:: IT Security Neophyte Investigator's MEMO ::: 24日金曜日、仏滅

2012年2月24日金曜日

24日金曜日、仏滅

BIND 9.9.0rc4 released
https://deepthought.isc.org/article/AA-00625

サポートページ閲覧不可障害について（2012年 2月24日）
http://www.trendmicro.co.jp/support/news.asp?id=1742

米政府、オンラインの消費者プライバシー保護に向け権利章典を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20120224/382841/?ST=security

プレス発表
「2010年度国内における情報セキュリティ事象被害状況調査」報告書を公開
～依然として低いセキュリティパッチ適用状況の改善を～
http://www.ipa.go.jp/about/press/20120224.html

JVNVU#523889 libpng に整数オーバーフローの脆弱性
http://jvn.jp/cert/JVNVU523889/index.html

Samba Bug in chain_reply()/construct_reply() Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026739

Movable Type Flaws Permit Remote Authenticated Command Injection and Remote Cross-Site Scripting and Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1026738

Oracle JDEdwards CVE-2011-3509 Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/51459

Oracle JDEdwards EnterpriseOne Tools CVE-2011-2321 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51478

Oracle JDEdwards EnterpriseOne Tools CVE-2011-3524 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51468

Multiple Virtualization Applications Intel VT-d chipsets Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/48515

Linux Kernel 'ext4_ext_insert_extent()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50322

Linux Kernel 'xfs_readlink()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50370

+ RHSA-2012:0332 Critical: samba security update
http://rhn.redhat.com/errata/RHSA-2012-0332.html

+ Dovecot 2.1.1 released
http://www.dovecot.org/list/dovecot-news/2012-February/000216.html

+ libpng 1.2.47 released
http://www.libpng.org/pub/png/libpng.html
http://www.libpng.org/pub/png/src/libpng-1.2.47-README.txt

++ Samba pre-3.4 Security Issue
http://www.samba.org/samba/latest_news.html#CVE-2012-0870

- Linux Kernel 'Clone()' Function 'CLONE_IO' Flag Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/52152

OpenSSL 1.0.1 beta 3 released
http://www.openssl.org/

Cisco Small Business SRP 500 Series Multiple Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120223-srp500

トレンドマイクロオンラインストレージ SafeSync アップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1738

win32 download site down
http://curl.haxx.se/gknw.net/win32/

Debian : [DSA-2413-1] libarchive - Multiple Buffer Overflow Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37686

Debian : [DSA-2417-1] libxml2 - Denial-Of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37701

Mandriva : [MDVSA-2012:022] libpng - Integer Overflow Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37697

Mandriva : [MDVSA-2012:023] libxml2 - Denial-Of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37698

Red Hat : [RHSA-2012:0149-03] KVM - Denial-Of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37687

Red Hat : [RHSA-2012:0151-03] Conga - Multiple Cross-site Scripting Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37688

Red Hat : [RHSA-2012:0152-03] kexec-tools - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37689

Red Hat : [RHSA-2012:0301-03] ImageMagick - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37690

Red Hat : [RHSA-2012:0302-03] Cups - Buffer Overflow Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37691

Red Hat : [RHSA-2012:0303-03 xorg-x11-server - Information Disclosure Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37692

Red Hat : [RHSA-2012:0304-03] vixie-cron - Race Condition Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37693

Red Hat : [RHSA-2012:0305-03] boost - Multiple Denial-Of-Service Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37694

Red Hat : [RHSA-2012:0306-03] krb5 - Privilege Escalation Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37695

Red Hat : [RHSA-2012:0307-03] util-linux - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37696

Ubuntu Security Notice : [USN-1367-2] Firefox - Code Execution and Denial-Of-Service Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37681

Ubuntu Security Notice : [USN-1367-3] Thunderbird - Code Execution and Denial-Of-Service Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37682

Ubuntu Security Notice : [USN-1367-4] Xulrunner - Code Execution and Denial-Of-Service Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37683

Ubuntu Security Notice : [USN-1369-1] Thunderbird - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37684

Ubuntu Security Notice : [USN-1370-1] libvorbis - Denial-Of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37685

Debian : [DSA-2415-1] libmodplug - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37700

Debian : [DSA-2413-1] fex - Cross-site Scripting Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37699

Stefan Schurtz : [SSCHADV2012-003] WebsiteBaker - Cross-site Scripting Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37679

SEC Consult : ELBA5 - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37680

高まる「DDoS攻撃」の脅威、9割以上のプロバイダーが報告
1割は「1カ月に100回以上」、“洗練”された攻撃ツールが一因
http://itpro.nikkeibp.co.jp/article/NEWS/20120223/382823/?ST=security

GoogleやAppleなど6社、モバイルユーザーのプライバシー保護でカリフォルニア州と合意
http://itpro.nikkeibp.co.jp/article/NEWS/20120223/382680/?ST=security

JVNDB-2012-001568 Symantec pcAnywhere 製品におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001568.html

JVNDB-2011-003690 7-Technologies TERMIS における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003690.html

JVNDB-2011-003689 7-Technologies AQUIS および TERMIS における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003689.html

JVNDB-2012-001567 CubeCart におけるオープンリダイレクトの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001567.html

JVNDB-2012-001566 (JVNVU273502) EasyVista に認証回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001566.html

JVNDB-2012-001565 (JVNVU#707254) UTC Fire & Security Master Clock の管理者パスワードがハードコードされている問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001565.html

JVNDB-2012-000018 (JVN#20083397) Movable Type におけるセッションハイジャックが可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000018.html

JVNDB-2012-000017 (JVN#92683325) Movable Type における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000017.html

JVNDB-2012-000016 (JVN#49836527) Movable Type におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000016.html

JVNDB-2012-000015 (JVN#70683217) Movable Type におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000015.html

JVNDB-2012-001564 Advantech/BroadWin WebAccess におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001564.html

JVNDB-2012-001563 Advantech/BroadWin WebAccess における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001563.html

JVNDB-2012-001562 Advantech/BroadWin WebAccess における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001562.html

JVNDB-2012-001561 Advantech/BroadWin WebAccess の ActiveX コントロールにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001561.html

JVNDB-2012-001560 Advantech/BroadWin WebAccess におけるフォーマットストリングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001560.html

JVNDB-2012-001559 Advantech/BroadWin WebAccess におけるサービス運用妨害 (メモリ破損) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001559.html

JVNDB-2012-001558 Advantech/BroadWin WebAccess の GbScriptAddUp.asp における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001558.html

JVNDB-2012-001557 Advantech/BroadWin WebAccess の uaddUpAdmin.asp における管理者パスワードを変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001557.html

JVNDB-2012-001556 Advantech/BroadWin WebAccess の opcImg.asp におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001556.html

JVNDB-2012-001555 Advantech/BroadWin WebAccess における日付と時刻の同期設定を変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001555.html

JVNDB-2012-001554 Advantech/BroadWin WebAccess における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001554.html

JVNDB-2012-001553 Advantech/BroadWin WebAccess におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001553.html

JVNDB-2012-001552 Advantech/BroadWin WebAccess における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001552.html

JVNDB-2012-001551 Advantech/BroadWin WebAccess におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001551.html

JVNDB-2012-001550 Advantech/BroadWin WebAccess の ActiveX コントロールにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001550.html

JVNDB-2012-001549 Advantech/BroadWin WebAccess における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001549.html

JVNDB-2012-001548 Advantech/BroadWin WebAccess におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001548.html

JVNDB-2012-001547 Advantech/BroadWin WebAccess の bwview.asp におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001547.html

JVNDB-2012-001546 Advantech/BroadWin WebAccess の bwview.asp におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001546.html

JVNDB-2012-001545 Advantech/BroadWin WebAccess における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001545.html

JVNDB-2012-001544 複数の Advantech OPC Server 製品の OPC Server ActiveX コントロールにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001544.html

JVNDB-2011-003176 Adobe Flex SDK におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003176.html

JVNDB-2011-001639 Adobe RoboHelp および RoboHelp Server におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001639.html

JVNDB-2012-001543 Windows 上で稼働する Novell iPrint Client におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001543.html

JVNDB-2012-001542 Windows 上で稼働する Novell iPrint Client におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001542.html

JVNDB-2012-001541 Windows 上で稼働する Novell iPrint Client における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001541.html

Bugzilla Input Validation Flaw in XML-RPC API Permits Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1026737

Cisco Small Business SRP500 Series Bugs Let Remote Users Upload Files and Remote Authenticated Users Inject Commands
http://www.securitytracker.com/id/1026736

DNS-Changer "clean DNS" extension requested
http://isc.sans.edu/diary.html?storyid=12652

VU#523889 libpng chunk decompression integer overflow vulnerability
http://www.kb.cert.org/vuls/id/523889

Csound Two Buffer Overflow Vulnerabilities
http://secunia.com/advisories/47585/

Elefant CMS Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/48118/

TYPO3 JW Player Extension Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/48143/

TYPO3 Apache Solr Extension Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48052/

YVS Image Gallery "album_id" SQL Injection Vulnerability
http://secunia.com/advisories/48023/

ABB Multiple Products RobNetScanHost.exe Buffer Overflow Vulnerability
http://secunia.com/advisories/48090/

WordPress Magn Drag and Drop Upload Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/48096/

Movable Type Multiple Vulnerabilities
http://secunia.com/advisories/48127/

Joomla! DT Register Component "list1" SQL Injection Vulnerability
http://secunia.com/advisories/48064/

OneForum "id" SQL Injection Vulnerability
http://secunia.com/advisories/48123/

UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock Default Account Security Issue
http://secunia.com/advisories/48037/

Drupal FAQ Module Script Insertion Vulnerability
http://secunia.com/advisories/48131/

Bugzilla Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/48133/

OpenVZ update for kernel
http://secunia.com/advisories/48140/

Debian update for libxml2
http://secunia.com/advisories/48130/

Gentoo update for pdns
http://secunia.com/advisories/48134/

Gentoo update for maradns
http://secunia.com/advisories/48135/

Gentoo update for heimdal
http://secunia.com/advisories/48136/

Gentoo update for asterisk
http://secunia.com/advisories/48137/

Ubuntu update for cvs
http://secunia.com/advisories/48142/

REMOTE: TrendMicro Control Manger ＜= v5.5 CmdProcessor.exe Stack Buffer Overflow
http://www.exploit-db.com/exploits/18514

LOCAL: Orbit Downloader URL Unicode Conversion Overflow
http://www.exploit-db.com/exploits/18515

Samba 'AndX' Request CVE-2012-0870 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52103

libpng 'png_decompress_chunk()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/52049

Linux Kernel NFS Implementation CVE-2011-4325 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51366

Red Hat Enterprise Linux NFSv4 Mount Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50798

Linux Kernel 'taskstats' Access Restriction Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/50314

Linux Kernel 'journal_get_superblock()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50663

Linux Kernel CIFS Mount Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/49626

Linux Kernel 'hfs_find_init()' Function NULL Pointer Deference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/48236

Linux Kernel CVE-2011-4110 NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/50755

Linux Kernel 'journal_unmap_buffer()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51945

Linux Kernel 'tpm_read()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50764

Linux Kernel '/proc//' Permissions Handling Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/46567

Linux Kernel 'm_stop()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51361

Linux Kernel 'exec()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51947

Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51176

Linux Kernel 'hfs_mac2asc()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50750

Linux Kernel 'net/ipv4/igmp.c' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/51343

Mozilla Firefox/Thunderbird/Seamonkey Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/51756

EasyVista Single Sign-on Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/52102

libxml2 Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52107

Linux Kernel 'Clone()' Function 'CLONE_IO' Flag Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/52152

phpDenora 'ed' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52151

TYPO3 PDF Controller Unspecified Remote Code Execution and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/52150

TYPO3 Share Your Car Extension Unspecified Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/52149

TYPO3 Predigtsammlung Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/52148

TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52146

TYPO3 TC BE User Admin Extension Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52145

Csound 'getnum()' Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/52144

Elefant CMS 'preview.php' Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/52143

TYPO3 Crop and Square Thumbnails Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/52142

Cisco Small Business SRP500 Series Web Interface CVE-2012-0363 Command Injection Vulnerability
http://www.securityfocus.com/bid/52141

Cisco Small Business SRP500 Series Appliances Directory Traversal Vulnerability
http://www.securityfocus.com/bid/52140

Cisco Small Business SRP500 Series Appliances Unauthorized Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/52139

Movable Type Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/52138

YVS Image Gallery 'album_id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52137

Mobile Mp3 Search Script 'dl.php' HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/52136

Bugzilla CVE-2012-0453 Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/52135

Multiple D-Link DCS Products 'security.cgi' Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/52134

Joomla! Dtregister Component 'list1' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52132

OneForum 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52131

WordPress Magn WP Drag and Drop Upload Plugin Arbitrary Shell Upload Vulnerability
http://www.securityfocus.com/bid/52130

D-Link DSL-2640B MAC Address Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/52129

snom VoIP Phone Firmware Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/52128

:: IT Security Neophyte Investigator's MEMO ::

2012年2月24日金曜日

24日金曜日、仏滅

0 件のコメント:

コメントを投稿

2012年2月24日金曜日

24日 金曜日、仏滅

0 件のコメント:

コメントを投稿

24日金曜日、仏滅