2011年4月7日木曜日

7日 木曜日、先勝

+ Zimbra Collaboration Suite Open Source Edition 7.1.0 GA Release
http://files.zimbra.com/website/docs/7.0/7_1_OS_Zimbra_Release_Note.pdf

Trend Micro Data Loss Prevention Endpoint 5.5 公開とサポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1549

弊社InterScan VirusWall スタンダードエディション 6.02のURLフィルタ機能においてWebサイトが正常にブロックできなくなる事象について
http://www.trendmicro.co.jp/support/news.asp?id=1563

JVNDB-2010-002786 IBM WebSphere Application Server の SOAP with Attachments API for Java (SAAJ) 実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002786.html

JVNDB-2010-002785 IBM WebSphere Application Server の AuthCache パージ実装における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002785.html

JVNDB-2010-002784 IBM WebSphere Application Server の com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002784.html

JVNDB-2010-002783 IBM WebSphere Application Server の org.apache.jasper.runtime.JspWriterImpl.response におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002783.html

JVNDB-2010-002782 IBM WebSphere Application Server の Session Initiation Protocol におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002782.html

JVNDB-2010-002781 IBM WebSphere Application Server のメッセージングエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002781.html

JVNDB-2010-002780 IBM WebSphere Application Server の Service Integration Bus メッセージングエンジンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002780.html

JVNDB-2009-002645 IBM WebSphere Application Server の管理コンソールコンポーネントにおけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002645.html

JVNDB-2011-001378 vsftpd の vsf_filename_passes_filter 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001378.html

JVNDB-2010-002779 IBM WebSphere Application Server のセキュリティコンポーネントにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002779.html

JVNDB-2011-001377 Linux SCSI target framework の iscsi_rx_handler 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001377.html

JVNDB-2011-001376 複数の Apple 製品の WebKit におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001376.html

JVNDB-2011-001375 複数の Apple 製品の WebKit における CSS のトークンシーケンスを挿入される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001375.html

JVNDB-2011-001374 複数の Apple 製品の WebKit における認証情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001374.html

JVNDB-2010-002674 Linux kernel の copy_semid_to_user 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002674.html

JVNDB-2010-002672 Linux kernel の TIPC 実装における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002672.html

JVNDB-2010-002671 Linux kernel の setup_arg_pages 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002671.html

JVNDB-2011-001003 Xen の do_block_io_op 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001003.html

JVNDB-2010-002670 Xen のバックエンドドライバにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002670.html

JVNDB-2010-002476 Linux kernel の kernel/trace/ftrace.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002476.html

JVNDB-2010-002475 Linux kernel の Direct Rendering Manager サブシステムの Intel i915 ドライバにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002475.html

JVNDB-2010-002473 Linux kernel の Direct Rendering Manager サブシステムの drm_ioctl 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002473.html

JVNDB-2010-002481 Linux kernel の snd_ctl_new 関数における整数オーバーフロー脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002481.html

JVNDB-2010-002479 Linux kernel の sctp_packet_config 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002479.html

Postfix Local Information Disclosure and Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/30691

Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability
http://www.securityfocus.com/bid/46767




+ Apache Tomcat 7.0.12 released
http://tomcat.apache.org/
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

+ RHSA-2011:0422-1: Moderate: postfix security update
http://rhn.redhat.com/errata/RHSA-2011-0422.html

+ Linux Kernel 'mpt2sas' Local Privilege Escalation and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/47185

? Multiple Vendors IPv6 Neighbor Discovery Router Advertisement Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45760

- CVE-2011-1183 Apache Tomcat security constraint bypass
http://tomcat.apache.org/security.html

- CVE-2011-1475 Apache Tomcat information disclosure
http://tomcat.apache.org/security.html

- IBM Lotus Domino iCalendar Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/43219
CVE-2010-3407

RHSA-2011:0423-1: Moderate: postfix security update
http://rhn.redhat.com/errata/RHSA-2011-0423.html

Linux kernel 2.6.39-rc2 released
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc2

Sudo version 1.8.1rc3 released
http://www.sudo.ws/sudo/devel.html#1.8.1rc3

Sudo version 1.7.6rc3 released
http://www.sudo.ws/sudo/devel.html#1.7.6rc3

集中監視コンソールアクションが、接続エラー、確認時に実行されない
http://www.say-tech.co.jp/support/bom-for-windows/post-58/index.shtml

AJAX Security Team : StartSite.ir Cross-site Scripting Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35521

Hewlett-Packard : HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Information Disclosu
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35516

High-Tech Bridge SA : [HTB22911] XSS in Eleanor CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35517

High-Tech Bridge SA : [HTB22912] Multiple SQL Injections in Eleanor CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35518

High-Tech Bridge SA : [HTB22913] Multiple CSRF (Cross-Site Request Forgery) in UseBB
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35519

High-Tech Bridge SA : [HTB22914] Local File Inclusion in UseBB
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35520

Mandriva : [MDVSA-2011:065] logrotate
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35514

Mandriva : [MDVSA-2011:066] rsync
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35515

Mandriva : [MDVSA-2011:067] subversion
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35524

Netsparker : XSS Vulnerability in Redmine 1.0.1 to 1.1.1
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35522

Red Hat : [RHSA-2011:0412-01] glibc: Important Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35511

Red Hat : [RHSA-2011:0413-01] glibc: Important Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35512

Red Hat : [RHSA-2011:0414-01] policycoreutils: Important Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35513

Slackware Linux : [SSA:2011-095-01] proftpd: Security Update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35510

SuSE : [SUSE-SR:2011:006] SuSE: Weekly Summary
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35509

震災便乗の日本語ウイルスメールが続出、対策ソフトで防げない場合も
送信者を政府機関などに偽装、添付の文書ファイルを開くだけで感染
http://itpro.nikkeibp.co.jp/article/NEWS/20110407/359176/?ST=security

無線LANの「タダ乗り」に注意、ネット犯罪の踏み台に悪用される
適切なセキュリティ設定が不可欠、IPAが注意喚起
http://itpro.nikkeibp.co.jp/article/NEWS/20110407/359175/?ST=security

スパイ映画のような暗号ファイルを作成できる漏えい対策ソフト、ウエストサイドが発売
http://itpro.nikkeibp.co.jp/article/NEWS/20110406/359164/?ST=security

JVNVU#644812 Netgear Prosafe Wireless-N Access Point に複数の脆弱性
http://jvn.jp/cert/JVNVU644812/index.html

JVNVU#668220 IPComp パケットの受信処理に脆弱性
http://jvn.jp/cert/JVNVU668220/index.html

JVNDB-2011-001373 Apple Safari のウインドウの機能における任意のローカルファイルが送信される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001373.html

JVNDB-2011-001372 複数の Apple 製品の Wi-Fi におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001372.html

JVNDB-2011-001371 Apple Safari のウインドウの機能における任意のローカルファイルが送信される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001371.html

JVNDB-2011-001370 Apple Safari の HTML5 ドラッグ&ドロップの機能における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001370.html

JVNDB-2011-001369 Apple iOS の Safari にある Safari 設定機能におけるユーザを追跡可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001369.html

JVNDB-2011-001368 Apple iOS の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001368.html

JVNDB-2011-001367 OpenSLP にサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001367.html

JVNDB-2011-001366 Apache Tomcat におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001366.html

JVNDB-2011-001365 Apache HTTP Server 用 mod_dav_svn モジュールにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001365.html

JVNDB-2011-001364 Microsoft Groove 2007 における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001364.html

JVNDB-2011-001363 Microsoft Remote Desktop Connection のクライアントにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001363.html

JVNDB-2011-001362 複数の Microsoft 製品の SBE.dll における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001362.html

JVNDB-2011-001361 複数の Microsoft 製品の DirectShow における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001361.html

JVNDB-2009-002446 NTP におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002446.html

ISC DHCP Meta-Character Filtering Flaw in dhclient Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025300

WordPress Bugs Permit Denial of Service, Cross-Site Scripting, and Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1025299

IGSSdataServer.exe <= 9.00.00.11063 directory traversal
http://securityreason.com/securityalert/8178

DATAC RealWin <= 2.1 (Build 6.1.10.10) integer overflow
http://securityreason.com/securityalert/8177

DATAC RealWin <= 2.1 (Build 6.1.10.10) stack overflow
http://securityreason.com/securityalert/8176

GNU glibc < 2.12.2 alloca() Stack Corruption Vulnerability
http://securityreason.com/securityalert/8175

yaws-wiki Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/44013/

NetGear WNAP210 Backup Disclosure and Authentication Bypass Vulnerabilities
http://secunia.com/advisories/44045/

TutorialMS "show" SQL Injection Vulnerability
http://secunia.com/advisories/44000/

Oracle Solaris Backout File Insecure Permissions Security Issue
http://secunia.com/advisories/44047/

qooxdoo Cross-Site Scripting and File Disclosure Vulnerabilities
http://secunia.com/advisories/43818/

Ubuntu update for linux
http://secunia.com/advisories/43979/

eyeOS Cross-Site Scripting and File Disclosure Vulnerabilities
http://secunia.com/advisories/43997/

ISC DHCP "dhclient" Response Processing Input Sanitation Vulnerability
http://secunia.com/advisories/44037/

X.Org xrdb Hostname Command Injection Security Issue
http://secunia.com/advisories/44040/

Red Hat update for glibc
http://secunia.com/advisories/43989/

Red Hat update for glibc
http://secunia.com/advisories/43830/

UseBB Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/43981/

Ruby on Rails "auto_link" Vulnerability
http://secunia.com/advisories/44026/

NetGear WNAP210 Web Interface Password Disclosure and Bypass
http://www.vupen.com/english/advisories/2011/0884

Dell KACE K2000 Deployment Appliance Unauthorized Access Vulnerability
http://www.vupen.com/english/advisories/2011/0883

Oracle Solaris Back-out Patch Files Passwords Disclosure Vulnerability
http://www.vupen.com/english/advisories/2011/0882

WordPress Cross Site Scripting and Request Forgery Vulnerabilities
http://www.vupen.com/english/advisories/2011/0881

X.Org X11 "xrdb" X Server Resource Database Utility Command Injection
http://www.vupen.com/english/advisories/2011/0880

ISC DHCP "dhclient" Server Response Handling Remote Command Injection
http://www.vupen.com/english/advisories/2011/0879

Ruby on Rails "auto_link()" Method Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2011/0878

Fedora Security Update Fixes Ruby SQL Injection and Cross Site Scripting
http://www.vupen.com/english/advisories/2011/0877

Fedora Security Update Fixes Rsync Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2011/0876

SuSE Security Update Fixes Multiple Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2011/0875

Ubuntu Security Update Fixes Kernel Privilege Escalation and DoS
http://www.vupen.com/english/advisories/2011/0874

Mandriva Security Update Fixes Rsync Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2011/0873

Mandriva Security Update Fixes Logrotate Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2011/0872

LOCAL: MPlayer (r33064 Lite) Buffer Overflow + ROP exploit
http://www.exploit-db.com/exploits/17124/

PHP 'phar/phar_object.c' Format String Vulnerability
http://www.securityfocus.com/bid/46854

PHP Exif Extension 'exif_read_data()' Function Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46365

libzip '_zip_name_locate()' NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46354

VLC Media Player '.AMV' and '.NSV' Files Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/47012

X.Org xrdb Remote Arbitrary Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/47189

eyeOS Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/47184

RETIRED: Joomla Component 'com_media' Local File Include Vulnerability
http://www.securityfocus.com/bid/47043

Multiple Vendors IPv6 Neighbor Discovery Router Advertisement Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45760

RETIRED: Hot Links SQL Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/44982

chCounter 'anzahl' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/44934

RETIRED: AWCM CMS 'username' Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/44930

Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46734

MPlayer '.m3u' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46926

IBM Lotus Domino iCalendar Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/43219

Zend Server Java Bridge 'javamw.jar' Service Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47060

GreenPants Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/47222

Sonexis ConferenceManager Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/47221

Moonlight Prior to 2.4.1/3.99.3 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/47208

Anfibia Reactor 'email' Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/47200

Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47199

Apache Tomcat Login Constraints Security Bypass Vulnerability
http://www.securityfocus.com/bid/47196

PHPBoost 'gallery.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/47195

Redmine 'projects/hg-hellowword/news/' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47193

Classified Ads PLUS Scripts 'cid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/47188

Ruby on Rails Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47186

Linux Kernel 'mpt2sas' Local Privilege Escalation and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/47185

TextPattern 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47182

Xilisoft Video Converter Ultimate '.flv' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47181

Graugon Forum 'admin.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/47180

0 件のコメント:

コメントを投稿