:: IT Security Neophyte Investigator's MEMO ::: 12日水曜日、友引

2012年12月12日水曜日

12日水曜日、友引

+ マイクロソフト 2012 年 12 月のセキュリティ情報
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-dec

+ MS12-077 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (2761465)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4787

+ MS12-078 - 緊急 Windows カーネルモードドライバーの脆弱性により、リモートでコードが実行される (2783534)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4786

+ MS12-079 - 緊急 Microsoft Word の脆弱性により、リモートでコードが実行される (2780642)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2539

+ MS12-080 - 緊急 Microsoft Exchange Server の脆弱性により、リモートでコードが実行される (2784126)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4791

+ MS12-081 - 緊急 Windows のファイル操作コンポーネントの脆弱性により、リモートでコードが実行される (2758857)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4774

+ MS12-082 - 重要 DirectPlay の脆弱性により、リモートでコードが実行される (2770660)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1537

+ MS12-083 - 重要 IP-HTTPS コンポーネントの脆弱性により、セキュリティ機能のバイパスが起こる (2765809)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2549

+ Google Chrome 23.0.1271.97 released
http://googlechromereleases.blogspot.jp/2012/12/stable-channel-update.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5144

+ nginx-1.2.6 stable version released
http://nginx.org/en/CHANGES-1.2

+ APSB12-27 Security updates available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb12-27.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5678

+ APSB12-26 Security update: Hotfix available for ColdFusion 10 and earlier
http://www.adobe.com/support/security/bulletins/apsb12-26.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE 2012-5675

+ PDFCreator 1.6.1 released
http://www.pdfforge.org/

+ TestLink 1.9.5 Released
http://www.teamst.org/index.php/news-mainmenu-2/1-latest/131-195-released

+ Multiple vulnerabilities in Webmin
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_webmin
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2983

+ CVE-2006-4514 Buffer overflow vulnerability in Gnome Structured File library (libgsf)
https://blogs.oracle.com/sunsecurity/entry/cve_2006_4514_buffer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4514

+ Multiple vulnerabilities in Thunderbird
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird7
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966

+ Multiple vulnerabilities in Firefox
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_firefox
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980

+ SYM12-019 セキュリティアドバイザリー - Symantec Endpoint Protection 管理コンソールに複数の問題
http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20121210_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4349

+ Java SE 7 Update 10, 6 Update 38 Released
http://www.oracle.com/technetwork/java/javase/emb7u10-relnotes-1881014.html
http://www.oracle.com/technetwork/java/javase/emb6u38-relnotes-1881016.html

+ Linux kernel 3.7 released
http://www.kernel.org/

+ Samba 4.0.0 Available for Download
http://samba.org/samba/history/samba-4.0.0.html

[SECURITY] [DSA 2587-1] libcgi-pm-perl security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00085.html

[SECURITY] [DSA 2586-1] perl security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00078.html

[SECURITY] [DSA 2585-1] bogofilter security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00082.html

Information disclosure (mouse tracking) vulnerability in Microsoft Internet Explorer versions 6-
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00081.html

Path Traversal Vulnerability on Secure Transport versions 5.1 SP2 and earlier
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00080.html

Multiple critical vulnerabilities in Maxthon and Avant browsers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00084.html

[security bulletin] HPSBOV02834 SSRT101055 rev.1 - HP OpenVMS LOGIN or ACMELOGIN, Remote or Loca
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00079.html

JVNVU#98427683 Qualcomm 製デバイスドライバを搭載した Android 端末に複数の脆弱性
http://jvn.jp/cert/JVNVU98427683/

電子政府推奨暗号の実装評価について
http://www.ipa.go.jp/security/fy24/reports/cryptrec/cipher-hw/index.html

「暗号アルゴリズムの利用実績に関する調査」報告書の公開
http://www.ipa.go.jp/security/fy24/reports/cryptrec/crypto-algorithm/index.html

「SSLサーバ設定状況等の調査」報告書の公開
http://www.ipa.go.jp/security/fy24/reports/cryptrec/ssl-server/index.html

プレス発表
「2012年度情報セキュリティの脅威に対する意識調査」報告書を公開
～適切なパスワード設定を含む情報セキュリティ対策の基本が浸透せず～
http://www.ipa.go.jp/about/press/20121211.html

Microsoft December 2012 Black Tuesday Update - Overview
http://isc.sans.edu/diary.html?storyid=14683

Windows IP-HTTPS Certificate Processing Flaw Lets Remote Users Bypass Security Restrictions
http://www.securitytracker.com/id/1027860

Microsoft DirectPlay Heap Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027859

Microsoft Exchange Server RSS Feed Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027857

Windows Kernel-Mode Drivers Font Processing Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027856

Windows File Handling Component Memory Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027855

Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027854

Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions
http://www.securitytracker.com/id/1027853

Microsoft Word RTF Parsing Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027852

Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027851

IBM Tivoli Monitoring Input Validation Flaw in Service Console Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027850

IBM Informix Buffer Overflow in Processing SQL Statements Lets Remote Authenticated Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027849

MyBB Profile Blog plugin multiple vulnerabilitie
http://cxsecurity.com/issue/WLB-2012120086

MyBB plugin Bank v3 SQL Injection
http://cxsecurity.com/issue/WLB-2012120085

Joomla Jooproperty SQL Injection &Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120084

Nagios Core 3.4.3 Buffer Overflow
http://cxsecurity.com/issue/WLB-2012120083

Microsoft Windows DirectPlay Buffer Overflow Vulnerability
http://secunia.com/advisories/51497/

Microsoft Office Word RTF "listoverridecount" Parsing Vulnerability
http://secunia.com/advisories/51467/

Microsoft Exchange Server Outside In Technology and RSS Feed Parsing Vulnerabilities
http://secunia.com/advisories/51474/

Microsoft Windows Filename Parsing Vulnerability
http://secunia.com/advisories/51493/

Microsoft Windows IP-HTTPS Certificate Revocation Check Bypass Security Issue
http://secunia.com/advisories/51500/

Microsoft Windows OpenType and TrueType Font Parsing Vulnerabilities
http://secunia.com/advisories/51459/

Microsoft Internet Explorer Three Use-After-Free Vulnerabilities
http://secunia.com/advisories/51411/

FreeVimager GIF Image Decompression Array Indexing Vulnerability
http://secunia.com/advisories/51518/

Ubuntu update for gimp
http://secunia.com/advisories/51528/

Ubuntu update for mysql-5.1, mysql-5.5, and mysql-dfsg-5.1
http://secunia.com/advisories/51529/

Joomla! JooProperty Component Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/51512/

Blue Coat ProxySG OpenSSL DER Format Data Processing Vulnerabilities
http://secunia.com/advisories/51542/

Blue Coat IntelligenceCenter OpenSSL DER Format Data Processing Vulnerabilities
http://secunia.com/advisories/51522/

Symantec Endpoint Protection Management Console Code Execution Vulnerabilities
http://secunia.com/advisories/51527/

REMOTE: HP Data Protector DtbClsLogin Buffer Overflow
http://www.exploit-db.com/exploits/23290

DoS/PoC: IrfanView 4.33 IMXCF.DLL Plugin Code Execution
http://www.exploit-db.com/exploits/23288

DoS/PoC: DIMIN Viewer 5.4.0 Crash PoC
http://www.exploit-db.com/exploits/23279

DoS/PoC: FreeVimager 4.1.0 Crash PoC
http://www.exploit-db.com/exploits/23280

Perl CGI.pm 'Set-Cookie' and 'P3P' Headers HTTP Header Injection Vulnerability
http://www.securityfocus.com/bid/56562

Perl CVE-2012-5195 Heap-Based Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56287

bogofilter CVE-2012-5468 Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56804

Adobe Flash Player and AIR CVE-2012-5677 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/56896

HP Data Protector Express Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/43105

Adobe Flash Player and AIR CVE-2012-5676 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56892

Microsoft Windows IP-HTTPS Server Revoked SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/56840

Adobe Flash Player and AIR CVE-2012-5678 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56898

Oracle Outside In Technology CVE-2012-3217 Local Security Vulnerability
http://www.securityfocus.com/bid/55993

Oracle Outside In Technology CVE-2012-3214 Local Security Vulnerability
http://www.securityfocus.com/bid/55977

OpenStack Glance CVE-2012-4573 Arbitrary File Deletion Vulnerability
http://www.securityfocus.com/bid/56437

OpenSSL CVE-2012-2131 Encoded ASN.1 Data Incomplete Fix Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53212

OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158

OpenStack Keystone CVE-2012-5571 Security Bypass Vulnerability
http://www.securityfocus.com/bid/56726

OpenStack Token Expiration Security Bypass Vulnerability
http://www.securityfocus.com/bid/56727

WeeChat 'hook_process()' Function Remote Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/56584

WeeChat Color Decoding Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56482

cups-pk-helper 'cupsGetFile()' and 'cupsPutFile()' Local Security Vulnerabilities
http://www.securityfocus.com/bid/55911

Red Hat Certificate System Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56843

Qt 'XmlHttpRequest' Object Insecure Redirection Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56807

Xen 'XENMEM_exchange' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56797

Oracle Java SE CVE-2012-5076 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56054

OpenStack Nova CVE-2012-5625 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56904

Google Chrome Prior to 23.0.1271.97 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56903

IrfanView IMXCF PlugIn Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56901

Adobe ColdFusion CVE-2012-5676 Security Bypass Vulnerability
http://www.securityfocus.com/bid/56900

MyBB Profile Blog Plugin SQL Injection and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/56897

MyBB Bank v3 Plugin 'r_username' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/56893

OpenStack Keystone CVE-2012-5483 Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/56888

Joomla! JooProperty Component SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/56885

Microsoft Windows TrueType Font CVE-2012-4786 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56842

Microsoft Windows OpenType Font (OTF) Driver CVE-2012-2556 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56841

Microsoft DirectX DirectPlay CVE-2012-1537 Heap Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56839

Microsoft Exchange Server RSS Feed Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/56836

Microsoft Word RTF File 'listoverridecount' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56834

Microsoft Internet Explorer Improper Ref Counting Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56830

Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56829

Microsoft Internet Explorer InjectHTMLStream Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56828

Microsoft Windows CVE-2012-4774 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56443

:: IT Security Neophyte Investigator's MEMO ::

2012年12月12日水曜日

12日水曜日、友引

0 件のコメント:

コメントを投稿

2012年12月12日水曜日

12日 水曜日、友引

0 件のコメント:

コメントを投稿

12日水曜日、友引