:: IT Security Neophyte Investigator's MEMO ::: 19日水曜日、大安

2012年9月19日水曜日

19日水曜日、大安

+ RHSA-2012:1288 Moderate: libxml2 security update
http://rhn.redhat.com/errata/RHSA-2012-1288.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2807

+ About the security content of Apple Remote Desktop 3.5.3
http://support.apple.com/kb/HT5462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0681

+ CESA-2012:1283 Important CentOS 6 openjpeg Update
http://lwn.net/Alerts/516725/

+ CESA-2012:1284 Moderate CentOS 6 spice-gtk Update
http://lwn.net/Alerts/516726/

+ UPDATE: HPSBUX02729 SSRT100687 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03105548%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ CVE-2012-3410 stack-based buffer overflow vulnerability in Bash
https://blogs.oracle.com/sunsecurity/entry/cve_2012_3410_stack_based
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3410

+ Microsoft Security Advisory (2757760) Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2757760

+ マイクロソフトセキュリティアドバイザリ (2757760) Internet Explorer の脆弱性により、リモートでコードが実行される
http://technet.microsoft.com/ja-jp/security/advisory/2757760

+ Dovecot 2.1.10 released
http://www.dovecot.org/list/dovecot-news/2012-September/000231.html

+ Sudo 1.8.6p3, 1.7.10p3 released
http://www.sudo.ws/sudo/stable.html#1.8.6p3
http://www.sudo.ws/sudo/stable.html#1.7.10p3

米国政府のプロテクションプロファイルの翻訳
～　IT製品の安全な調達のためのセキュリティ要求仕様書　～
http://www.ipa.go.jp/security/publications/niap/spp-jp/index.html

ウイルス新時代に備える
［業界編］新技術と業界連携で対抗
http://itpro.nikkeibp.co.jp/article/COLUMN/20120912/422364/?ST=security

オリエントコンピュータ、データ消去ソフトに無制限ライセンスを追加
http://itpro.nikkeibp.co.jp/article/NEWS/20120918/423321/?ST=security

IEに重大な脆弱性、現時点で対策方法なし
http://itpro.nikkeibp.co.jp/article/NEWS/20120918/423249/?ST=security

ウイルス新時代に備える
［現状編］攻撃者の戦略が変わった
http://itpro.nikkeibp.co.jp/article/COLUMN/20120912/422363/?ST=security

JVNVU#480095 Internet Explorer に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU480095/

JVNVU#591667 Endpoint Protector 4 の認証機能に脆弱性
http://jvn.jp/cert/JVNVU591667/

Vbulletin (blog_plugin_useradmin) v4.1.12 Sql Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00088.html

NGS00265 Patch Notification: Symantec Messaging Gateway - Unauthenticated detailed version discl
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00086.html

NGS00263 Patch Notification: Symantec Messaging Gateway - Easy CSRF to add a backdoor-admini
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00085.html

NGS00268 Patch Notification: Symantec Messaging Gateway Out-of-band stored XSS - deliver
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00084.html

NGS00266 Patch Notification: Symantec Messaging Gateway Arbitrary file download is possible with a c
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00087.html

NGS00267 Patch Notification: Symantec Messaging Gateway SSH with backdoor user account
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00083.html

APPLE-SA-2012-09-17-1 Apple Remote Desktop 3.5.3
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00082.html

Fortigate UTM WAF Appliance - Cross Site Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00081.html

[security bulletin] HPSBMU02813 SSRT100712 rev.1 - HP Operations Orchestration, Remote Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00080.html

Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00079.html

SonicWALL EMail Security 7.3.5 - Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00078.html

Axis VoIP Manager v2.1.5.7 - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00077.html

IE Zero Day is "For Real"
http://isc.sans.edu/diary.html?storyid=14107

What's on your iPad?
http://isc.sans.edu/diary.html?storyid=14110

Windows Phone Certificate Validation Flaw Lets Remote Users Spoof Secure E-mail Servers
http://www.securitytracker.com/id/1027541

Novell GroupWise iCalendar Parsing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027540

HP Operations Orchestration Unspecified Bug Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027539

VU#459446 osCommerce v2.3.1 with PayPal website payments standard module v1.0 design vulnerability
http://www.kb.cert.org/vuls/id/459446

vmsvedaweb SQL Injection
http://cxsecurity.com/issue/WLB-2012090174

Vbulletin (blog_plugin_useradmin) 4.1.12 SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090173

SonicWALL EMail Security 7.3.5 Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012090172

Fortigate UTM WAF Appliance Cross Site Vulnerabilities
http://cxsecurity.com/issue/WLB-2012090171

Axis VoIP Manager v2.1.5.7 Multiple Web Vulnerabilities
http://cxsecurity.com/issue/WLB-2012090170

Novell Groupwise 8.0.2 HP3 and 2012 Integer Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2012090169

SurgeMail 6.0a4 Stored XSS
http://cxsecurity.com/issue/WLB-2012090168

CoSoSys Endpoint Protector EPProot Predictable Password Security Issue
http://secunia.com/advisories/50604/

SUSE update for freeradius
http://secunia.com/advisories/50637/

SUSE update for bind
http://secunia.com/advisories/50673/

Red Hat update for openjpeg
http://secunia.com/advisories/50681/

TAGWORX.CMS "cid" SQL Injection Vulnerability
http://secunia.com/advisories/50543/

Jenkins Violations Plugin Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50596/

Jenkins Continuous Integration Game Plugin Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50611/

Jenkins Cross-Site Scripting and Arbitrary Code Execution Vulnerabilities
http://secunia.com/advisories/50643/

Red Hat update for spice-gtk
http://secunia.com/advisories/50679/

Oracle Java Runtime Environment CVE-2012-1682 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55336

Oracle Java SE CVE-2012-0547 Remote Java Runtime Environment Weakness
http://www.securityfocus.com/bid/55339

libcrypt 'crypt()' Password Encryption Weakness
http://www.securityfocus.com/bid/53729

PostgreSQL 'SECURITY DEFINER' and 'SET' Attributes Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53812

MIT Kerberos 5 Uninitialized Pointer Dereference Remote Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/54750

MIT Kerberos 5 'check_1_6_dummy()' Function NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53784

SonicWall AntiSpam & EMail Multiple HTML Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55590

PHP 'header()' HTTP Header Injection Vulnerability
http://www.securityfocus.com/bid/55297

PHP 'main/SAPI.c' CVE-2012-4388 HTTP Header Injection Vulnerability
http://www.securityfocus.com/bid/55527

libxml2 CVE-2012-2807 Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54718

Google Chrome Prior to 19 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53540

RETIRED: Auxilium PetRatePro Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/55582

Asterisk CVE-2012-4737 Access Rule Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/55335

Asterisk Uncompleted Re-invite Transactions Denial Of Service Vulnerability
http://www.securityfocus.com/bid/54327

Asterisk 'externalIVR' Application Shell Command Execution Security Bypass Vulnerability
http://www.securityfocus.com/bid/55351

Asterisk Voice Mail Denial Of Service Vulnerability
http://www.securityfocus.com/bid/54317

Xen CVE-2012-3515 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55413

QEMU CVE-2012-2652 Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/53725

Oracle Java SE CVE-2012-1725 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53954

Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53946

Oracle Java SE CVE-2012-1719 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53950

Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53952

Oracle Java SE CVE-2012-1718 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53951

Oracle Java SE CVE-2012-1716 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53947

OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158

ISC DHCP IPv6 Lease Expiration Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/55530

RETIRED: NCMedia Sound Editor Pro 'MRUList201202.dat' File Local Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55579

Apple Remote Desktop CVE-2012-0681 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55100

Microsoft Internet Explorer Image Arrays Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55562

Fultek WinTr Scada Directory Traversal Vulnerability
http://www.securityfocus.com/bid/55595

osCommerce PayPal Website Payments Standard Module Security Bypass Vulnerability
http://www.securityfocus.com/bid/55593

VBulletin 'blog_plugin_useradmin.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/55592

Multiple Fortinet FortiGate Appliances Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55591

AxisInternet VoIP Manager Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55589

TAGWORX.CMS 'cid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/55586

OKI Multiple CUPS Printer Drivers Multiple Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/55583

:: IT Security Neophyte Investigator's MEMO ::

2012年9月19日水曜日

19日水曜日、大安

0 件のコメント:

コメントを投稿

2012年9月19日水曜日

19日 水曜日、大安

0 件のコメント:

コメントを投稿

19日水曜日、大安