サーバメンテナンスのお知らせ(2010年 10月 10日)
http://www.trendmicro.co.jp/support/news.asp?id=1478
000183: プロセス数を監視した際、プロセスが存在しても監視結果が0になる
http://www.say-tech.co.jp/support/bom-for-windows/index.shtml
000152: プロセス監視で、カウンターオブジェクトの出力値を正しく取得できないことがある
http://www.say-tech.co.jp/support/bom-for-windows/post-42/index.shtml
JPCERT/CC WEEKLY REPORT 2010-10-06
http://www.jpcert.or.jp/wr/2010/wr103801.html
JVNTA10-279A Adobe Reader および Acrobat に複数の脆弱性
http://jvn.jp/cert/JVNTA10-279A/index.html
JVNVU#236703 ActiveCollab のアクセス制御機能における問題
http://jvn.jp/cert/JVNVU236703/index.html
RSA Authentication Client Access Control Flaw Lets Local Users Extract Certain Key Material
http://securitytracker.com/alerts/2010/Oct/1024516.html
Blackberry OS Browser Flaow Permits Cross-Domain Scripting Attacks
http://securitytracker.com/alerts/2010/Oct/1024506.html
ASP.NET Padding Oracle Vulnerability (MS10-070)
http://securityreason.com/securityalert/7821
IBM TSM FastBack _CalcHashValueWithLength Remote Denial of Service Vulnerability
http://securityreason.com/securityalert/7820
IBM TSM FastBack Server _Eventlog Format String Remote Code Execution Vulnerability
http://securityreason.com/securityalert/7819
IBM TSM FastBack Server _SendToLog Remote Code Execution VulnerabilityBM TSM FastBack Server _SendToLog Remote Code Execution Vu
http://securityreason.com/securityalert/7818
IBM TSM FastBack Mount Service Arbitrary Overwrite Remote Code Execution Vulnerability
http://securityreason.com/securityalert/7817
+ RHSA-2010:0742-1: Moderate: postgresql and postgresql84 security update
http://rhn.redhat.com/errata/RHSA-2010-0742.html
+ Linux Kernel FBIOGET_VBLANK 'drivers/video/sis/sis_main.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43810
+ Linux Kernel 'ipc/sem.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43809
+ Linux Kernel 'SNDRV_HDSP_IOCTL_GET_CONFIG' IOCTL Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43808
+ Linux Kernel TIOCGICOUNT 'serial_core.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43806
- PHP Mysqlnd Extension Information Disclosure and Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/40461
- PHP 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities
http://www.securityfocus.com/bid/40173
- Linux Kernel 'VIAFB_GET_INFO' IOCTL Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43817
- Linux Kernel TIOCGICOUNT 'drivers/char/nozomi.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43816
- Linux Kernel FBIOGET_VBLANK 'drivers/video/ivtv/ivtvfb.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43815
- Linux Kernel TIOCGICOUNT 'usb/serial/mos*.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43803
[ANNOUNCE] GnuPG / PGP signed checksums for PostgreSQL 9.0.1, 8.4.5, 8.3.12, 8.2.18, 8.1.22, 8.0.26, and 7.4.30
http://www.gtsm.com/postgres_sigs.html
HPSBUX02587 SSRT100215 rev.1 - HP-UX Directory ServerおよびRed Hat Directory Server for HP-UX、ローカルでの情報開示、特権昇格
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02535340
HPSBUX02546 SSRT100159 rev.1 - BINDを実行するHP-UX、リモートサービス拒否 (DoS)、不正な情報開示
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c02535339
mozilla-central tree open to blockers & approved checkins
https://developer.mozilla.org/devnews/index.php/2010/10/06/mozilla-central-tree-open-to-blockers-approved-checkins/
Linux kernel 2.6.36-rc7 released
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc7
http://www.linux.org/news/2010/10/06/0001.html
Mandriva : [MDVSA-2010:197] postgresql
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33821
Red Hat : Moderate: postgresql and postgresql84 security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33823
Red Hat : Critical: acroread security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33824
Hewlett-Packard : HP Tru64 UNIX Running NTP, Denial of Service (DoS)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33830
High-Tech Bridge SA : [HTB22613] SQL injection vulnerability in Elxis CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33825
High-Tech Bridge SA : [HTB22612] XSS vulnerability in Docebo Announcements
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33826
High-Tech Bridge SA : [HTB22614] XSS vulnerability in Elxis CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33827
High-Tech Bridge SA : [HTB22615] XSS vulnerability in Elxis CMS (contacts)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33828
High-Tech Bridge SA : [HTB22616] XSS vulnerability in Elxis CMS polls module
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33829
MIT : KDC uninitialized pointer crash in authorization data handling
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33831
Ubuntu Security Notice : [USN-999-1] Kerberos vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33822
ZDI-10-193: Adobe Acrobat Reader Multimedia Playing Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00035.html
ZDI-10-192: Adobe Acrobat Reader ICC mluc Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00036.html
ZDI-10-191: Adobe Reader ICC Parsing Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00033.html
ESA-2010-018: RSA Security Advisory: RSA, The Security Division of EMC, announces a fix for
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00031.html
(CORE-2010-0701) Adobe Acrobat Reader Acrord32.dll Use After Free Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00032.html
[USN-1001-1] LVM2 vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00030.html
[ MDVSA-2010:197 ] postgresql
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00028.html
[USN-999-1] Kerberos vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00034.html
[ GLSA 201010-01 ] Libpng: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00029.html
[Suspected Spam]XSS in Squirrelmail plugin Virtual Keyboard <= 0.9.1 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-10/msg00027.html
JVNDB-2010-002106 Apple QuickTime の IPersistPropertyBag2::Read における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002106.html
JVNDB-2010-002105 IBM Lotus Domino サーバの MailCheck821Address 関数におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002105.html
JVNDB-2010-002104 Samba の sid_parse および dom_sid_parse 関数におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002104.html
JVNDB-2010-002103 Microsoft Outlook Web Access におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002103.html
JVNDB-2010-002102 Microsoft Windows の Win32 サブシステム内にある CSRSS における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002102.html
JVNDB-2010-002101 Microsoft Windows の LSASS におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002101.html
JVNDB-2010-002100 Microsoft Windows の WordPad Text Converters における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002100.html
JVNDB-2010-002099 Microsoft Windows の RPC クライアント実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002099.html
JVNDB-2010-002098 Windows 上で稼働する Microsoft Internet Information Services におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002098.html
JVNVU#275289 Adobe Flash に脆弱性
http://jvn.jp/cert/JVNVU275289/index.html
JVNVU#491991 Adobe Reader および Acrobat にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU491991/index.html
Cyber Security Awareness Month - Day 7 - Remote Access and Monitoring Tools
http://isc.sans.edu/diary.html?storyid=9679
Cyber Security Awareness Month - Day 6 - Computer Monitoring Tools
http://isc.sans.edu/diary.html?storyid=9682
Cisco CDS Internet Streamer Web Server Directory Traversal Vulnerability
http://www.securiteam.com/securitynews/6V02V1P00U.html
IBM Lotus Notes Autonomy KeyView WK3 Parsing Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/6W02W1P00A.html
IBM Lotus Notes Autonomy KeyView WK3 Parsing Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/6K0301P00Y.html
IBM Lotus Notes Autonomy KeyView Office Shape Parsing Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/6Y02Y1P00S.html
SWFTools Two Integer Overflow Vulnerabilities
http://www.securiteam.com/securitynews/6X02X1P00C.html
BrailleNote Apex FTP / Telnet Security Issue
http://secunia.com/advisories/41679/
TYPO3 Multiple Vulnerabilities
http://secunia.com/advisories/41691/
Foxit Phantom Title Parsing Buffer Overflow Vulnerability
http://secunia.com/advisories/41673/
Foxit Reader Title Parsing Buffer Overflow Vulnerability
http://secunia.com/advisories/41656/
Elxis CMS Multiple Vulnerabilities
http://secunia.com/advisories/41628/
Red Hat update for acroread
http://secunia.com/advisories/41690/
Red Hat update for postgresql and postgresql84
http://secunia.com/advisories/41688/
Ubuntu update for krb5
http://secunia.com/advisories/41611/
Kerberos KDC Authorization Data Array Indexing Vulnerability
http://secunia.com/advisories/41684/
SquirrelMail Virtual Keyboard Plugin "passformname" Cross-Site Scripting
http://secunia.com/advisories/41672/
PostgreSQL External Procedural Languages Privilege Escalation
http://secunia.com/advisories/41692/
FAQMasterFlex Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/41559/
Gentoo update for libpng
http://secunia.com/advisories/41646/
Dovecot ACL Handling Security Issue
http://secunia.com/advisories/41723/
HP Tru64 UNIX NTP Mode 7 Request Denial of Service
http://secunia.com/advisories/41697/
PostgreSQL Procedural Language Hijacking Flaw Lets Remote Authenticated Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Oct/1024514.html
TYPO3 Remote File Disclosure and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/2577
Kerberos KDC TGS Requests Uninitialized Pointer Vulnerability
http://www.vupen.com/english/advisories/2010/2576
PostgreSQL Procedural Language Functions Privilege Escalation
http://www.vupen.com/english/advisories/2010/2575
HP Tru64 UNIX Security Update Fixes NTP Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/2574
ASP.NET Padding Oracle Vulnerability (MS10-070)
http://www.exploit-db.com/exploits/15213/
HP Data Protector Media Operations NULL Pointer Dereference Remote DoS
http://www.exploit-db.com/exploits/15214/
Adobe Acrobat and Reader Array Indexing Remote Code Execution Vulnerability
http://www.exploit-db.com/exploits/15212/
Openswan 'XAUTH' Remote Buffer Overflow and Command Injection Vulnerabilities
http://www.securityfocus.com/bid/43588
lvm2-cluster 'clvmd' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/42033
Mozilla Firefox, Thunderbird, and SeaMonkey Crafted Font Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/43096
Mozilla Firefox/Thunderbird/SeaMonkey dwmapi.dll DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/42654
Kudrsoft AudioPLUS Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/43564
Adobe Acrobat and Reader CVE-2010-3632 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/43735
Adobe Acrobat and Reader Thumbnails Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/43746
Adobe Acrobat and Reader 'ACE.dll' ICC Streams Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/43729
Adobe Acrobat and Reader ICC Parsing Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/43726
Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43316
KDE Okular PDB File Parsing RLE Decompression Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/42702
PHP 'SplObjectStorage' Unserializer Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/40948
PHP Versions Prior to 5.3.3/5.2.14 Multiple Vulnerabilities
http://www.securityfocus.com/bid/41991
PHP Mysqlnd Extension Information Disclosure and Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/40461
PHP 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities
http://www.securityfocus.com/bid/40173
WebKit CSS Counters Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42036
WebKit 'use' Element Handling Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42041
WebKit ':first-letter' and ':first-line' Pseudo-Elements Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42037
WebKit Inline Elements Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42034
WebKit 'foreignObject' Elements Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42046
WebKit Regular Expression Handling Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42042
WebKit CVE-2010-1787 Floating Elements Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42038
WebKit 'font-face' and 'use' Elements Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42049
WebKit Just-In-Time Compiled JavaScript Stubs Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42043
bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
http://www.securityfocus.com/bid/43331
Samba SID Parsing Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/43212
Adobe Acrobat and Reader CVE-2010-3631 Array Indexing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/43733
PostgreSQL PL/Perl and PL/Tcl Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/43747
Adobe Acrobat and Reader CVE-2010-3628 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/43734
Adobe Acrobat and Reader CVE-2010-3658 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/43738
Adobe Acrobat and Reader CVE-2010-3657 Denial of Service Vulnerability
http://www.securityfocus.com/bid/43744
Adobe Acrobat and Reader for Linux CVE-2010-2887 Multiple Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/43740
Adobe Acrobat and Reader CVE-2010-3630 Denial of Service Vulnerability
http://www.securityfocus.com/bid/43737
Adobe Acrobat and Reader CVE-2010-3625 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/43730
Adobe Acrobat and Reader CVE-2010-3629 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/43732
Adobe Acrobat and Reader CVE-2010-3656 Denial of Service Vulnerability
http://www.securityfocus.com/bid/43741
Adobe Acrobat and Reader CVE-2010-3620 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/43725
Adobe Acrobat and Reader CVE-2010-3626 Font Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/43727
Adobe Acrobat and Reader CVE-2010-3619 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/43724
Adobe Reader 'CoolType.dll' TTF Font Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/43057
Adobe Flash Player CVE-2010-2884 Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/43205
Adobe Acrobat and Reader CVE-2010-2889 Font Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/43723
Adobe Acrobat and Reader CVE-2010-2890 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/43722
Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/43690
MIT Kerberos KDC 'kdc_authdata.c' NULL Pointer Denial Of Service Vulnerability
http://www.securityfocus.com/bid/43756
Linux Kernel Ptrace (CVE-2010-3301) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/43355
Git 'gitdir' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41891
libpng Memory Corruption and Memory Leak Vulnerabilities
http://www.securityfocus.com/bid/41174
Libpng 'png_decompress_chunk()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/38478
Linux Kernel 'VIAFB_GET_INFO' IOCTL Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43817
Linux Kernel TIOCGICOUNT 'drivers/char/nozomi.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43816
Linux Kernel FBIOGET_VBLANK 'drivers/video/ivtv/ivtvfb.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43815
Drupal Views Bulk Operations Security Bypass Vulnerability
http://www.securityfocus.com/bid/43813
Linux Kernel FBIOGET_VBLANK 'drivers/video/sis/sis_main.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43810
Linux Kernel 'ipc/sem.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43809
Linux Kernel 'SNDRV_HDSP_IOCTL_GET_CONFIG' IOCTL Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43808
Linux Kernel TIOCGICOUNT 'serial_core.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43806
Linux Kernel TIOCGICOUNT 'usb/serial/mos*.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43803
RSA Authentication Client SENSITIVE and NON-EXTRACTABLE Objects Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43795
TYPO3 Core TYPO3-SA-2010-020 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/43786
Foxit Reader and Phantom Title Parsing Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/43785
0 件のコメント:
コメントを投稿