:: IT Security Neophyte Investigator's MEMO ::: 16日金曜日、大安

2010年4月16日金曜日

16日金曜日、大安

+ OpenSSH 5.5/5.5p1 released
http://www.openssh.com/txt/release-5.5

マイクロソフトセキュリティ情報 MS10-019 - 緊急: Windows の脆弱性により、リモートでコードが実行される (981210)
http://www.microsoft.com/japan/technet/security/bulletin/MS10-019.mspxコ

Oracle Sun Java Deployment Toolkit の脆弱性について
http://www.ipa.go.jp/security/ciadr/vul/20100416-java.html

ウェブサイト管理者へ：ウェブサイト改ざんに関する注意喚起一般利用者へ：改ざんされたウェブサイトからのウイルス感染に関する注意喚起
http://www.ipa.go.jp/security/topics/20091224.html

セキュア・プログラミング講座
http://www.ipa.go.jp/security/awareness/vendor/programming/index.html

Oracle Sun JDK および JRE の脆弱性に関する注意喚起
http://www.jpcert.or.jp/at/2010/at100010.txt

JVNVU#886582 Oracle Sun Java Deployment Toolkit に引数の検証処理に問題
http://jvn.jp/cert/JVNVU886582/index.html

GNU nano Race Condition Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Apr/1023891.html

Ubuntu update for sudo
http://secunia.com/advisories/39474/

GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37128

+ J2SE JDK/JRE 1.6.0_20 released
http://java.sun.com/javase/6/webnotes/6u20.html

+- Oracle Security Alert CVE-2010-0886
http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html

- Security Vulnerability in the Sun Java System Directory Server May Allow Crafted LDAP Search Requests To Cause A Denial Of Service (DoS) Condition
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275711-1

- This Alert covers the Address Book component of the Sun Java System Communications Express product.
http://sunsolve.sun.com/search/document.do?assetkey=1-66-276630-1

- This Alert covers CVE-2010-0897 for the Sun Java System Directory Server product.
http://sunsolve.sun.com/search/document.do?assetkey=1-66-276210-1

Document ID: 350324: When installing Storage Foundation for Windows or Storage Foundation for Windows with High Availability, proceeding with the installation while not using a License Key causes the installation wizard to close unexpectedly.
http://seer.entsupport.symantec.com/docs/350324.htm

Document ID: 347056: V-16-1-53006 "Unable to connect to VCS engine securely" or "Unable to authenticate logged in user %USERNAME% of domain %DOMAIN% for host %HOSTNAME%" appears when trying to connect to the cluster or start the cluster engine
http://seer.entsupport.symantec.com/docs/347056.htm

ZDI : Apple Preview libFontParser SpecialEncoding Remote Code Execution Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32326

Apple : Security Update 2010-003
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32321

Cisco : Cisco Secure Desktop ActiveX Control Code Execution Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32323

Independent Researcher : xprobe2-ng patch
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32324

Independent Researcher : Micropoint Proactive Denfense Mp110013.sys <= 1.3.10123.0 Local Privilege Escalation Exploit http://www.criticalwatch.com/support/security-advisories.aspx?AID=32328

Mandriva : cups
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32318

Mandriva : cups
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32319

Mandriva : cups
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32320

Vulnerability in CB Captcha for Joomla and Mambo
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00135.html

Ziggurat CMS Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00127.html

[DSECRG-09-049] IBM BladeCenter Management Module - DoS vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00133.html

[DSecRG-09-053] VMware Remoute Console - format string
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00132.html

[CVE-2010-0432] Apache OFBiz Multiple XSS Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00136.html

VUPEN Security Research - Adobe Acrobat and Reader PNG Data Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00130.html

VUPEN Security Research - Adobe Acrobat and Reader JPEG Data Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00137.html

VUPEN Security Research - Adobe Acrobat and Reader BMP Data Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00131.html

VUPEN Web Security Research - WebAsyst Shop-Script Multiple Input Validation Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00129.html

[ MDVSA-2010:073-1 ] cups
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00126.html

[ MDVSA-2010:073 ] cups
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00128.html

Cisco Security Advisory: Cisco Secure Desktop ActiveX Control Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-04/msg00134.html

JVNDB-2010-001272 Apple Mac OS X の QuickTime におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001272.html

JVNDB-2010-001271 Apple Mac OS X の QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001271.html

JVNDB-2010-001270 Apple Mac OS X の QuickTime におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001270.html

JVNDB-2010-001269 Apple Mac OS X の PS Normalizer におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001269.html

JVNDB-2010-001268 Apple Mac OS X のアカウント環境設定の実装におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001268.html

JVNDB-2010-001267 Apple Mac OS X の Podcast プロデューサーにおけるワークフローにアクセスされる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001267.html

JVNDB-2008-002430 Perl の rmtree 関数における任意のファイルを削除される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002430.html

JVNDB-2008-002429 Perl の rmtree 関数における任意の setuid バイナリを作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002429.html

JVNDB-2010-001266 Apple Mac OS X のパスワードサーバにおけるログインアクセスを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001266.html

JVNDB-2010-001265 Apple Mac OS X の SFLServer における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001265.html

JVNDB-2009-002525 MySQL の sql/sql_table.cc におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002525.html

JVNDB-2008-002428 Mailman における複数のクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002428.html

JVNDB-2010-001264 Apple Mac OS X の Mail における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001264.html

JVNDB-2010-001183 Apple Safari の ImageIO における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001183.html

JVNDB-2009-002511 MySQL の mysqld におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002511.html

JVNDB-2009-002409 libc における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002409.html

JVNDB-2009-002403 PHP の posix_mkfifo 関数における open_basedir の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002403.html

JVNDB-2009-002402 PHP の tempnam 関数における safe_mode の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002402.html

JVNDB-2009-002399 MySQL における権限チェックを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002399.html

JVNDB-2009-002013 MySQL の dispatch_command 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002013.html

JVNDB-2008-002424 MySQL のコマンドラインクライアントにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002424.html

Javaの新しい脆弱性を突く攻撃出現、国内企業で被害を確認
Webアクセスで被害の恐れ、原因はブラウザーのプラグイン
http://itpro.nikkeibp.co.jp/article/NEWS/20100415/347163/?ST=security

「ウイルスセキュリティZERO」に不具合、PCが起動しなくなる恐れ
誤検知でドライバーソフトを削除、特定の環境のみに影響
http://itpro.nikkeibp.co.jp/article/NEWS/20100415/347161/?ST=security

JPCERT/CC WEEKLY REPORT 2010-04-14
http://www.jpcert.or.jp/wr/2010/wr101401.html

SIP Attacks on internet connected port5060 targeting Asterix servers
http://isc.sans.org/diary.html?storyid=8641

Joomla! Intellectual Property Component "id" SQL Injection Vulnerability
http://secunia.com/advisories/39427/

Joomla Deluxe Blog Factory Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/39473/

Joomla JA Comment Component "view" File Inclusion Vulnerability
http://secunia.com/advisories/39472/

Joomla Love Factory Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/39471/

Joomla MT Fire Eagle Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/39470/

Joomla Photo Battle Component "view" File Inclusion Vulnerability
http://secunia.com/advisories/39469/

Joomla S5 Clan Roster Component Two File Inclusion Vulnerabilities
http://secunia.com/advisories/39468/

Joomla wgPicasa Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/39467/

SecureSphere Web Application and Database Firewall Security Bypass
http://secunia.com/advisories/39463/

Apache OFBiz Cross-Site Scripting and Script Insertion Vulnerabilities
http://secunia.com/advisories/39460/

Momche YUI Image Upload Script Arbitrary File Upload Vulnerability
http://secunia.com/advisories/39458/

netKar Two Vulnerabilities
http://secunia.com/advisories/39387/

Media In Spot CMS "page" Local File Inclusion Vulnerability
http://secunia.com/advisories/39369/

Almnzm "id" SQL Injection Vulnerability
http://secunia.com/advisories/39452/

Tex Live "predospecial()" Integer Overflow Vulnerability
http://secunia.com/advisories/39390/

SUSE update for Mozilla Products
http://secunia.com/advisories/39465/

RPM Select / Elite "lfFaceName" Buffer Overflow Vulnerability
http://secunia.com/advisories/39418/

HP-UX update for OpenSSL
http://secunia.com/advisories/39448/

Cisco Secure Desktop CSDWebInstaller ActiveX Control Vulnerability
http://secunia.com/advisories/39459/

Helix Server and Helix Mobile Server Multiple Vulnerabilities
http://secunia.com/advisories/39279/

GNU nano Two Security Issues
http://secunia.com/advisories/39444/

Magneto Net Resource ActiveX v4.0.0.5 NetShareEnum Exploit (Universal)
http://www.exploit-db.com/exploits/12250

Magneto Net Resource ActiveX v4.0.0.5 NetConnectionEnum Exploit (Universal)
http://www.exploit-db.com/exploits/12248

Magneto Net Resource ActiveX v4.0.0.5 NetFileClose Exploit (Universal)
http://www.exploit-db.com/exploits/12247

OFBiz Input Validation Holes Permit Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Apr/1023886.html

HP-UX Security Update Fixes OpenSSL Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/0891

Cisco Secure Desktop ActiveX Control File Download Vulnerability
http://www.vupen.com/english/advisories/2010/0890

Helix Server and Mobile Server Multiple Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/0889

Mandriva Security Update Fixes CUPS Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/0888

Redhat Security Update Fixes Acroread Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/0887

Redhat Security Update Fixes KDE Display Manager Vulnerability
http://www.vupen.com/english/advisories/2010/0886

SuSE Security Update Fixes Code Execution and Security Bypass Issues
http://www.vupen.com/english/advisories/2010/0885

SuSE Security Update Fixes Mozilla Products Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/0884

Apple Mac OS X ATS Font Processing Invalid Index Vulnerability
http://www.vupen.com/english/advisories/2010/0883

WebAsyst Shop-Script FREE File Inclusion and SQL Injection Issues
http://www.vupen.com/english/advisories/2010/0882

sudo "sudoedit" Command Local Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2010/0881

Visualization Library DAT Processing Buffer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2010/0880

Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36097

KDE KDM Insecure File Permission Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39467

Todd Miller Sudo 'sudoedit' Path Resolution Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39468

Apple Mac OS X Apple Type Services Embedded Font Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38955

Oracle Java SE and Java for Business Unspecified Vulnerabilities
http://www.securityfocus.com/bid/39492

VMware Remote Console 'connect' Method Remote Format String Vulnerability
http://www.securityfocus.com/bid/39396

Oracle Sun Java System Communications Express CVE-2010-0885 Remote Address Book Vulnerability
http://www.securityfocus.com/bid/39461

Oracle Sun Java System Directory Server CVE-2010-0897 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/39453

RPM Configuration File Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39493

VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39395

1 件のコメント:

Bouno Tokyo2010年4月20日 16:18
Nice to meet you too....
返信削除
返信

コメントを追加

登録: コメントの投稿 (Atom)