:: IT Security Neophyte Investigator's MEMO ::: 7日月曜日、先勝

2009年9月7日月曜日

7日月曜日、先勝

JVNDB-2009-001976 Linux kernel の eCryptfs サブシステムにおけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001976.html

JVNDB-2009-001975 Linux kernel の eCryptfs サブシステムにおけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001975.html

JVNDB-2009-001974 Linux kernel の personality サブシステムにおける NULL ポインタ参照の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001974.html
JVNDB-2009-001973 Linux kernel の ptrace_start 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001973.html

JVNDB-2009-001972 Linux kernel の RTL8169 NIC ドライバにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001972.html

無償のPC導入ソフトぜい弱性検査ツールを評価する
「Secunia PSI」が8月24日のレベルアップで待望の日本語対応
http://itpro.nikkeibp.co.jp/article/COLUMN/20090831/336277/?ST=security

JVNVU#276653 Microsoft Internet Information Services FTP サーバにおけるバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU276653/index.html

Encrypting Data
http://isc.sans.org/diary.html?storyid=7081

Critical Infrastructure and dependencies
http://isc.sans.org/diary.html?storyid=7078

+ Microsoft IIS FTP Server Recursive Listing Denial of Service
http://secunia.com/advisories/36594/
http://www.vupen.com/english/advisories/2009/2542
http://www.securityfocus.com/bid/36273
http://www.microsoft.com/japan/technet/security/advisory/975191.mspx
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-09/msg00025.html

+ Courier-IMAP 4.6.0 released
http://www.courier-mta.org/download.php

+ OpenLDAP 2.4.18 released
http://www.openldap.org/software/release/

+ GnuPG 2.0.13 released
http://lists.gnupg.org/pipermail/gnupg-announce/2009q3/000294.html

+ Solution 265608: Security Vulnerability with the Solaris IPv6 Networking Stack Involving the Cassini Gigabit-Ethernet Device Driver and Jumbo Frames
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265608-1

+ Solution 266688: Security Vulnerabilities in libxml2 Library Related to Parsing of Element Declarations, Notation and Enumeration Attribute Types may Lead to a Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266688-1

- Microsoft Security Advisory (975191): Vulnerabilities in the FTP Service in Internet Information Services
http://www.microsoft.com/technet/security/advisory/975191.mspx

[ANNOUNCE] Apache ZooKeeper 3.2.1
http://hadoop.apache.org/zookeeper/releases.html

Kernel release: 2.6.31-rc9
http://www.linux.org/news/2009/09/05/0002.html

Kernel release: 2.6.30.6-rc1
http://www.linux.org/news/2009/09/05/0001.html

Kernel release: 2.6.27.32-rc1
http://www.linux.org/news/2009/09/04/0001.html

MySQL 5.1.39 (Not yet released)
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-39.html

VMSA-2009-0012: VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.
http://www.vmware.com/security/advisories/VMSA-2009-0012.html
http://lists.vmware.com/pipermail/security-announce/2009/000065.html

Red Hat : Important: openoffice.org security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30302

Apple Product Security : Java for Mac OS X 10.5 Update 5
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30301

Asterisk : IAX2 Call Number Resource Exhaustion
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30305

Independent Researcher : PPStream PPSMediaList Activex 0day exploit
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30303

Independent Researcher : Microsoft IIS 5.0/6.0 FTP SERVER DENIAL OF SERVICE ("Stack Exhaustion")
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30304

［SS＆ERM2009］企業セキュリティの「バランス」を可視化---富士通の鈴木氏
http://itpro.nikkeibp.co.jp/article/NEWS/20090904/336594/?ST=security

［SS＆ERM2009］統合化でセキュリティ向上とコスト削減を両立---マクニカ春日氏
http://itpro.nikkeibp.co.jp/article/NEWS/20090904/336590/?ST=security

［SS＆ERM2009］“残念”なファイル・サーバーも蘇る---NRIの南氏
http://itpro.nikkeibp.co.jp/article/NEWS/20090904/336584/?ST=security

［SS＆ERM2009］SaaSなら迷惑メールの急増に耐えられる---メッセージラボジャパン山本氏
http://itpro.nikkeibp.co.jp/article/NEWS/20090904/336580/?ST=security

1006427: Linux Timekeeping Best Practice
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1006427&sliceId=1&docTypeID=DT_KB_1_1

[SECURITY] [DSA 1879-1] New silc-client/silc-toolkit packages fix arbitrary code executi
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-09/msg00027.html

DvBBS v2.0(PHP) boardrule.php Sql injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-09/msg00026.html

AST-2009-006: IAX2 Call Number Resource Exhaustion
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-09/msg00024.html

Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE ("Stack Exhaustion")
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-09/msg00025.html

New Bug Found By Ostoure Sazan Sharif
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-09/msg00023.html

FRHACK ITSec Conf DVDs and Live Streams
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-09/msg00022.html

FRHACK OS v1 alpha1 released
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-09/msg00021.html

SANS Network Security 2009 @Night Classes
http://isc.sans.org/diary.html?storyid=7075

Vulnerabilities (plural) in MS IIS FTP Service 5.0, 5.1. 6.0, 7.0
http://isc.sans.org/diary.html?storyid=7063

Vulnerability Note VU#444513: VMware VMnc AVI video codec image height heap overflow
http://www.kb.cert.org/vuls/id/444513

FreeSchool "CLASSPATH" File Inclusion Vulnerabilities
http://secunia.com/advisories/36605/

Pidgin Multiple Denial of Service Weaknesses
http://secunia.com/advisories/36601/

Ruby on Rails Unicode Input Cross-Site Scripting Vulnerability
http://secunia.com/advisories/36600/

Apple Mac OS X update for Java
http://secunia.com/advisories/36598/

Red Hat update for openoffice.org
http://secunia.com/advisories/36595/

Microsoft IIS FTP Server Recursive Listing Denial of Service
http://secunia.com/advisories/36594/

Asterisk IAX2 Call Number Exhaustion Denial of Service
http://secunia.com/advisories/36593/

Ektron CMS400.NET "ekformsiframe.aspx" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/36591/

Fedora update for openoffice.org
http://secunia.com/advisories/36590/

Fedora update for xemacs
http://secunia.com/advisories/36589/

Fedora update for fetchmail
http://secunia.com/advisories/36561/

Xstate Real Estate Cross-Site Scripting and SQL Injection
http://secunia.com/advisories/36529/

Corel getPlus Download Manager Insecure Default Directory Permissions
http://secunia.com/advisories/36331/

Asterisk IAX2 Call Number Resource Exhaustion
http://www.securiteam.com/securitynews/5MP0115SAC.html

HP Operations Dashboard Unspecified Flaw Lets Remote Users Control the Target System
http://securitytracker.com/alerts/2009/Sep/1022835.html

HP Perfomance Insight Unspecified Flaws Let Remote Users Control the Target System
http://securitytracker.com/alerts/2009/Sep/1022834.html

Adobe RoboHelp Unspecified Flaw Lets Remote Users Control the Target System
http://securitytracker.com/alerts/2009/Sep/1022833.html

OpenOffice Unspecified Flaws Have Unspecified Impact
http://securitytracker.com/alerts/2009/Sep/1022832.html

Kaspersky Online Scanner Unspecified Flaw Has Unspecified Impact
http://securitytracker.com/alerts/2009/Sep/1022831.html

Akamai Download Manager Unspecified Flaw Has Unspecified Impact
http://securitytracker.com/alerts/2009/Sep/1022830.html

McAfee Email and Web Security Appliance Discloses Arbitrary Files to Remote Users
http://securitytracker.com/alerts/2009/Sep/1022829.html

OpenOffice Unspecified Flaw Has Unspecified Impact
http://securitytracker.com/alerts/2009/Sep/1022828.html

Linksys WRT54GL Router Buffer Overflow Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Sep/1022827.html

D-Link DIR-400 Router Buffer Overflow Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Sep/1022826.html

ASUS WL-500W Router Buffer Overflow Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Sep/1022825.html

Ruby on Rails Input Validation Flaw in Form Helpers Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2009/Sep/1022824.html

ASUS Router Unspecified Flaw Has Unspecified Impact
http://securitytracker.com/alerts/2009/Sep/1022821.html

Java Web Start Stack Overflow in Command Launcher Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Sep/1022820.html

Asterisk IAX2 Call Number Consumption Flaw Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Sep/1022819.html

Ruby on Rails Cross Site Scripting and Time Algorithm Vulnerabilities
http://www.vupen.com/english/advisories/2009/2544

Apple Mac OS X Security Update Fixes Java Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2009/2543

Microsoft IIS FTP Directory Listing Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/2542

Anantasoft Gazelle CMS "lookup" Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/2541

Accounting Portal "DesktopModules" Information Disclosure Vulnerability
http://www.vupen.com/english/advisories/2009/2540

PHPope Multiple Parameter Remote File Inclusion Vulnerabilities
http://www.vupen.com/english/advisories/2009/2536

FreeSchool "CLASSPATH" Parameter File Inclusion Vulnerabilities
http://www.vupen.com/english/advisories/2009/2535

RHSA-2009:1426: Important: openoffice.org security update
http://rhn.redhat.com/errata/RHSA-2009-1426.html

OpenOffice Multiple Unspecified Remote Security Vulnerabilities
http://www.securityfocus.com/bid/36285

Perforce Multiple Unspecified Remote Security Vulnerabilities
http://www.securityfocus.com/bid/36261

Sun Java System Directory Server 'ns-slapd' Denial of Service Vulnerability
http://www.securityfocus.com/bid/36286

Sun Solaris Cassini Gigabit-Ethernet Device Driver Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35439

Oracle TimesTen In-Memory Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/36288

Microsoft IIS FTPd Globbing Functionality Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36273

RETIRED: Microsoft IIS FTPd Globbing Functionality Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36276

Zope Object Database ZEO Server Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/36283

libxml2 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36010

SIDVault 'simple_bind()' Function Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/25460

Adobe Flash Player SWF Version Null Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/31537

Adobe Acrobat, Reader, and Flash Player Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35759

Adobe Flash Player and AIR Sandbox Bypass Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35908

Adobe Flash Player and AIR Unspecified Clickjacking Vulnerability
http://www.securityfocus.com/bid/35905

Adobe Flash Player and AIR NULL Pointer Exception Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35906

Adobe Flash Player and AIR 'intf_count' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35907

Adobe Flash Player and AIR (CVE-2009-1866) Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35901

Adobe Flash Player and AIR Loader Object Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35904

Adobe Flash Player and AIR URI Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35902

SILC Toolkit 'command.c' Multiple Format String Vulnerabilities
http://www.securityfocus.com/bid/36193

SILC Client Format String Vulnerability
http://www.securityfocus.com/bid/35940

SILC Toolkit HTTP Server Format String Vulnerability
http://www.securityfocus.com/bid/36194

SILC Toolkit Encoded OID Format String Vulnerability
http://www.securityfocus.com/bid/36192

AgoraGroups Joomla! Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/35118

Adobe Flash Player and AIR Unspecified Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35900

Sun Java SE Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/35922

Sun Java Runtime Environment JPEG Image Handling Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35942

Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958

Sun Java Runtime Environment Unpack200 JAR Unpacking Utility Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35944

Sun JRE/JDK Java Web Start ActiveX Control ATL Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35945

Sun Java Runtime Environment Proxy Mechanism Implementation Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/35943

Sun Java Runtime Environment Audio System Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35939

Ruby on Rails Form Helpers Unicode String Handling Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36278

Ots Labs OtsTurntables OFL File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/33257

JNLPAppletLauncher Arbitrary File Creation Vulnerability
http://www.securityfocus.com/bid/35946

Novell eDirectory 8.7.3 Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/36270

SAP AG SAPgui EAI WebViewer3D ActiveX Control Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34310

Novell ZENworks Configuration Management Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/36266

Novell ZENworks Asset Manager 7.5 Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/36264

OpenOffice Word Document Table Parsing Multiple Heap Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36200

Microsoft IIS FTPd NLST Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36189

Qt NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36203

Fetchmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35951

XEmacs Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35473

McAfee Email and Web Security Appliance Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36272

Joomla! Joomlub Component 'aid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36287

Zeroboard 'now_connect()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36284

DvBBS 'boardrule.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/36282

Mambo Zoom Component 'catid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36281

Ektron CMS400.NET Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/36279

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)