2009年12月21日月曜日

21日 月曜日、仏滅

OpenLDAP 2.4.21 available
http://www.openldap.org/software/download/

IM Security for Microsoft Office Communications Server サポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1336

Trend Micro PortalProtect 1.8 サポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1344

Downloading VMware products and troubleshooting issues with downloads
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1012245&sliceId=1&docTypeID=DT_KB_1_1

簡単な操作でWindowsのセキュリティ設定をチェックできる「MyJVN セキュリティ設定チェッカ」を公開
~ ウイルスから個人情報や機密情報を守るため、USBメモリ自動実行機能を無効にしましょう ~
http://www.ipa.go.jp/security/vuln/documents/2009/200912_myjvn_cc.html

JVNDB-2009-002346 JDK および JRE の Sun Java SE にある Deployment Toolkit プラグインにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002346.html

JVNDB-2009-002345 Hitachi Storage Command Suite 製品における StartTLS が有効にならない脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002345.html

JVNDB-2009-002344 CUPS の cupsd におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002344.html

JVNDB-2009-002016 APR ライブラリおよび APR-util ライブラリにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002016.html

JVNDB-2009-001990 Sun Java SE における任意のファイルを改ざんされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001990.html

JVNDB-2009-001988 Sun JRE で使用している Apache Xerces2 Java におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001988.html

JVNDB-2009-001987 Sun JRE の unpack200 ユーティリティにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001987.html

JVNDB-2009-001986 Sun JRE の Sun Java Web Start における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001986.html

JVNDB-2009-001985 Sun JRE のプロキシ機構実装におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001985.html

JVNDB-2009-001984 Sun JRE のプロキシ機構実装における Web セッションを乗っ取られる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001984.html

JVNDB-2009-001983 Sun JRE の SOCKS プロキシ実装における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001983.html

JVNDB-2009-001982 Sun JRE のオーディオシステムにおける重要な情報が取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001982.html

JVNDB-2009-001911 XML 署名の検証において認証回避が可能な問題
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001911.html

PHP-Calendar Include File Bug in 'configfile' Parameter Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Dec/1023375.html



 
 
 
 
+ Linux kernel 2.6.27.42/2.6.31.9/2.6.32.2 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.42
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.9
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.2
http://www.linux.org/news/2009/12/18/0003.html
http://www.linux.org/news/2009/12/18/0002.html
http://www.linux.org/news/2009/12/18/0001.html

+ OpenLDAP 2.4.21 released
http://www.openldap.org/software/release/announce.html
http://www.openldap.org/software/release/changes.html

- PHP 'htmlspecialcharacters()' Malformed Multibyte Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37389/exploit

- Apache Tomcat Native SSL Session Renegotiation Plaintext Injection
http://www.vupen.com/english/advisories/2009/3587

MySQL Workbench 5.2.11 Beta 3 Available
http://dev.mysql.com/downloads/workbench/

Security Vulnerability in the Timeout Mechanism of Solaris sshd(1M) may Lead to a Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-272629-1

APSB09-18: Security update available for Flash Media Server
http://www.adobe.com/support/security/bulletins/apsb09-18.html

CTX123359: Transport Layer Security Renegotiation Vulnerability
http://support.citrix.com/article/CTX123359

Package: Courier: latest development snapshot: 20091218 (18-Dec-2009)
https://sourceforge.net/projects/courier/files/courier-devel/20091218/courier-0.63.0.20091218.tar.bz2/download

Package: Courier authentication library: latest development snapshot: 20091218 (18-Dec-2009)
https://sourceforge.net/projects/courier/files/authlib-devel/20091218/courier-authlib-0.62.4.20091218.tar.bz2/download

NTP 4.2.6p1-RC1 released
http://archive.ntp.org/ntp4/ChangeLog-stable-rc

NTP 4.2.7p2 Development released
http://archive.ntp.org/ntp4/ChangeLog-dev

cisco-sa-20091109-tls: Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml

Document ID: 339328: Replace track alignment registry setting for "OPEN-V" arrays from sector offset 96 to sector offset 128.
http://seer.entsupport.symantec.com/docs/339328.htm

Document ID: 339268: The installation of Storage Foundation 5.1 for Windows Service Pack 1 (SFW 5.1 SP1) into a Windows 2008 Server Core R2 environment does not allow for the installation of Symantec Dynamic Multipathing (DMP) software.
http://seer.entsupport.symantec.com/docs/339268.htm

RHBA-2009:1684-1: vixie-cron bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1684.html

RHBA-2009:1685-1: openCryptoki bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1685.html

MDVSA-2009:336: koffice
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31295

ファイルを「魚介類の画像」で上書き、「タコイカウイルス」に注意
ファイル共有ソフト経由で侵入、ユーザー情報などを盗む“機能”も
http://itpro.nikkeibp.co.jp/article/NEWS/20091221/342456/?ST=security

アプリケーション配布機能を強化,MOTEXが「LanScope Cat6」の新版を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20091218/342388/?ST=security

Frustrations of ISP Abuse Handling
http://isc.sans.org/diary.html?storyid=7780

Educationing Our Communities
http://isc.sans.org/diary.html?storyid=7783

Twitter outage via DNS hijacking
http://isc.sans.org/diary.html?storyid=7774

Wireshark Buffer Overflow in Daintree SNA Parser and Bugs in SMB, SMB2, and IPMI Dissectors Let Remote Users Execute Arbitrary Code and Deny Service
http://securitytracker.com/alerts/2009/Dec/1023374.html

PHP Session Function Corruption Flaw May Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Dec/1023373.html

PHP Input Validation Flaw in htmlspecialchars() Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2009/Dec/1023372.html

wnpa-sec-2009-09: Multiple vulnerabilities in Wireshark version 0.9.0 to 1.2.4
http://www.wireshark.org/security/wnpa-sec-2009-09.html

Fedora update for gtk2
http://secunia.com/advisories/37862/

Fedora update for httpd
http://secunia.com/advisories/37861/

Fedora update for coreutils
http://secunia.com/advisories/37860/

Fedora update for tomcat-native
http://secunia.com/advisories/37859/

Fedora update for seamonkey
http://secunia.com/advisories/37858/

Fedora update for drupal
http://secunia.com/advisories/37857/

Fedora update for xulrunner
http://secunia.com/advisories/37856/

Fedora update for firefox
http://secunia.com/advisories/37855/

Fedora update for postgresql
http://secunia.com/advisories/37854/

Fedora update for rubygem-actionpack
http://secunia.com/advisories/37853/

GTK+ "gdk_window_begin_implicit_paint()" Foreign Windows Weakness
http://secunia.com/advisories/37852/

Ghostscript "errprintf()" Buffer Overflow Vulnerability
http://secunia.com/advisories/37851/

Ganeti "iallocator" Names Arbitrary Command Execution Vulnerability
http://secunia.com/advisories/37849/

phpLDAPadmin "cmd" Local File Inclusion Vulnerability
http://secunia.com/advisories/37848/

Serv-U File Server Information Disclosure Vulnerability
http://secunia.com/advisories/37847/

HP Storage Data Protector Buffer Overflow Vulnerabilities
http://secunia.com/advisories/37845/

IBM WebSphere Application Server Feature Pack for CEA Hijacking Vulnerability
http://secunia.com/advisories/37843/

Wireshark Multiple Vulnerabilities
http://secunia.com/advisories/37842/

Rumba XML "index.php" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37840/

Joomla JoomPortfolio Component "secid" SQL Injection Vulnerability
http://secunia.com/advisories/37838/

Max's Photo Album Arbitrary File Upload Vulnerability
http://secunia.com/advisories/37835/

IBM AIX "qosmod" and "qoslist" Buffer Overflow Vulnerabilities
http://secunia.com/advisories/37833/

Matrimony Script Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/37829/

jCore Server "search" Cross-Site Scripting and Script Insertion Vulnerability
http://secunia.com/advisories/37818/

Pre Multi-Vendor Ecommerce Solution "search" Cross-Site-Scripting-Vulnerability
http://secunia.com/advisories/37801/

WP-Forum Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/37794/

D-Link DIR-615 "apply.cgi" Security Bypass Vulnerability
http://secunia.com/advisories/37777/

Pre Jobo.NET "TextBox1" and "TextBox2" SQL Injection Vulnerability
http://secunia.com/advisories/37776/

Sitecore Staging Module Authentication Security Bypass
http://secunia.com/advisories/37763/

Ez News Manager Cross-Site Request Forgery
http://secunia.com/advisories/37757/

VideoCache vccleaner Insecure Logfile Access Security Issue
http://secunia.com/advisories/37733/

OSSIM Multiple Vulnerabilities
http://secunia.com/advisories/37727/

IBM AIX "qoslist" and "qosmod" Commands Buffer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2009/3600

Ganeti iallocator Names Processing Command Injection Vulnerability
http://www.vupen.com/english/advisories/2009/3599

IBM WebSphere Application Server Feature Pack for CEA Vulnerability
http://www.vupen.com/english/advisories/2009/3598

Ghostscript "errprintf()" Data Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3597

Wireshark Buffer Overflow and Multiple Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/3596

Serv-U Security Update Fixes Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2009/3595
hP OpenView Storage Data Protector Buffer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2009/3594

PHP Security Update Fixes Security Bypass and DoS Vulnerabilities
http://www.vupen.com/english/advisories/2009/3593

Apache Tomcat Native SSL Session Renegotiation Plaintext Injection
http://www.vupen.com/english/advisories/2009/3587

TFTP SERVER Buffer Overflow remote exploit
http://www.exploit-db.com/exploits/10542

PlayMeNow Malformed M3U Playlist WinXP Universal BOF
http://www.exploit-db.com/exploits/10563

- PHP 5.2.12/5.3.1 symlink() open_basedir bypass
http://www.exploit-db.com/exploits/10557

PlayMeNow Malformed M3U Playlist File Buffer
http://www.exploit-db.com/exploits/10556

Mozilla Firefox Location Bar Spoofing Vulnerability
http://www.exploit-db.com/exploits/10544

GTK+ 'gdk/gdkwindow.c' Security Bypass Vulnerability
http://www.securityfocus.com/bid/37411

D-Link DIR-615 'apply.cgi' Security Bypass Vulnerability
http://www.securityfocus.com/bid/37415

Serv-U File Server User Directory Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37414

Pre Projects E-Smart Cart 'embadmin/login.asp' SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37418

Ghostscript 'errprintf()' Function PDF Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37410

Wireshark 0.9.0 through 1.2.4 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37407

Pyrmont V2 WordPress Theme 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37409

F3Site 'GLOBALS[nlang]' Parameter Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/37408

Celerondude Uploader 'index.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/37406

Ampache 'login.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37417

eWebquiz 'QuizID' Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37402

Active Auction House Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37401

Active Photo Gallery 'account.asp' SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37399

PEAR Sendmail 'Recipient' Parameter Arbitrary Argument Injection Vulnerability
http://www.securityfocus.com/bid/37395

Pre Job Board 'preview.php' SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37400

cPanel 'fileop' Parameter Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/37394

QuiXplorer 'lang' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/37393

ReVou Comment Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/37391

PHP 'session.save_path()' Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/37390

PHP 'htmlspecialcharacters()' Malformed Multibyte Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37389

Sitecore CMS Staging Service 'api.asmx' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37388

Joomla! 'com_joomportfolio' Component 'secid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37403

Joomla! 'com_personel' Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37404

NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37255

Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935

Mozilla Firefox and SeaMonkey 'liboggplay' Media Library Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37369

Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37368

Mozilla Firefox CVE-2009-3980 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37362

Mozilla Firefox CVE-2009-3981 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37363

Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
http://www.securityfocus.com/bid/37370

Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/37367

Adobe Flash Media Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37420

Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37366

Mozilla Firefox 'window.opener' Property Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37365

Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37364

Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37361

Adobe Flash Media Server Resource Exhaustion Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37419

Sun Solaris 'sshd(1M)' Timeout Mechanism Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37116

TFTP Server Packet Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/28462

fence 'fence_manual' Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/37416

cman 'fence_egenera' Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/30898

Centreon Authentication Mechanism Security Bypass Vulnerability
http://www.securityfocus.com/bid/37383

Pluxml-Blog 'core/admin/auth.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37384

Family Connections Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/37379

RETIRED: WHMCS 'weblink_cat_list.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/37376

GNU Automake Insecure Directory Permissions Vulnerability
http://www.securityfocus.com/bid/37378

cluster Multiple Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/32179

fence 'fence_apc' and 'fence_apc_snmp' Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/31904

OSSIM 'repository_attachment.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/37377

Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35891

Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35888

IBM AIX 'qoslist' Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37413

IBM AIX 'qosmod' Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37412

Ruby on Rails 'strip_tags()' Non-Printable Character Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37142

Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37372

PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/37334

PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37333

GNU Coreutils Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/37256

Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36260

Apache mod_proxy_ftp Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/36254

Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703

0 件のコメント:

コメントを投稿