/485961

RHBA-2009:1215-1: net-snmp bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1215.html

RHSA-2009:1218-1: Critical: pidgin security update
http://rhn.redhat.com/errata/RHSA-2009-1218.html

Fedora update for squid
http://secunia.com/advisories/36344/

TheGreenBow IPSec VPN Client TgbVPN.sys Denial of Service
http://secunia.com/advisories/36332/

Adobe ColdFusion / JRun Multiple Vulnerabilities
http://secunia.com/advisories/36329/

Fedora update for kernel
http://secunia.com/advisories/36323/

Naroun ADSL-Tools "members_general_info_print.asp" Security Bypass
http://secunia.com/advisories/36320/

Sun Solaris Filesystem and Virtual Memory Subsystem Denial of Service
http://secunia.com/advisories/36319/

Elka CMS "q" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/36314/

IBM DB2 Multiple Vulnerabilities
http://secunia.com/advisories/36313/

Ubuntu update for curl
http://secunia.com/advisories/36312/

Counter-Strike: Source Format String Vulnerability
http://secunia.com/advisories/36307/

IBM WebSphere Partner Gateway SQL Injection Vulnerability
http://secunia.com/advisories/36295/

2FLY Gift Delivery System "gameid" SQL Injection Vulnerability
http://secunia.com/advisories/36294/

Half-Life 2 Format String Vulnerability
http://secunia.com/advisories/36291/

Source Engine Format String Vulnerability
http://secunia.com/advisories/36279/

Apache APR-util Library Integer Overflow Vulnerabilities
http://secunia.com/advisories/36226/

Cisco IOS XR BGP Update Processing Flaw Lets Remote BGP Peers Deny Service
http://securitytracker.com/alerts/2009/Aug/1022739.html

Solaris Kernel Memory Mapping Flaw Lets Local Users Deny Service
http://securitytracker.com/alerts/2009/Aug/1022738.html

Acer LunchApp ActiveX "Run()" Remote Code Execution Vulnerability
http://www.vupen.com/english/advisories/2009/2299

Counter-Strike: Source Console Message Format String Vulnerability
http://www.vupen.com/english/advisories/2009/2298

Half-Life Source Engine Console Message Format String Vulnerability
http://www.vupen.com/english/advisories/2009/2297

Valve Source Engine Console Message Format String Vulnerability
http://www.vupen.com/english/advisories/2009/2296

Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2009/2295

TheGreenBow Client VPN IPSec "tgbvpn.sys" Denial of Service Issue
http://www.vupen.com/english/advisories/2009/2294

IBM DB2 Unauthorized Access and Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/2293

IBM WebSphere Partner Gateway Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/2292

Sun Solaris Filesystem and Virtual Memory Subsystems DoS Vulnerability
http://www.vupen.com/english/advisories/2009/2291

Linux Kernel 2.x sock_sendpage() Local Root Exploit (Android Edition)
http://www.milw0rm.com/exploits/9477

Linux Kernel < 2.6.30.5 cfg80211 Remote Denial of Service Exploit
http://www.milw0rm.com/exploits/9442

ZTE ZXDSL 831 II Modem Arbitrary Configuration Access Vulnerability
http://www.milw0rm.com/exploits/9473

ProSysInfo TFTP Server TFTPDWIN 0.4.2 Remote BOF Exploit
http://www.milw0rm.com/exploits/9468

ZTE ZXDSL 831 II Modem Arbitrary Add Admin User Vulnerability
http://www.milw0rm.com/exploits/9456

Adobe JRun 4 (logfile) Directory Traversal Vulnerability (auth)
http://www.milw0rm.com/exploits/9443

VUPlayer <= 2.49 (.m3u File) Universal Buffer Overflow Exploit
http://www.milw0rm.com/exploits/9476

Playlistmaker 1.51 (.m3u File) Local Buffer Overflow Exploit (SEH)
http://www.milw0rm.com/exploits/9466

Xenorate Media Player 2.6.0.0 (.xpl) Universal Local Buffer Exploit (SEH)
http://www.milw0rm.com/exploits/9458