+ RHSA-2010:0054-1: Moderate: openssl security update
http://rhn.redhat.com/errata/RHSA-2010-0054.html
[ANN] Apache Archiva 1.3 Released
http://archiva.apache.org/download.html
「安全なウェブサイトの作り方 改訂第4版」を公開
http://www.ipa.go.jp/security/vuln/websecurity.html
JPCERT/CC WEEKLY REPORT 2010-01-20
http://www.jpcert.or.jp/wr/2010/wr100201.html
JVNVU#360341 BIND 9 の DNSSEC 検証コードに脆弱性
http://jvn.jp/cert/JVNVU360341/index.html
JVNDB-2009-002426 複数の SSL VPN (Web VPN) 製品においてウェブブラウザのセキュリティが迂回される問題
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002426.html
JVNDB-2009-002425 dstat における Python module の検索パスに関する権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002425.html
JVNDB-2009-002424 PI Server の OSIsoft PI System におけるデータベースの情報を変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002424.html
JVNDB-2009-002319 SSL および TLS プロトコルに脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002319.html
JVNDB-2009-002263 Xpdf および Poppler の ImageStream::ImageStream 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002263.html
JVNDB-2009-002261 Xpdf および Poppler の PSOutputDev::doImageL1Sep 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002261.html
Security Patch for for BIND 9.6.1 Released
http://isc.sans.org/diary.html?storyid=8029
When Rogue On-Line Pharmacies Take Over Forum Discussions
http://isc.sans.org/diary.html?storyid=8032
Vulnerability Note VU#144233: Rockwell Automation Allen-Bradley MicroLogix PLC authentication and authorization vulnerabilities
http://www.kb.cert.org/vuls/id/144233
■BIND 9の脆弱性を利用したサービス不能(DoS)攻撃について
- パッチ適用を推奨 -
http://jprs.jp/tech/security/bind9-vuln-bogus-nxdomain.html
BIND DNSSEC NSEC/NSEC3 Error May Let Remote Users Spoof NXDOMAIN Responses
http://securitytracker.com/alerts/2010/Jan/1023474.html
Mac OS X Image Raw Buffer Overflow in Processing DNG Image Files Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jan/1023473.html
Mac OS X CoreAudio Buffer Overflow in Playing MP4 Audio Files Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jan/1023472.html
HP Power Manager Username and Password Buffer Overflow Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jan/1023470.html
Pidgin MSN <= 2.6.4 File Download Vulnerability
http://www.exploit-db.com/exploits/11203
RM Downloader .m3u BOF (SEH)
http://www.exploit-db.com/exploits/11202
+ ISC BIND 9.4.3-P5,9.5.2-P2,9.6.1-P3 released
http://ftp.isc.org/isc/bind9/9.4.3-P5/9.4.3-P5
http://ftp.isc.org/isc/bind9/9.6.1-P3/9.6.1-P3
http://ftp.isc.org/isc/bind9/9.5.1-P2/9.5.1-P2
+ BIND 9 Cache Update from Additional Section (Updated 19Jan2010)
https://www.isc.org/advisories/CVE-2009-4022v6
+ BIND 9 DNSSEC validation code could cause bogus NXDOMAIN responses
https://www.isc.org/advisories/CVE-2010-0097
http://www.kb.cert.org/vuls/id/360341
http://www.securityfocus.com/bid/37865
+ Samba 3.4.5 Available for Download
http://news.samba.org/releases/3.4.5/
http://samba.org/samba/history/samba-3.4.5.html
+ RHSA-2010:0046-1: Important: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2010-0046.html
+ Windows Kernel #GP Trap Handler Flaw Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Jan/1023471.html
http://isc.sans.org/diary.html?storyid=8023
http://www.exploit-db.com/exploits/11199
http://www.securityfocus.com/bid/37864
+ Security Vulnerabilities in PostgreSQL Shipped With Solaris May Allow Escalation of Privileges or Man-in-the-Middle on SSL Connections
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274870-1
HPSBMA02485 SSRT090252 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01971741
HPSBMA02474 SSRT090107 rev.2 - HP Power Manager, Remote Execution of Arbitrary Code
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01905743
Sun StorageTek VM/HSC Dynamic Reconfiguration Fails With ABEND S0C4 After Applying PTF L1H151B (VM/HSC 6.1) or PTF L1H153D (VM/HSC 6.2)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275670-1
APSB10-03: Security update available for Shockwave Player
http://www.adobe.com/support/security/bulletins/apsb10-03.html
Document ID: 340278: Storage Foundation for Windows 5.1 (SFW) and Service Pack 1 (SP1) requires at least a 40GB Boot Partition for Windows 2008 Server X64, when booting from a SAN device (BFS) with Dynamic Multi-pathing (DMP).
http://seer.entsupport.symantec.com/docs/340278.htm
RHBA-2010:0047-1: strace bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0047.html
RHBA-2010:0050-1: glibc bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0050.html
RHBA-2010:0052-1: util-linux bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0052.html
RHBA-2010:0048-1: ruby bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0048.html
RHBA-2010:0049-1: glibc bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0049.html
RHBA-2010:0051-1: util-linux bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0051.html
Nikolas Sotiriu : Google Wave Design Bugs
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31496
CYBSEC : FreePBX 2.5.x Information disclosure
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31499
CYBSEC : FreePBX 2.5.x-2.6 Permanent XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31500
CYBSEC : FreePBX 2.5.1 SQL Injection
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31501
Independent Researcher : Study of BlackBerry Proof-of-Concept Malicious Applications (Whitepaper)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31497
Independent Researcher : AOL ActiveX - Hail to The Francis
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31498
Independent Researcher : Code to mitigate IE event zero-day (CVE-2010-0249)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31505
Mandriva : transmission
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31491
Mandriva : transmission
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31492
Securitylab.ir : 0day vulnerability Sogou input method to obtain system privileges
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31504
Ubuntu Security Notice : LibThai vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31493
Ubuntu Security Notice : Pidgin vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31494
Ubuntu Security Notice : LibThai vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31495
ドイツやフランスの政府機関、「IEの利用中止」を推奨
グーグルなどへの攻撃に脆弱性が悪用、「パッチ適用までは別ブラウザーを」
http://itpro.nikkeibp.co.jp/article/NEWS/20100120/343477/?ST=security
フォーティーネット、40Gbpsのスループットをもつ新UTMを発表
http://itpro.nikkeibp.co.jp/article/NEWS/20100119/343462/?ST=security
[CORELAN-10-006] BOF Vulnerability in S.O.M.P.L. Player
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00158.html
[ MDVSA-2010:016 ] wireshark
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00157.html
[ MDVSA-2010:018 ] phpMyAdmin
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00156.html
[security bulletin] HPSBMA02485 SSRT090252 rev.1 - HP Power Manager, Remote Execution of Arbitra
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00152.html
[ MDVSA-2010:017 ] ruby
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00149.html
[ MDVSA-2010:015 ] roundcubemail
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00143.html
Blaze Apps Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00148.html
ezContents CMS Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00147.html
Baidu Security Center FireFoxProxy ActiveX Remote Exec 0day POC
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00145.html
Kingsoft DuBa Browser Shield ActiveX Remote Exec 0day POC
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00146.html
Xunlei XPPlayer ActiveX Remote Exec 0day POC
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00144.html
Multiple Vulnerabilities in XOOPS 2.4.3 and earlier
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00159.html
OpenOffice for Windows ".slk" File Parsing Null Pointer Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00142.html
JBroFuzz 1.9 Fuzzer Released!
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00141.html
Forensic challenges
http://isc.sans.org/diary.html?storyid=8014
The IE saga continues, out-of-cycle patch coming soon
http://isc.sans.org/diary.html?storyid=8017
49Gbps DDoS, IPv4 exhaustion, and DNSSEC, oh my!
http://isc.sans.org/diary.html?storyid=8020
Unpatched Microsoft Windows (all versions) Privilege Escalation Vulnerability Released
http://isc.sans.org/diary.html?storyid=8023
Apple Security Update 2010-001
http://isc.sans.org/diary.html?storyid=8026
http://support.apple.com/kb/HT4004
Vulnerability Note VU#360341: BIND 9 DNSSEC validation code could cause fake NXDOMAIN responses
http://www.kb.cert.org/vuls/id/360341
Sun Java System Web Server Heap Overflow in Processing TRACE Requests Lets Remote Users Execute Arbitary Code
http://securitytracker.com/alerts/2010/Jan/1023469.html
Bits Video Script Arbitrary File Upload and Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/38252/
MySmartBB SQL Injection Vulnerability
http://secunia.com/advisories/38249/
Thelia Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/38248/
Rockwell Automation MicroLogix Controller Security Issue and Vulnerability
http://secunia.com/advisories/38246/
MoinMoin "sys.argv" Information Disclosure Vulnerability
http://secunia.com/advisories/38242/
LetoDMS Local File Inclusion and Cross-Site Request Forgery Vulnerabilities
http://secunia.com/advisories/38237/
Ubuntu update for pidgin
http://secunia.com/advisories/38236/
AOL 9.5 ActiveX Heap Overflow Vulnerability
http://www.exploit-db.com/exploits/11190
Windows NT User Mode to Ring 0 Escalation Vulnerability
http://www.exploit-db.com/exploits/11199
Millenium MP3 Studio v1.X (.m3u File) Local Stack Overflow
http://www.exploit-db.com/exploits/11191
Internet Explorer CVE-2010-0249 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37815
Wireshark 0.9.0 through 1.2.4 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37407
phpMyAdmin 'unserialize()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37861
phpMyAdmin Insecure Temporary File and Directory Creation Vulnerabilities
http://www.securityfocus.com/bid/37826
LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability
http://www.securityfocus.com/bid/35451
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Adobe Flash Player and AIR Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/37269
Adobe Flash Player ActiveX Control Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37272
Adobe Flash Player and AIR JPEG File Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37266
CUPS File Descriptors Handling Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37048
Adobe Flash Player and AIR (CVE-2009-3797) Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37273
Adobe Flash Player and AIR 'exception_count' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37267
Adobe Flash Player and AIR Data Injection Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37270
Adobe Flash Player and AIR (CVE-2009-3798) Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37275
HP Power Manager Script Login URI Buffer Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37866
Zeus Web Server 'SSL2_CLIENT_HELLO' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37829
phpMySport Information Disclosure and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37856
Ruby WEBrick Terminal Escape Sequence in Logs Command Injection Vulnerability
http://www.securityfocus.com/bid/37710
THELIA Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/37855
PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37333
PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/37334
Expat Unspecified XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37203
Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37084
Adobe Flash Player SWF File Denial of Service Vulnerability
http://www.securityfocus.com/bid/37850
Roundcube Webmail Multiple Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/36920
MIT Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities
http://www.securityfocus.com/bid/37749
MIT Kerberos KDC Cross-Realm Referral NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37486
KDE KDELibs 'dtoa()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37080
Linux Kernel 'drivers/firewire/ohci.c' NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/37339
Linux Kernel 'fuse_ioctl_copy_user()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37453
Linux Kernel 'net/ax25/af_ax25.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36635
Cute Editor for ASP.NET 'file' Parameter Directory Traversal Vulnerability
http://www.securityfocus.com/bid/35085
Libpurple MSN-SLP Emoticon Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37524
Microsoft SQL Server 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/32710
Apple Mac OS X Image RAW 'DNG' Image Handling Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37869
Apple Mac OS X CoreAudio MP4 File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37868
HP Power Manager Export Logs Buffer Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37867
ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37865
Microsoft Windows #GP Trap Handler Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37864
MySmartBB Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37863
XOOPS Arbitrary File Deletion and HTTP Header Injection Vulnerabilities
http://www.securityfocus.com/bid/37860
VisualShapers ezContents Authentication Bypass and Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37858
OpenOffice '.slk' File NULL Pointer Dereference Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37857
Datalife Engine Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/37851
0 件のコメント:
コメントを投稿