:: IT Security Neophyte Investigator's MEMO ::: 26日火曜日、大安

2012年6月26日火曜日

26日火曜日、大安

+ RHSA-2012:1037 Moderate: postgresql and postgresql84 security update
http://rhn.redhat.com/errata/RHSA-2012-1037.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2655

+ RHSA-2012:1036 Moderate: postgresql security update
http://rhn.redhat.com/errata/RHSA-2012-1036.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143

+ Samba 3.6.6 Available for Download
http://www.samba.org/samba/history/samba-3.6.6.html

JVNTA12-174A Microsoft XML コアサービスに脆弱性
http://jvn.jp/cert/JVNTA12-174A/index.html

[SECURITY] [DSA 2499-1] icedove security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00148.html

[ MDVSA-2012:088-1 ] mozilla
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00147.html

データ消失障害のファーストサーバが中間報告、「データは復旧不可能」
http://itpro.nikkeibp.co.jp/article/NEWS/20120625/404962/?ST=security

Targeted Malware for Industrial Espionage?
http://isc.sans.edu/diary.html?storyid=13549

Issues with Windows Update Agent
http://isc.sans.edu/diary.html?storyid=13552

Belgian online banking customers hacked.
http://isc.sans.edu/diary.html?storyid=13555

Using JSDetox to Analyze and Deobfuscate Javascript
http://isc.sans.edu/diary.html?storyid=13558

UCCASS 1.8.1 Blind SQL Injection
http://cxsecurity.com/issue/WLB-2012060294

Voila Web Design SQL Injection
http://cxsecurity.com/issue/WLB-2012060293

WEBO Site SpeedUp 1.6.1 Local File Inclusion / Remote File Inclusion
http://cxsecurity.com/issue/WLB-2012060292

Debian update for dhcpcd
http://secunia.com/advisories/49679/

Joomla! Virtuemart Shipping by State Component Unspecified Security Bypass Vulnerability
http://secunia.com/advisories/49616/

Gentoo update for tomcat
http://secunia.com/advisories/49702/

Gentoo update for apache
http://secunia.com/advisories/49701/

Debian update for icedove
http://secunia.com/advisories/49588/

Debian update for mantis
http://secunia.com/advisories/49572/

Debian update for xen
http://secunia.com/advisories/49570/

Debian update for python-crypto
http://secunia.com/advisories/49559/

Gentoo update for nvidia-drivers
http://secunia.com/advisories/49709/

Gentoo update for adobe-flash
http://secunia.com/advisories/49716/

Drupal Drag & Drop Gallery Module Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49698/

Gentoo update for mini_httpd
http://secunia.com/advisories/49693/

Gentoo update for rpm
http://secunia.com/advisories/49680/

Gentoo update for pycrypto
http://secunia.com/advisories/49703/

Gentoo update for TagLib
http://secunia.com/advisories/49688/

Gentoo update for Samba
http://secunia.com/advisories/49705/

Gentoo update for gdk-pixbuf
http://secunia.com/advisories/49715/

Gentoo update for gnutls
http://secunia.com/advisories/49708/

Gentoo update for virtualenv
http://secunia.com/advisories/49710/

REMOTE: Apple iTunes 10 Extended M3U Stack Buffer Overflow
http://www.exploit-db.com/exploits/19387

REMOET: Adobe Flash Player Object Type Confusion
http://www.exploit-db.com/exploits/19369

DoS/PoC: Slimpdf Reader 1.0 Memory Corruption
http://www.exploit-db.com/exploits/19391

DoS/PoC: Able2Extract and Able2Extract Server v 6.0 Memory Corruption
http://www.exploit-db.com/exploits/19392

DoS/PoC: Kingview Touchview 6.53 Multiple Heap Overflow Vulnerabilities
http://www.exploit-db.com/exploits/19389

DoS/PoC: Kingview Touchview 6.53 EIP Overwrite
http://www.exploit-db.com/exploits/19388

DoS/PoC: Able2Doc and Able2Doc Professional v 6.0 Memory Corruption
http://www.exploit-db.com/exploits/19393

logrotate 'shred_file()' Log Filename Command Injection Vulnerability
http://www.securityfocus.com/bid/47103

logrotate Insecure Default File Permissions Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47108

logrotate Gentoo Linux 'var/log/' Symlink Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47170

logrotate 'writeState()' Function Logfile Name Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47107

Apple QuickTime Java Extension Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/53003

Network Block Device Server (CVE-2011-0530) Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46572

Network Block Device Server NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/47884

HP Database Archiving Software Multiple Remote Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/51205

Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability
http://www.securityfocus.com/bid/46767

Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47778

Linux-PAM 'pam_env' Module Multiple Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/50343

PAM 'pam_namespace' Module Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44590

pam-xauth Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/42472

Linux-PAM 'pam_env' Module Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/46046

Linux-PAM 'pam_env' and 'pam_mail' Modules Multiple Vulnerabilities
http://www.securityfocus.com/bid/43487

Linux-PAM 'pam_xauth' Module Denial of Service and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/46045

FreeType Versions Prior to 2.4.9 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/52318

Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/37543

Samba 'mount.cifs' Utility Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37992

Samba 'client/mount.cifs.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/38326

TeX Live '.dvi' File Parsing Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39966

TeX Live '.dvi' File Parsing (CVE-2010-0827) Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39971

TeX Live 'dospecial.c' '.dvi' File Parsing Integer Overflow Vulnerability
http://www.securityfocus.com/bid/39500

BibTeX '.bib' File Handling Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34332

RETIRED: Zoph Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/53788

PostgreSQL 'SECURITY DEFINER' and 'SET' Attributes Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53812

Microsoft Remote Desktop Protocol CVE-2012-0002 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52353

Microsoft Remote Desktop Protocol Service CVE-2012-0152 Denial of Service Vulnerability
http://www.securityfocus.com/bid/52354

JBoss CVE-2012-1167 Security Bypass Vulnerability
http://www.securityfocus.com/bid/54089

libcrypt 'crypt()' Password Encryption Weakness
http://www.securityfocus.com/bid/53729

Samba CVE-2012-2111 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/53307

Apple iTunes '.m3u' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54113

RSyslog Function Imfile Module Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51171

Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51705

Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/51407

gdk-pixbuf 'gdk_pixbuf__gif_image_load()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/48425

gdk-pixbuf 'read_bitmap_file_data()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/53548

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1940 Use After Free Vulnerability
http://www.securityfocus.com/bid/53794

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1937 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53800

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1939 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53797

Python PyCrypto Key Generation Weakness
http://www.securityfocus.com/bid/53687

Samba 'Perl-Based DCE/RPC IDL' Compiler Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52973

Samba 'etc/mtab' File Appending Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/49939

Samba SID Parsing Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/43212

Samba 'AndX' Request CVE-2012-0870 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52103

Samba 'SMB1 Packet Chaining' Unspecified Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/40884

Samba 'FD_SET' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/46597

Samba 'CAP_DAC_OVERRIDE' File Permissions Security Bypass Vulnerability
http://www.securityfocus.com/bid/38606

Samba Oplock Break Notification Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36573

Samba Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/40097

Samba setuid 'mount.cifs' Verbose Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36572

Apache Tomcat Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51200

Apache Tomcat Request Object Security Bypass Vulnerability
http://www.securityfocus.com/bid/51442

Apache Tomcat Parameter Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/51447

Apache Tomcat AJP Protocol Security Bypass Vulnerability
http://www.securityfocus.com/bid/49353

Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
http://www.securityfocus.com/bid/49762

Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49147

Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
http://www.securityfocus.com/bid/48667

Apache Tomcat SecurityConstraints Security Bypass Vulnerability
http://www.securityfocus.com/bid/47886

Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/48456

Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47199

Apache Tomcat Login Constraints Security Bypass Vulnerability
http://www.securityfocus.com/bid/47196

Apache Tomcat SecurityManager Security Bypass Vulnerability
http://www.securityfocus.com/bid/46177

Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
http://www.securityfocus.com/bid/46685

Apache Tomcat NIO Connector Denial of Service Vulnerability
http://www.securityfocus.com/bid/46164

Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45015

Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
http://www.securityfocus.com/bid/46174

Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39635

Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37945

Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/41544

Apache Tomcat WAR File Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37944

Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37942

Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35263

Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
http://www.securityfocus.com/bid/35196

Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
http://www.securityfocus.com/bid/35193

Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51706

Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
http://www.securityfocus.com/bid/50802

Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/53046

Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50494

Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/49616

Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/49303

Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49957

Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42102

Apache 'mod_isapi' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38494

Apache Subrequest Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/38580

Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38491

Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/41963

Xen 'syscall/sysenter' Instruction Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53955

Intel CPU Hardware Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53856

Xen 64-bit PV Guests Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53961

Linux kernel fcaps Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/53166

Linux Kernel '__split_huge_page()' Race Condition Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52533

KVM CVE-2012-2121 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53162

RPM Package Update and Removal File Attribute Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/40512

rpm-python RPM File Handling Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/49799

RPM Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/52865

Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability
http://www.securityfocus.com/bid/37714

dhcpcd CVE-2012-2152 Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53354

NVIDIA UNIX Driver CVE-2012-0946 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/52982

Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935

GnuTLS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35952

GnuTLS 'gnutls_session_get_data()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50609

GnuTLS TLS Record Handling Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52667

Multiple Browsers WebGL Implementation Linux NVIDIA Driver 'glBufferData()' Security Vulnerability
http://www.securityfocus.com/bid/53808

Mozilla Firefox/Thunderbird/SeaMonkey CSP's Inline-Script Blocking Feature Security Bypass Weakness
http://www.securityfocus.com/bid/53801

Mozilla Firefox/Thunderbird/SeaMonkey '.lnk' Files Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53799

Mozilla Firefox/Thunderbird/SeaMonkey Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53792

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1941 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53793

Mozilla Firefox/SeaMonkey/Thunderbird NSS Parsing Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/53798

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1938 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53796

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1947 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53791

Adobe Flash Player CVE-2012-0779 Object Type Confusion Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53395

Apache Roller Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/54189

FCKEditor 'spellchecker.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54188

Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54187

Rhythmbox 'context' Plugin Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/54186

Joomla! Virtuemart Shipping by State Component Unspecified Security Bypass Vulnerability
http://www.securityfocus.com/bid/54184

Drupal Drag & Drop Gallery 'upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/54179

UCCASS 'sid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/54177

CMS DMS-Easy Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54175

SugarCRM Community Edition 'unserialize()' Multiple PHP Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54169

:: IT Security Neophyte Investigator's MEMO ::

2012年6月26日火曜日

26日火曜日、大安

0 件のコメント:

コメントを投稿

2012年6月26日火曜日

26日 火曜日、大安

0 件のコメント:

コメントを投稿

26日火曜日、大安