:: IT Security Neophyte Investigator's MEMO ::: 26日水曜日、友引

2011年10月26日水曜日

26日水曜日、友引

+ Linux kernel 3.0.8 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.8

+ Important: freetype security update
http://rhn.redhat.com/errata/RHSA-2011-1402.html

+ Sudo 1.7.8p1, 1.8.3p1 released
http://www.sudo.ws/sudo/stable.html#1.7.8p1
http://www.sudo.ws/sudo/stable.html#1.8.3p1

- Linux Kernel 'net/can/raw.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47835

- Linux Kernel 'bcm_release()' NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/47503

? Linux Kernel 'perf' Utility Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/49140

? Linux Kernel KSM Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/48101

Google Chrome 15.0.874.102 released
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html

SafeSyncモバイルクライアントバージョン1.3（iOS/Android）にログインできない現象について
http://www.trendmicro.co.jp/support/news.asp?id=1671

zFtp Server <= 2011-04-13 | "STAT,CWD" Remote Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00155.html

[ GLSA 201110-22 ] PostgreSQL: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00156.html

[SECURITY] [DSA 2328-1] freetype security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00154.html

[security bulletin] HPSBUX02700 SSRT100506 rev.2 - HP-UX running VEA, Remote Denial of Servi
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00153.html

[ MDVSA-2011:161 ] postgresql
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00152.html

[ GLSA 201110-21 ] Asterisk: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00151.html

[SECURITY] [DSA 2327-1] libfcgi-perl security-update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00150.html

「DMで偽サイトに誘導」――Twitter悪用のフィッシングに注意
英ソフォスが報告、目的はパスワードの奪取
http://itpro.nikkeibp.co.jp/article/NEWS/20111026/371422/?ST=security

テラス、SSHリモート操作を動画記録する監査証跡SaaSを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20111025/371350/?ST=security

JVNDB-2011-002516 Apple Mac OS X のオープンディレクトリにおけるパスワードデータを閲覧される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002516.html

JVNDB-2011-002515 Apple Mac OS X の QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002515.html

JVNDB-2011-002514 Apple Mac OS X の libsecurity における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002514.html

JVNDB-2011-002513 Apple Mac OS X のオープンディレクトリにおけるパスワード要求を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002513.html

JVNDB-2011-002512 Apple Mac OS X の SMB ファイルサーバコンポーネントにおける閲覧制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002512.html

JVNDB-2011-002511 Apple Mac OS X の User Documentation コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002511.html

JVNDB-2011-002510 Apple Mac OS X の QuickTime におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002510.html

JVNDB-2011-002509 Apple Mac OS X の QuickTime におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002509.html

JVNDB-2011-002508 Apple Mac OS X の QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002508.html

JVNDB-2011-002507 Apple Mac OS X の QuickTime における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002507.html

JVNDB-2011-002506 Django の CSRF 保護メカニズムにおける認証されずに偽造されたリクエストを誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002506.html

JVNDB-2011-002505 Django におけるキャッシュポイズニング攻撃を誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002505.html

JVNDB-2011-002504 Django の URLField 実装内にある verify_exists 機能における任意の GET リクエストを誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002504.html

JVNDB-2011-002503 Django の URLField 実装内にある verify_exists 機能におけるサービス運用妨害 (リソース消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002503.html

JVNDB-2011-002502 Django の django.contrib.sessions におけるセッションを変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002502.html

JVNDB-2011-002501 Cisco TelePresence Video Communication Servers の管理インターフェイスにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002501.html

JVNDB-2011-002500 HP Data Protector における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002500.html

JVNDB-2011-002499 HP Data Protector における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002499.html

JVNDB-2011-002498 HP Data Protector における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002498.html

JVNDB-2011-002497 HP Data Protector における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002497.html

JVNDB-2011-002496 HP Data Protector における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002496.html

JVNDB-2011-002495 HP Data Protector における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002495.html

JVNDB-2011-002494 Apple Mac OS X の Application Firewall のデバッグログ機能における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002494.html

JVNDB-2011-002493 Apple iOS および Apple TV のカーネルにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002493.html

JVNDB-2011-002492 Apple iOS および Mac OS X の CFNetwork における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002492.html

JVNDB-2011-002491 Mac OS X 上で稼動する Apple Safari のプライベートブラウズ機能におけるユーザを追跡可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002491.html

JVNDB-2011-002490 Mac OS X 上で動作する Apple Safari の SSL 実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002490.html

JVNDB-2011-002489 Mac OS X 上で動作する Apple Safari における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002489.html

JVNDB-2011-002488 Apple Safari におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002488.html

JVNDB-2011-002487 Apple Mac OS X の Apple Type Services (ATS) における整数符号エラーの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002487.html

JVNDB-2011-002486 Apple Mac OS の Open Directory におけるパスワード変更の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002486.html

Critical Control 17:Penetration Tests and Red Team Exercises
http://isc.sans.edu/diary.html?storyid=11887

Recurring reporting made easy?
http://isc.sans.edu/diary.html?storyid=11884

VMware ESXi and ESX updates to third party libraries and ESX Service Console
http://securityreason.com/securityalert/8480

HP MFP Digital Sending Software Running on Window Local Information Disclosure
http://securityreason.com/securityalert/8479

astersik open source 1.8.7 Remote crash vulnerability
http://securityreason.com/securityalert/8478

OCS Inventory NG 2.0.1 Persistent XSS
http://securityreason.com/securityalert/8477

ibm db2 9.7 Exploiting the linker
http://securityreason.com/securityalert/8476

Linux Kernel ext4 Extent Splitting Bug in ext4_ext_convert_to_initialized() Lets Local Users Deny Service
http://www.securitytracker.com/id/1026240

Xen Buffer Overflow in SCSI Emulation Lets a Local Guest User Cause the Guest to Crash
http://www.securitytracker.com/id/1026238

Cisco Network Registrar Default Credentials Vulnerability
http://www.securiteam.com/securitynews/6L03H1F2UE.html

Cisco IOS XR Software IP Packet Vulnerability
http://www.securiteam.com/securitynews/6P03L1F2UU.html

Cisco Media Experience Engine 5600 Default Credentials Vulnerability
http://www.securiteam.com/securitynews/6N03J1F2UM.html

Cisco IOS XR Software SSHv1 Denial of Service Vulnerability
http://www.securiteam.com/securitynews/6K03G1F2UK.html

Cisco Unified IP Phones 7900 Series Multiple Vulnerabilities
http://www.securiteam.com/securitynews/6M03I1F2UW.html

Cisco XR 12000 Series Shared Port Adapters Interface Processor Vulnerability
http://www.securiteam.com/securitynews/6Q03M1F2UO.html

Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities
http://www.securiteam.com/securitynews/6O03K1F2UC.html

PrestaShop Presta2PhpList Module "list" SQL Injection Vulnerability
http://secunia.com/advisories/46531/

Red Hat update for freetype
http://secunia.com/advisories/46596/

McAfee Web Gateway Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/46570/

Gentoo update for postgresql
http://secunia.com/advisories/46568/

Alcatel-Lucent OmniTouch 8400 Instant Communication Suite Multiple Vulnerabilities
http://secunia.com/advisories/46562/

Alcatel-Lucent Business integrated Communication Solution Multiple Vulnerabilities
http://secunia.com/advisories/46565/

Ubuntu update for puppet
http://secunia.com/advisories/46578/

Zope Unspecified Vulnerability
http://secunia.com/advisories/46586/

Novell Netware HTTP Server ByteRange Filter Denial of Service Vulnerability
http://secunia.com/advisories/46572/

zFTPServer "CWD" Denial of Service Vulnerability
http://secunia.com/advisories/46559/

Puppet "certdnsnames" Puppet Master Impersonation Vulnerability
http://secunia.com/advisories/46550/

Wing FTP Server Unspecified Information Disclosure Vulnerability
http://secunia.com/advisories/46413/

Wing FTP Server Unspecified Information Disclosure Vulnerability
http://secunia.com/advisories/46558/

SUSE update for etherape
http://secunia.com/advisories/46567/

SUSE update for fail2ban
http://secunia.com/advisories/46555/

Alsbtain Bulletin "act" Local File Inclusion Vulnerability
http://secunia.com/advisories/46566/

Gentoo update for asterisk
http://secunia.com/advisories/46548/

Ubuntu update for pam
http://secunia.com/advisories/46580/

Debian update for libfcgi-perl
http://secunia.com/advisories/46579/

Debian update for pam
http://secunia.com/advisories/46549/

Debian update for freetype
http://secunia.com/advisories/46544/

SUSE update for cyrus-imapd
http://secunia.com/advisories/46347/

SUSE update for opera
http://secunia.com/advisories/46552/

PacketFence "p" and "destination_url" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/46553/

Red Hat update for xen
http://secunia.com/advisories/46554/

SUSE update for clamav
http://secunia.com/advisories/46563/

Novell NetWare Apache Requests Processing Remote Denial of Service
http://www.vupen.com/english/ADV-2011-2222.php

Zope Security Update Fixes Unspecified Remote Vulnerability
http://www.vupen.com/english/ADV-2011-2221.php

BlueZone Desktop Multiple Malformed files Local Denial of Service Vulnerabilities
http://www.exploit-db.com/exploits/18030

Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49534

FreeType Font Document Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/50155

Linux Kernel SSID Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48538

Linux Kernel 'net/can/raw.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47835

Apache 'mod_authnz_external' Module SQL Injection Vulnerability
http://www.securityfocus.com/bid/48653

Linux Kernel 'agp_allocate_memory/agp_create_user_memory' Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/47535

Linux Kernel 'next_pidmap()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47497

Linux Kernel 'bcm_release()' NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/47503

GNU libc glob(3) 'GLOB_LIMIT' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/43819

Linux Kernel I/O-Warrior USB Device Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46069

Linux Kernel 'fs/partitions/ldm.c' Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/46512

Linux Kernel 'agp_ioctl()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47534

Linux Kernel EFI Partition Denial of Service Vulnerability
http://www.securityfocus.com/bid/47343

Linux Kernel Unix Socket Backlog Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/46637

Linux Kernel Comedi Driver Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49411

Linux Kernel CIFS Mount Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/49626

Linux Kernel 'perf' Utility Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/49140

Linux Kernel 'taskstats' Access Restriction Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/50314

Linux Kernel 'fs/befs/linuxvfs.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/49256

Linux Kernel '/proc/PID/io' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49408

Linux kernel l2cap Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48472

Red Hat Linux Kernel VLAN Packets Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/48907

Linux Kernel 'inet_diag_bc_audit()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/48333

Linux Kernel OOPS 'qdisc_dev()' Dereference Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/48641

Linux Kernel eCryptfs Multiple Vulnerabilities
http://www.securityfocus.com/bid/49108

Linux Kernel IPv6 Fragment Identification Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/48802

Linux Kernel Generic Receive Offload (GRO) CVE-2011-2723 Denial of Service Vulnerability
http://www.securityfocus.com/bid/48929

Linux Kernel TCP Sequence Number Generation Security Weakness
http://www.securityfocus.com/bid/49289

Linux Kernel 'CIFSFindNext()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/49295

Linux Kernel KSM Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/48101

Linux Kernel EXT4 Extent Format File Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/48697

PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37333

Linux Kernel Validate 'map_count' Variable Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/46492

PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37973

Linux Kernel 'inotify_init1()' Double Free Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47296

Linux Kernel 'oops' on Reset NULL Pointer Dereference Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46793

Linux Kernel EFI Partition Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47796

Linux Kernel 'drivers/media/radio/si4713-i2c.c' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48804

Linux Kernel 'mremap()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47321

Linux Kernel 'x25_parse_facilities()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/44642

Linux Kernel NFS File Locking Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/49141

Linux Kernel SCTP INIT/INIT-ACK Chunk Length Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/47308

Perl Safe Module 'reval()' and 'rdo()' CVE-2010-1447 Restriction-Bypass Vulnerabilities
http://www.securityfocus.com/bid/40305

PostgreSQL 'intarray' Module 'gettoken()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46084

PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/40215

PostgreSQL PL/Perl and PL/Tcl Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/43747

PostgreSQL 'RESET ALL' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/40304

PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36314

PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34090

PostgreSQL JOIN Hashtable Size Integer Overflow Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38619

PHP Versions Prior to 5.3.7 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49241

PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/37334

QEMU 'scsi_disk_emulate_command()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/49545

Linux Kernel Netfilter 'ipt_CLUSTERIP.c' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46921

Linux Kernel Acorn Econet Protocol Implementation Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47990

Red Hat Linux Kernel Ethernet Bridge Interface Denial of Service Vulnerability
http://www.securityfocus.com/bid/50313

Linux Kernel 'clock_gettime()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50311

Red Hat Linux Kernel CVE-2011-3347 VLAN Packets Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50312

Xen DMA Requests IOMMU Denial of Service Vulnerability
http://www.securityfocus.com/bid/49146

Linux Kernel Auerswald USB Device Driver Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48687

Python CGIHTTPServer Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/46541

Linux Kernel 'taskstats.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/48383

Pango HarfBuzz Engine Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49723

Linux Kernel CIFS Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/47381

Linux Kernel 'drivers/char/tpm/tpm.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/46866

Opera Web Browser Tree Traversing Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/50320

Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/49303

Perl Fast CGI Module CGI Variables Authentication Security Bypass Vulnerability
http://www.securityfocus.com/bid/49549

RETIRED: SAP Management Console OSExecute Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50348

phpLDAPadmin 'functions.php' Remote PHP Code Injection Vulnerability
http://www.securityfocus.com/bid/50331

Joomla YJ Contact us Component 'view' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/50362

Microsoft Outlook Web Access Session Replay Security Bypass Vulnerability
http://www.securityfocus.com/bid/50361

Google Chrome Prior to 15.0.874.102 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/50360

OpenStack Nova 'EC2_SECRET_KEY' Man In The Middle Security Bypass Vulnerability
http://www.securityfocus.com/bid/50359

Zope 2.12.20/2.13.6 and Prior Unspecified Security Vulnerability
http://www.securityfocus.com/bid/50357

Puppet 'certdnsnames' Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/50356

Wing FTP Server Versions Prior to 4.0.1 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50355

PacketFence Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/50353

BlueZone Desktop File Processing Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/50352

BlueZone Desktop '.ztf' File Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50351

Alsbtain Bulletin Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/50350

:: IT Security Neophyte Investigator's MEMO ::

2011年10月26日水曜日

26日水曜日、友引

0 件のコメント:

コメントを投稿

2011年10月26日水曜日

26日 水曜日、友引

0 件のコメント:

コメントを投稿

26日水曜日、友引