:: IT Security Neophyte Investigator's MEMO ::: 4日水曜日、先勝

2012年7月4日水曜日

4日水曜日、先勝

+ RHSA-2012:1054 Important: libtiff security update
http://rhn.redhat.com/errata/RHSA-2012-1054.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2113

+ nginx 1.2.2 stable version released
http://nginx.org/en/CHANGES-1.2

+ CentOS alert CESA-2012:1054 (libtiff)
http://lwn.net/Alerts/504943/

+ Dovecot 2.1.8 released
http://www.dovecot.org/list/dovecot-news/2012-July/000228.html

+ Microsoft IIS File Enumeration Weakness
http://www.securityfocus.com/bid/54251

+ Microsoft IIS Multiple FTP Command Request Denial of Service Vulnerability
http://www.securityfocus.com/bid/54276

WebSphere Portal 7.0.0.x および 8.0 の Dojo における脆弱性の問題
http://www-01.ibm.com/support/docview.wss?uid=swg21599684

InterScan Web Security Suite 3.1 Linux 版 Patch 6 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1804

チェックしておきたい脆弱性情報＜2012.07.04＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20120703/407021/?ST=security

標的型攻撃に狙われる日本、短期間に数千件の攻撃を受けた企業も
米シマンテックが報告、1日平均30件で全世界の17％を占める
http://itpro.nikkeibp.co.jp/article/NEWS/20120704/407344/?ST=security

［対策1］大丈夫と考えずリスクを洗い出し、もう一段高い対策を
http://itpro.nikkeibp.co.jp/article/COLUMN/20120617/403225/

JVN#59842447 Zenphoto におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN59842447/index.html

JVN#05102851 Android 版嫁コレにおける端末識別番号の管理不備の脆弱性
http://jvn.jp/jp/JVN05102851/index.html

JVNDB-2012-002965 MantisBT の SOAP API の api/soap/mc_api.php における認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002965.html

JVNDB-2012-002964 MantisBT の bug_actiongroup.php におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002964.html

JVNDB-2012-002963 MantisBT におけるグローバルカテゴリを変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002963.html

JVNDB-2012-002962 MantisBT の SOAP API における任意のバグレポートおよびバグノートを削除される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002962.html

JVNDB-2012-002961 MantisBT におけるバグレポートをコピーされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002961.html

JVNDB-2012-002960 MantisBT の core/access_api.php におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002960.html

JVNDB-2012-002959 Apache Commons Compress および Apache Ant におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002959.html

JVNDB-2012-002958 OpenLDAP の slapd におけるサービス運用妨害 (表明違反および Daemon Exit) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002958.html

JVNDB-2012-002957 MediaWiki の includes/SkinTemplate.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002957.html

JVNDB-2012-002956 libguestfs の virt-edit における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002956.html

JVNDB-2012-002955 Red Hat sos パッケージの sosreport ユーティリティにおけるパスワードを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002955.html

JVNDB-2012-002954 mosh のターミナルディスパッチャにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002954.html

JVNDB-2012-002953 複数の HP Photosmart 製品におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002953.html

JVNDB-2012-002952 HP System Management Homepage における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002952.html

JVNDB-2012-002951 HP System Management Homepage における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002951.html

JVNDB-2012-002950 HP System Management Homepage における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002950.html

JVNDB-2012-002949 HP System Management Homepage におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002949.html

JVNDB-2012-002948 HP System Management Homepage におけるアクセス権を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002948.html

JVNDB-2012-002947 Revelation の fpm エクスポータにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002947.html

JVNDB-2012-002946 web@all の search.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002946.html

JVNDB-2012-002945 Cisco WebEx Recording Format player におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002945.html

JVNDB-2012-002944 Cisco WebEx Recording Format player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002944.html

JVNDB-2012-002943 Cisco WebEx Recording Format player におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002943.html

JVNDB-2012-002942 Cisco WebEx Recording Format player におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002942.html

JVNDB-2012-002941 Cisco WebEx Advanced Recording Format player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002941.html

JVNDB-2012-002940 Wicd におけるパスワードおよびその他の重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002940.html

JVNDB-2012-002939 Qt の QSslSocket における SSL サーバになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002939.html

JVNDB-2012-000065 (JVN#59842447) Zenphoto におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000065.html

JVNDB-2012-000064 (JVN#05102851) Android 版嫁コレにおける端末識別番号の管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000064.html

JVNDB-2012-002938 Wireshark における整数アンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002938.html

JVNDB-2012-002937 Wireshark における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002937.html

[security bulletin] HPSBUX02795 SSRT100878 rev.1 - HP-UX Running BIND, Remote Denial of Serv
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00017.html

[SECURITY] [DSA 2506-1] libapache-mod-security security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00015.html

Slideware of IPv6 hacking training (HIP 2012 edition), and future trainings (Portugal & Belgium)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00016.html

[IA30] Photodex ProShow Producer v5.0.3256 Local Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00014.html

Malicious Code Execution in PCI Expansion ROM
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00013.html

OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securiteam.com/securitynews/5TP2X0U7PM.html

ocsp.comodoca.com blacklisted (by comodo itself)
http://isc.sans.edu/diary.html?storyid=13606

Savas Simple Upload Script / Delete Arbitrary File
http://cxsecurity.com/issue/WLB-2012070021

Photodex ProShow Producer v5.0.3256 Local Buffer Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2012070020

Python-wrapper Untrusted Search Path / Code Execution
http://cxsecurity.com/issue/WLB-2012070019

Irfanview JPEG2000 4.3.2.0 jp2 Buffer Overflow
http://cxsecurity.com/issue/WLB-2012070018

HP Data Protector Create New Folder Buffer Overflow
http://cxsecurity.com/issue/WLB-2012070017

Emesene 2.12.5 Password Disclosure
http://cxsecurity.com/issue/WLB-2012070016

Octagono SQL Injection
http://cxsecurity.com/issue/WLB-2012070015

Geswebs SQL Injection
http://cxsecurity.com/issue/WLB-2012070014

Global Pixel SQL Injection
http://cxsecurity.com/issue/WLB-2012070013

CMS MBB 0.0.3 CSRF / XSS / SQL Injection
http://cxsecurity.com/issue/WLB-2012070012

WANGKONGBAO CNS-1000 / CNS-1100 Directory Traversal
http://cxsecurity.com/issue/WLB-2012070011

Hong Kong Firms CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012070010

Planetinfosoft SQL Injection
http://cxsecurity.com/issue/WLB-2012070009

Photodex ProShow Producer 5.0.3256 Buffer Overflow
http://cxsecurity.com/issue/WLB-2012070008

Bookmark4U 2.1 Remote File Inclusion
http://cxsecurity.com/issue/WLB-2012070007

Rcsindia SQL Injection
http://cxsecurity.com/issue/WLB-2012070006

H.A.A.M SQL Injection
http://cxsecurity.com/issue/WLB-2012070005

SUSE update for kernel
http://secunia.com/advisories/49740/

SUSE update for chromium and v8
http://secunia.com/advisories/49738/

Red Hat update for libtiff
http://secunia.com/advisories/49686/

Photodex ProShow Producer Insecure Default Directory Permissions
http://secunia.com/advisories/49794/

WordPress Quotes Collection Plugin Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/49653/

HP-UX update for BIND
http://secunia.com/advisories/49775/

Nagios XI Graph Explorer Component Command Injection Vulnerability
http://secunia.com/advisories/49749/

IBM Sterling B2B Integrator Multiple Unspecified Vulnerabilities
http://secunia.com/advisories/49674/

OpenVZ update for kernel
http://secunia.com/advisories/49774/

MBB CMS Multiple Vulnerabilities
http://secunia.com/advisories/49767/

zenphoto Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49787/

HP Network Node Manager i Multiple Vulnerabilities
http://secunia.com/advisories/49719/

HP Network Node Manager i Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49747/

HP Network Node Manager i Multiple Vulnerabilities
http://secunia.com/advisories/49747/

HP Network Node Manager i Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49748/

SUSE update for socat
http://secunia.com/advisories/49746/

Ubuntu update for kernel
http://secunia.com/advisories/49781/

Debian update for libapache-mod-security
http://secunia.com/advisories/49782/

Ubuntu update for openoffice.org
http://secunia.com/advisories/49784/

Ubuntu update for libreoffice
http://secunia.com/advisories/49783/

Linux Kernel KVM 'kvm_set_irq()' Function Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54063

Linux Kernel CVE-2012-2373 Race Condition Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53614

Linux Kernel Reliable Datagram Sockets (RDS) CVE-2012-2372 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/54062

Linux Kernel KVM 'kvm_apic_accept_pic_intr()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53488

Linux Kernel '__split_huge_page()' Race Condition Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52533

KVM CVE-2012-2121 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53162

Linux Kernel 'journal_unmap_buffer()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51945

MacVTap Device Driver Local Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53165

Linux Kernel DRM 'drivers/gpu/drm/crm_crtc.c' IOCTL Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51371

Linux Kernel 'sock_alloc_send_pskb()' Function Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53721

Nagios XI Unspecified Command Injection Vulnerability
http://www.securityfocus.com/bid/54263

ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53772

Oracle MySQL Server Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/52931

LibTIFF 'tiff2pdf' Utility Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/54076

RSyslog Function Imfile Module Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51171

Linux Kernel 'Clone()' Function 'CLONE_IO' Flag Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/52152

AccountsService 'user_change_icon_file_authorized_cb()' Function File Disclosure Vulnerability
http://www.securityfocus.com/bid/54223

libvirt CVE-2012-2693 Multiple Local Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/54126

PHP 'phar/tar.c' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47545

libcrypt 'crypt()' Password Encryption Weakness
http://www.securityfocus.com/bid/53729

OpenOffice Prior to 3.4 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/53570

OpenOffice Microsoft Word File Format Importer Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/49969

Net-SNMP SNMP GET Request Denial of Service Vulnerability
http://www.securityfocus.com/bid/53255

Google Chrome Prior to 16.0.912.75 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51300

Red Hat Sos CVE-2012-2664 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54116

X.Org X11 File Read Permission Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50196

X.Org X11 File Enumeration Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50193

abrt CVE-2012-1106 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54121

abrt Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51100

Linux Kernel KVM CVE-2012-0045 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51389

389 Directory Server Certificate Groups Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52044

Linux Kernel epoll Subsystem 'eventpoll.c' Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/46630

Linux Kernel CVE-2011-4594 Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/50984

Linux Kernel GHASH Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50366

libguestfs File Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53932

Linux Kernel Regsets CVE-2012-1097 NULL Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52274

Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51176

Linux Kernel 'net/ipv4/igmp.c' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/51343

Linux Kernel CVE-2012-0056 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51625

Microsoft IIS File Enumeration Weakness
http://www.securityfocus.com/bid/54251

OpenStack Nova CVE-2012-3361 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/54278

OpenStack Nova CVE-2012-3360 Remote Code Injection Vulnerability
http://www.securityfocus.com/bid/54277

Microsoft IIS Multiple FTP Command Request Denial of Service Vulnerability
http://www.securityfocus.com/bid/54276

gp Easy CMS Minishop Plugin HTML Injection Vulnerability
http://www.securityfocus.com/bid/54275

WordPress Quotes Collection Plugin Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/54274

CLScript Classifieds Script 'catId' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/54273

phpMyBackupPro 'lang' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/54272

php MBB Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/54271

libTIFF TIFF Image CVE-2012-2088 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54270

:: IT Security Neophyte Investigator's MEMO ::

2012年7月4日水曜日

4日水曜日、先勝

0 件のコメント:

コメントを投稿

2012年7月4日水曜日

4日 水曜日、先勝

0 件のコメント:

コメントを投稿

4日水曜日、先勝