2010年2月5日金曜日

5日 金曜日、先負

UPDATE: Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Affects Multiple Server Products in the Sun Java Enterprise System Suite
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1

定期サーバメンテナンスのお知らせ(2010年2月19日)
http://www.trendmicro.co.jp/support/news.asp?id=1362

海外情報セキュリティ関連文書の翻訳・調査研究(NIST文書など)
http://www.ipa.go.jp/security/publications/nist/index.html

重要インフラ情報セキュリティフォーラム2010
http://www.ipa.go.jp/security/event/2009/infra-sem/index.html

JVNDB-2009-002490 D-Bus の _dbus_validate_signature_with_reason 関数におけるシグネチャを偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002490.html

JVNDB-2007-001202 Linux kernel の ipv6_hop_jumbo 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001202.html

JVNDB-2009-002188 Apache HTTP Server の mod_proxy_ftp モジュールにおけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002188.html

JVNDB-2009-002187 Apache HTTP Server の ap_proxy_ftp_handler 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002187.html

JVNDB-2009-002016 APR ライブラリおよび APR-util ライブラリにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002016.html

JVNDB-2009-001892 Apache httpd の mod_deflate モジュールにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001892.html

Dealing with User 2.0
http://isc.sans.org/diary.html?storyid=8158

Novell NetStorage Unspecified Flaw Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Feb/1023544.html

Fetchmail Heap Overflow When Displaying SSL Certificates in Verbose Mode May Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Feb/1023543.html




- RETIRED: Microsoft Internet Explorer Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37950

- Microsoft February 2010 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/38096
http://www.microsoft.com/technet/security/bulletin/ms10-feb.mspx

[ntp:announce] NTP 4.2.6p1-RC4 Released
http://support.ntp.org/
http://archive.ntp.org/ntp4/ChangeLog-stable-rc

Linux Kernel release: 2.6.32.8-rc1
http://www.linux.org/news/2010/02/04/0001.html

NTP 4.2.7p16 Development release
http://archive.ntp.org/ntp4/ChangeLog-dev

Oracle Critical Patch Update Advisory - January 2010 (Rev 2)
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html

Document ID: 340754: After upgrading to SFW 5.1 SP1 the MS cluster service fails to start when using a dynamic quorum. Checking the cluster.log shows that the Quorum disk group is imported and shortly after the resrcmon.exe faults.
http://seer.entsupport.symantec.com/docs/340754.htm

Debian : New squid/squid3 packages fix denial of service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31669

Independent Researcher : Malicious Code Execution Vulnerability In the URL Of crowdstar (Facebook Application Devloper)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31671

Core Security Technologies : Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31670

Debian : New trac-git packages fix code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31667

Debian : New trac-git package fixes regression
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31668

Hellcode Research : Hellcode Research: AOL 9.5 File Parsing Buffer Overflow Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31672

Hewlett-Packard : HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31673

[SECURITY] [DSA 1992-1] New chrony packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00054.html

[SECURITY] [DSA 1991-1] New squid/squid3 packages fix denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00050.html

[ MDVSA-2010:032 ] rootcerts
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00053.html

[security bulletin] HPSBMA02504 SSRT090220 rev.1 - HP System Management Homepage (SMH) for Linux
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00048.html

[MajorSecurity Advisory #64]Apple Safari 4.0.4 Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00051.html

[SECURITY] [DSA-1990-2] New trac-git package fixes regression
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00049.html

[SECURITY] [DSA-1990-1] New trac-git packages fix code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-02/msg00047.html

Microsoft Patch Tuesday Pre-Release
http://isc.sans.org/diary.html?storyid=8155

IBM Cognos Express Tomcat Manager Hardcoded Credentials
http://secunia.com/advisories/38457/

Drupal Menu Breadcrumb Module Script Insertion Vulnerability
http://secunia.com/advisories/38456/

Drupal ODF Import Module Script Insertion Vulnerability
http://secunia.com/advisories/38453/

Drupal Signwriter Module Arbitrary Code Execution Vulnerability
http://secunia.com/advisories/38445/

iPhone Configuration Profiles Spoofing Security Issue
http://secunia.com/advisories/38433/

Microsoft Internet Explorer Local File Disclosure Vulnerabilities
http://secunia.com/advisories/38416/

UltraBB "post_id" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38406/

Linux Kernel KVM "pit_ioport_read()" Denial of Service
http://secunia.com/advisories/38405/

Novell NetStorage Unspecified Code Execution Vulnerability
http://secunia.com/advisories/38401/

Trend Micro OfficeScan URL Filtering Engine Buffer Overflow
http://secunia.com/advisories/38396/

fetchmail SSL Certificate Printing Buffer Overflow Vulnerability
http://secunia.com/advisories/38391/

HP System Management Homepage Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38341/

Debian update for trac-git
http://secunia.com/advisories/38325/

IBM Cognos Express Tomcat Manager Hardcoded Credentials Issue
http://www.vupen.com/english/advisories/2010/0297

Fetchmail X.509 Certificate Printing Heap Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0296

Trend Micro OfficeScan URL Filtering Engine Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0295

HP System Management Homepage Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/0294

Microsoft Internet Explorer Information Disclosure Vulnerability
http://www.vupen.com/english/advisories/2010/0291

UplusFtp Server v1.7.0.12 Remote Buffer Overflow
http://www.exploit-db.com/exploits/11328

Multiple Browser Marquee Denial of Service Vulnerability
http://www.securityfocus.com/bid/18165

RETIRED: Microsoft Internet Explorer Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37950

Fetchmail SSL Certificate Printing Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38088

Squid Header-Only Packets Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37522

Squid Web Proxy Cache Authentication Header Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36091

Linux Kernel KVM '/dev/port' Device Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/38086

BlackBerry Attachment Service PDF Distiller Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/37167

HP System Management Homepage Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/38081

Microsoft Internet Explorer 'Col' Element Uninitialized Memory Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37891

Wireshark Dissector LWRES Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/37985

Trend Micro URL Filtering Engine Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38083

IBM Cognos Express Hardcoded Credentials Security Bypass Vulnerability
http://www.securityfocus.com/bid/38084

Novell NetStorage Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38087

Linux Kernel 64-bit Kernel Register Memory Leak Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36576

Red Hat Linux Kernel Routing Implementation Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/37875

Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37069

Linux Kernel 'megaraid_sas' Driver Insecure File Permission Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37019

Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37068

Linux Kernel Do_Coredump Security Bypass Vulnerability
http://www.securityfocus.com/bid/21591

Red Hat Linux Kernel 'qla2xxx' DriverSecurity Bypass Vulnerability
http://www.securityfocus.com/bid/37876

Linux Kernel 'fasync_helper()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37806

Linux Kernel 'drivers/firewire/ohci.c' NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/37339

Multiple Vendors Email Clients DNS prefetching Domain Name Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38046

Chrony 1.23 and Prior Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/38106

Data 1 Systems UltraBB 'view_post.php' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/38097

Microsoft February 2010 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/38096

Interspire Knowledge Manager 'admin/remote.php' PHP Code Injection Vulnerability
http://www.securityfocus.com/bid/38095

KnowGate hipergate Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/38094

KnowGate hipergate Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/38091

Interspire Knowledge Manager 5.1.3 and Prior Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/38090
ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)